Performance benchmark made within the SYNAPSE project

Some results of the SSA SYNAPSE project on the impact of the disk encryption on the performance of the business services

 

The impact that the security provided by ARCA Trusted OS, CYSEC’s hardened OS, can have is one of the points to be evaluated as part of the BPI SSA Synapse project. This collaborative project including Lookup Space and CYSEC aims to implement the secure platform which supports Lookup Space’s space safety solution. This solution is based on the collection and real-time processing of data collected by one or more sensor networks. The performance of such a solution depends on the performance of several services offered by the platform that supports it. The speed of reading and writing data stored on hard drives is one of these services that can degrade the performance of the space safety solution.

ARCA Trusted OS includes a disk encryption mechanism by default. Encryption is a technique that provides security at the potential cost of reducing read and write access speeds to disks. It is for this reason that a benchmarking of disk read/write performance was carried out between ARCA Trusted OS and a general purpose Linux distribution.

This benchmark was held on Google Cloud Platform. An ensemble of master and worker nodes was set up in various VMs, some with ARCA Trusted OS as guest OS, the others using the general purpose Linux OS. A k8s distribution from Thales is deployed in each node.

The write/read benchmark is built with OpenSearch. The tool Injector is used to index generated data. The test for performance evaluation in reading is composed of one scenario with 100 users reading data in parallel and a second scenario with 200 users.

As can be seen in the table below, the results of this benchmark shows similar writing/reading performance levels for ARCA Trusted OS compared to the ones of the general purpose OS whereas disk encryption is applied.

Qualification of the ARCA SATCOM solution

Located at the CNES (Centre National d’Etudes Spatiales, the French Space Agency) in Toulouse, CESARS serves as the support and expertise center for satellite telecommunications applications. Its role is to assist businesses and public entities interested in exploring and testing satellite telecommunications solutions.

As part of studies conducted at CNES, CYSEC qualified its ARCA SATCOM solution on different satellite links in August and November 2023. On LEO, the solution was tested on Starlink and OneWeb Kymeta links and on GEO, the solution was tested on Athena-Fidus, Thuraya and Eutelsat Konnect links.

For each test bench, three types of experiments were conducted:

  •  Comparative study and performance measurement between an unencrypted signal and the use of ARCA SATCOM, as well as performance measurement between a signal encrypted by an open-source VPN and ARCA SATCOM.
  •  Demonstration that the transmitted signal is properly encrypted through network flow controls on Wireshark.
  •  Implementation of application scenarios, including VoIP, video, or file transfer. The applications used for these tests include GMail, Youtube, Netflix, Google Meet, and Tixeo.

The version of ARCA SATCOM software utilized, supports both UDP and TCP for GEO links. The conclusion was overwhelmingly positive, as the solution demonstrated exceptional performance across three tests on various LEO and GEO satellite links. The two addressed aspects of the solution—link encryption and throughput acceleration—were successfully achieved.

Link encryption was assessed and confirmed through Wireshark scans. Throughput acceleration is a notable improvement compared to VPN solutions applied to space communications, as evidenced by the significant loss of throughput on three links with the use of OpenVPN. ARCA Satcom not only prevents a loss of more than 15% of the original throughput but also enhances the reference throughput in certain cases, as demonstrated on the Thuraya link.

The second testing session conducted by the CYSEC team at CNES validated and certified the proper functioning of ARCA SATCOM across various common applications, such as file transfer, video, and VoIP. A forthcoming testing session will evaluate the solution’s quality and performance on these validated applications.

The different application tests were conducted without any noticeable latency and demonstrate the capability of using ARCA SATCOM on standard and frequent internet resources. These include video streaming applications like YouTube (GEO, LEO), teleconferencing tools such as Google Meet (GEO, LEO), and Tixeo (LEO). Similar behavior can be envisioned for competing applications.

Securing Edge Devices: The Crucial Role of Root of Trust in a Connected World

In the rapidly evolving landscape of IoT (Internet of Things) and edge computing, the reliance on connectivity for transmitting valuable sensor data to the cloud has become indispensable. However, this connectivity also introduces a potential gateway for cybercriminals seeking to exploit vulnerabilities in edge devices. In this article, we will explore the critical importance of establishing a Root of Trust (RoT) to fortify the security of edge devices, ensuring the confidentiality and integrity of high-value data and critical software applications.

The Vulnerability Challenge: Edge devices play a pivotal role in collecting and transmitting high-value data, contributing to business intelligence and machine learning. The very nature of this data makes edge devices attractive targets for cybercriminals aiming to gain unauthorized access, manipulate code, or disrupt essential services. Traditional protection mechanisms often fall short in safeguarding against sophisticated cyber threats, especially when it comes to embedded applications and containerized software applications.

