Transitive Trust

Transitive Trust Model

Data security and assurance can only be achieved if every layer of the software and hardware can be trusted. Security-GENERAL™ , a cryptographic platform utilizes a transitive trust model in which data is secured using a stack of trusted components. Starting at the hardware layer, the BIOS verifies that the boot code has not been tampered with, and gives it control; the boot code, in turn, verifies that the kernel has not been modified. The kernel then finishes booting, validating each service and each application before it launches them. The Packet General Security Token (PG-ST) is used as the “root of trust”.

 

Other security features:

A new type of a secure platform for deployment of mission-critical applications

Data storage security has become a critical issue for private enterprises and public organizations, as well as governments. Managing and securing customer and user data is a growing concern for Information Technology (IT) departments, especially when operating under the current regulatory requirements. To address these concerns companies must embrace new solutions that do not interfere with their normal operations. The usual approach to these problems is to use a commercial off-the-shelf (“COTS”) environment with an encrypted file system or disk. Such ad hoc approaches do not fully address the need for data security; decoupling the application from the underlying security mechanisms, securing a general-purpose operating system, and awkward management interfaces are all major hurdles. Security-GENERAL™ is the industry’s first cryptographic application appliance. Our technology is built from the ground up to permit the secure deployment of mission-critical applications. The appliance is tightly coupled to the application, enabling a customized solution tailored to the needs of the enterprise. 

Why an appliance?

The purpose of the appliance is to protect the data at the source. The appliance contains the application and the secure operating system, along with the cryptographic layer to secure data throughout its lifetime. This model offers much stronger guarantees than piece-meal architecture that relies on multiple, disjointed components.

Transparency

Encryption and decryption are completely transparent to both the application and the client and require no changes to the application or the data structures. All normal interactions between the application, authorized remote administrators, and clients are controlled by the application, like MySQL. Security-GENERAL™ simply empowers the application’s access-control mechanisms to operate as they were intended to – by providing a secure environment in which the application can run.

Strong data encryption algorithm

In 2000 NIST introduced the Advanced Encryption Standard (AES). The AES algorithm can use key lengths of 128, 192 or 256 bits. Security-GENERAL™ uses a key length of 256, the longest key length possible. In general, the longer the key, the harder it is to decipher it correctly. Security-GENERAL™ protects all application data with AES-256 encryption. All data is stored in encrypted form – including data stored on external storage devices and backup tapes. Encryption and decryption are completely transparent to both the application and the management programs and require no changes to the application or the data.

Access control

For increased security, the appliance implements strong access control. Every operation invoked is checked to make sure that the initiator possesses sufficient privileges. Furthermore, there is strong role separation to ensure that rogue administrators do not compromise the security of the appliance.

Key management 

Cryptographic keys used to encrypt data are not stored on the Security-GENERAL™ appliance's disk - to do so would render encryption useless. Keys are split in "shares", with one share stored on a FIPS 140-1 level 2 & 3 compliant smart-card (with EAL5/EAL5+ chip and EAL4+ operating system), and the other stored on the actual appliance. Federal Information Processing Standard (FIPS) 140-2, titled “Security Requirements for Cryptographic Modules” was signed on 22nd June 2001, superseding FIPS 140-1. The Standard sets requirements for cryptographic modules to be used in sensitive but non-classified government systems. 

Cryptographically signed reports

Security-GENERAL™ securely logs all administrative activity – and provides a variety of periodic auditing reports. Reports are available in monthly format, and are e-mailed to specified administrators. In addition, reports may be e-mailed to an Auditor (the auditor has no administrative rights other than to receive the monthly reports). All reports are signed cryptographically to ensure that they cannot be tampered with after creation, and duplicate copies are stored at a secure location for later retrieval.

Security Patch Management

Automatic updates ensure that our appliances are always running the latest and most secure version of the code. Packet General security experts monitor all security advisories, and test their suggested resolutions (patches) before directing our appliances, located at the customer site, to securely and automatically download the necessary updates. A single-click implementation enables a quick and assured resolution to a known security problem, eliminating the window of vulnerability between the availability and the installation of a security patch.