Lightweight Portable Security

Last updated
Lightweight Portable Security (rebranded as
Trusted End Node Security) [1]
Seal of the United States Department of Defense.svg Air Force Research Laboratory.svg
LPS 1.6.0-Public Deluxe.png
Lightweight Portable Security Desktop
Developer US Department of Defense
OS family Linux (Unix-like)
Working stateDiscontinued
Source model Open source
Initial release2011
Latest release 3.0.4.1 [2] / 30 April 2021;2 years ago (2021-04-30)
Kernel type Monolithic (Linux)
Userland GNU
Default
user interface 		XFCE
License Free software licenses
(mainly GPL)
Official website Trusted End Node Security program office

Lightweight Portable Security (LPS) or Trusted End Node Security (TENS) was a Linux LiveCD (or LiveUSB) distribution. The application Encryption Wizard, originally bundled with TENS is still actively maintained. LPS and its successor TENS was developed and publicly distributed by the United States Department of Defense’s Air Force Research Laboratory [3] The live CD is designed to serve as a secure end node. The Air Force Research Laboratory actively maintained LPS and TENS from 2007 to 2021. [4] It can run on almost any x86_64 computer (PC or Mac). [5] LPS boots only in RAM, creating a pristine, non-persistent end node. It supports DoD-approved Common Access Card (CAC) readers, as required for authenticating users into PKI-authenticated gateways to access internal DoD networks. [6] [7] [8]

Contents

LPS turns an untrusted system (such as a home computer) into a trusted network client. No trace of work activity (or malware) can be written to the local computer's hard drive. As of September 2011 (version 1.2.5), the LPS public distribution includes a smart card-enabled Firefox browser supporting DoD's CAC and Personal Identity Verification (PIV) cards, a PDF and text viewer, Java, a file browser, remote desktop software (Citrix, Microsoft or VMware View), an SSH client, the public edition of Encryption Wizard and the ability to use USB flash drives. A Public Deluxe version is also available that adds LibreOffice and Adobe Reader software.

History

LPS and Encryption Wizard were initiated by the Air Force Research Laboratory's Anti-Tamper Software Protection Initiative program, started in 2001. In 2016, that program was ending, so LPS and Encryption Wizard were moved to the Trusted End Node Security program office. LPS, as of version 1.7 was rebranded Trusted End Node Security, or TENS. [9] Encryption Wizard retained its name, but received the TENS logo as of version 3.4.11. [10]

In 2020, the COVID-19 pandemic led to an increase in remote work. The National Security Agency recommended that U.S. government employees working remotely use government furnished computers. However, when it was necessary for an employee to use their home computer, the National Security Agency recommended TENS as one measure an individual employee could use to make that computer more secure. [11]

In 2021, TENS became compatible with UEFI Secure Boot. [12] UEFI Secure Boot is used to protect the operating system installed on the computer's hard drive. As of June 2020, UEFI Secure Boot was available on many newer PCs. UEFI Secure Boot would prevent older versions of TENS from booting. [13]

In August 2021, the TENS web site announced the TENS program office had been decommissioned. The Defense Information Systems Agency was no longer willing to fund the program. No other agency had agreed to champion the program. "Potentially final" editions of TENS and Encryption Wizard had been released in April and May 2021. [12]

The Mission Planning group of the Air Force Life Cycle Management Center took over management of Encryption Wizard. However, as of early 2023, the TENS program had not been restarted. [14]

Encryption Wizard

LPS came with Encryption Wizard (EW), a simple, strong file and folder encryptor for protection of sensitive but unclassified information (FOUO, Privacy Act, CUI, etc.). Written in Java, EW encrypted all file types for data at rest and data in transit protection. Without installation or elevated privileges, EW ran on Windows, Mac, Linux, Solaris, and other computers that support the Java software platform. With a simple drag and drop interface, EW offered 128-bit and 256-bit AES encryption, SHA-256 hashing, RSA signatures, searchable metadata, archives, compression, secure deleting, and PKI/CAC/PIV support. Encryption could be keyed from a passphrase or a PKI certificate. EW was GOTS—U.S. Government invented, owned, and supported software—and came in three versions, a public version that uses the standard Java cryptographic library, a unified version that uses a FIP-140-2 certified crypto licensed by The Legion of the Bouncy Castle, and a government-only version that uses a FIPS-140-2 certified crypto stack licensed from RSA Security [ citation needed ]. The three versions interoperate.

