Feeds

Unisys gets 'stealthy' with secure virtual terminal

Military-grade encryption on a USB stick

Beginner's guide to SSL certificates

Rich people and public sector workers can now get the kind of network security that used to be reserved for military organizations.

Unisys is known mostly for its ClearPath mainframes and various outsourcing and other services that it sells to financial, transportation, and retail companies and various governments that buy its gear. But the company has been trying to leverage a set of network encryption technologies called Stealth – which was originally created for system security contracts with the US Department of Defense and NATO – and turn it into a new software product or service.

Unisys has talked about Stealth before, launching an appliance using the data encryption technology created for the military to secure the networks and storage used on public clouds back in July 2009. A few months later, in November 2009, the company debuted a version of the Stealth appliance to secure private clouds.

And now, Unisys is embedding Stealth network security in a USB stick that will allow anyone to plug this USB stick into any machine and access a set of application interfaces and networks addresses burned onto the stick – and do so over any network, including public ones, and do so securely.

Unisys, working with partner Security First, which created a program called SecureParser, which adds two layers of encryption and some packet obfuscation to data that is transmitted over a network – data in flight – or stored on a disk or flash drive – data at rest. The Stealth algorithms created by Unisys and Security First employ a technique called cryptographic bit splitting, which randomly breaks data down into bites, bytes, or blocks and then encrypts it as it is passed around the network or stored on media.

These chunks of data are parsed with one security key, and then the packets are wrapped up in AES-256 encryption using a different security key. The result is that even if you do deep packet inspection on data in flight, you can't figure out how to reassemble it into its original form unless you know how the SecureParser works and have its key.

The Stealth encryption and obfuscation is the result of an RFP that Unisys participated in back in 2005 with the DoD, Mark Feverston, vice president of data security solutions at Unisys, tells El Reg. This RFP called for security to be managed by person or device, not by location on the network; had to run with applications unchanged; had to be maintained by people in the field; and it also had to be able to be run over public, private, and military networks – including enemy networks if it came to that.

The Stealth Secure Virtual Terminal (SSVT) USB stick is a device that complies with the US government's FIPS-140 security standard for hardening electronic devices. It self-destructs (electronically, not explosively) if you try to tamper with it. The USB stick has three parts. The first is a custom ASIC that has been etched to run the Stealth cryptographic bit splitting algorithm.

Then there some ROM to hold encryption and bit-splitting keys as well as the custom splash screens and network IP addresses of the applications you want a user to be able to access once they plug into a machine that is attached to a network. There is a third chamber in the USB stick for an optional chunk of read/write flash memory, but Feverston says that a lot of customers don't want to enable this feature. The Feds certainly don't.

The SSVT USB stick has been rated at the EAL4+ Common Criteria security level so it can run on the NSA's networks and is qualified to handle classified and secret materials (but not yet top secret stuff). It blocks screen scraping, downloading, and other capabilities on a PC and really only lets end users access the screens of applications on a precise network that are enabled in the SSVT.

Once initial use case that Unisys is peddling the SSVT to is for banking, giving the USB stocks to wealthy clients or treasury departments at corporations that need better security than a password or RSA dongle can give. The Feds are also interested in using SSVT to enable teleworkers that handle sensitive material.

Unisys will sell you the hardware and software stack to manage the Stealth network protection and burn you some USBs for your applications; it costs on the order of a half million dollars to set it up for 1,000 users, according to Feverston. Or you can run it as a service for $40 per user per month and let Unisys manage the Stealth encryption. You can't use any of the Stealth tools in countries where the State Department has instituted export controls in retaliation for sponsoring terrorism or trafficking arms. ®

Choosing a cloud hosting partner with confidence

More from The Register

next story
SMASH the Bash bug! Apple and Red Hat scramble for patch batches
'Applying multiple security updates is extremely difficult'
Apple's new iPhone 6 vulnerable to last year's TouchID fingerprint hack
But unsophisticated thieves need not attempt this trick
Hackers thrash Bash Shellshock bug: World races to cover hole
Update your gear now to avoid early attacks hitting the web
Oracle SHELLSHOCKER - data titan lists unpatchables
Database kingpin lists 32 products that can't be patched (yet) as GNU fixes second vuln
Who.is does the Harlem Shake
Blame it on LOLing XSS terroristas
Researchers tell black hats: 'YOU'RE SOOO PREDICTABLE'
Want to register that domain? We're way ahead of you.
Stunned by Shellshock Bash bug? Patch all you can – or be punished
UK data watchdog rolls up its sleeves, polishes truncheon
Ello? ello? ello?: Facebook challenger in DDoS KNOCKOUT
Gets back up again after half an hour though
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.