The Role of Root of Trust (RoT): To counteract the rising threats in the connected world, edge devices must establish a Root of Trust. Essentially, RoT serves as a secure anchor for cryptographic operations behind data encryption and the authentication of devices communicating with the backend. By implementing a RoT, edge devices create a trusted environment, preventing unauthorized access and manipulation of sensitive information.

Protecting Cryptographic Operations: One of the primary functions of RoT is to safeguard the secrets used in cryptographic operations. This includes encryption of data and authentication processes, ensuring that the transmitted information remains confidential and secure. By relying on a RoT, edge devices create a strong foundation for secure communication, mitigating the risk of data interception by cybercriminals.

Confidential Data Processing and Firmware Updates: In addition to securing data transmission, edge devices must also prioritize the confidentiality of data processing and firmware updates. RoT plays a crucial role in enabling devices to run critical software applications confidentially. This ensures that even during processes like firmware updates or data processing, an attacker cannot exploit vulnerabilities to manipulate the code or data, maintaining the integrity of the entire system.

Compatibility with Embedded and Containerized Applications: One of the challenges faced in securing edge devices is the compatibility of existing protection mechanisms with embedded and containerized software applications. Traditional security measures often lack the flexibility required to protect data and code in use in these dynamic environments. RoT addresses this gap by providing a robust security framework that is compatible with both embedded and containerized applications, offering a comprehensive solution for diverse edge computing scenarios.

As the reliance on edge devices continues to grow, so does the need for robust security measures. Establishing a Root of Trust emerges as a fundamental requirement to fortify edge device security, ensuring the confidentiality, integrity, and authenticity of data and critical software applications. By adopting RoT, organizations can build a resilient defense against cyber threats in the connected world, paving the way for a secure and efficient edge computing ecosystem.

Recap on Cysec progress on Confidential Computing-based solutions in 2023

CYSEC aims at offering the capacity to launch VMs running in confidential computing context on any clouds public or private. Let’s have a look at Cysec 2023 main achievements that support this objective!

Achievement 1: ARCA Trusted OS can be deployed on AWS.

We announced during 2023 that ARCA Trusted OS can be deployed on the cloud AWS. With the kick-off of the year, ARCA Trusted OS is now compatible with the AWS virtual machines running with the SEV-SNP feature. This new compatibility comes with the protection of data at-rest isolated from the cloud provider as explained in this preview blog. The next step for CYSEC is to provide end-users the ability to attest their confidential VMs on AWS. 

 

Achievement 2: ARCA Trusted OS can be deployed on VMware ESXi/vSphere. CYSEC sees a growing interest in private clouds running in confidential computing contexts. This is why we started working on the compatibility of ARCA Trusted OS with VMware hypervisor in 2023. Presently, all security measures offered by ARCA Trusted OS are active on VMware hypervisor apart from the ones related to AMD SEV-SNP feature. The next step for CYSEC is to make ARCA Trusted OS run in confidential VMs deployed on VMware.

 

Achievement 3: CYSEC implemented a POC of its protocol of attestation of confidential VMs. This protocol exploits the attestation reports provided by the AMD SEV-SNP feature to attest that a VM with ARCA Trusted OS as guest OS is launched in a Confidential Computing context and with the authorized pieces of code. This POC has been implemented on the hypervisor QEMU/KVM. An explanation of our attestation VM launch protocol can be found in a dedicated blog. The next step for CYSEC is to enlarge the functionalities of our present POC and to improve the user experience.

 

In 2024, CYSEC will continue to enlarge its portfolio of confidential computing-based solutions dedicated to the isolation of VMs with respect to the hypervisor. This evolution will impact CYSEC offering for both the private clouds and the public clouds.

 

If you want to try ARCA Trusted OS, please go to our free trial page or send an email to info@cysec.com.

The SYNAPSE PROJECT
A leading space actors collaboration

A snapshot of the collaborative SYNAPSE project between CYSEC and Lookup Space. The contributor list to this project  includes Thales as subcontractor too. The aim of this project is to implement a platform for Space Safety and Security. CYSEC brings its expertise in cybersecurity to harden the platform.

 

Lookup Space is a French startup providing Space Safety and Security data & services. Their services are based on a dedicated, sovereign and secure solution including a sensor network and data processing capabilities. Lookup Space showcased the first version of its platform, called SYNAPSE, in Bremen at the Space Tech Expo Europe. This platform is a multi-source digital data fusion platform, which references over 56,000 orbital objects. Potential collisions between two objects, even as small as 10 cm, can be anticipated to protect the space assets in orbit. 

 

SYNAPSE is not just a platform, it is also a project. The SYNAPSE project is a collaborative project between Lookup Space and CYSEC that is partially funded by France 2030. Lookup Space is in charge of the design and implementation of the SYNAPSE platform, whereas CYSEC brings its cybersecurity expertise to harden the platform. Thales, as a subcontractor, is the third contributor to this collaborative project. It brings its expertise in Kubernetes distribution for big data to support Lookup Space services. 

