Security is a multi-step process. There is a chain of trust, with each link verified and authenticated by the one before it. But eventually, the chain stops somewhere. Pedal meets metal.
Or, as the case may be, silicon.
Until recently, semiconductor security was more of a theoretical threat than a real threat, but firmware attacks are on the rise.
Earlier this year, the Department of Homeland Security warned this firmware “has a large and ever-expanding attack surface”.
According to the agency, companies often overlook firmware security, making it one of the stealthiest methods to compromise devices on a large scale. With access to firmware, attackers can subvert operating systems and hypervisors, bypass most security systems, and persist in environments for long periods of time while performing operations and causing damage.
“Despite its critical role in electronic devices, firmware security has traditionally not been a high priority for manufacturers or users and is not always well protected,” the agency said.
Last spring, Microsoft reported that more than 80% of enterprises have experienced at least one firmware attack in the past two years.
Protection against this threat begins with a root of trust – a means of ensuring that core systems are as they should be.
According to Nigel Edwardssecurity engineering researcher and vice president at Hewlett Packard Enterprise, not only must every device have a root of trust, but every subsystem on every device.
If root of trust technology had been in place, botnets like Mirai would have failed because untrusted code could not run on these devices.
Root of Trust standards include the OCP Security Root of Trust. It is based on NIST’s Platform Firmware Resiliency Guidelines released in Spring 2018.
Security from scratch
One company trying to solve the problem is Microchip, which announcement an update to its trusted root product Trust Shield today.
In addition to ensuring that when servers boot, they boot with a guaranteed secure environment, the new version, the CEC1736 Trusted Root Controller, also supports SPI Bus Execution Protection which monitors traffic between the CPU and its Flash memory, to ensure that attackers do not change the Flash.
“Chipmakers now have some kind of security,” said Jeannette Wilson, senior marketing manager at Microchip. “But they don’t all have a root of trust. They’re starting to add secure boot, but it’s going to be several months, if not years, before we see production.”
As a result, some server manufacturers are jumping the gun and turning to third-party vendors like Microchip to get their root of trust sooner.
Microchip’s customers aren’t just companies that design motherboards and build servers, she said. “The big cloud providers are all looking at this.”
One of the advantages of having a third-party root of trust is that many server manufacturers use chips from different companies. “Now they can add the same root of trust to all their servers,” she said.
Technology can be added to existing hardware. The latest generation, CEC1736, needs additional code, she said, to perform real-time monitoring. “It’s something you can add,” she said.
Most cyberattacks happen remotely, Wilson said. “This is, by design, what the root of trust is designed to protect against.”
But with real-time SPI monitoring, the system can detect even if, in an unlikely scenario, a Mission Impossible attacker – or a malicious insider – has broken into a data center and physically disables Flash memory.
Other CEC1736 enhancements include built-in Flash, where customers can store “golden” images. Microchip has also added a physically unclonable feature, which can be used to create secure keys.
“We have also added device and firmware attestation, which helps certify the authenticity of other devices in the system,” she said. “This is a very critical component in the world of servers and data centers.”
In addition to data centers, other use cases include multifunction printers, telecommunications, and industrial infrastructure. However, Microchip does not publish any customer names at this time.
“We’re so early in the process,” Wilson said. “Even though we have customers using it currently, they are still in development and have not yet announced their products.”
The Root of the Trust Landscape
The big hyperscale companies are all investing in root of trust technologies.
Google, for example, uses proprietary Titan architecture to ensure platform integrity. In 2019, he launched OpenTitan, an open source root of trust project. Its partners include Taiwanese semiconductor maker Nuvoton and storage companies Western Digital, Seagate and Winbond. OpenTitan is also supported by Intrinsic ID, an unclonable physical function security provider.
Amazon uses the Nitro system for all modern Amazon EC2 instances, which relies on a hardware root of trust using the Nitro security chip.
Meanwhile, Microsoft has a hardware-based root of trust in its Azure Sphere platform, residing in the Pluto security subsystem. Pluto is about to hit the mainstream market for the first time. Microsoft announced the design back in fall 2020.
The first consumer computer to use the new security technology was announcement earlier this year, the AMD-powered Lenovo ThinkPad X13, which is supposed to hit the market this month, but doesn’t seem to be out yet.
Third-party root of trust
Microchip’s competitors include Kameleon, an Israeli semiconductor startup that collaboration with Xilinxa California-based semiconductor company.
Kameleon Root of Trust works on Intel, AMD and ARM architectures and supports device attestation. The company claims to be the first to market root-of-trust products fully compliant with the Open Compute Project standard. It is also NIST 800-193 Platform Firmware Resiliency compliant.
“We are seeing a growing demand for OCP-compliant solutions from technologically advanced customers, such as hyperscalers and cloud service providers, who need that extra level of security,” said George Wainblat, vice president of product at Kameleon.
But other sectors are also starting to take an interest in it, he said. Knowledge of the data center. These include original equipment manufacturers and original design manufacturers, as well as device vendors who manufacture hardware security modules, networks and other devices.
Another trusted root vendor, Lattice Semiconductor, has joined the Open Compute Project Foundation in March.
Like Xilinx, Lattice manufactures field-programmable gate arrays (FPGAs) – integrated circuits designed to be configured by end customers. Its Lattice Sentry solution stack includes an FPGA-based, NIST-compliant platform firmware resiliency root of trust.
Another contender in this crowded field is Rambus, which offers a catalog of root-of-trust solutions for everything from IoT devices and sensors to security coprocessors for cloud and AI workloads.
The most recent announcement of its trusted root client is with Kyocera Evolution Series Multifunction Printers.
Silex Insight also offers root-of-trust technology, primarily in the IoT space, and recently announced a partnership with IoT security company ZAYA, to help secure micro-containers.