Air Force puts trust in your home computer

Thursday - 10/14/2010, 10:30am EDT

Rich Kutter, Deployment Lead, ATSPI Technology Office, USAF

Click below to hear the interview

Download mp3

By Suzanne Kubota
Senior Internet Editor
FederalNewsRadio.com

When you're travelling, is the thought of using someone else's computer unsettling? The thought of having to use a public kiosk or a hotel computer can feel a lot like using someone else's toothbrush. You're never really sure where it's been.

The Air Force's Lightweight Portable Security (LPS) team has a solution for that (the computer part. You're on your own for the toothbrush) and they've even won a GISLA Award for their efforts.

Software Protection Initiative team leader Rich Kutter told Federal News Radio it not only makes your web surfing safe, it also saves you from having to make major changes to your home computer if you need to use a Smart Access card to log in.

The idea is that everything a computer user needs for web browsing or telework can be downloaded from DoD and put onto a CD. Then, when you want to surf or work safely, you start up the computer from the CD and not the hard drive.

LPS, said Kutter, meets two key ATSPI security tenets: it 1) focuses on what's critical (web browsing in the public version and telework in the remote access version) and 2) it works Out-of-Band of the threat. Even if there's malware on the hard drive, since the program runs out of RAM, it's running where the threat isn't. "It ignores your local hard drive and any nasties that might be hiding out there," said Kutter.

Another feature for the truly security conscious: it doesn't leave any trace on the computer you're using of which sites you've been to or what you did there.

When asked why everyone doesn't have a computer that can do all this, Kutter laughed and said "You can! You can download it from our website at spi.dod.mil if you want to play with the public version."

Another nice feature is that it's the same no matter which computer you're sitting in front of. "It would be a way of making sure that your configuration was standard every time you connect to do some sensitive transaction like telework or home banking," said Kutter.

When you're done, he said, "you could store things to the cloud, and the public version actually supports removable hard drives like USB thumb drives or USB hard drives."

And yes, it's free.

Asked about a downside to LPS, Kutter said the focus is on what's critical. So for web browsing and telework, "you don't need sound. You don't need every little Linux tool that exists. So from a usability standpoint, maybe that's a downside, but it's really a security plus. We approached this to be as secure as possible, yet still allow core mission capabilities to be accomplished."

That means no games, no solitaire, and no minesweeper.

But you'd still have those on the hard drive, in case of emergency.

For more information, see www.acq.osd.mil/ddre/ and www.wpafb.af.mil/AFRL/

This story is part of Federal News Radio's daily Cybersecurity Update brought to you by Tripwire. For more cybersecurity news, click here.