 

The SYNAPSE project started in January 2023 and will last for 30 months. Within this time period, CYSEC will harden the heart of the system by fine tuning  its hardened Operating System hosting a Thales Kubernetes distribution, called KAST. Moreover, CYSEC will develop a solution of protection of data in-use based on Confidential Computing that can address two use-cases of the SYNAPSE project. These use-cases are not well defined presently, however one will be related to the topic of sovereign cloud and the second one to protection of Lookup Space Intellectual Property while deployed in untrusted third party infrastructure.   

ARCA Trusted OS for Raspberry Pi 4B -
Learn about CYSEC design choices and security maintenance processes

To extend their business, more and more organizations wish to deploy applications on remote and small edge devices at scale. Several organizations choose to execute containerized applications on Raspberry Pi 4B to implement this extension. Discover in CYSEC technical whitepaper what ARCA Trusted OS for Raspberry Pi 4B offers to protect your containers executed on remote Raspberry Pi boards.

With the democratization of edge technologies, companies are now deploying edge computing solutions for multi-purposes, broadening the number of their tasks. These solutions are sometimes pretty complex, as e.g. in the case of the use of (ex. AI/ML) algorithms. A way to handle the versatility and adaptability of these edge solutions is to adopt container based technology. A technology that definitely helps to cope with the necessary agility and scalability required by the use of these solutions. The consequence is an extension of the IT perimeter to the edge, far beyond the traditional company data center or cloud. This exposes the IT environment to new challenges and cyber threats with risk to deeply damage the company business.

 

This IT expansion can go pretty far in the edge where energy consumption and size are critical factors. In these cases, organizations rely on small computing boards that are based on processors with ARM-architecture in most of the cases. Among the commercial ARM-based small computing boards, Raspberry Pi 4B is a well adopted board by the industry for prototyping but also for production (especially in small and medium size companies). This board is pretty small but with powerful computation capacities. Robust and low-cost, it is a good candidate for industrial applications. Nevertheless, when a Raspberry Pi 4B board is deployed in the field with a limited physical protection, it is better to shield your system by choosing a hardened Operating System.

 

ARCA Trusted OS for Raspberry Pi 4B is a hardened Linux-based micro distribution designed to only execute containerized applications. ARCA Trusted OS has been designed:

  1. To reduce the possibility of exploitation of potential vulnerabilities,
  2. To ensure the trustworthiness of the infrastructure hosting and running containers in the edge,
  3. To protect data stored in SD cards of remote devices and data communications within edge networks,
  4. To keep container infrastructures up-to-date and secure in time.

 

A more detailed description of the technical design of ARCA Trusted OS for Raspberry Pi 4B can be found in the technical whitepaper attached to this blog. Furthermore, this technical whitepaper describes the internal processes that CYSEC has in place to provide security maintenance of ARCA Trusted OS for Raspberry Pi 4B in a timely manner.

Unlocking the Potential of Remote Attestation: The Future of Trust and Security in a Connected World

Acronyms

CA : Certificate Authority
IoT : Internet of Things
RA : Remote Attestation
TEE : Trusted Execution Environment

Context

The increasing prevalence of network-connected devices and the rise of the Internet of Things (IoT) have led to an urgent need for security mechanisms that can detect and protect against unauthorized access and data breaches.

Remote Attestation (RA) is a technique that has emerged as a promising solution for addressing these security concerns. RA provides a way to measure and verify the integrity of devices that are connected to a network, enabling organizations to identify and prevent security threats such as malware infections, data breaches, and unauthorized access.

CYSEC is currently tackling this topic within the the FLUIDOS project (HORIZON-CL4-2021-DATA-01), which aims to leverage the enormous, unused processing capacity at the edge, scattered across heterogeneous edge devices that struggle
to integrate with each other and to coherently form a seamless computing continuum.

This article provides an overview of RA, a short description of the process, and some of the types of measurements used. We then examine the different use cases and applications for RA, including how it can be used to detect and prevent security threats. We provide specific examples of how RA can be used in real-world scenarios, such as protecting industrial control systems from cyberattacks and ensuring the security of cloud-based applications.

1. What is Remote Attestation?

RA is a security mechanism that allows a remote device to prove its identity and integrity to a remote party, this can help establish trust between two devices and ensure that they are communicating securely. (1)

In a typical RA scenario, the remote device, such as a computer or mobile device, generates a statement of its current state, or “attestation,” using a combination of hardware and software-based measurements. This attestation includes information about the device’s identity, firmware, software, and other system attributes. The attestation statement is then signed by a trusted authority, such as a certificate authority (CA), to ensure its authenticity.

