What is Hardware Root of Trust?
A layered security approach is one of the most effective in handling todays cyberthreats, particularly in a programmable or fixed, hardware-based root of trust. A hardware root of trust provides secure computing, containing the keys needed for cryptographic functions, and it is generally a part of the secure boot process that provides the foundation for a software chain of trust. A fixed-function root of trust uses a simple, more limited state machine while a programmable root of trust is a more advanced alternative centered around a central processing unit (CPU).
There are a wide range of reasons an attacker might engage in application repackaging. This type of attack may be used to install malware on a mobile device that leads to various enterprise security risks. An attacker may add malicious functionality to an app and then redistribute it to users in order to breach systems, data, steal content, and ultimately make their own revenue from someone else’s app development.
Root of Trust Concept
The concept in a hardware root of trust stands out as highly effective compared to lower-level security measures. A programmable hardware root of trust is designed to be continuously updated in order to confront the latest network, app and device threats and exploitations by hackers. Other programmable root of trust functions include:
• Layered approach in which multi-layers of defense are established to counter points of failure, including cryptographic and critical-key hardware components and software security layers.
• Designated integration whereby security functions are applied in a dedicated secure domain, or separated root of trust.
• Anti-tamper and anti-channel attack solutions prevent cyberattacks upon implementation and throughout run-time.
• Option for multiple roots of trust ensure all security assets are isolated with access to a unique security core vs trusting outside entities. In this case, permissions can be assigned.
A uniquely designed hardware root of trust is capable of interconnectivity between devices and networks alike for robust security.
Unfortunately, the process for creating imposter apps is readily accessible, which makes the barrier to entry for hackers extremely low and app repackaging very common. Hackers first gain extensive permissions along with the capabilities to compromise original apps and third-party apps. The basic steps an attacker would take in repackaging an app include:
• Acquiring a copy of an app directly from a store
• Adding malicious functionality to an app
• Redistributing the repackaged malicious app to users (these users believe the app is the original, legitimate app)
• Reverse engineering of an app may take place
• Deployment of Trojan horses is common on Android devices
• Enterprise web apps on Apple devices often remove important security levels designed to catch app illegitimacy
End users are also known to repackage apps via mobile devices, but this use is primarily for enhanced app capabilities or for installing unauthorized apps. In any case, application repackaging is a cyberattack that can lead to catastrophic damage.
Root of Trust Features and Functions
Some root of trust features to expect with a security solution include a security perimeter that defines exactly what must be protected. It will include a secure CPU along with runtime memory that offers essential data and information. It should be tamper-resistant, pre-validated, and include hardware-based cryptographic accelerators. Finally, hardware roots of trust should use a true random number generator (TRNG), a secure counter or clock, and secure storage.
The key security functions in genuine root of trust security solutions should include
• Secure monitoring
• Secure authentication/validation
• Secure communication
• Storage protection
• Expert key management
To understand how root of trust works, the following analogy might help:
• Engage staff in security awareness practices
• Promote the use of approved app stores only
• Coach on the catastrophic results of malicious apps
• Set up application approval processes for team members
• Provide the appropriate security tools for blocking repackaged apps and detecting fake apps
While security campaigns are shown to have a huge impact on overall company security, they are not always enough. Anti-tamper technology is a must for today’s vulnerable technological platforms.
Analogy for Root of Trust
When you travel by plane in the US, the first layer of security is the transportation security administration (TSA) checkpoint. Think of this checkpoint as your Root of Trust. Once you pass through TSA, the gate agent needs to scan your boarding pass (rather than checking your ID) because they trust that you have already been checked, scanned, and verified by TSA. Once you get onto the airplane, the pilot and the flight attendants trust that the gate agent has already validated that you have all credentials to be on the flight. This authentication process eliminates the need for the gate agent, pilots, or anyone else to check you out when you deplane. You are trusted because TSA validated your identity, that you aren’t carrying anything harmful or illegal in your luggage or on your person, and that you have a ticket.
At the airport, this process represents a physical chain of trust. Consider that a similar process takes place when a computer or other device powers up. Before the first bit of code is run, the code is checked by the virtual equivalent of the TSA, the chip, to ensure it the code is legitimate. Once the basic input output system (BIOS) is validated, its code is run. Then, when it’s time for the OS code to run, it trusts the BIOS—a chain of trust. Ultimately, hardware root of trust is an essential security process for keeping devices and the technology that runs on them secure.
It is also possible for anti-tamper technology to eliminate the download of a fake app on a device. By implementing this security measure, companies can avoid catastrophic damage that could cause productivity downtime and even lead to total ruin or closure. Anti-tamper technology is available through reputable third-party providers that are established in the marketplace. Security awareness along with code modification protection in anti-tamper software are the most effective ways to combat the rampant cybersecurity problem of application repackaging.