Column: System security
What is a Root of Trust and why is it needed?
By Hector Tejero, Solutions Architect, Arrow Electronics I
nsecure devices can have a profound effect on digital transformation. Tey lead to security breaches and malware attacks, endangering sensitive business information, intellectual property and
business continuity. Such cyber attacks can lead to loss of revenue and reputation. Using secure devices and systems is therefore essential for organisations moving to service-led business models. However, security isn’t something that
can be added to devices retrospectively; it must be implemented early in the development cycle and from the bottom up, otherwise it’s not effective. Tis is where Root of Trust (RoT) comes in.
RoT A Root of Trust is a trusted component or a set of them that provides a secure foundation for the system’s security mechanisms. It is essential for establishing trust in a system and ensuring that it operates securely and reliably. A RoT provides a minimal set of cryptographic/
trusted services and operations, implemented as building blocks of a trusted device. A RoT is always implicitly trusted. Desirable properties of a RoT can
be summarised in a few sentences: It must provide a robust, unique and immutable identity. To interact with a particular device, a unique and attestable identity should be assigned to the device, facilitating trusted interaction with it, such as exchanging or managing data. A RoT must be tamper-proof. Keys and
credentials are stored in a tamper-resistant element that is impervious to logic and side-channel attacks. A RoT must provide hardware isolation, preventing one service from compromising another, achieved by isolating trusted services. A RoT must include a True Random
Number Generator (TRNG), critical in cryptography, for encrypting data, creating digital signatures and authenticating communications. Te RoT secure processing environment must be updateable if weaknesses are found.
A Root of Trust typically enables
functionalites like: • Secure crypto service: There should be a minimal set of trusted cryptography services in support of secure management of secrets and keys. The device application often influences the cryptographic scheme used.
• Secure storage: To prevent private data being cloned or revealed outside the trusted service or device, it must be uniquely bound to them. Confidentiality and integrity of private data are typically achieved using keys, which themselves need to be bound to the device and service.
• Device management with attestation: Attestation is the evidence of the device’s properties, including its identity and lifelong security. Device identification and attestation data should be part of its verification process using a trusted third party.
• Security lifecycle: A device’s security state depends on software and run-time properties, hardware version and the product lifecycle.
• Secure boot: To ensure that only authorised software is executed on a device, secure boot and secure loading processes are required. Unauthorised software would typically allow the device to function in a way not intended by the device manufacturer. Unauthorised boot code should be detected and prevented.
RoT must provide isolation between device services 12 April 2023
www.electronicsworld.com
• Anti-rollback: Preventing firmware rollback to previous software versions is essential to ensure that previous versions of the code can’t be reinstated. Rollback should be possible for recovery purposes and only when authorised.
Page 1 |
Page 2 |
Page 3 |
Page 4 |
Page 5 |
Page 6 |
Page 7 |
Page 8 |
Page 9 |
Page 10 |
Page 11 |
Page 12 |
Page 13 |
Page 14 |
Page 15 |
Page 16 |
Page 17 |
Page 18 |
Page 19 |
Page 20 |
Page 21 |
Page 22 |
Page 23 |
Page 24 |
Page 25 |
Page 26 |
Page 27 |
Page 28 |
Page 29 |
Page 30 |
Page 31 |
Page 32 |
Page 33 |
Page 34 |
Page 35 |
Page 36 |
Page 37 |
Page 38 |
Page 39 |
Page 40 |
Page 41 |
Page 42 |
Page 43 |
Page 44
