Security is a branch that is constantly changing. Organizations must make every effort to keep up with new threats. However, more security often equals less flexibility. Is that the only way? The Ministry of Defence is looking for workable security regarding secured connections. The solution comes from somewhere unexpected: hardware.
Article from Objective 27, 2017
High demand for secured connections
The Ministry of Defence uses a lot of low-classified, secured connections. These are connections of the security level 'Ministerial Restricted'. There is an ever growing demand within the ministry to be able to exchange data safely between systems. The need for flexible, future-proof security is therefore increasing considerably. For establishing secured connections, the ministry might use OpenVPN-NL. This is a version of the OpenVPN protocol specially adjusted for the Dutch government. The usage of this software, however, requires quite some technical knowledge from the users. In addition, the implementation is complex and time-consuming. A complicating factor is the fact that each security system is eventually confronted with more advanced attack methods.
Proof of concept
Based on an internal research and renewal project, the IT innovation department of Defence (KIXS) came up with a proof of concept: a device with the OpenVPN-NL protocol incorporated into the hardware. This hardware integration provides an extra level of security and a connection that can be encrypted quickly. Technolution was asked to review the ideas. The concept seemed promising and a collaboration was soon established (also referred to as CODEMO) between Technolution and Defence in order to create a full and complete product. Our track record concerning design and product development played an important role when Technolution was chosen as a partner.
Natural division of roles
The initial goal was clear: the development of a solution for secured, low-classified connections with a low maintenance cost, which could be implemented easily and quickly by employees with limited cryptographic knowledge. Meanwhile, it has become evident that there are many different stakeholders, each with their own requirements and wishes. Not only within Defence, but also within different government organizations that are involved. Coordination is necessary in order to prevent any proliferation of specifications. Within the collaboration, the roles are divided in a natural way. KIXS maintains the lines of communication with the stakeholders and collects the requirements and wishes of the different requisitioners. Technolution is responsible for the technical design. We create a clear overview with all implications of the requirements and wishes and then discuss this with the stakeholders. Together we can make the best design choices. The final goal is to come up with a minimal valuable product in a quick and efficient manner: effective, flexible application and without any extra bells and whistles.
Due to the fact that there are so many stakeholders and different specifications, it is important to create maximal flexibility. Not only during the development process, but also in the advancement possibilities of the product. This requirement appears hardly compatible with a hardware solution; certainly when, in addition, the focus is on the user interaction, time to market and, last but not least, the costs. This is the reason why KIXS and Technolution have chosen for the implementation of FPGAs. These programmable chips enable us to meet the aforementioned requirements. FPGAs allow for a large flexibility in the product development when it comes to prototyping. But the flexibility does not stop when the product is finished. Does the user require a functional expansion? That is possible with only a short development time. The costs are controllable, even when it concerns a small number of devices.
Security Made Simple
Security usually requires customization. Customization does not have to equal complex, time-consuming and expensive. The security knowledge and experience of Technolution is combined in a line of high-quality security products and services that offer encryption solutions for domains that require high assurance. A well-considered choice for the right technologies, such as the use of FPGAs (Field-Programmable Gateway Arrays, programmable chips) as core components, allows for a large flexibility for quick development of customized lean-and-mean solutions. The separation of hardware and software creates an intrinsic security by design: extra security, quick encryption and an excellent upgradeability. In addition, the technology that is used offers more than enough room for user participation and customization.
The result: PrimeLink
Due to the close collaboration with the user's platform, the resulting product, the PrimeLink, is optimally adjusted to the requirements of the end users. The solution is a good example of the philosophy behind Technolution's security solutions: after a lean-and-mean development process, the PrimeLink will offer a simple solution for a secured connection between two locations. The OpenVPN-NL protocol is incorporated into the hardware via the FPGAs. It offers a higher speed than a software solution, because the algorithm in an FPGA can be parallelized better. The security is also better. Many software attacks, such as buffer overflows, are not possible in an FPGA, because the data is physically separated from the FPGA configuration. In addition, it is a truly plug-and-play solution that can be applied quickly against minimal maintenance costs. Technolution also provides the accompanying tools and services for an optimal application of this solution in the domain of the Ministry of Defence and other users.
Win-win for both parties
The development of PrimeLink is based on a good balance between needs, necessities, technical possibilities and costs. The chosen work method has benefits for all parties involved. This is clearly a win-win situation. The reactions from the user platform of the Ministry of Defence are positive: “This is the first time I have been so involved in product development.” Technolution can also reap the benefits of an open and practice-focused work method. Due to the easy access to end users, ideas and technologies can be tested before they are developed further. This makes it possible to optimize the development process and results in the fact that the final product meets the client's expectations even better. Obviously this security solution is not an isolated incident. PrimeLink not only answers to the specific requirements of the Ministry of Defence, but it will also prove to be valuable to other users within and outside of the government.