Root of Trust vs. Root of Evil: Part 1

Regulatory compliance is an unloved cost of goods—an expense to be managed, like cafeteria subsidies or fleet fuel costs.

Major regulatory gaps are opening around the Internet and Internet of Things (IoT), and especially in the plumbing under the IoT, which is rapidly evolving in a process known as network function virtualization (NFV).

This future is compromised by two opposing scenarios that regulators are trying to manage: an amazing future of security and safe IoT services that create higher standards of living and prosperity (based on firm root trust); versus an unknowingly vulnerable infrastructure prone to selfish and criminal manipulation but with entities legitimate and illicit at the same time (becoming the root of evil). We have discussed IoT regulatory gaps in a previous post about new threats to the IoT.

This series is about broadly driving better assurance in the IoT and streamlining compliance and regulatory reporting related to the next generation of Internet technology required to support the IoT, namely the NFV.

Technology proceeds regulation

The complexion of the Internet is both changing fast and now a widely discussed phenomenon, with billions of “Things” flooding onto the network in a stunning array of variety and diversity: houses, cars, pets, people, factories and rail lines, wells, elevators, pace makers, and on and on. At the same time and largely unseen, the plumbing of the Internet is changing—fast.

The plumbing of the Internet connects millions of interconnected routers and switches and miscellaneous elements such as DNS servers and security service. The plumbing is fundamentally changing. It is “virtualizing,” based now on software not hardware. Dedicated and specialized network equipment is being replaced by generalized processing platforms that can be dynamically assigned and reassigned tasks—such as routing, switching, DNS, or security. The benefit is significantly reduced costs and increased flexibility and capabilities.

The risk is that these software-based systems can be hacked. These complex, software-based infrastructures have larger attack surfaces and more potential vulnerabilities. As virtualized infrastructure pushes rapidly into the Internet and enterprises, regulations will struggle to keep current; but they will eventually catch up. But what sort of guidance can regulation offer to a virtualized network infrastructure?

We propose a cost-effective solution to address these types of regulatory requirements in the evolving virtualized software defined networks: We need a “root of trust” based in physical hardware.

Root of trust

A root of trust is essentially a security process that starts with an immutable (unchangeable) hardware identity ingrained into the computer’s processor. This identity is then leveraged to verify all  the software running on the computing platform. For instance, a uniquely identifiable hardware processor (chip) starts, and its identity is validated. It is recognized and known by the system owner, and appears to be located in the expected logical and physical location.

In a virtualized infrastructure, a trusted processor may spawn succeeding layers of BIOS, hypervisor operating systems, and virtual environments. Each has its integrity validated at start-up. It is the expected version and no tampering has occurred.

Root of Trust 1

Root of trust in a virtualized network.

Alternately, if an unknown or rogue processor attempts to validate itself, it would fail authentication and be detected; the network can be reconfigured (automatically or manually) to avoid the device. Similarly, if an unapproved software load attempts to start on an approved hardware platform, it can be both detected and refused resources at the hardware level—and will fail to start.

Through root of trust operations, it becomes possible to get a reasonable proof that a given piece of information was processed by a given verified system, with a processor that is itself verified and known to be in a given physical location.

Through root of trust processes, auditors and regulators can validate that information processing requirements related to matters such as personal or commercially sensitive data have been managed by verified systems on verified hardware, located in appropriate domains. In other words, the information was not handled by unknown or ambiguous (insecure) systems, in places with incompatible or inappropriate legal systems.

In the world of appliance-based networking root of trust did not have a place. These devices were typically single-purpose, single-sourced, proprietary, and hardened.

This situation is changing rapidly as the Internet is changing both on the surface and in the plumbing.

Watch for Part 2 of this blog for a discussion of the risks and opportunities associated with network virtualization, root of trust, and compliance in the emerging Internet of Things.

Root-of-trust security technologies are part of a wide variety of McAfee processors, and are also found in the McAfee software Cloud Integrity Technology (CIT).

Leave a Comment

17 − four =