COMP 3000 2011 Report: LPS

Background

This Distribution Report will be providing an analysis of the Lightweight Portable Security (LPS) operating system, which is developed and supplied by the Software Protection Initiative section of the United States Department of Defense (DoD).

LPS has been developed as an operating system to be used by government and military workers as a secure digital environment on systems that may not necessarily be secure. It has also been developed with a single use mentality. This means, there is no storage, and if the session becomes comprised due to malicious software, a simple reboot will produce a clean slate for the worker to use (Software Protection Initiative, 2011).

As of June 15th, 2011, LPS was approved by the Air Force Network Integration Center to access the Global Information Grid (GIG) for general telecommuting use (Software Protection Initiative, 2011). The GIG is described as a DoD system that includes any equipment, software, or service that transmits, stores, or processes DoD information, and provides any other associated services necessary to achieve information superiority (NSA, 2011).

The operating system has two variants, which can be obtained from the following locations:

Public ISO (137.3 MB Image) http://www.spi.dod.mil/docs/LPS-1.2.5_public.iso

Public Deluxe ISO (317.3 MB Image) http://www.spi.dod.mil/docs/LPS-1.2.5_public_deluxe.iso

Note: This report will be looking specifically at the Deluxe version of the distribution, which also provides Adobe Reader and Open Office.

The heritage of this operating system is not clearly documented anywhere, but based on the settings required for the Virtual Machine environment, it can be concluded that it is using a 2.6.x Linux kernel variant.

Installation and Startup

System Requirements

• A computer system with an x86 processor
• 512 MB of RAM (LPS-Public), 1 GB RAM (LPS-Public Deluxe)
• Wired, Wifi, or broadband cellular Ethernet (DHCP highly recommended)
• Ability to boot from either USB or CD-ROM (LPS is available on either media)
• CCID-compliant USB smart card reader (SCR 331 w/current firmware [>5.22])

Although LPS is meant to be used as a live boot distribution, for the purposes of this report and testing, VMPlayer 4.0 was used as the operating environment.

Installation was simple and straightforward. When setting up the VMWare Virtual Machine, VMWare Player was unable to detect the operating system automatically, so the Linux option “Other Linux 2.6.x kernel 64-bit version” was chosen.

Default settings were kept for the rest of the configuration, with the exception of customizing the virtual machine hardware memory. This value was changed from the default 384 MB, to 1024 MB, as per meeting the distribution system requirements.

Booting of the distribution took roughly one minute from start to the license agreement screen. Upon accepting the agreement, the desktop loaded almost instantly.

Basic Operation

With my configuration, there was 678.5 MB of free space left to be used.

Upon first viewing the distribution's desktop, the first thing that is noticeable is the striking similarity in appearance to a Windows operating system. There is a start menu, but instead of a Windows logo, the user will find Tux there. There are also Windows Show Desktop and command prompt icons. Show Desktop performs as expected, but the command prompt icon launches Xterm.

It is likely that most users of this operating system would be coming from a Microsoft background, so it does make sense that the developers would choose to make an experience that follows what one would expect in a Windows environment. The developers have went so far as to even apply skins onto various utilities to have them more closely represent the Windows equivalents. This can be seen in the screenshot below.

Going to Work

Since the operating system was meant to provide workers with a secure environment for telecommuting, an attempt was made to replicate a “workday”.

First, Open Office was used to create and save an assortment of text documents, and spreadsheets. Next, the FireFox browser was used to view a number of websites, including YouTube, WebCT, and CNN.com. All websites performed smoothly and as expected.

I was a little skeptical of logging into any websites, including my personal email, and banking. Now, this is not because I did not expect my session to be unsecure, but at a stage of preliminary analysis, I am a bit too paranoid to enter login credentials into a DoD operating system.

There are a number of remote connection options available, including Citrix Receiver, Remote Desktop, and a remote SSH client. The operating system should also allow for the use of a smart card reader that can contain the log in information required to remotely access a system. I was unable to test this features, since I lack a smart card reader, but I was able to use the SSH client to remotely connect to a computer.

One of the features unique to this distribution that was tested was the Encryption Wizard. This is an encryption and decryption program that uses a 128-bit implementation of the Advanced Encryption Standard (AES) with a drag-and-drop interface (ATSPI Technology Office, 2011). It creates the ability to encrypt files using a pass key, with a PKI Certificate, or both, as well as add Meta Data, although this is not encrypted. Decrypting a file that was encrypted using the Encryption Wizard follows a similar point and click method. Both encrypting, and decrypting files was tested on the text documents created earlier in the session, and no problems were encountered.

After creating a number of files were created and downloading an assortment of PDFs, as well as extensive Internet browsing, an operating system restart was done to see if there would be any traces of the session. Upon completing the reboot, all files from the previous use of LPS were gone, and web history from FireFox had also been cleared.