Cryptographic Protection of Removable Media with a USB Interface for Secure Workstation for Special Applications, Journal of Telecommunications and Information Technology, 2012, nr 3

This paper describes one of the essential elements of Secure Workstation for Special Applications (SWSA) to cryptographic protection of removable storage devices with USB interface. SWSA is a system designed to process data classified to different security domains in which the multilevel security is used. The described method for protecting data on removable Flash RAM protects data against unauthorized access in systems processing the data, belonging to different security domains (with different classification levels) in which channel the flow of data must be strictly controlled. Only user authenticated by the SWSA can use the removable medium in the system, and the data stored on such media can be read only by an authorized user by the SWSA. This solution uses both symmetric and asymmetric encryption algorithms. The following procedures are presented: creating protected a file (encryption), generating signatures for the file and reading (decryption) the file. Selected elements of the protection systems implementation of removable Flash RAM and the mechanisms used in implementation the Windows have been described

Secured Workstation to Process the Data of Different Classification Levels, Journal of Telecommunications and Information Technology, 2012, nr 3

The paper presents some of the results obtained within the ongoing project related with functional requirements and design models of secure workstation for special applications (SWSA). SWSA project is directed toward the combination of the existing hardware and software virtualization with cryptography and identification technologies to ensure the security of multilevel classified data by means of some formal methods. In the paper the requirements for SWSA, its hardware and software architecture, selected security solution for data processing and utilized approach to designing secure software are presented. The novel method for secure software design employs dedicated tools to verify the confidentiality and the integrity of data using Unified Modeling Language (UML) models. In general, the UML security models are embedded in and simulated with the system architecture models, thus the security problems in SWSA can be detected early during the software design. The application of UML topology models enables also to verify the fundamental requirement for MLS systems, namely the hardware isolation of subjects from different security domains

A Framework for Constructing a Secure Domain of Sensor Nodes

Application of the Internet of Things (IoT) in some critical areas (e.g., military) is limited mainly due to the lack of robust, secure, and trusted measures needed to ensure the availability, confidentiality, and integrity of information throughout its lifecycle. Considering the mostly limited resources of IoT devices connected by wireless networks and their dynamic placement in unsupervised or even hostile environments, security is a complex and considerable issue. In this paper, a framework which encompasses an approach to integrate some security measures to build a so-called “secure domain of sensors nodes” is proposed. The framework is based on the use of the Trusted Platform Modules (TPMs) in wireless sensor nodes. It encompasses an architecture of sensor nodes, their roles in the domain, and the data structures as well as the developed procedures which could be applied to generate the credentials for the sensor nodes, and subsequently, to build a local trust structure of each node as well as to build a trust relationship between a domain’s nodes. The proposed solution ensures the authentication of sensor nodes and their resistance against unauthorized impact with the hardware/software configuration allowing protection against malware that can infect the software. The usefulness of the presented framework was confirmed experimentally