In recent years, malicious code has caused significant damage to computer systems worldwide. For example, the “WannaCry” ransomware worm, released in May 2017, severely damaged thousands of computers by encrypting data. In just one day, the “WannaCry” virus infected 150 countries and 230,000 systems. According to statistics from the FBI, ransomware is the fastest-growing malware threat targeting all types of users—from home users to enterprise networks. The FBI reported that, on average, more than 4,000 ransomware attacks occur daily since January 1, 2016, a 300% increase compared to about 1,000 attacks per day in 2015. Accidental clicks on URL links can install malicious code in the computer’s BIOS, allowing the malicious code to essentially take control of the infected system.
Embedded Defense Systems Have Become Major Targets for Cyber Attacks
In 2015, the U.S. Air Force Scientific Advisory Board (SAB) studied “Cyber Vulnerabilities of Air and Space System Embedded Systems” and concluded that “a series of immediate actions can significantly mitigate the cyber risks of embedded systems.” Furthermore, a report by RAND Corporation in 2015 on “Cybersecurity of Air Force Weapon Systems” concluded that cyber capabilities “create potential opportunities and incentives for adversaries to counter U.S. advantages through cyber attacks.” To combat the cyber threats posed by cyber attacks on weapon systems, the U.S. Air Force established the “Cyber Resilience Office for Weapon Systems” (CROWS), tasked with supporting the design, development, and procurement of weapon systems that are more resilient to cyber attacks.
Cybersecurity, and the correct response to cyber threats, starts with a Root of Trust (RoT) in hardware. These components establish trusted functionality through hardware verification, ensuring that the operating system of the device boots with unaltered code; these functions are embedded in the hardware and therefore cannot be changed. Protecting embedded systems from cyber attacks must begin with the very first instruction executed by the processor. System designers can utilize various methods to establish a trusted computing environment.
Intel Embedded Hardware is a Key Foundation for Establishing Trusted Computing Environments
For embedded hardware based on Intel, two important weapons in the trusted computing system that designers rely on are Intel’s Trusted Execution Technology (TXT) and Boot Guard. With TXT, once code execution begins, the system checks and “measures” the executing code, comparing it against known good code.TXT provides hardware-based security technologies embedded in Intel chips and devices known as Trusted Platform Modules (TPM), thereby strengthening the platform against attacks on virtual machine managers, operating systems, or BIOS; malicious root tools; and other software-based attacks.
Intel’s TXT creates encrypted hashes of critical BIOS components (referred to as “measurements” in Intel terminology) and compares them with known good measurements. TXT provides a hardware-based enforcement mechanism to prevent the booting of any code that does not match the certified code. This trust can then extend through the bootloader to the operating system. Based on the user-defined Launch Control Policy (LCP), it detects and addresses any errors in the code. Since TXT provides launch control policies for system integrators, notifications of altered code may have different consequences. Once notified that the system has been modified and is no longer trusted, users can choose to continue running or shut down. If the system integrator has established an “open” launch policy, the decision to continue running is made with full knowledge that the system is no longer trusted.
Intel describes Boot Guard as “hardware-based boot integrity protection that prevents unauthorized software and malware from taking control of critical boot blocks of system functionality.” Boot Guard is a hardware trust system that works complementarily with TXT to check the initial boot block running before BIOS and ensure it allows booting only after it has been trusted.
TXT and Boot Guard are valuable tools for establishing RoT in Intel-based embedded systems and are integral components of a comprehensive trusted computing solution. Designers of embedded commercial off-the-shelf (COTS) hardware and systems must stay informed about the latest options for protecting their hardware and data from malicious attacks or intrusions.
COTS Products Are Increasingly Becoming Fast and Economical Solutions for Trusted Computing Protection Strategies
COTS products are currently available, including built-in security features that enable users to quickly and economically implement protection plans for critical technologies and data. Such security products allow designers and users to start system development on standard COTS hardware and software, then transition to secure, 100% software and performance-compatible versions of products when ready to implement their program protection requirements.
Applications running embedded military systems may contain Critical Program Information (CPI), without which the U.S. military could lose its competitive advantage and put combatants at risk. Defense electronics designers and users need to know that their application code is secure and that their valuable software intellectual property (IP), such as Intelligence, Surveillance, and Reconnaissance (ISR) algorithms, cannot be accessed or compromised by adversaries. Trusted computing technologies should extend beyond hardware protection at the module and chassis level; trusted computing must also provide a comprehensive approach to data protection, ensuring that data is securely stored, retrieved, and moved within the system while allowing only authorized access. This level of trust may be necessary for supporting data security network routers in motion solutions, as well as secure storage of stationary data, for types I, FIPS 140-2, FIPS-197, AES-256, and AES-128 encryption.
Ensuring a system is trusted begins with the first instruction on trusted hardware. Effective trusted computing strategies in COTS solutions can include anti-theft protection against physical hardware intrusion, encryption technologies for critical data, and effective protection against network attacks to ensure that compromised BIOS does not cause harm.
