Lightweight Portable Security
Lightweight Portable Security Desktop
|Developer||US Department of Defense|
|Source model||Open source|
|Latest release||188.8.131.52 / 28 February 2018|
|Kernel type||Monolithic (Linux)|
|Default user interface||XFCE|
|License||Free software licenses|
|Official website||Trusted End Node Security program office|
Lightweight Portable Security (LPS) is a Linux LiveCD, (or LiveUSB), developed and publicly distributed by the United States Department of Defense’s Air Force Research Laboratory, that is designed to serve as a secure end node. It can run on almost any Intel-based computer (PC or Mac). LPS boots only in RAM, creating a pristine, non-persistent end node. It supports DoD-approved Common Access Card (CAC) readers, as required for authenticating users into PKI-authenticated gateways to access internal DoD networks.
LPS turns an untrusted system (such as a home computer) into a trusted network client. No trace of work activity (or malware) can be written to the local computer hard drive. As of September 2011 (version 1.2.5), the LPS public distribution includes a smart card-enabled Firefox browser supporting DoD's CAC and Personal Identity Verification (PIV) cards, a PDF and text viewer, Java, a file browser, remote desktop software (Citrix, Microsoft or VMware View), an SSH client, the public edition of Encryption Wizard and the ability to use USB flash drives. A Public Deluxe version is also available that adds LibreOffice and Adobe Reader software.
LPS and Encryption Wizard were initiated by the Air Force Research Laboratory's Anti-Tamper Software Protection Initiative program, started in 2001. In 2016, that program was ending, so LPS and Encryption Wizard were moved to the Trusted End Node Security program office. LPS, as of version 1.7 was rebranded Trusted End Node Security, or TENS. Encryption Wizard retained its name, but received the TENS logo as of version 3.4.11. Nevertheless, as of early 2019, the site still uses the LPS name in many places.
LPS comes with Encryption Wizard (EW), a simple, strong file and folder encryptor for protection of sensitive but unclassified information (FOUO, Privacy Act, CUI, etc.). Written in Java, EW encrypts all file types for data at rest and data in transit protection. Without installation or elevated privileges, EW runs on Windows, Mac, Linux, Solaris, and other computers that support the Java software platform. With a simple drag and drop interface, EW offers 128-bit and 256-bit AES encryption, SHA-256 hashing, RSA signatures, searchable metadata, archives, compression, secure deleting, and PKI/CAC/PIV support. Encryption can be keyed from a passphrase or a PKI certificate. EW is GOTS—U.S. Government invented, owned, and supported software—and comes in three versions, a public version that uses the standard Java cryptographic library, a unified version that uses a FIP-140-2 certified crypto licensed by The Legion of the Bouncy Castle, and a government-only version that uses a FIPS-140-2 certified crypto stack licensed from RSA Security. The three versions interoperate.
Public HTTPS access
The web site for distribution of LPS-Public is served over HTTPS, but uses a TLS certificate that is signed by a certificate authority managed directly by the Department of Defense through Defense Information Systems Agency. This CA is not trusted by most non-DoD operating systems and browsers. Because of this, visiting the site or downloading the ISO will generate a browser security warning indicating that the certificate is not trusted. Military-issued devices already include this certificate authority in their list of trusted CAs, and so they will not see these errors.
This article incorporates text from the US Department of Defense SPI web site.
- "LPS Release Notes". Special Protection Initiative. Department of Defense Special Protection Initiative. 2018-02-28. Retrieved 2018-02-28.
- DoD Software Protection Initiative
- LPS main page, https://www.spi.dod.mil/lipose.htm
- Lifehacker, http://lifehacker.com/5824183/lightweight-portable-security-is-a-portable-linux-distro-from-the-department-of-defense
- Linux Journal, http://www.linuxjournal.com/content/linux-distribution-lightweight-portable-security
- InformationWeek, http://www.informationweek.com/news/government/security/231002431
- "Encryption Wizard Release History". Trusted End Node Security. Retrieved 26 February 2019.