Home > Products

Bloombase Security Platform FAQ




What does Spitfire do?

Statistics showed majority of corporations suffered from confidential data theft, business partner phishing, data tampering by insiders or outsiders, and application hacking, do not aware until major losses are seen. If confidential letters are used to sealed and chopped while invaluable gemstones are used to be deposited in safeboxes, sensitive electronic enterprise data should be protected and insured. Bloombase believes the problem should best be solved by cryptographic technologies.

Spitfire product family is hardware-accelerated cryptographic network appliances to secure transient and persistence information enterprise-wide. Spitfire family is composed of Spitfire SOA, Spitfire Messaging and Spitfire StoreSafe.

  • Spitfire SOA is created to secure enterprise application integration data from prying eyes and unauthorized alteration.
  • Spitfire Messaging is a transparent email encryption entwork server to work with enterprise messaging gateways to deliver encrypted and signed emails. Thus, Internet hackers or system operators in recipient corporations have no way to snoop the confidential contents inside.
  • Spitfire StoreSafe is a high performance cryptographic network appliance to encrypt/decrypt data on the fly as data are stored or retrieved from networked disks. It aims to protect databases, application servers, user files and archives from theft.

 

Why hardware appliances?

Most enterprises have invested in hardware and software systems which are mission-critical and operate in full capacity. Cryptographic operations like digital signature generation and encryption are computational and resource intensive tasks that normally are not welcomed by business systems like ERP, sales management and BI. This is the reason why majority of enterprises seek for hardware accelerators to offload SSL processes from their web servers.

Same applies to EAI, XML, email and file data which are integral part of business document exchange, messaging and storage systems. Bloombase's security strategy has common goal in

  • Independency
  • Scalability
  • Performance

Only self-contained hardware appliances that are purpose-built to fit in dedicated applications and environments can fulfill the above requirements. Network and communication protocols are relatively stable standards across the industry for years if not decades and designed to support all vendors and platforms. Spitfire appliances are purposely designed on the network layer supporting any computing environments of enterprises through high level modular interfaces.

Spitfire appliances can easily scale up by configuring multiple boxes in a cluster. Loadbalancing and high-availability can be achieved on the network layer. Customers can have a better control of their investment and buy-as-they-go.

Security relies heavily on computational intensive mathematical operations that degrade overall system performance and throughput. By utilizing dedicated hardware acceleration, processing latency can be greatly reduced with enhanced throughput. It also gaurantees transparent operations and seamless deployment to existing enterprise infrastructure.

 

Why choose Spitfire Security Platform instead of peer solutions?

Spitfire Security Platform is built upon hardened Spitfire OS and Spitfire Security Framework which have been well tested for carrier grade operations serving enterprises, agencies and organizations. Spitfire is compliant to international information security standards. Cryptographic algorithms are proven and well-accepted as golden standards.

Spitfire excels amongst peer solutions by utilizing hardware appliance and ASIC-acceleration approach to reclaim performance loss due to cryptographic processing latency. Spitfire family solves various major transient and persistence data security problems for dedicated applications and systems.

Spitfire is highly scalable. It can easily be scaled up through multiplexing and clustering. Spitfire platform has a very small foot-print that it can run within embeded systems and offer low-cost solutions for departmental and home use.

 

What are the benefits of ASIC-powered appliances?

Application specific integrated circuit (ASIC) is dedicated electronic hardware purpose-built for specific applications. ASIC differs from central processing unit-based hardware in a sense that it adapts easily to parellel and streamlined processing which are the core design principles of most cryptographic ciphers. Therefore, cryptographic operations run on ASIC normally supercedes general purpose microprocessors by 10-100 folds, greatly reducing the time it takes to complete an encryption/decryption task, thus increasing throughput. SCSI and dedicated graphics boards are good analogy of ASIC in security appliances versus computer world. Spitfire Security Platform is the only solution basket having all its family members supporting ASIC-powered cryptographic hardware acceleration.

 

How Spitfire Security Platform keeps up with ever-changing cryptographic and algorithmic advances?

Cryptographic algorithms and ciphers get updated every couple of years to cope with advances in computational hardware and infrastructure. Bloombase understands customers have growing need to the scope of data protection in their enterprises as well as compliance to the latest security standards. Spitfire customers can obtain latest upgrade and patches from Bloombase SupPortal and have their Spitfire hardware firmware upgraded. Firmware upgrade can be done easily through Spitfire secured web-based management console.

 

How well Spitfire servers are prepared for disasters?

