Feeds

Unisys gets 'stealthy' with secure virtual terminal

Military-grade encryption on a USB stick

Top 5 reasons to deploy VMware with Tegile

Rich people and public sector workers can now get the kind of network security that used to be reserved for military organizations.

Unisys is known mostly for its ClearPath mainframes and various outsourcing and other services that it sells to financial, transportation, and retail companies and various governments that buy its gear. But the company has been trying to leverage a set of network encryption technologies called Stealth – which was originally created for system security contracts with the US Department of Defense and NATO – and turn it into a new software product or service.

Unisys has talked about Stealth before, launching an appliance using the data encryption technology created for the military to secure the networks and storage used on public clouds back in July 2009. A few months later, in November 2009, the company debuted a version of the Stealth appliance to secure private clouds.

And now, Unisys is embedding Stealth network security in a USB stick that will allow anyone to plug this USB stick into any machine and access a set of application interfaces and networks addresses burned onto the stick – and do so over any network, including public ones, and do so securely.

Unisys, working with partner Security First, which created a program called SecureParser, which adds two layers of encryption and some packet obfuscation to data that is transmitted over a network – data in flight – or stored on a disk or flash drive – data at rest. The Stealth algorithms created by Unisys and Security First employ a technique called cryptographic bit splitting, which randomly breaks data down into bites, bytes, or blocks and then encrypts it as it is passed around the network or stored on media.

These chunks of data are parsed with one security key, and then the packets are wrapped up in AES-256 encryption using a different security key. The result is that even if you do deep packet inspection on data in flight, you can't figure out how to reassemble it into its original form unless you know how the SecureParser works and have its key.

The Stealth encryption and obfuscation is the result of an RFP that Unisys participated in back in 2005 with the DoD, Mark Feverston, vice president of data security solutions at Unisys, tells El Reg. This RFP called for security to be managed by person or device, not by location on the network; had to run with applications unchanged; had to be maintained by people in the field; and it also had to be able to be run over public, private, and military networks – including enemy networks if it came to that.

The Stealth Secure Virtual Terminal (SSVT) USB stick is a device that complies with the US government's FIPS-140 security standard for hardening electronic devices. It self-destructs (electronically, not explosively) if you try to tamper with it. The USB stick has three parts. The first is a custom ASIC that has been etched to run the Stealth cryptographic bit splitting algorithm.

Then there some ROM to hold encryption and bit-splitting keys as well as the custom splash screens and network IP addresses of the applications you want a user to be able to access once they plug into a machine that is attached to a network. There is a third chamber in the USB stick for an optional chunk of read/write flash memory, but Feverston says that a lot of customers don't want to enable this feature. The Feds certainly don't.

The SSVT USB stick has been rated at the EAL4+ Common Criteria security level so it can run on the NSA's networks and is qualified to handle classified and secret materials (but not yet top secret stuff). It blocks screen scraping, downloading, and other capabilities on a PC and really only lets end users access the screens of applications on a precise network that are enabled in the SSVT.

Once initial use case that Unisys is peddling the SSVT to is for banking, giving the USB stocks to wealthy clients or treasury departments at corporations that need better security than a password or RSA dongle can give. The Feds are also interested in using SSVT to enable teleworkers that handle sensitive material.

Unisys will sell you the hardware and software stack to manage the Stealth network protection and burn you some USBs for your applications; it costs on the order of a half million dollars to set it up for 1,000 users, according to Feverston. Or you can run it as a service for $40 per user per month and let Unisys manage the Stealth encryption. You can't use any of the Stealth tools in countries where the State Department has instituted export controls in retaliation for sponsoring terrorism or trafficking arms. ®

Internet Security Threat Report 2014

More from The Register

next story
'Kim Kardashian snaps naked selfies with a BLACKBERRY'. *Twitterati gasps*
More alleged private, nude celeb pics appear online
Home Depot ignored staff warnings of security fail laundry list
'Just use cash', former security staffer warns friends
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
UK.gov lobs another fistful of change at SME infosec nightmares
Senior Lib Dem in 'trying to be relevant' shocker. It's only taxpayers' money, after all
Who.is does the Harlem Shake
Blame it on LOLing XSS terroristas
Snowden, Dotcom, throw bombs into NZ election campaign
Claim of tapped undersea cable refuted by Kiwi PM as Kim claims extradition plot
Freenode IRC users told to change passwords after securo-breach
Miscreants probably got in, you guys know the drill by now
THREE QUARTERS of Android mobes open to web page spy bug
Metasploit module gobbles KitKat SOP slop
BitTorrent's peer-to-peer chat app Bleep goes live as public alpha
A good day for privacy as invisble.im also reveals its approach to untraceable chats
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.