Keystone Security Architecture
Mitigate Hardware Security Risks
Keystone is an infrastructure comprised of security capabilities rooted in Commercial-Off-The-Shelf (COTS) hardware. Keystone is designed to address COTS hardware security limitations by providing mitigations for:
- Battlefield Loss and Foreign Military Sales
- AT/ Reverse Engineering
- Cyber Exploitation
- Platform Maintenance
Federated hierarchy
Centralized coordination and decentralized, local subsystem security
Purpose-built Field Programmable Gate Array (FPGA) logic, software, and firmware
System-level Root of Security (RoS) (Broker) and local RoS (Agent) for x86-based processors
Infrastructure solution informed by Anti-Tamper (AT) and Defense security documents
Benefits of Keystone
Benefits |
Features |
Deliverables |
|
Low Risk: Used on other Defense programs
Use Existing Hardware or Integrate in new designs: Keystone has hardware configurations it supports or it can be adopted to support custom hardware, supporting everything from small SWAP tactical to enterprise-level use cases
Transparent to User/Developer: Maintains compatibility with existing software design and development practices, requiring no modification to the compilation process, transparent to end-user application-layer software
Set and Forget, Simple Maintenance: No annual maintenance contracts or requirements, implementation of future updates are optional
Developed and supported by a trusted U.S. DOW supplier: Our team in the Mountain Time Zone answer emails, take phone calls and can travel to make sure your integration goes smoothly |
System-level cryptographic binding
Dedicated Hardware Security Module providing security functions out-of-band to a Single Board Computer Root of Performance
Side channel resistant Commercial National Security Algorithm (CNSA) compliant crypto cores
Key management engine
Secure maintenance and updates
Secure Boot with Control Flow Integrity sensing of x86 processor
Tailored Basic Input/Output System (BIOS)
Hardware-based Root of Trust (HwRoT), Root of Security (RoS) for system state, monitoring, sense, and response |
IP-XACT Package (VHDL)
Hardware Development Kit
Hardware Verification Suite
Software Development Kit
Reference Designs
Technical Support |
Frequently Asked Questions (FAQs)
Does Keystone require a specific hardware configuration?
Keystone is currently pre-integrating its security capabilities on COTS SBCs from Abaco and Curtiss-Wright. Other manufacturers processors cards, including custom hardware, can be utilized; however, their hardware design will dictate the security capabilities that can be deployed. Ultimately, Keystone can increase the security posture to most COTS and custom-built SBCs. An embedment specification and/or engineering support are available to enable compatibility with other hardware.
What FPGA devices are currently supported?
Xilinx UltraScale, UltraScale+, Zynq UltraScale+ MPSoC/RESoC, Versal
Are there additional solutions required alongside Keystone to ensure security compliance?
Keystone is architected with a hardware-based security foundation that addresses core program security requirements common to defense systems. For programs with additional or unique compliance needs, supplemental sensors, physical protections, and/or run-time hardening may be required. Idaho Scientific works closely with customers to identify these program-specific requirements and can recommend compatible solutions, including offerings from our trusted partners.
Why use Keystone if COTS/ Security-State of the Art (S-SOTA) hardware already acts as a Root of Trust with built-in security features?
COTS / S-SOTA hardware security features still leave significant residual vulnerabilities. Keystone enables and fully leverages native, applicable security features on COTS/ S-SOTA hardware and provides purpose-built security capabilities to strengthen this hardware for defense weapon system use-cases. Keystone enables programs with high-assurance requirements to meet the rigorous security compliance necessary to succeed.
Idaho Scientific, now part of General Dynamics Mission Systems, specializes in embedded security with a proven track record of solving the hardest cybersecurity, supply chain integrity and anti-tamper problems with novel and scalable solutions.
