How to Choose a Root of Trust

Establishing a strong root of trust is crucial for ensuring the security of electronic systems, especially in military applications. At Idaho Scientific, we recognize the importance of selecting the right foundation, often opting for reprogrammable FPGAs due to their flexibility.

How to Choose a Root of Trust

By Dan Herway

Establishing a strong root of trust is crucial for ensuring the security of electronic systems, especially in military applications. At Idaho Scientific, we recognize the importance of selecting the right foundation, often opting for reprogrammable FPGAs due to their flexibility. In this article, we explore the key considerations in choosing a root of trust, the consequences of poor selection, the significance of domestic chip production, and the critical functionality of extending trust to external components.

What is Root of Trust?

Root of trust is essentially the foundation of trust within electronic systems. In military applications, root of trust is often achieved by using the programmable fabric in a FPGA (Field-Programmable Gate Array). By carefully managing the firmware and software loaded onto the FPGA, along with maintaining strong relationships with chip vendors, we ensure that the system remains secure and untampered. Once this foundational trust is established, we bolster it with cryptographic keys, key management systems, and other security tools.

In essence, the FPGA serves as the fortress within the device, into which we integrate various security mechanisms to safeguard the entire circuit card. It's about establishing a stronghold first and then fortifying it with the necessary security tools to ensure the integrity of the device as a whole.

Key Considerations in Selecting a Root of Trust

When selecting a root of trust, the primary concern is ensuring trust in both the hardware and firmware components. It's not just about evaluating the firmware and upper software layers; a comprehensive assessment must encompass the entire stack, including hardware and software elements.

The second consideration revolves around determining what functionalities and security tools will be integrated. For instance, cryptographic keys must meet stringent certification standards, often set by industry bodies like NIST. Additionally, it's crucial to understand the potential attack vectors. Is the concern virtual, where adversaries attempt to breach the root of trust remotely over a network? Or is there a physical threat, where access to the device itself is possible? The root of trust must be designed with these considerations in mind, adapting its security mechanisms accordingly. Whether the concern lies in virtual attacks, physical intrusions, supply chain vulnerabilities, or a combination thereof, the selection of embedded tools will vary accordingly.

Consequences of Poor Root of Trust Selection

The ramifications of selecting an inadequate root of trust can be severe, leading to potentially catastrophic consequences. For instance, opting for a crypto key lacking proper certification standards can result in unexpected behavior. Take, for example, the concept of side-channel resistance. This refers to the ability of an attacker to exploit physical phenomena, such as power emissions from a circuit card, to glean information.

By closely monitoring power fluctuations or thermal variations while the circuit card operates, an attacker may discern patterns that reveal the encryption key. Once the encryption key is compromised, the entire security framework built upon the root of trust becomes vulnerable. Hence, it's imperative to ensure that the selected components meet certified standards, offering protection against such attacks. Only then can the system be safeguarded against potential threats arising from exploitable physical phenomena like power emissions.

Root of Trust and Domestic Chip Production

In the realm of chip production, approximately 80% of chips are somehow linked to Asia, whether through production, testing, or validation processes. Consequently, from a root of trust perspective, it's crucial not only to conduct the design phase domestically but also to ensure that the entire supply chain, including firmware and provenance, originates domestically.

While initiatives like the Biden administration's Path to Chips Act (which allocates billions to enhance chip research, development, and fabrication domestically) show promise, there's a notable gap in the area of testing and validation. Despite efforts to boost domestic design and production capabilities, the challenge lies in establishing robust testing and validation procedures within the country.

It's essential for a robust root of trust to oversee every aspect, from design and fabrication to packaging and testing, all conducted domestically. However, mere domestic presence doesn't guarantee invulnerability. There's still a risk of internal threats, as even domestic facilities can harbor malicious actors. Therefore, a robust root of trust must possess self-checking mechanisms and leverage multiple sensors to validate its operations, ensuring a high level of confidence in its security posture and resilience against potential compromises.

Extending Trust: A Critical Functionality of Root of Trust

Our approach to the root of trust distinguishes itself by its capability to not only fortify its stronghold but also extend trust to external elements. While the primary function of a root of trust is to secure its enclave and ensure the integrity of all emanating security tools, it's equally crucial for it to possess the capacity to deploy and extend trust to external components.

This feature becomes particularly critical when dealing with advanced processors, such as Intel processors and GPUs, including Nvidia's highly sought-after offerings. As the industry increasingly relies on GPUs, the challenge of securing these components remains largely unresolved. Thus, the root of trust must not only lock down its domain but also actively monitor and oversee adjacent chips executing on the same board.

Therefore, securing the chip alone isn't sufficient; comprehensive security entails safeguarding the entire system or, at the very least, vigilant monitoring. It's imperative to observe hardware activities at the board level, a realm often overlooked in favor of network security measures or message protocol monitoring.

While many focus on network security, scrutinizing data exchanges, the critical question remains: What transpires between components like an Intel chip and a memory module? Is the execution of code retrieved from memory by the processor legitimate? This deeper hardware level is precisely where potential attacks can exploit vulnerabilities.

While network protections are important, adversaries can circumvent them by targeting lower system layers. Hence, it's imperative to scrutinize the behavior of processors and GPUs at these foundational levels. Comprehensive security requires not just network monitoring but also vigilant oversight of hardware operations to ensure that components function as intended and are not compromised.

Conclusion

The selection of a root of trust is a critical step in fortifying the security of electronic systems, particularly in military and sensitive applications. Idaho Scientific emphasizes the importance of careful consideration when choosing this foundational element, ensuring that it not only provides a stronghold within the device but also extends trust to external components. By understanding the key considerations, mitigating potential risks, and promoting domestic chip production, we strive to safeguard against vulnerabilities and uphold the integrity of systems in an ever-evolving threat landscape.

Author Bio

Having spent 25 years in defense, Dan Herway has worn many hats – engineer, program manager, business developer, field engineer – you name it. From designing systems to witnessing their deployment in Iraq and Afghanistan, Dan’s journey has granted him a unique perspective on the technologies we create and how they're utilized by the military.

Dan’s journey into security began at the Idaho National LabΩ, where he delved into industrial control systems. In 2021, Dan transitioned to Idaho Scientific, focusing heavily on embedded cybersecurity. Although Dan is an engineer at heart, his roles have varied over time. Presently, he serves as the executive vice president at Idaho Scientific, where he oversees corporate strategy, product development, and program management.

Recent News

Idaho Scientific awarded funding to revolutionize IoT security
Idaho Scientific awarded funding to revolutionize IoT security

Idaho Scientific and Synopsys integrate ARC-V™ Processor IP with Helios Memory Guard to advance a new security-hardened processor development project.

Why Inline Memory Encryption is So Important
Why Inline Memory Encryption is So Important

How to Choose a Root of Trust
Root of Trust
How to Choose a Root of Trust

In this article, we explore the key considerations in choosing a root of trust.

Company
Who We AreWhat We DoCareersNewsContact Us
Security IP
Helios Cyber Secure Processor
Immunity Inline Memory Encryption
Immunity Side Channel Resistant Crypto Cores
BusCop MIL-STD-1553B Cyber Security
Integrated Security solutions
Keystone Security Architecture (Agent and Broker)
Copyright © 2025 Idaho Scientific
Terms and Conditions
Privacy Policy