Hardware Rooted Security

Parent Previous Next

Hardware Rooted Security.

Protection provided by hardware can be very secure and should always be considered as one of the security schemes, one may use in combination with others. Several hardware options exist (probably with many more to come).

Platform Integrity.

One of them is the Trusted Platform Module (TPM), which can provide a hardware rooted chain of trust by validating each precondition step by step to test the integrity a platform. It is often used for the secure loading of operating systems (OS) in order to prevent root-kits and other types of malware.

A TPM may often exist as one of these:

Finally a TPM may also be available as a purely software based solution intended for testing purposes.

TPMs are increasingly being included in computers, cell phones and other equipment. TPMs may be based on different standards/versions which may specify optional functionality not available everywhere.

Black Box Cryptography.

Dedicated hardware chips can perform a wide variety of cryptography based on keys not accessible to outsiders.

Some have the algorithms built-in (hard-coded) or can perform calculations using protected instructions and private internal memory. Others may run as an ordinary program - although separated from other processes and using memory areas unavailable to the OS.

Memory Encryption.

It is possible to encrypt the available memory in its entirety.

Some memory controllers can perform memory scrambling to address certain electrical problems (current fluctuations) with DRAM, which as a side effect makes it more difficult (but not impossible) to perform cold-boot attacks etc.

Other solutions implement a software layer installed on bare-metal servers to encrypt memory content being moved between the CPU cache and the memory. In order to work properly, certain hardware requirements must be expected - e.g. CPU integrated TPM and hardware accelerated encryption.

Finally some CPU architectures can work with a marked subset of memory pages (or all of them) which are encrypted using a key generated at startup. The key is only known by the CPU and completely inaccessible to the executing software. Again this scheme protects against cold-boot attacks but it does not prevent attacks from within the OS.

Application Trusted Memory.

Some CPU architectures include special security instructions that allow an application to create and manage secure memory areas for the encrypted storage of both code and data. Such a trusted memory range may be visible to the OS, but it is only usable for the owning application and only decrypt-able within the CPU.

An application relying on this technology is faced with a few challenges though:

If the application is intended for widespread deployment, the technical requirements might be too limiting. Legacy systems may have to be supported as well, forcing the programmer to include additional functionality which doesn't require trusted memory.

Programmable Hardware.

Hard-coded cryptography algorithms, secret programs running separate from the OS and applications using trusted encrypted memory areas - may soon be a thing of the past, replaced by custom programmable logic.

The Field Programmable Gate Array (FPGA) technology is one of the most interesting currently available. This type of programmable logic has existed since the eighties and has primarily been used for smaller vertical solutions. Today a FPGA chip contains millions of gates and has the power to implement a custom made CPU, giving FPGAs a broader commercial appeal.

FPGA and similar technologies will blur the lines between hardware and software design and allow developers to design the optimal blend of hard-coded gate logic and algorithms implemented as processable instructions. It will furthermore allow for the conversion of a private virtual machine into the equivalent hardware version running in total secrecy at maximum speed.

However, the programmable virtues are accompanied by the possible threat of illegal intruders taking control of the programmable hardware and reconfiguring it for malicious activities.

Security Considerations.

Anyone familiar with the complications of software based security will undoubtedly be fascinated by the possibilities of hardware rooted protection. However, even hardware based security can be unsafe:

If the security of a popular hardware chip is suddenly compromised and rendered worthless, it could have disastrous immediate consequences for perhaps millions of computers, underlining the necessity of implementing extra self-reliant security measures.