Open source transparency comes to root of trust hardware

Contrary to conventional wisdom, an open source approach like Google’s OpenTitan could ensure that roots of trust stay trustworthy

Open source transparency comes to root of trust hardware
Thinkstock

Geopolitics have put enterprise data centers in the crosshairs of international espionage. From all corners of the globe, hackers of all sorts, including those aligned with national spy agencies, are zeroing in on hardware roots of trust.

For any computing platform, the root of trust is the ultimate line of defense against cybersecurity attacks. No matter how secure your operating system and applications appear to be, they are acutely vulnerable if running on a hardware platform whose root of trust has been compromised by an unauthorized party.

Trust is everything. If you breach a hardware platform’s root of trust, you can gain persistent—and often, stealthy—access to all data, processes, and other assets on that platform and to connected systems that trust it. Even so-called “zero-trust security,” which is fundamental to edge, mesh, and other distributed deployments, depends on ensuring that each hardware node can indeed trust that its firmware has not been surreptitiously compromised by a hacker.

For that reason, the hardware-level root of trust should at the very least perform these critical functions:

  • securely store the server’s or device’s unique keys, credentials, and other security modules and actively mediate access to the first-stage boot firmware.
  • create a trusted execution environment that enables secure identification and authentication of the hardware platform during boot-up.
  • provide code protection, data protection, application isolation, firmware integrity assurance, tamper-proofing, and other services upon which all application-level security depends.
  • verify that a server or a device boots only with the correct, untampered firmware code.
  • enable users to verify that a server or a device is legitimate by using a cryptographically unique machine identity.
  • cryptographically prove that machines can be trusted, haven’t added vulnerabilities, and aren’t surreptitiously under an adversary’s control.
  • protect secrets such as encryption keys in a tamper-resistant way even for people with physical access, such as when a server or a device is being shipped.
  • provide authoritative, tamper-evident audit records and other runtime security services.
  • verify the exact sequence of everything that happens before the first instruction gets executed.

To continue reading this article register now

How to choose a low-code development platform