The attestation statement can be sent to a remote party, such as a server or a network administrator, who can use it to verify the device’s identity and integrity. This can help detect and prevent unauthorized access, malware infections, or other security threats.

RA is commonly used in industries such as cloud computing, the Internet of Things (IoT), and critical network infrastructure to establish trust between devices and ensure secure communication.

1.1. Static vs Dynamic Remote Attestation

Static and dynamic remote attestation are two different approaches to remote attestation, which differ in the types of measurements they use and when they are performed.

Static remote attestation is a form of RA that involves measuring the software and firmware’s integrity on a device at a fixed point in time, typically during boot-up or system initialization. The measurements taken during this process are
compared to a known set of values or a predefined policy, and an attestation statement is generated based on the comparison results. This statement can then be used to verify the device’s identity and integrity. Static RA is a one-time process
that provides a snapshot of the device’s state, and it cannot detect any changes that may occur after the measurements have been taken.

Dynamic remote attestation involves continuously monitoring the device’s state over time, using a combination of software and hardware-based measurements. These measurements are taken at various points during the device’s operation, and any deviations from a predefined policy or expected behavior are detected and reported. Dynamic RA provides a more real-time view of the device’s state and can detect any changes that may occur during its operation.

2. Process description

In RA procedures, one entity (Attester) produces information about itself (Evidence) to enable a remote entity (Relying Party) to decide whether or not to consider the Attester a trustworthy entity. RA procedures are facilitated by an additional entity (Verifier), which evaluates the Evidence through policies and creates the Attestation Results to support Relying Parties in their decision process.
Figure 1 shows an overview of the generic RA process, independent of protocol or use case (2).

In this model, the Attester conveys Evidence to a Verifier, which compares the Evidence against its Appraisal Policy, if there are no processing errors, the Verifier then gives back an Attestation Result. If the Attestation Result was a successful one, the Attester can then present the Attestation Result to a Relying Party, which then compares the Attestation Result against its own Appraisal Policy.

3. Measurement Types

There are different types of measurements used in RA, including software-based, hardware-based, and hybrid measurements. The measurements used in RA depend on the specific attestation mechanism used, but in general, they can include the following types of measurements:

  • Static Measurements: These are measurements of the software binary or executable code that are taken before the software is executed. Examples of static measurements include hash values of the code, digital signatures, and cryptographic checksums.
  • Dynamic Measurements: These are measurements of the behavior of the software as it is executing. Examples of dynamic measurements include system call traces, memory usage, and network traffic.
  • Configuration Measurements: These are measurements of the system’s configuration, such as the version of the operating system, installed software, and hardware specifications.
  • Environmental Measurements: These are measurements of the environment in which the software is running, such as the network conditions and the presence of other devices on the network.
  • Signed Measurements: These are digital signatures that are applied to a measurement of a system or software component. The measurement might be a hash value or some other form of digital fingerprint that uniquely identifies the component or system. The digital signature is typically generated by a trusted authority, such as a CA or a manufacturer of trusted hardware, and is used to verify the authenticity and integrity of the measurement.

4. Use cases and real world scenarios

RA has a variety of use cases and applications in different domains, such as cloud computing, Internet of Things (IoT), supply chain security, and network security. Following are some examples of use cases and applications for RA, including examples of real world scenarios.

4.1 Cloud Computing: RA can be used to establish trust between cloud service providers and their clients, by verifying the identity and integrity of the cloud infrastructures, like virtual machines (VMs), and software applications running on it. RA can also help prevent unauthorized access to cloud resources and ensure compliance with security policies (3). One specific area where RA can significantly impact cloud security is in the context of confidential computing, which leverages Trusted Execution Environments (TEEs).
At a minimum, RA in cloud computing should provide a cryptographic proof that consists of:

  • A measurement/hash that attests to the integrity of the software loaded into the TEE. This measurement ensures that the code and data within the TEE have not been tampered with, thereby safeguarding the confidentiality of sensitive information.
  • A cryptographic signature over the hash, which attests to the fact that the cloud’s TEE hardware used is genuine, and non-revoked. This step provides assurance that the TEE, which operates in a secure and isolated manner, remains free from compromise.

Confidential Space by Google Cloud
In December 2022, Google announced the release of Confidential Space, a new solution that allows access control to sensitive data and secure collaboration. (4)
Confidential Space leverages TEEs to give data contributors control over how their data is used and who can access it. The system has three main components:

  • Workload: a containerized image with hardened OS running in a cloud-based TEE. Here Confidential Computing can be used as the TEE offering hardware isolation and remote attestation capabilities.
  • Attestation Service: an OpenID Connect token provider which verifies the attestation quotes for the TEE and releases authentication tokens.
  • Cloud Key Management Service: a managed cloud resource protected by an allow polity granting access to authorized identity tokens.

