Feeds

Unisys gets 'stealthy' with secure virtual terminal

Military-grade encryption on a USB stick

Build a business case: developing custom apps

Rich people and public sector workers can now get the kind of network security that used to be reserved for military organizations.

Unisys is known mostly for its ClearPath mainframes and various outsourcing and other services that it sells to financial, transportation, and retail companies and various governments that buy its gear. But the company has been trying to leverage a set of network encryption technologies called Stealth – which was originally created for system security contracts with the US Department of Defense and NATO – and turn it into a new software product or service.

Unisys has talked about Stealth before, launching an appliance using the data encryption technology created for the military to secure the networks and storage used on public clouds back in July 2009. A few months later, in November 2009, the company debuted a version of the Stealth appliance to secure private clouds.

And now, Unisys is embedding Stealth network security in a USB stick that will allow anyone to plug this USB stick into any machine and access a set of application interfaces and networks addresses burned onto the stick – and do so over any network, including public ones, and do so securely.

Unisys, working with partner Security First, which created a program called SecureParser, which adds two layers of encryption and some packet obfuscation to data that is transmitted over a network – data in flight – or stored on a disk or flash drive – data at rest. The Stealth algorithms created by Unisys and Security First employ a technique called cryptographic bit splitting, which randomly breaks data down into bites, bytes, or blocks and then encrypts it as it is passed around the network or stored on media.

These chunks of data are parsed with one security key, and then the packets are wrapped up in AES-256 encryption using a different security key. The result is that even if you do deep packet inspection on data in flight, you can't figure out how to reassemble it into its original form unless you know how the SecureParser works and have its key.

The Stealth encryption and obfuscation is the result of an RFP that Unisys participated in back in 2005 with the DoD, Mark Feverston, vice president of data security solutions at Unisys, tells El Reg. This RFP called for security to be managed by person or device, not by location on the network; had to run with applications unchanged; had to be maintained by people in the field; and it also had to be able to be run over public, private, and military networks – including enemy networks if it came to that.

The Stealth Secure Virtual Terminal (SSVT) USB stick is a device that complies with the US government's FIPS-140 security standard for hardening electronic devices. It self-destructs (electronically, not explosively) if you try to tamper with it. The USB stick has three parts. The first is a custom ASIC that has been etched to run the Stealth cryptographic bit splitting algorithm.

Then there some ROM to hold encryption and bit-splitting keys as well as the custom splash screens and network IP addresses of the applications you want a user to be able to access once they plug into a machine that is attached to a network. There is a third chamber in the USB stick for an optional chunk of read/write flash memory, but Feverston says that a lot of customers don't want to enable this feature. The Feds certainly don't.

The SSVT USB stick has been rated at the EAL4+ Common Criteria security level so it can run on the NSA's networks and is qualified to handle classified and secret materials (but not yet top secret stuff). It blocks screen scraping, downloading, and other capabilities on a PC and really only lets end users access the screens of applications on a precise network that are enabled in the SSVT.

Once initial use case that Unisys is peddling the SSVT to is for banking, giving the USB stocks to wealthy clients or treasury departments at corporations that need better security than a password or RSA dongle can give. The Feds are also interested in using SSVT to enable teleworkers that handle sensitive material.

Unisys will sell you the hardware and software stack to manage the Stealth network protection and burn you some USBs for your applications; it costs on the order of a half million dollars to set it up for 1,000 users, according to Feverston. Or you can run it as a service for $40 per user per month and let Unisys manage the Stealth encryption. You can't use any of the Stealth tools in countries where the State Department has instituted export controls in retaliation for sponsoring terrorism or trafficking arms. ®

The essential guide to IT transformation

More from The Register

next story
Rupert Murdoch says Google is worse than the NSA
Mr Burns vs. The Chocolate Factory, round three!
e-Borders fiasco: Brits stung for £224m after US IT giant sues UK govt
Defeat to Raytheon branded 'catastrophic result'
Germany 'accidentally' snooped on John Kerry and Hillary Clinton
Dragnet surveillance picks up EVERYTHING, USA, m'kay?
Snowden on NSA's MonsterMind TERROR: It may trigger cyberwar
Plus: Syria's internet going down? That was a US cock-up
Who needs hackers? 'Password1' opens a third of all biz doors
GPU-powered pen test yields more bad news about defences and passwords
Think crypto hides you from spooks on Facebook? THINK AGAIN
Traffic fingerprints reveal all, say boffins
Microsoft cries UNINSTALL in the wake of Blue Screens of Death™
Cache crash causes contained choloric calamity
prev story

Whitepapers

Endpoint data privacy in the cloud is easier than you think
Innovations in encryption and storage resolve issues of data privacy and key requirements for companies to look for in a solution.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Solving today's distributed Big Data backup challenges
Enable IT efficiency and allow a firm to access and reuse corporate information for competitive advantage, ultimately changing business outcomes.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.