Selected models of Spitfire appliances are fault-tolerant by design. Other Spitfire appliances can be configured to run in high-availability mode such that when the active appliance fails, backup takes over and act as active node.

Spitfire system settings and security configurations can be archived and sent offsite for backup retention. Spitfire backup archives are secured by recovery key(s)/token(s) which are generated during installation phase. Spitfire administrators should devise and carry out backup procedures whenever there are configurations updates made to the Spitfire servers. In worst case scenario where a disaster recovery is to be carried out, the recovery key(s)/token(s) are required to be restored back to a brand new operational Spitfire appliance prior to successful restoration of the configurations backup archive. A normal disaster recovery process takes within minutes to a quarter hour's time.

 

What cryptographic ciphers are supported by Spitfire Core Cryptographic processor?

Spitfire Core Cryptographic processor currently supports the following industry-standard encryption ciphers

  • AES 128, 192 and 256-bit cipher
  • Camellia 128, 192 and 256-bit cipher
  • Chinese National SCB2(SM1), SSF33, SSF28 ciphers
  • 3DES cipher
  • DES cipher
  • CAST5 cipher
  • CAST6 cipher
  • IDEA cipher
  • RC2 block cipher
  • RC5 block cipher
  • RC6 block cipher
  • RC4 stream cipher
  • Blowfish cipher
  • Twofish cipher
  • Serpent cipher
  • Skipjack cipher
  • RSA cipher

 

What is Spitfire recovery key?

Spitfire recovery key is either a set of software key vaults in form of files or physical keys in form of PKCS#11 compliant hardware secure module (HSM) tokens or cards. Spitfire recovery key is a quorum of multiple key(s) whereas the recovery key holder quorum and body sizes are up to customer's choice. Recovery key(s) are the required elements for successful restoration of Spitfire configurations archives. Failing to present the minimum quorum of recovery key(s)/token(s)/card(s) fails to restore its corresponding Spitfire configurations archives. Therefore, once recovery key(s) are generated in the installation phase, they should be assigned to data owner(s) and kept in a safe location. Recovery key(s) should never be exposed and duplicated and should only be presented during disaster recovery or Spitfire cloning.

The quorum recovery key(s) refer to the minimum set of dissimilar recovery key(s) prior to the condition of a successful restoration of configurations archive is satisfied. A body size of 2 and quorum of 1 means there are a total of 2 physical recovery keys to be generated and held by 2 persons whereas any one of the body already satisfies a valid quorum for recovery to be carried out. A body size of 3 and quorum of 2 means there are a total of 3 physical recovery keys to be held by a maximum of 3 persons (A, B, C), during recovery process, either A-and-B, B-and-C or C-and-A is satisfied as a valid quorum for recovery.

Please note that recovery key(s) are generated ONLY ONCE during installation phase, no more such key(s) can be further generated.

 

What is Spitfire operator key?

Operations of Spitfire security appliances are secured by Spitfire operator key(s). Spitfire operator key can be in form of pin, software key vault, PKCS#11 compliant hardware security module (HSM) token or card.

Spitfire servers/appliances require at least one operator key to be present for successful initialization. There is no maximum limit on the number of operator keys. Authenticated administrative users accessing Spitfire in its normal production mode of operation can issue new operator key(s) or revoke existing operator key(s) via the web-based management console.

Power-up of Spitfire servers/appliances only starts the management modules for local and remote administration. Actual cryptographic processes are started only when a valid operator key is presented remotely via the web-based management console or locally/physically at the hardware appliance.

 

What if my Spitfire appliance is lost?

Spitfire hardware appliances contain high performance cryptographic processors that are generally considered strategic commodities. Such goods are under strict import and export controls in many nations. In any case an appliance is considered lost, you should report to your local police immediately follow-by a formal notice to us with official's document(s) of proof.

Spitfire appliances require presentation of valid operator key(s) prior to normal cryptographic operations. That is, without getting hold of any of your operator keys, criminals obtaining your Spitfire appliances have no way of making it to function, not mentioning decryption of your Spitfire-protected data. Technically speaking, your Spitfire-secured data are still safe.

 

Does Spitfire support PKCS#11-compliant hardware security modules (HSM)?

Yes. Spitfire security servers are PKCS#11 ready and support all PKCS#11-compliant hardware security modules (HSM) out-of-the-box. For compliance concern, customers may consider the use of PKCS#11 compliant HSMs for key generation, storage and security.

 

 


Secure Your Data Now

Protect your data with Bloombase transparent encryption.

Bloombase Demonstrations

See how Bloombase protects your digital assets.

Bloombase SupPortal

Get technical support from Bloombase Supportal and Knowledgebase.