Below is an overview of the overall workflow.

Real world scenario of RA in Cloud Computing
The web hosting company GoDaddy suffered its third data breach in three years that resulted in the compromise of the login credentials of over 28,000 customers (May 2020), theft of the source code for Managed WordPress servers (November 2021), and malware installation on GoDaddy’s cPanel hosting servers (December 2022). (5)

One way that RA could have helped prevent the breaches is by providing an additional layer of security to verify the identity of the user and the integrity of the device accessing the cloud application. By using RA to verify that the user’s device is running trusted software and has not been compromised by malware or other security threats, cloud service providers can reduce the risk of credential stuffing attacks and other types of cyberattacks that rely on compromised endpoints.

In addition, remote attestation can help ensure that cloud applications are running in a secure and trusted environment, protecting against threats such as unauthorized access, data exploitation, and malware infections.

4.2 Internet of Things (IoT): One fundamental IoT security component is making sure devices and services have trusted identities that can interact within secure ecosystems. RA can be used to establish trust between IoT devices and their service providers, by verifying the identity and integrity of the devices and software running on them. RA can also help detect the presence of malware in a remote untrusted IoT device, which typically has to stop its regular operations to perform the computations. This process will however consume the battery life of the device. To solve this problem, Remote Attestation as a Service (RAaS) comes into play. RAaS aims at checking the integrity of an untrusted device by performing the attestation computation on the cloud, allowing even a low-end IoT device to securely offload the attestation process to the cloud (6).

Real world scenario of RA in IoT
In 2017, the cybersecurity firm Armis discovered a set of vulnerabilities in Bluetooth-enabled IoT devices that enabled attackers to take over the devices remotely. The vulnerabilities, collectively known as “BlueBorne,” affected over 5 billion devices worldwide, including smartphones, laptops, and smart home devices (7). To protect against BlueBorne and similar attacks, Armis developed a remote attestation system called “Armis Trust,” which uses machine learning algorithms to detect anomalous behavior in IoT devices and trigger remediation actions in real-time.
The Armis Trust system works by monitoring the behavior of IoT devices and generating an attestation report that summarizes the device’s behavior and security posture. The report is then compared to a set of policies that define acceptable behavior for the device. If the device is found to be in compliance with the policies, it is allowed to continue operating. If the device is found to be non-compliant, the system can quarantine the device or trigger remediation actions, such as firmware updates or security patches. By using RA to monitor the behavior of IoT devices in real-time, the Armis Trust system can detect and prevent attacks that exploit vulnerabilities in the devices’ software and firmware.

4.3 Industrial Control Systems (ICS) Security: RA can be used to secure ICS by ensuring that the software running on ICS devices has not been tampered with and is up to date. For example, in a power plant, RA can be used to verify that the control systems are running the latest firmware and that they have not been compromised by malware. This can help prevent cyberattacks on ICS and ensure the safe and reliable operation of critical infrastructure.

Real World Scenario of RA in ICS Security
In 2021, the Colonial Pipeline, which supplies fuel to much of the eastern United States, was hit by a ransomware attack that caused the company to shut down its operations. The attack was successful because the attackers were able to gain access to the company’s IT systems, which were connected to the industrial control systems that manage the pipeline’s operations (8).
RA can be used to prevent attacks like the one that targeted the Colonial Pipeline by verifying the integrity of the control systems in industrial environments. By measuring the state of the control systems and comparing these measurements to known trusted measurements, RA can detect any unauthorized modifications to the systems that could indicate an attack. This can help prevent the kind of damage that could result from a successful cyberattack on industrial control systems.
RA can be an important tool for protecting critical infrastructure from cyberattacks, ensuring the safe and reliable operation of industrial control systems in the face of evolving threats.

4.4 Confidential Computing (CC): There isn’t confidential computing without attestation. For example, if we want to deploy applications using CC on a public cloud, we need to take advantage of an attestation measurement, provided by TEE capabilities. But doing a cryptographic check of an attestation measurement is tricky, that’s why RA is needed, a service running on a different machine which can be trusted to validate the attestation and stop execution if it fails (9).

Real world scenario of RA in CC
One use case for confidential computing is in financial services, where sensitive customer data such as financial transactions and personal information must be kept secure. RA can be used to verify the integrity of the hardware and software running in a confidential computing environment, ensuring that the sensitive data is protected from unauthorized access and tampering.
For example, Microsoft Azure offers a confidential computing platform called Azure Confidential Computing, which uses Intel SGX technology to protect sensitive workloads. Here, RA is used to verify the integrity of the hardware and software running on the SGX-enabled processors, ensuring that the confidential data is protected from cyberattacks. (10)
By implementing RA, financial services organizations can provide a higher level of security for their customers’ sensitive data, reducing the risk of data breaches and cyberattacks.

