Extending Protection Capabilities to Deliver TrustedCOTS™ Solutions
Trusted Computing is an umbrella term for a set of technologies and techniques that protect embedded electronics and integrated systems from physical and remote attacks and from hardware and software failures. While standard Trusted Computing protection is adequate for some applications, commercial off-the-shelf (COTS) solutions for defense and aerospace applications need a higher level of protection.
Curtiss-Wright goes well beyond standard approaches to Trusted Computing and the efforts of other vendors to provide truly secure TrustedCOTS solutions for air, ground, and sea platforms. And it’s one of the main reasons we’ve been a trusted, proven leader in the global defense and aerospace industries for decades.
Read a collection of articles on Trusted Computing from Military & Aerospace Electronics - download the PDF.
Depth and Breadth of Effort Make the Difference
Curtiss-Wright TrustedCOTS solutions are designed and built around three major data protection domains:
- Technology protection safeguards how computing tasks are executed. It combines the hardware capabilities, software algorithms, and operations needed to protect functionality, such as how the algorithm in a radar application works.
- Data protection safeguards software algorithms, data-at-rest, and data in motion. It ensures that, for example, when data is sent from one system to another, it is not compromised.
- Parts protection safeguards the supply chain and manufacturing processes. This ensures customers can trust that all components on Curtiss-Wright products are authentic and all processes have met the strictest quality controls.
To develop TrustedCOTS solutions that encompass all of these aspects, Curtiss-Wright builds Trusted Computing technologies and techniques into every aspect of solution development — from design and testing to supply chain and manufacturing. This comprehensive, end-to-end approach creates an effective mesh of protection layers that integrate to ensure reliability of Curtiss-Wright products in the face of attempted compromise.
Understanding Relationships and Interactions Is Crucial
Each Curtiss-Wright TrustedCOTS solution incorporates the optimal combination of protection capabilities for the program mandate and system requirements. To reach the highest possible levels of protection, we focus our efforts on the following domains:
We also understand and account for the relationships and interactions among all of these elements. For example, supply chain integrity and safety-critical measures are needed to ensure reliability. And foundational elements, such as secure boot capabilities, are needed for cybersecurity and anti-tamper mechanisms.
Protecting Against Remote Attacks
Cybersecurity mechanisms include hardware and software techniques that protect data from remote attack. They are built on a strong foundation of secure boot techniques, cryptography, protection for data-at-rest, and key management.
Our TrustedCOTS solutions go beyond generic approaches to cybersecurity to incorporate the right balance of confidentiality, data integrity, authentication, availability, and non-repudiation techniques for the expected threats and application requirements.
Protecting Against Physical Attacks
Anti-tamper mechanisms provide protection before, during, and after physical attacks. Like cybersecurity, anti-tamper mechanisms are built on a strong foundation that starts with secure boot capabilities.
Our anti-tamper innovations include:
- Prevention mechanisms that enclose technology in more secure packaging.
- Detection mechanisms that provide notifications if there is an attempt to physically access protected technologies.
- Response mechanisms that automatically destroy technologies or data if physical access is detected.
Combining Safety and Security
To meet the increasing need for safety-certifiable solutions that also comply with security requirements, Curtiss-Wright develops a range of TrustedCOTS solutions that include the artifacts needed for safety certification.
Ensuring Supply Chain and Manufacturing Integrity
Curtiss-Wright also includes numerous mechanisms that protect our parts supply and ensure repeatable, high-quality manufacturing. We apply:
- Extremely stringent supplier selection criteria, terms, conditions, and specifications
- Industry best practices for counterfeit parts avoidance
- Demanding quality, compliance, and on-time delivery standards all the way from our direct suppliers to the original manufacturer for each component and part we use
- Advanced security processes, lean methodologies, and smart factory technologies that enable safe, secure, high-performance manufacturing at all times
Going Beyond Standard Reliability Processes
To ensure our TrustedCOTS solutions dependably perform under the harshest conditions in the field for many years, Curtiss-Wright goes well beyond standard processes in a number of key areas. Here are just a few of our initiatives:
- Thermal cycling tests that meet the VITA 47 ECC4 standard and give us the data needed to better understand the physics of failure so we can continue to innovate and improve reliability.
- Lead-free solder innovations that allow us to continue miniaturizing components and increasing functionality density without negatively affecting reliability.
- Parylene coating for PCBs to effectively double solder joint reliability compared to acrylic and urethane coatings.
The Journey Never Ends
There’s no finish line when it comes to developing TrustedCOTS solutions. New threats, technologies, and mitigation techniques are always emerging. As a result, Curtiss-Wright designs today’s TrustedCOTS solutions with tomorrow in mind.
All of our TrustedCOTS solutions are readily adaptable, upgradeable, and scalable so they continue to protect critical data and technologies without the time, cost, and effort required to replace entire systems.
|Kaby Lake Xeon||Intel Boot Guard, Intel SGX, Intel vPro, Intel VT-x, Intel TXT, TPM 2.0, NV memory sanitization, NV memory write protect, UEFI Secure Boot SSD encryption|
|VPX3-1260||Coffee Lake Xeon||Intel Boot Guard, Intel SGX, Intel vPro, Intel VT-x, Intel TXT, TPM 2.0, NV memory sanitization, NV memory write protect, UEFI Secure Boot SSD encryption|
|Haswell Core i7||Intel VT-x, Intel TXT, TPM 1.2, NV memory sanitization, NV memory write protect|
|VPX3-1259||Broadwell Core i7||Intel VT-x, Intel TXT, TPM 1.2, NV memory sanitization, NV memory write protect|
|Broadwell Core i7||Intel VT-x, Intel TXT, TPM 1.2, NV memory sanitization, NV memory write protect|
|QorIQ P-Series||Trust 1.1 components: Hypervisor and No Execute protections, Platform (IO), MMU Secure Debug Controller Security, Monitor w/ext. tamper detect, Security Fuse Processor with OTP key
Other Security: NV memory sanitization, NV memory write protect
|QorIQ T-Series||Trust 1.1 components: Hypervisor and No Execute protections, Platform (IO), MMU Secure Debug Controller Security, Monitor w/ext. tamper detect, Security Fuse Processor with OTP key
Other Security: NV memory sanitization, NV memory write protect
|VPX3-1703||QorIQ LS-Series||Trust 1.1 components: IO Access Control, Platform (IO) MMU Secure Debug Controller Security Monitor w/ext. tamper detect Security Fuse Processor with OTP Master Key Opt. battery backed Zeroizable Master Key Alternate Image, Key Revocation support.
Other Security: NV memory sanitization, NV memory write protect, ARM Trustzone