Reconfigurable Architecture for Software Protection (RASP)

Technology Description:

Reconfigurable Architecture for Software Protection (RASP) is an intellectual property reference design and software protection protocol offering an extremely strong level of cryptographic protection against a brute force attack, and preventing reverse-engineering of high value binary executables. RASP’s brute force protection covers codes susceptible to being intercepted or captured; to accomplish this, Accord uses hidden unique opcodes (HOP) to boost standard encryption methods.

            RASP distributes, stores and delivers execution binaries into computational nodes under its validation and authentication control.  Data input/output are independently protected from code using methods specific to its security situation.  Using RASP, no host software can access the binary executable during transmission, storage or preparation for delivery.  Simply stated, RASP ensures that Critical Technology or Critical Program Information is never accessible in decrypted form until ready for execution.  

            RASP uses tools common to the National Security Agency’s (NSA) Suite B plus the RASP hidden unique opcode (HOP) encryption.  Execution is in an FPGA that uses encrypted bitmap and internal integrity checks for a high level of protection. These extensions and RASP protocols provide strictly controlled and managed authentication and validation of hardware nodes, preventing code access by unrecognized hardware nodes.

            Several RASP products have been configured to serve varying operational environments where critical technology or data needs to be projected from reverse engineering or compromise.  Ancillary forms of RASP include the Secure Execution System (SES), a reconfigurable 15-Channel Protocol Converter with multi-level security distribution services, and a secure framework (Secure Dispatch Switch) for Service-Oriented Architecture (SOA) operations.

            The RASP Secure Execution System (SES) consists of open system computing servers with FPGA-based Secure Execution Modules (SEMs). SEMs are FPGAs with Xilinx’s Security Monitor, providing a highly secure unit. A Protective SEM executes RASP protocols for validated and authenticated distribution, storage and delivery into the computational SEM. RASP Computational SEMs execute RASP code-receiving protocols, and then execute the critical technology within the FPGA, thereby providing protection against reverse engineering of code and compromise of related critical program information (CPI). Decrypted code within the Computational SES cannot be accessed by the open system host. RASP protocols also deliver codes into a compartment of the host environment. The Protective SEM performs integrity checks and bus monitoring, shielding the host operating system compartment to protect of codes operating there.  The SEM operational scenario simulates a security facility on foreign soil having CONUS contractors performing remote support and maintenance.

            Accord’s 15-Channel Protocol Converter separates disparate security protocols from client users of secure data feeds. Conversion nodes are loaded using RASP, which provides an administrator (human) interface to set up validation and authentication controls. Up to fifteen FPGA-based SEM protocol servers are allowed in each 4U rack. The Protective SEM is tightly managed by the hardware to control delivery according to security level. 

            The Secure Dispatch Switch (SDS) is a framework for building a secure Service-Oriented Architecture (SOA).  The ‘dispatcher’ sets up hardware-isolated links between computational service providers and requesting clients. In this case, SEMs execute two protocols: SES with service provider and SES with service subscriber. Once set up, the hardware unit becomes a hardware isolated communication channel between subscriber client and service-providing computational nodes. The RASP role is to load and manage validation and authentication of the SEM computational nodes, providing tightly controlled authentication and validation of client and computational credentials. 

            RASP and HOP are the technologies developed under SBIR contract funding, and enhanced via Accord’s private investment.  The project has resulted in two pending patent applications.  Because of the government’s diverse needs and political impetus for software protection solutions, Accord has continued to develop RASP technology to match client needs.  Accord’s current anti-tamper protection improvements to RASP have extended to impact and footprint reduction. 

            The Accord Protection Architecture provides software protection at significantly reduced footprint compared to conventional anti-tamper resistant measures. Accord’s companion Anti-Tamper Technologies include its Crypto-Reduced-Instruction-Set-Trusted-Computer (CRIPTC) http://www.accordsol.com/CRIPTC.html  and its In-Chip Anti-Tamper Sensor (ICAT) http://www.accordsol.com/ICAT.html.  CRIPTC is Accord’s secure processor which executes encrypted code directly, preventing code instruction monitoring during execution.   ICAT is an ultra-sensitive sensor which operates either inside or on a chip package, whose purpose is to trigger an anti-tamper protection event whenever the box is subjected to physical tampering. 

           
Benefits:

Accord provides ANTI-TAMPER Protection of Critical Technologies as required by DoD Directive 5200.39. This directive defines Critical Program Information as “information, technologies, or systems, that, if compromised would degrade combat effectiveness, shorten the expected compact effective life of a system, or alter program direction.”

• RASP brute-force encryption is also impervious to statistical analysis. The outer AES encryption contains the apparently random results of HOP encryption.
• RASP contains integrated authentication, validation and key management technology. This is tightly controlled by a local knowledgeable administrator.
• RASP can be delivered in tamper-proof packaging, and is readily integrated into ‘System on a Chip.’
• RASP includes tamper-detection technology which instantly scrubs keys and memory.

RASP is flexible and can be integrated into either FPGA-based or software-based military or commercial systems RASP’s protection is independent of your application processor choice because it is transparent and isolated from your application or operating system actions.