Lightweight Portable Security
   HOME

TheInfoList



Click Here for Items Related To - Lightweight Portable Security
OR:
Lightweight Portable Security on:   [Wikipedia]   [Google]   [Amazon]

Lightweight Portable Security (LPS) was a
Linux Linux ( or ) is a family of open-source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991, by Linus Torvalds. Linux is typically packaged as a Linux distribution, w ...
LiveCD (or LiveUSB) distribution, developed and publicly distributed by the
United States Department of Defense The United States Department of Defense (DoD, USDOD or DOD) is an executive branch department of the federal government charged with coordinating and supervising all agencies and functions of the government directly related to national sec ...
’s
Air Force Research Laboratory The Air Force Research Laboratory (AFRL) is a scientific research organization operated by the United States Air Force Materiel Command dedicated to leading the discovery, development, and integration of aerospace warfighting technologies, pl ...
, that is designed to serve as a secure end node. The Air Force Research Laboratory actively maintained LPS and its successor, Trusted End Node Security (TENS) from 2007 to 2021. It can run on almost any
x86_64 x86-64 (also known as x64, x86_64, AMD64, and Intel 64) is a 64-bit version of the x86 instruction set, first released in 1999. It introduced two new modes of operation, 64-bit mode and compatibility mode, along with a new 4-level paging mo ...
computer (PC or Mac). LPS boots only in
RAM Ram, ram, or RAM may refer to: Animals * A male sheep * Ram cichlid, a freshwater tropical fish People * Ram (given name) * Ram (surname) * Ram (director) (Ramsubramaniam), an Indian Tamil film director * RAM (musician) (born 1974), Dutch * ...
, creating a pristine, non-persistent end node. It supports DoD-approved
Common Access Card The Common Access Card, also commonly referred to as the CAC is a smart card about the size of a credit card. It is the standard identification for Active Duty United States Defense personnel, to include the Selected Reserve and National Guard, ...
(CAC) readers, as required for authenticating users into PKI-authenticated gateways to access internal DoD networks. LPS turns an untrusted system (such as a home computer) into a trusted network client. No trace of work activity (or malware) can be written to the local computer's hard drive. As of September 2011 (version 1.2.5), the LPS public distribution includes a smart card-enabled
Firefox Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation. It uses the Gecko rendering engine to display web pages, which implements current ...
browser supporting DoD's CAC and
Personal Identity Verification FIPS 201 (Federal Information Processing Standard Publication 201) is a United States federal government standard that specifies Personal Identity Verification (PIV) requirements for Federal employees and contractors. In response to HSPD-12, the ...
(PIV) cards, a PDF and text viewer,
Java Java (; id, Jawa, ; jv, ꦗꦮ; su, ) is one of the Greater Sunda Islands in Indonesia. It is bordered by the Indian Ocean to the south and the Java Sea to the north. With a population of 151.6 million people, Java is the world's mos ...
, a file browser,
remote desktop In computing, the term remote desktop refers to a software- or operating system feature that allows a personal computer's desktop environment to be run remotely off of one system (usually a PC, but the concept applies equally to a server or a ...
software (Citrix, Microsoft or VMware View), an
SSH The Secure Shell Protocol (SSH) is a cryptographic network protocol for operating network services securely over an unsecured network. Its most notable applications are remote login and command-line execution. SSH applications are based on ...
client, the public edition of Encryption Wizard and the ability to use USB flash drives. A Public Deluxe version is also available that adds
LibreOffice LibreOffice () is a free and open-source office productivity software suite, a project of The Document Foundation (TDF). It was forked in 2010 from OpenOffice.org, an open-sourced version of the earlier StarOffice. The LibreOffice suite co ...
and
Adobe Reader Adobe Acrobat is a family of application software and Web services developed by Adobe Inc. to view, create, manipulate, print and manage Portable Document Format (PDF) files. The family comprises Acrobat Reader (formerly Reader), Acrobat (former ...
software.


