The Importance of Hardware Security and Root-of-Trust

Jul 02, 2024
The Root-of-Trust is a protected secure hardware component and constitutes the root of the security for a Chain of Trust. Perhaps the most important security function of a Root-of-Trust is the secure boot mechanism. Secure boot makes sure that after initiation, the integrity and authenticity of firmware and configuration of e.g. a device is verified, which counters persistence of logical attacks.
Moreover, a secure update mechanism ensures that when e.g. logical vulnerabilities are identified, these can be mitigated. This can contribute to understanding and preventing cyberattacks from known vulnerabilities and by patching systems that have been attacked and the authenticity and integrity of the entire stack can again be guaranteed. [1]

Abstraction Layers of Information Systems and Security

The security of information systems can be classified in abstraction layers, as illustrated in Figure 1.
From a security perspective, vulnerabilities that can be exploited in an attack can appear in each layer. Even if the lower layer provides security against the attack, the layers above the attacked layer are affected by the attack, since their security depends on the layers below. This means that hardware attacks affect the whole stack of layers above, and as such, require additional attention from a security perspective. One aspect of this is security against dedicated hardware attacks, an area that has evolved significantly in the last decade.
Following a trend to implement increasingly complex solutions in hardware and integrated circuits, also the cybersecurity solutions based on hardware have become increasingly relevant. Apart from countering hardware attacks, the security advantages that hardware-based security solutions can provide are significant. A secure hardware module, for example with a Root-of-Trust (RoT), can support to provide the integrity and authenticity of the entire stack by ensuring a secure boot and update mechanism.

Chain of Trust

In the environment of digital security, the concept of Chain of Trust plays a fundamental role. A Chain of Trust is established through e.g. cryptographic verification in a hierarchical model in which each component verifies the authenticity and integrity of the next one before it is executed. This way, only system components whose authenticity and integrity have been verified are executed, which ensures that each part of the system behaves as expected. [2]
The Chain of Trust starts with the Root-of-Trust as the trust anchor. A typical example of a Chain of Trust is the boot process. During start-up, the boot process follows a sequence of steps, where the trust of the next step is based on the trust established by the previous step [3]. The Chain of Trust is characterized by several stages, as illustrated in Figure 2.
This process continues until the entire secure boot flow is completed, including e.g. the Operating System and applications. [4]
Thus, the Chain of Trust is a key element which can ensure authentication, integrity, and therefore the intended functionality, by validating components from the Root-of-Trust to include the entire stack.

Hardware Security Functions

Apart from the abovementioned security features, the Root-of-Trust can provide several important security functions for the above layers. Using attestation mechanisms implemented in a Root-of-Trust, the identity and state of the platform, firmware and software can be verified and attested in a cryptographically secure way. This feature is quite important in order to guarantee the integrity and authenticity of the components in a system-wide solution.
Besides, Hardware Security can provide different types of cybersecurity services to the above layers of the stack. One typical example is to provide cryptographic services, which main advantage of handling the cryptographic services in a secure Hardware module is to protect the cryptographic keys from a logical attacker. This protection is based on isolation mechanisms of the secure hardware module.
In fact, secure hardware can provide different types of isolation, and this is another of its key features. The isolation of a Root-of-Trust itself is crucial, but also the capability to provide isolation between trusted applications, i.e. applications that run in e.g. a trusted execution environment, and, importantly, providing isolation to non-trusted execution environments, where typical applications are executed. The isolation is achieved through a combination of hardware and software measures.
Additionally, the hardware can provide a secure foundation for isolation of higher layers of the stack by hardware mechanisms for virtualization.
At DEKRA we are completely conscious of the complexity of security. That is why we offer comprehensive cybersecurity services, including the safety and security of hardware and software operations based on a functional safety management system, providing the full spectrum of services according to international standards. It is our duty to help organizations effectively migrate risk, protect users and preserve system integrity in a hostile cyber environment.
References:
[1] psacertified, «Platform Security Model 1.1,» 2021.
[2] G. Platform, «Trust & Security in Automotive Systems,» 2023.
[3] J. van Woudenberg y C. O'Flynn, The Hardware Hacking Handbook, 2022.
[4] Secure Boot for Microcontrollers - How does this Work? (Solcept AG). n.d., https://www.solcept.ch/en/blog/critical-systems/secure-boot/. Accessed July 2, 2024.