4.5 Network Security: RA can be used to establish trust between network endpoints, by verifying the identity and integrity of the endpoints and the software running on them. RA can also help prevent unauthorized access and malicious attacks on network resources and ensure compliance with security policies. Network operators want trustworthy reports that include identity and version information about the hardware and software on the machines attached to their network. Typically, a solution starts with a specific component (referred to as a “root of trust”) that often provides a trustworthy device identity and performs a series of operations that enables trustworthiness appraisals for other components. Such components perform operations that help determine the trustworthiness of yet other components by collecting, protecting, or signing measurements (2).

Real world scenario of RA in Network Security
An example of a cyberattack in network security that could have potentially been prevented with RA is the SolarWinds supply chain attack that was discovered in December 2020 (11). The attack involved a sophisticated compromise of the SolarWinds Orion software, which is widely used for network management by thousands of enterprises and government agencies worldwide. The attackers were able to insert malicious code into the software during its development process, which then spread to numerous organizations that used the software.
RA could have potentially helped detect the malicious code in the SolarWinds software by measuring the integrity of the software during its development and deployment. By verifying the integrity of the software at various stages, RA could have alerted organizations to the presence of the malicious code and prevented its spread to other parts of the network. While RA is not a foolproof solution and cannot prevent all types of cyberattacks, it can be a valuable tool for detecting and mitigating threats in network security.

5. Conclusion

In conclusion, remote attestation is a powerful security technology that enables the verification of the identity and integrity of remote devices and systems. By providing a way to measure and verify the trustworthiness of endpoints and cloud infrastructure, RA can help organizations detect and prevent a wide range of cyberattacks, including unauthorized access, malware infections, and data breaches.
As the threat landscape continues to evolve, RA will become an increasingly important tool for ensuring the security and trustworthiness of remote devices and cloud infrastructure. By adopting RA and other advanced security technologies, organizations can help mitigate the risks of cyberattacks and protect their sensitive data and assets.

Protect your sovereign cloud with CYSEC solutions

Sovereign cloud is emerging as a preferred choice for many organizations to run their critical activities due to the evolution of data governmental law enforcements. Confidential computing is identified as one of the technologies required in the implementation of sovereign clouds. CYSEC offers a confidential computing-based solution of protection of VMs deployed on untrusted clouds. CYSEC offering can help you to quickly adopt confidential computing in your cloud sovereignty journey.

Sovereign clouds are becoming more and more important for public and private organizations due to recent geopolitical events forcing industry and regulators to strengthen their security standards. As described in Deloitte whitepaper on cloud sovereignty, this concept covers a broad set of aspects of data protection and controls. Within the large toolbox that organizations need to exploit to implement cloud sovereignty, Deloitte has identified confidential computing as one of the technologies allowing a better control on data sovereignty by limiting the need for agreements with third parties.

The confidential computing protects the data in-use, i.e. while data is stored in volatile memories. The protection of data in-use comes as a complementary protection with respect to the protections of data at rest (stored in persistent storage such as database) and of data in transit between nodes. The aim of confidential computing is to protect data of one data owner with respect to other shareholders executing code on the same processing unit, including the host in the case of a shared infrastructure. The activation of confidential computing is requested by a data owner to its host. This technology comes with a cryptographic attestation capability that allows the owner to verify the activation of data in-use protection and the integrity of its code. As described in a recent blog from Paul O’Neill (Intel), confidential computing provides a technical solution in several use-cases of data sovereignty going from the sensitive intellectual property, such as AI, in untrusted cloud infrastructure to the secure collaboration between untrusted parties.

On top of CYSEC’s ARCA Trusted OS, a Linux-based micro distribution hardened operating system designed to create trusted computing based for sensitive applications, CYSEC is working on a solution aiming at addressing one use-case related to sovereign clouds: the protection of the data of a VM with respect to its cloud host. This solution is deployed on a IaaS and provides hardware-based cryptographic isolation between the team operating the infrastructure service and the team running business services on top of it. This provides one of the technical bricks needed by organizations that want to implement sovereign clouds.

CYSEC solution consists in the combination of encryption of data in-use and data at rest with keys that are not accessible by the host. Furthermore, CYSEC offers the verification of the integrity of the OS at boot time from remote to assess the trustworthiness of the execution environment in which applications run. Therefore, the host cannot get access to the user data by directly reading the memories where it is stored nor by tampering with the OS. For more technical information about what CYSEC develops, you can read our blog on our attested VM launch protocol

A major benefit of combining ARCA Trusted OS with CYSEC’ s attested VM launch protocol is to dramatically reduce the hardware root of trust to its bare minimum: the CPU. This opens new perspectives in terms of decoupling the infrastructure from the trusted environment where companies operate. If you have any questions on or want to test our confidential computing solution for the protection of a VM in untrusted clouds, please contact us at info@cysec.com.