Public HTTPS access

The official web site, offering the public versions of TENS, was hosted on Department of Defense servers. The program office also had a commercially hosted "gettens" web site. The official web site was shut down circa 2022. As of early 2023, Encryption Wizard is still available on the "gettens" web site.

The "gettens" commercially hosted web site was established because the general public had some difficulty accessing web sites on Department of Defense servers. Originally, the gettens web site merely provided instructions how to configure a web browser to work with the official web site. However, in 2023 the gettens web site was repurposed to actually host Encryption Wizard.

This article incorporates text from the US Department of Defense SPI web site.

See also

Related Research Articles

<span class="mw-page-title-main">HTTPS</span> Extension of the HTTP communications protocol to support TLS encryption

Hypertext Transfer Protocol Secure (HTTPS) is an extension of the Hypertext Transfer Protocol (HTTP). It uses encryption for secure communication over a computer network, and is widely used on the Internet. In HTTPS, the communication protocol is encrypted using Transport Layer Security (TLS) or, formerly, Secure Sockets Layer (SSL). The protocol is therefore also referred to as HTTP over TLS, or HTTP over SSL.

Trusted Computing (TC) is a technology developed and promoted by the Trusted Computing Group. The term is taken from the field of trusted systems and has a specialized meaning that is distinct from the field of confidential computing. With Trusted Computing, the computer will consistently behave in expected ways, and those behaviors will be enforced by computer hardware and software. Enforcing this behavior is achieved by loading the hardware with a unique encryption key that is inaccessible to the rest of the system and the owner.

<span class="mw-page-title-main">Rootkit</span> Software designed to enable access to unauthorized locations in a computer

A rootkit is a collection of computer software, typically malicious, designed to enable access to a computer or an area of its software that is not otherwise allowed and often masks its existence or the existence of other software. The term rootkit is a compound of "root" and the word "kit". The term "rootkit" has negative connotations through its association with malware.

<span class="mw-page-title-main">ESET</span> Slovak internet security company

ESET, s.r.o., is a Slovak software company specializing in cybersecurity. ESET's security products are made in Europe and provide security software in over 200 countries and territories worldwide, and its software is localized into more than 30 languages.

<span class="mw-page-title-main">Security-focused operating system</span> Operating systems, that are focused on anonymous, privacy and security.

This is a list of operating systems specifically focused on security. Operating systems for general-purpose usage may be secure without having a specific focus on security.

<span class="mw-page-title-main">Memtest86</span> Computer memory diagnostics software

MemTest86 and Memtest86+ are memory test software programs designed to test and stress test an x86 architecture computer's random-access memory (RAM) for errors, by writing test patterns to most memory addresses, reading back the data, and comparing for errors. Each tries to verify that the RAM will accept and correctly retain arbitrary patterns of data written to it, that there are no errors where different bits of memory interact, and that there are no conflicts between memory addresses.

<span class="mw-page-title-main">UEFI</span> Operating system and firmware specification

Unified Extensible Firmware Interface is a specification written by the UEFI Forum. It defines the architecture of the platform firmware used for booting and its interface for interaction with the operating system. Examples of firmware that implement the specification are AMI Aptio, Phoenix SecureCore, TianoCore EDK II, InsydeH2O. UEFI replaces the BIOS which was present in the boot ROM of all personal computers that are IBM PC compatible, although it can provide backwards compatibility with the BIOS using CSM booting. Intel developed the original Extensible Firmware Interface (EFI) specification. Some of the EFI's practices and data formats mirror those of Microsoft Windows. In 2005, UEFI deprecated EFI 1.10.

Data remanence is the residual representation of digital data that remains even after attempts have been made to remove or erase the data. This residue may result from data being left intact by a nominal file deletion operation, by reformatting of storage media that does not remove data previously written to the media, or through physical properties of the storage media that allow previously written data to be recovered. Data remanence may make inadvertent disclosure of sensitive information possible should the storage media be released into an uncontrolled environment.

coreboot Open-source computer firmware

coreboot, formerly known as LinuxBIOS, is a software project aimed at replacing proprietary firmware found in most computers with a lightweight firmware designed to perform only the minimum number of tasks necessary to load and run a modern 32-bit or 64-bit operating system.

<span class="mw-page-title-main">Trusted Platform Module</span> Standard for secure cryptoprocessors

Trusted Platform Module is an international standard for a secure cryptoprocessor, a dedicated microcontroller designed to secure hardware through integrated cryptographic keys. The term can also refer to a chip conforming to the standard.


This is a comparison of notable free and open-source configuration management software, suitable for tasks like server configuration, orchestration and infrastructure as code typically performed by a system administrator.

