Trusted Platform Module Support: Enabling Optimized Security Environments
networking appliance sdn and nfv

30 July 2018

Securing enterprise and cloud networking and computing infrastructure is critical, given increasing threats to mission-critical data and resources. Prevalent cyberattack risks range from stealing an organization’s proprietary information, to virus attacks, malware, denial of service attacks, malicious code, and even stolen devices..

A range of statistics is available on the significant cost of protecting assets, detecting vulnerabilities, and recovering from security incidents. For example, a 2016 study by Cybersecurity Ventures2 predicts that global annual cybercrime costs will grow from $3 trillion in 2015 to $6 trillion annually by 2021.

Even though there is a strong financial motivation to thwart cyberattacks, it is not easy due to the width of attack dimensions including attacks against the network perimeter, applications and operating systems, and the server and network hardware itself. Thus, protecting networks only at the perimeter firewall level is no longer sufficient to provide adequate protection against security threats. As a result, manufacturers of software applications, hypervisors, and operating systems are each improving their systems to prevent cyberattacks. In addition, lower-level firmware is becoming a more frequent target for “rootkit” attacks since the firmware code operates in a privileged mode.

Interface Masters Technologies has been actively improving the security capabilities of its embedded appliances a key aspect of which is support of Trusted Platform Module (TPM), a tamper-resistant industry-standard hardware device attached permanently to a system motherboard that helps integrate basic security management functions and thwart common low-level attacks.

Hardware-Based Root of Trust Foundation

Hardware-based root of trust—when coupled with an enabled operating system, hypervisor, and solutions—is the foundation for more computing and networking platforms that can ensure hypervisor and VMM integrity at boot from rootkits or other low-level attacks. It establishes the trustworthiness of the server and networking platforms.

The hardware-based root of trust uses open industry standards developed by Trusted Computing Group (TCG) to establish and ensure platform trust and store measurements in a Trusted Platform Module (TPM) computer chip which securely stores information needed to authenticate the platform and to enable a measured boot process for the OS.

The TPM solution works by providing a root of trust—a processor-based, tamper-resistant server or network device environment that compares firmware, BIOS, and operating system or hypervisor code to known good configurations to establish a measured, trusted environment prior to launch. If integrity and trust are not verified in the launch process, TPM identifies that the code has been compromised, which lets IT protect the system and remediate the problem.

Enabling Advanced Enterprise and Cloud Security

The TPM's primary role is to enable robust device security using secure, validated encryption keys. It is a secure ASIC, usually installed on a server's motherboard, that provides hardware-based cryptographic and security-related functions, such as system integrity checks, disk encryption and key management, all at machine speed.

As the TPM uses its own internal firmware and hardware for processing instructions, it is safe from software-based attacks against the operating system, which means it can provide improved protection for any device processes that need encryption services. Full disk encryption applications can utilize TPM, while keys associated with fingerprint and smart card readers can also be stored in the TPM chip.

Apart from the secure generation and storage of cryptographic keys, a TPM can also record the state of a system. This allows the TPM to offer a pre-boot system integrity check as a powerful data protection tool. By storing data encryption keys in the TPM along with a reference to a specific system state, data can be effectively sealed. The keys are only unsealed and released once the state of the system is validated against the stored configuration values, ensuring that systems can only be accessed if specific hardware or software conditions are met.

Encryption key storage by TPM also enables these modules to authenticate devices rather than users. This functionality can be combined with network policy enforcement points such as firewalls, switches, and routers, and wireless and virtual private networks to provide hardware-based device authentication which can provide better authentication than a software-only mechanism.

Interface Masters Technologies: TPM-Enabled Embedded Appliances with Hardware Root of Trust and Firmware Protection

Interface Masters Technologies is an innovator with an extensive portfolio of embedded appliances supporting Trusted Platform Module (TPM) deployments. With TPM-enablement, Interface Masters’ embedded networking appliances include a silicon root of trust built into the hardware. This silicon root of trust allows firmware to be scanned and monitored through a series of integrity checks that initiate from an immutable link embedded in silicon. Because the chain of trust is established from the unalterable silicon hardware itself, customers can be confident that it is secure. These solutions enable secure enterprise and cloud datacenters to be architected with simple, low-cost, low-power configurations that provide computing building blocks with support of a full range of computing and wireless/wired networking features. Interface Masters’ appliances provide the flexibility, power, efficiency, and cost savings that are essential for success in today’s challenging networking market, making them ideal for a range of applications requiring hardware-based security.

 

Interface Masters Technologies has for over 20 years been providing off-the-shelf innovative network security solutions with customization services to OEMs, Fortune 100 and startup companies. Our headquarters are located in San Jose, California in the heart of Silicon Valley where we are proud to design and manufacture all of our products.  Based on MIPS, ARM, PowerPC and x86 processors, Interface Masters appliance models enable OEMs to significantly reduce time-to-market with reliable, pre-tested and pre-integrated networking solutions that can meet the most challenging security requirements. 

Copyright © 2018 | Interface Masters Technologies