History

LPS and Encryption Wizard were initiated by the Air Force Research Laboratory's Anti-Tamper Software Protection Initiative program, started in 2001. In 2016, that program was ending, so LPS and Encryption Wizard were moved to the Trusted End Node Security program office. LPS, as of version 1.7 was rebranded Trusted End Node Security, or TENS. Encryption Wizard retained its name, but received the TENS logo as of version 3.4.11. In 2020, the
COVID-19 pandemic The COVID-19 pandemic, also known as the coronavirus pandemic, is an ongoing global pandemic of coronavirus disease 2019 (COVID-19) caused by severe acute respiratory syndrome coronavirus 2 (SARS-CoV-2). The novel virus was first identi ...
led to an increase in remote work. The
National Security Agency The National Security Agency (NSA) is a national-level intelligence agency of the United States Department of Defense, under the authority of the Director of National Intelligence (DNI). The NSA is responsible for global monitoring, collect ...
recommended that U.S. government employees working remotely use government furnished computers. However, when it was necessary for an employee to use their home computer, the National Security Agency recommended TENS as one measure an individual employee could use to make that computer more secure. In 2021, TENS became compatible with
UEFI Secure Boot UEFI (Unified Extensible Firmware Interface) is a set of specifications written by the UEFI Forum. They define the architecture of the platform firmware used for booting and its interface for interaction with the operating system. Examples of ...
. UEFI Secure Boot is used to protect the operating system installed on the computer's hard drive. As of June 2020, UEFI Secure Boot was available on many newer PCs. UEFI Secure Boot would prevent older versions of TENS from booting. In August 2021, the TENS web site announced the TENS program office had been decommissioned. The Defense Information Systems Agency was no longer willing to fund the program. No other agency had agreed to champion the program. "Potentially final" editions of TENS and Encryption Wizard had been released in April and May 2021.


Encryption Wizard

LPS came with Encryption Wizard (EW), a simple, strong file and folder encryptor for protection of sensitive but unclassified information ( FOUO, Privacy Act, CUI, etc.). Written in
Java Java (; id, Jawa, ; jv, ꦗꦮ; su, ) is one of the Greater Sunda Islands in Indonesia. It is bordered by the Indian Ocean to the south and the Java Sea to the north. With a population of 151.6 million people, Java is the world's mos ...
, EW encrypted all file types for data at rest and
data in transit Data in transit, also referred to as data in motion and data in flight, is data en route between source and destination, typically on a computer network. Data in transit can be separated into two categories: information that flows over the publi ...
protection. Without installation or elevated privileges, EW ran on Windows, Mac, Linux, Solaris, and other computers that support the Java software platform. With a simple drag and drop interface, EW offered 128-bit and 256-bit AES encryption,
SHA-256 SHA-2 (Secure Hash Algorithm 2) is a set of cryptographic hash functions designed by the United States National Security Agency (NSA) and first published in 2001. They are built using the Merkle–Damgård construction, from a one-way compressi ...
hashing, RSA signatures, searchable metadata, archives, compression, secure deleting, and PKI/CAC/PIV support. Encryption could be keyed from a
passphrase A passphrase is a sequence of words or other text used to control access to a computer system, program or data. It is similar to a password in usage, but a passphrase is generally longer for added security. Passphrases are often used to control ...
or a PKI certificate. EW was GOTS—U.S. Government invented, owned, and supported software—and came in three versions, a public version that uses the standard Java cryptographic library, a unified version that uses a FIP-140-2 certified crypto licensed by The Legion of the Bouncy Castle, and a government-only version that uses a FIPS-140-2 certified crypto stack licensed from
RSA Security RSA Security LLC, formerly RSA Security, Inc. and doing business as RSA, is an American computer and network security company with a focus on encryption and encryption standards. RSA was named after the initials of its co-founders, Ron Rive ...
. The three versions interoperate.


Public HTTPS access

The general public has had some difficulty accessing the LPS and TENS web sites, because from time to time, Department of Defense web sites have used security settings somewhat different than common practice. As a result, users have to configure their web browsers a particular way in order to obtain LPS or TENS. Circa 2020, the main difference is the web sites implement
HTTPS Hypertext Transfer Protocol Secure (HTTPS) is an extension of the Hypertext Transfer Protocol (HTTP). It is used for secure communication over a computer network, and is widely used on the Internet. In HTTPS, the communication protocol is enc ...
using a Department of Defense
certificate authority In cryptography, a certificate authority or certification authority (CA) is an entity that stores, signs, and issues digital certificates. A digital certificate certifies the ownership of a public key by the named subject of the certificate. Thi ...
rather than one of the commonly accepted certificate authorities. Because of these difficulties with the Department of Defense web servers, the LPS and TENS program office established a commercially hosted web site http://www.gettens.online/ with instructions how to configure a browser to work with the official TENS web site. ''This article incorporates text from the US Department of Defense SPI web site.''


See also

* XFCE *
Lightweight Linux distribution A light-weight Linux distribution is one that uses lower memory and/or has less processor-speed requirements than a more "feature-rich" Linux distribution. The lower demands on hardware ideally result in a more responsive machine, and/or all ...


References

References to the Trusted End Node Security Program office refer to the Trusted End Node Security Program Office, Information Directorate, Air Force Research Laboratories, United States Air Force. References to the Software Protection Initiative refer to the DoD Anti-Tamper Program, Sensors Directorate, Air Force Research Laboratories, United States Air Force.


External links

* {{Webarchive, url=https://web.archive.org/web/20210818234357/https://tens.af.mil/, date=August 18, 2021, title=Trusted End Node Security. Home page for the TENS Program office. Operating system security Operating system distributions bootable from read-only media Live USB State-sponsored Linux distributions Linux distributions