  

A technical deep dive in the secure boot of ARCA Trusted OS for Raspberry Pi 4B

ARCA Trusted OS is an Operating System (OS) that can run on Raspberry Pi 4B.

ARCA Trusted OS is an Operating System (OS) that can run on Raspberry Pi B. This hardened OS includes a secure boot to authenticate and verify the integrity of the system at each boot. CYSEC engineers produced a video to explain how this secure boot works and against which attacks it protects the system. 

ARCA Trusted OS for Raspberry Pi 4B is a hardened Linux-based miro-distribution to run containerized applications. One of the security features integrated in ARCA Trusted OS is a complete secure boot chain to authenticate and check the integrity of the system at each boot time.

Secure boot is a security standard to ensure that a device boots using only software that is trusted. When this device starts, it checks the signature of each piece of software which constitutes the different boot stages: firmware, bootloader, Linux kernel and so on. If the signatures are valid, the device boots, and gives control to the Linux operating system. In the opposite case, ARCA Trusted OS crashes. That way, CYSEC ensures that the device won’t boot with malicious software instead of original ones.

In addition to a secure boot, ARCA Trusted OS for Raspberry Pi 4B also includes a by-default full disk encryption mechanism protecting the user data, an encryption key stored in a hardware-based secure storage and an A/B scheme. These four security mechanisms are linked to ensure that the user data cannot be compromised by altering the OS. Furthermore, if the alteration of the OS happens, the system has some mechanisms to try to recover autonomously.

If you want to have a technical explanation of the secure boot mechanism of ARCA Trusted OS, you can watch this video made by engineers for engineers.

ESA PUSH : (PROGRAMME FOR USERBASE ENHANCEMENT)
THEME 1: SATELLITE AS A SERVICE WITH ARCA SATLINK

DO YOU WANT TO SECURE YOUR TMTC SPACE ARCHITECTURE WITH OFF-THE-SHELF COMPONENTS?

Objectives

Do you want to use satellite services for your business and in particular security services? We are providing these services for companies with innovative ideas to boost commercialization for a green and digital Europe. 

Background

CYSEC is a European cybersecurity company providing innovative software products to protect critical infrastructures on ground and in space.

ARCA SATLINK is the first implementation of the SDLS (Space Data Link Security) Protocol published by the CCSDS (Consultative Committee for Space Data Systems). This protocol defines cryptographic and key management functions to ensure confidentiality and integrity of ground-space data links (TMTC and/or payload data). 

ARCA SATLINK is an end-to-end software strictly based on the SDLS protocol with a space and a ground component.

Thanks to this programme, CYSEC is offering to adapt and support all integration and testing activities of ARCA SATLINK on ground and/or on board.

ARCA SATLINK targets the Satellite as a Service ecosystem and specifically: 

  • Satellite as a service providers, i.e. companies offering to fly payloads for clients: ARCA SATLINK can help them secure their own satellite communications (TMTC link) but also the payload data uplink and downlink
  • Satellite as a service users: ARCA SATLINK allows Zero-trust architecture
  • Satellite as a service sub-system providers, i.e. companies providing products and/or services to satellite as a service providers or customers, such as On-Board Computer manufacturers, communication transponders manufacturers, flight software providers, etc

What do we offer?

In this competition, we offer free of charge the tailoring and testing of our end-to-end authentication and encryption solution of the satellite link on your specific architecture, in space and on the ground. 

ARCA SATLINK product consists of a pair of cryptographic libraries: one to be deployed on the ground, while the other to be deployed on a satellite’s On-Board Computer (OBC) or communication subsystem. 

ARCA SATLINK Space is a flight SDLS Library that aims to help satellite integrators facilitate and accelerate the implementation of a secure end-to-end communication link compliant with the CCSDS Space Data Link Security (SDLS) standard. The space library exposes all  procedures described in the SDLS standard in order to secure frames and thus the datalink.

ARCA SATLINK Ground provides the same function described in the SDLS standard to secure downlink and uplink frames from and to the satellite end-point. It can be provided as a library or as a service, executed on premise or on the cloud. 

These two ARCA STALINK components will ensure the basic functions of the CCSDS SDLS Protocol that is to say Apply Security and Process Security. These functions are the ones authenticating and encrypting your frames accordingly with the algorithm of your choice. 

What is not included in this competition, even though it is already supported in our solution, is the extended procedures for keys and security associations management, over-the-air-rekeying (OTAR) as well as monitoring and controlling services. 

