The Exos Front End Processor

 

Chip Scan's Exos is a new type of CCSDS compliant front end processor with over a 1000x smaller attack surface compared to modern virtual network function implementations, and offers very strong supply chain guarantees.

The level of security offered by Exos is appropriate for DoD 5200.44, NSA Raise-the-Bar and Zero Trust initiatives.

The Problem: Bloated Front End Processors

Modern virtualized ground stations are built as application code leveraging third party libraries, running on operating systems carrying decades of baggage, which themselves are often run within containers and hypervisors. This offers a huge attack surface with many exploitable vulnerabilities to attackers. Further, to be able to run these complicated, bloated pieces of software, "advanced" processors with "modern" functionalities which themselves have exploitable bugs such as Meltdown and Spectre are needed. Basically, these overly complex architectures are dressed up in new technologies to provide an appearance of security without actually providing meaningful security guarantees.

The definition of genius is taking the complex and making it simple

Albert Einstein

 

Chip Scan's Solution: Exos

Exos is built using the hardware-up methodology to consciously reduce the attack surface which results in an attack surface reduction of more than a thousand times.

The technologies used in Exos offer protection against the most common classes of vulnerabilities used by attackers to hack into systems. We completely eliminate memory safety vulnerabilities, and attacks through processor vulnerabilities (such as Spectre), and provide a very high level of guarantee against software and hardware supply chain attacks.

Image
  • Deployment Scenarios

    Cloud (Amazon) or On Prem deployment

  • Throughput

    125Mbps per Channel, 1Gbps Total

  • Inputs

    UDP, Data/Clock

  • Frame Sync

    All CCSDS Sizes

  • Sync Pattern

    Programmable 32-bit CCSDS pattern

  • CRC

    CCSDS CRC-16-CCITT, CRC-32-CCITT

  • Reed Solomon

    CCSDS 255,223 or CCSDS 255,239

  • Downlink Packet Types

    Space Packet or CCSDS Encap

  • COMSEC Support

    Integrated crypto using AES in ECB/CVC/CFB/OFB/CTR mode or on-premises UDP based crypto

  • Network Clients

    C2 (TCP)

EXOS was developed through a contract through the U.S. Office of Naval Research and private funding. The opinions expressed here are not views of the US Government.