As cyberattacks increase in sophistication, security measures must evolve to boost protection against these ever-evolving threats to create a secure foundation, guard workloads, and enhance software resilience.
In this blog, we'll take a look at three Intel® hardware-enabled technologies--PFR, SGX, and TME--that help guard critical data at the highest level, why they are important, and use cases for each across the modern, multi-domain battlespace.
Intel® PFR is an FPGA (Field Programmable Gate Array) that helps protect the various platform firmware components before a server is even turned on.
It monitors and filters malicious traffic on the system buses. PFR also verifies the integrity of platform firmware images before any firmware code is executed, providing a unified, robust, and secure method of defense.
For an in-depth explanation of PFR, click here.
With sophisticated cyberattacks on the rise, hackers are seeking to exploit low-level firmware vulnerabilities to access sensitive information.
In the face of these threats, traditional security measures are proving to be relatively ineffective for two reasons. First, firmware attacks are hard to detect due to their low-level infiltration. Second, hackers can exploit the firmware code to bypass antivirus software and access the operating system as well as other applications.
Without proper firmware security measures in place, the military and other critical government sectors leave their systems’ security and functionality at risk of being compromised by cybercriminals.
Oftentimes, electronic warfare (EW) applications involve the use of interconnected IoT (Internet of Things) devices to communicate within and across domains. If cybercriminals access a single device, they can subsequently control all other devices, as they are all connected within the IoT ecosystem. This necessitates security at the lowest level--i.e. firmware.
For example, suppose a ground server is trying to intercept and deter an airborne enemy signal. If hackers gain access to the ground server through controlling the firmware, they can compromise the system’s operations. This poses a safety risk to all involved, increasing vulnerability to electromagnetic threats from adversaries.
By detecting low-level threats before a server is even turned on, Intel® PFR ensures the safe execution of tasks like EW that involve large amounts of data and signals. With security embedded at the chip level, military personnel can effectively engage with and control electromagnetic attacks.
Intel® SGX is a security instruction that is embedded within many of Intel®'s CPUs. SGX allows developers to split a computer's memory into private, predefined, highly secure areas called enclaves, which better protect sensitive information.
By separating memory into separate enclaves, SGX reduces the attack surface of serves and workstations.
For an in-depth explanation of SGX, click here.
Traditional security measures may protect data-at-rest and data-in-transit, but they fall short of protecting data-in-use.
Information such as medical and financial records, passwords, encryption keys, and identification factors can cause serious harm if disclosed to or modified by hackers.
For example, if sophisticated malware attacks an operating system or BIOS, critical data is easily accessible in the absence of additional security measures, leaving the information vulnerable to destruction, deletion, or manipulation by hackers.
Applications like C6ISR rely upon data gathered from the surrounding environment to increase situational awareness and, as a result, prepare retaliation measures against incoming or future enemy attacks, prompting the need for strong security measures.
For example, suppose a server in a command room is trying to detect an incoming missile threat. If a hacker gains control of the server, they can manipulate or delete the data that has been collected. This leaves warfighters without key insights necessary to effectively detect, track, and engage with enemy threats, putting all involved in a life-threatening scenario.
Through isolating critical data in hardware-based enclosures, Intel® SGX ensures C6ISR applications are safely and securely executed, which, in turn, helps reduce vulnerability to cyberattacks with potentially fatal consequences.
Intel® TME encrypts the entire memory of a system--all data that is passing both to and from a CPU--with a single encryption key. This information can include customer credentials, encryption keys, and other personal information.
For a more in-depth explanation of TME, click here.
Hackers are now using memory attacks to access a computer's data. Traditional security measures, like username/password combinations, are proving to be relatively ineffective in deterring such attacks.
Hacker tactics also include removal/reading of dual in-line memory modules (DIMMs) and installation of attack hardware.
In the absence of security measures like TME, there is little deterrence against hackers accessing data or installing malware, leaving the security and operations of a system at risk.
Signal intelligence (SIGINT) applications involve large amounts of data that need to be collected, processed, and analyzed in real-time in order to gauge and retaliate against enemy threats, making data security integral to safe, successful operation.
For example, say a server in naval data center is trying to detect signals indicating incoming enemy submarines or underwater missiles. If a hacker is able to access and compromise the integrity of data, then those operating the ship will not have an accurate view of their surroundings. An enemy attack can easily go undetected in the absence of this information.
By encrypting a computer's entire memory, Intel® TME ensures military personnel are provided with the key insights they need to anticipate and formulate a response to an adversary's capabilities, intentions, and actions.
For over 30 years, Trenton Systems and Intel® have partnered to spearhead the development of secure, mission-critical technology for aerospace and defense.
Our customized, high-performance computing solutions can support next-gen Intel® CPUs, equipped with embedded cybersecurity technologies such as PFR, SGX, and TME. This helps to enhance data security at the lowest level (firmware) and prevent hacker intrusion.
As a member of the Intel® Partner Alliance and Early Access Program, we have access to the latest Intel® technologies before they ever even hit the market. We can assist customers in project development and planning depending on which technologies are needed, whether they are available today or will be in the near future.
In addition, Trenton Systems and Intel® are committed to furthering the manufacturing of advanced computing solutions right here in the United States, from the fabrication of Intel® processors to their integration into our systems.
Legislation such as the CHIPS Act, which has now been fully funded, is a manifestation of the widespread public support for American manufacturing efforts.
Security of critical data--whether at-rest, in-transit, or in-use--is a crucial at all levels of a computer's infrastructure to ensure mission success. If hackers are able to access, delete, and/or manipulate this information, this can lead to life-threatening consequences for our warfighters.
Applications such EW benefit from security technologies like Intel® PFR, as they thwart the most sophisticated of cyberattacks at the lowest level. This prevents cybercriminals from controlling a server's operations--in this case, use of the electromagnetic spectrum--as well as those of other servers if the devices are interconnected within an IoT ecosystem.
C6ISR and SIGINT applications are enhanced through technologies like Intel® SGX and TME, which provide maximum protection of data that is needed to increase situational awareness and, as a result, enable successful detection, tracking, and formulation of responses to incoming enemy attacks.
All of these technologies are hardware-based, embedded within the CPU before a server ever reaches the end user. This helps to increase efficiency and reduce costs, as the need for a third party to install and activate these technologies is eliminated.
If you're interested in learning how we can help you craft a secure computing solution with the latest Intel® technologies, just reach out to us anytime here.
We'd be more than happy to help. 🙂