The usage of ARCA SATLINK to secure TMTC and payload data brings forth a range of substantial benefits:

  • End-to-end Security: ARCA SATLINK protects satellite communications end-to-end, preventing eavesdropping of critical data, mission control impersonation by a malicious operator, replay attacks, etc.
  • Easy integration: ARCA SATLINK has been designed to be integrated and operated by clients with no or very little expertise in cybersecurity and cryptography. Its “dummy-proof” cryptographic service and library offers a user-friendly API which prevents any mistakes in the implementation of cryptographic operations.
  • Compliance with customer requirements: Nowadays, satellite operators are more and more often required to comply with security requirements and/or national or international regulations, imposing some cyber protection of critical data like encryption and authentication of TMTC and payload data.
  • Based on standards: ARCA SATLINK is a proprietary implementation of the CCSDS SDLS and SDLS-EP standards leveraging well-known cryptographic primitives.

Who shall apply? 

This campaign is meant for every company or organization who intends to use satellite technology and services to improve their business. Within this campaign, ESA is promoting the use of satellite and security services and products to companies without the knowledge and infrastructure to do so. The intention is to boost commercialization of the mentioned services for innovative projects and ideas in line with ESAs Agenda 2025.

Companies and organizations that meet the technical requirements and want to use this product to improve their business are recommended to apply for this campaign. 

Eligibility Criteria:

  • The Applicant must be a juridical entity, registered in one of the ESA Member States, or one of the ESA Associate Members or Canada.
  • The applicants must comply with the following key acceptance factors:
    • Communication Protocol: The space-ground communication shall apply to the CCSDS standards
    • Access to CCSDS Frames: Users should have access to CCSDS frames that they intend to protect using ARCA Satlink. This may involve receiving, transmitting, or processing CCSDS frames within their specific application or system.
    • Processor: The SW Library can be deployed on several types of processors as long as the client can provide the compilation toolchain. Otherwise an ARM architecture is preferred. 
    • Memory: 1MB RAM to run the library and a Non-Volatile Memory (NVM) of up to 1 MB minimum required for file storage. (these are orders of magnitude)
    • Permissions: Users should have appropriate permissions to install and run software on the target ARM-based system.
    • Development Tools: Users may need development tools and libraries for building and linking applications with the cryptographic library. This includes a C compiler (e.g., GCC), make utility, and development headers.

What do you need to submit? 

The submission if a form where you will have to concisely describe, through a list of precise questions :

  1. Your administrative details and your idea abstract for using ARCA SATLINK
  2. The technical details which will help us understand the scope of development needed to integrate both space and ground components on your architecture. 
  3. The incentives that bring you to integrate security in your architecture and the role that security plays in your commercial perspective
  4. Your roadmap, which will help us vision your timeline to effectively deploy secured satellite links 

Process 

Step 1: Call for ideas: Launch of the competition happened on the 15th of November.

Step 2: Application & discussion phase: Companies and organization can apply by submitting their idea on OSIP until the 6th of December at midnight. Within this timeline there can be a discussion with the applying company/ organization to iterate the application and clarify open questions before the submission. 

Phase 2: Eligibility assessment and evaluation phase: The highest ranked applicants in each theme will be selected and the contract shall be signed by the 13th of December.

Phase 3: Project executing phase: The project will start with a phase of alignment defining the use-case and analysing your specific requirements and architecture. Depending on your schedule and the effort needed to adjust to your architecture, the phase of deployment and delivery will happen between February and June 2024. In June the objective is to have finalised all the performance tests of ARCA SATLINK on your architecture. We will only have to do maintenance and updates if you decide to continue onwards with our solution. 

All the different steps of the competition and project execution phase are summarised in the timeline below.

Evaluation criteria 

Following submission and eligibility assessment, ESA and CYSEC will evaluate the submissions against the below listed evaluation criteria. Applications will only be evaluated if they meet the above listed eligibility criteria.

ESA intends to provide these services to the highest ranked applicants in each theme covering the following selection criteria: 

  • [50%] FEASIBILITY of the idea with respect to the foreseen resources and technical requirements. Can the idea realistically be implemented under the initiative, both in time and within the available resources? Does your team have the adequate background for the proposed idea, does it balance all relevant profiles from technical, business, project standpoints?
  • [40%] IMPACT of the idea on our and the client companies businesses (based on the potential and the business opportunity). For the client, is the idea of a high potential to improve its offer thanks to the additional security? Does it highly affect the potential growth of the company? Is the solution scalable on their products and within their roadmap? For CYSEC, is our product easily scalable on the client’s product?  Is the proposed product likely to be accessed also after the initiative? Is the client’s roadmap aligned with ours ? 
  • [10%] RELEVANCE of the idea and alignment with Agenda 2025. Is the idea aligned with one or more of the five priorities described in the Agenda 2025, can on easily identify the priority supported by the idea?