In computer security, a cold boot attack is a type of side channel attack in which an attacker with physical access to a computer performs a memory dump of a computer's random-access memory (RAM) by performing a hard reset of the target machine. Typically, cold boot attacks are used for retrieving encryption keys from a running operating system for malicious or criminal investigative reasons. The attack relies on the data remanence property of DRAM and SRAM to retrieve memory contents that remain readable in the seconds to minutes following a power switch-off.

Pre-boot authentication (PBA) or power-on authentication (POA) serves as an extension of the BIOS, UEFI or boot firmware and guarantees a secure, tamper-proof environment external to the operating system as a trusted authentication layer. The PBA prevents anything being read from the hard disk such as the operating system until the user has confirmed they have the correct password or other credentials including multi-factor authentication.

Data erasure is a software-based method of data sanitization that aims to completely destroy all electronic data residing on a hard disk drive or other digital media by overwriting data onto all sectors of the device in an irreversible process. By overwriting the data on the storage device, the data is rendered irrecoverable.

This is a comparison of online backup services.

A Secure End Node is a trusted, individual computer that temporarily becomes part of a trusted, sensitive, well-managed network and later connects to many other (un)trusted networks/clouds. SEN's cannot communicate good or evil data between the various networks. SENs often connect through an untrusted medium and thus require a secure connection and strong authentication. The amount of trust required is commensurate with the risk of piracy, tampering, and reverse engineering. An essential characteristic of SENs is they cannot persist information as they change between networks.

The following outline is provided as an overview of and topical guide to computer security:

<span class="mw-page-title-main">VeraCrypt</span> Free and open-source disk encryption utility

VeraCrypt is a free and open-source utility for on-the-fly encryption (OTFE). The software can create a virtual encrypted disk that works just like a regular disk but within a file. It can also encrypt a partition or the entire storage device with pre-boot authentication.

References

References to the Trusted End Node Security Program office refer to the Trusted End Node Security Program Office, Information Directorate, Air Force Research Laboratories, United States Air Force.

References to the Software Protection Initiative refer to the DoD Anti-Tamper Program, Sensors Directorate, Air Force Research Laboratories, United States Air Force.

  1. "Trusted End Node Security - Downloads". Software Protection Initiative. Department of Defense. Archived from the original on 6 March 2021. Retrieved 19 July 2021.
  2. "LPS Release Notes". Trusted End Node Security - Software Protection Initiative. Department of Defense TENS Program Office. 2019-05-17. Retrieved 2019-12-10.
  3. TENS Program Office. "Trusted End Node Security". Archived from the original on 14 July 2018. Retrieved 10 December 2019.
  4. "TENS Release Notes". Trusted End Node Security. Air Force Research Laboratory. 16 April 2021. Archived from the original on July 19, 2021.
  5. Trusted End Node Security (TENS) Public Edition (TENS-Public) User's Guide (PDF). Air Force Research Laboratory. 2020. Archived from the original (PDF) on 21 March 2021.
  6. Galloway, David (24 July 2011). "Lightweight Portable Security Is a Portable Linux Distro from the Department of Defense". Lifehacker. Archived from the original on 2011-09-13. Retrieved 2021-08-20.
  7. Reed, Michael (30 Nov 2010). "Linux Distribution: Lightweight Portable Security | Linux Journal". www.linuxjournal.com. Archived from the original on 2010-12-03. Retrieved 2021-08-20.
  8. Montalbano, Elizabeth (22 July 2011). "Not Your Average Linux Distribution: DOD's Flavor". Information Week Government. Archived from the original on 2011-07-23.
  9. Software Protection Initiative. "Lightweight Portable Security". Archived from the original on 2016-09-25.
  10. Software Protection Initiative. "Encryption Wizard Release History". Trusted End Node Security. Archived from the original on 2021-07-19. Retrieved 26 February 2019.
  11. Selecting and Safely Using Collaboration Services for Telework - UPDATE (PDF). National Security Agency. 2020. p. 3. Archived from the original (PDF) on August 5, 2020.
  12. 1 2 TENS Program Office. "Downloads". Trusted End Node Security. Archived from the original on 18 August 2021. Retrieved 18 August 2021.
  13. TENS Virtual Machine Guide (PDF). National Security Agency. 2020. Archived (PDF) from the original on June 30, 2020.
  14. "Encryption Wizard". Airspace Mission Planning Division, Air Force Life Cycle Management Center. Archived from the original on 2023-01-29. Retrieved 2023-04-27.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.