Trusted Computing
Merriam-Webster defines trust as the “assured reliance on the character, ability, strength, or truth of someone or something.” When you flip on a light switch, you trust the lights will come on. When you turn on your computer, you trust it will function properly.
In order to function properly you expect the following to be true:
• Your computer will not have strange software
• No new or unknown devices have been attached
• All expected devices are present and operational
• No one but you can access your personal data
Can Your Computer Be Trusted?
Trusted Computing refers to technologies and specifications for resolving computer security and “trust” issues. Back in 2003, a group of industry leading companies, such as Intel® and Microsoft® formed the Trusted Computing Group or “TCG.” Their mission was to cultivate and promote technologies for the protection of computer resources. The TCG began developing new technologies, the first was hardware based specification known as the Trusted Platform Module (TPM). The TPM is a microprocessor that is integrated into most server-class computer products, including General Micro Systems’ products. The main purpose for this hardware is to generate and store cryptographic keys.
Cryptographic keys can be used to encrypt or “scramble” data that is exiting the computer and can also be used to decrypt or “unscramble” data that the computer receives. These operations help to provide a better “root of trust” for the operator and for the computer’s relationship with other systems. The cryptographic keys are applied to encrypt or “seal” applications and/or whole operating systems to make sure they are trustworthy. They are also used to encrypt the configuration of devices, allowing software to determine if any new devices are attached to the system and whether or not those devices (i.e. a new type of keyboard or unsecured USB storage) can be trusted. If they are determined untrustworthy, the TPM will block the computer from its initial startup, preventing any unreliable or unsecured computers from infecting the system.
The military and other government agencies rely on the dedicated integrity of TPM and are required to have this hardware installed in their workstation platforms to ensure system security. For over 35 years, General Micro Systems has gone to great lengths to guarantee that our system level products are qualified for military applications, thus we have full confidence in the security of our products because they include, among many other assuring features, TPM hardware.
Applicable use
Health Care Industry
In the United States, the security and privacy of patient records are protect-ed by Federal Law. These regulations, such as the Health Insurance Portability and Accountability Act (HIPAA), were established to protect the privacy of electronic health records as they are collected, stored and used by entities such as patients, doctors, hospitals, healthcare clinics, laboratories and pharmacies. Further, these regulations also apply to individuals and organizations outside the healthcare system that receive personal health information from it, including insurance companies, employers and schools. All transmissions made from one entity to another must use trusted computing. At the core of trusted computing is the ability to encrypt data.
Government
The US Government has recognized that hardware security is far superior to software-based security. As a result, the government has acknowledged TCGʼs technology and Trusted Computing as a security solution by specifying them in purchasing practices. For ex-ample, in some branches of the United States Government, new computer purchases are required to include the Trusted Platform Module. There is also a trend in some Government procurement to specify data protection and network access control solutions as defined by the Trusted Computing Group. At the core of trusted computing is the ability to encrypt data.
Financial
Due to the monetary value of the data they contain, financial systems are the most frequently hacked. Strong authentication of users and encryption of financial and account data is needed to stop these data exposures. Banks and other financial institutions must also comply with a growing list of privacy and data protection laws. These companies are now beginning to update their infrastructures with trusted computing concepts to prevent identity theft, account fraud and many other types of information theft.
Advanced Encryption Standard
Advanced Encryption Standard (AES) is a specification for the encryption of electronic data. It has been adopted by the U.S. government and is now used worldwide. AES has a fixed block size of 128 bits, meaning plain text messages can be sent in groups of 16 characters and a key size of 128, 192, or 256 bits. The more bits in the key, the harder it is to decrypt messages without the key. When you log onto a secure internet site, many times a message will be shown indicating the type of encryption used. Maybe the connection will use 128 bit encryption or even the more secure 256 bit encryption. This again refers to the size of the key used in the encryption cipher. But what do all these mean. Letʼs take the popular 128 bit encryption. If you were to receive an encrypted message and guess at the key at the rate of once per second, it would take 2128 seconds or 11 trillion-trillion years to decrypt the message. Even a computer able to make billions of guesses per second could not decrypt the message in our lifetime. This is the reason AES is used as the standard for key generation in the trusted platform module (TPM). Without the key, it is nearly impossible. and definitely impractical to decipher any message, keeping the system “trusted”.
Rugged and Secure HD-DVR
General Micro Systems has scored another design win. The product is a new venture into the video capture market for GMS. Code Named “S930”, the product is a ruggedized, secure high definition digital video recorder or HD-DVR. The unit will be capable of recording four channels of high definition video and analog audio. Along with the recording feature, the S930 will have the ability to playback any or all of the recorded segment. By utilizing four independent SATA SSDs, one for each channel, the “S930” provides four secure, real-time and “trusted” recording & Playback channels. Command and control of the “S930” is done using the dual onboard Gigabit Ethernet (GbE) ports. The GbE ports also serve as data output ports for monitoring and/or playback of compressed video and digitized audio signals. Based on the S902 technology, the S930 will be designed to meet the customerʼs requirements for harsh environments.
Golden-Eye III S902R
The S902 “Golden Eye III” is the fourth generation computing engine in the General Micro Systems roadmap. Like itʼs predecessors, the S902 is a small, low power system designed for harsh environment applications. As a member of the “blue series” of products, the S902 consumes less than 25 watts of power, while delivering state-of-the art performance. The S902 features include:
- Dual or QuadCore I7® Processors
- Up to 16 GB of DDR-3 Memory
- Up to four removable SATA SSDs
- Support for TPM and TXT for secure computing
- Up to four Secure Virtual Machines (SVM™) for trusted virtualization
- Optional Internal 64 GB M-SATA for secure operating system access
Latest Products
V295
Developed for an OEM customer, the V295 is the latest in a long roadmap of VME single board computer products. Based on the same advanced computer technology as the S902, the V295 is a VME 6U board with all of the peripheral devices required by the customer. The initial prototype units were delivered this month ,with positive feedback from the customer.
S905R - “Raider III”
This computing engine represents the third generation of low cost small rugged systems with removable drive capabilities. Designed as a form, fit ,and function replacement to the S805R (“Raider II”), the S905R utilizes either a Dual or Quad core I7® processor and the same technologies as the S902R computing engine.
S405 - “Hawk-Eye”
The Hawk-eye is a low cost, light weight, low power, ruggedized computing engine based on the Atom processor. As a member of the green series of GMS products, the S405 consumes less than 10 watts. Despite itʼs small size, the S405 has many of the features found in larger computing systems. To insure “trusted computing”, the trusted computing module (TPM) is available as a factory installed option.