The changing landscape of secure KVM switching certifications

Until recently, the National Information Assurance Partnership (NAIP) used Common Criteria Evaluation & Validation Scheme (CCEVS) to evaluate and approve KVM switches for security. EAL2 and EAL4+ are tests regarding the process of the design, testing, verification, and shipping of security products. This protection profile is an international standardized process for information technology security evaluation, validation, and certification.

NAIP has determined that EAL and CCEVS are no longer adequate security standards for KVM switches that connect to systems with differing security classifications. As a result, they  upgraded the Protection Profile (PP) for peripheral sharing switches to PPS 3.0. Still, the next generation of secure switches are going to need to be TEMPEST-approved for the tightest security measures available.

TEMPEST testing, while classified, is regarded as a process that assesses the port-to-port isolation required for certain KVM switches. A TEMPEST approval means the necessary isolation is achieved and qualified. Additionally, the threat of data leaking by various covert electromagnetic eavesdropping mechanisms has been evaluated and found to be secure.

The TEMPEST designation is often required by military organizations. TEMPEST, as a security standard, pertains to technical security countermeasures, standards, and instrumentation that prevent or minimize the exploitation of vulnerable data communications equipment by technical surveillance or eavesdropping.

A desktop KVM switch at its most basic, is simply a hardware device that enables one workstation consisting of a keyboard, video monitor, and mouse to control more than one CPU. Desktop KVM switches are usually 2- or 4-port switches, and by pushing button or using keystrokes, users can easily access information and applications on completely separate systems.

Secure KVM switches fill a special need in switching for users, such as those in the military, government agencies, or law enforcement, who need to access information stored at different classification levels on physically separate systems. A secure desktop KVM switch is usual a two or four-port switch that provides control and separation of PCs connected to networks of differing security classifications. TEMPEST-approved switches offer the following features:

  • High port-to-port electrical isolation, which facilitates data separation (RED/BLACK). Channel-to-channel –80-dB to 60-dB crosstalk isolation protects against signal snooping, so software tools and applications cannot be used to access any connected computer from another connected computer.
  • Switches are permanently hard wired, preventing access from one CPU to the others or access from one network to others.
  • External tamper-evident seals make it easy to spot attempted tampering.
  • Users can safely switch among as many as four computers operating at different classification levels.
  • Unidirectional flow of keyboard and mouse data means the computer cannot leak data along K/M signaling channels.
  • USB host controller erases entire RAM at each channel switchover. This prevents residual data from remaining in the channel after a channel change and being transferred to another computer.
  • Only keyboard and mouse devices can be enumerated at the keyboard and mouse ports. Any other USB peripheral connected will be inhibited from operating, preventing the upload or download of unauthorized data.

The Secure Desktop KVM Switches with USB from Black Box surpass the security profiles of most other KVM switches because they have received approvals and certifications in the TEMPEST testing standard.

Additional Resources

White Paper: Secure Desktop KVM Switch Update

Leave a Reply