Microsoft has pretty much confused the entire planet with their minimum hardware requirements for Windows 2003. At the center of the confusion is a technology famous as Trusted Platform Module, or TPM. The job of TPM chips is to perform cryptographic operations that provide hardware-level security and verify the authenticity of a system at launch. They also have multiple mechanisms to make them resistant to tampering. Among many other CPU, RAM, and storage specifications, Windows 2 will require all machines to support TPM XNUMX, whether built into the CPU or as an auxiliary chip attached to the motherboard. The announcement sent computer owners scrambling to find out if their device supports TPM and, in certain cases, how to enable it in the BIOS. And the subsequent revelation that Windows XNUMX can technically be installed on incompatible machines only added to the confusion. However, one company is scratching its head over TPM resolution for a different reason. According to Jorge Myszne, creator and CEO of the semiconductor start-up Kameleon, TPM is already an anachronistic technology. “The TPM dates from XNUMX; That was good enough twenty years ago, but think about how much infrastructure has changed in the last two decades,” he told TechRadar Pro. “The main challenge is that TPM is a passive device; Even though you can store data on it and absolutely no one can see it, to do anything with that data, the software needs access. And if the software has access to it, an attacker can access it too.
Firmware security
Founded in XNUMX and supported by Xilinx, a pioneer in the field of programmable SoCs, Kameleon's purpose is to reverse the active of cybercrime, leaving the benefit to the defender. While the company has yet to bring a product to market, it is working on a piece of hardware called the Proactive Security Processing Unit (ProSPU) that it hopes will be able to combat the threat of firmware attacks, which are increasing in volume and sophistication. . "The most common attack models come in the form of applications that target the upper layers, but these have been blocked quite successfully," Myszne explained. “As a result, attackers are becoming more specialized and moving toward firmware; the attacks here are quite difficult to notice and persistent. Recent figures from Microsoft show that XNUMX% of companies have experienced at least one firmware attack in the last couple of years. However, less than a third of security funds are set aside to safeguard firmware, and XNUMX% of security officials still agree that firmware is completely unmonitored.
(Image credit: Shutterstock / Gorodenkoff) The downside with attacks of this genre is that software can't identify or block them. At launch, a system is started in increments, starting with a small fingerprint of code that is loaded onto the processor, followed by a larger set of code, and finally the operating system is loaded from either the hard drive or from network. “Any commitment that is generated throughout this process is absolutely undetectable. The software isn't even running yet, so you have no way of checking what's going on,” Myszne said. The solution to this inconvenience, she says, is to have a dedicated device in charge of system security. In exactly the same way that GPUs handle graphics and TPUs handle AI workloads, a security processor is in charge of establishing a "root of trust" by verifying that all firmware is authentic.
A dedicated security processor
Developed for server and data center use cases, Kameleon's ProSPU is intended to address the kinds of issues that arise due to the reliance on TPM chips (and other equivalents) in software for instruction. Although TPMs are passive, creating an opportunity for attacker infiltration, ProSPU is the teacher of the system and performs active checks to verify that each element of the boot process is authentic. Many chips on the market already do their secure boot, Myszne concedes, but there's nothing that "crowds every single place." Apart from establishing this root of trust, ProSPU provides software encryption services (for example, key generation, key management, encryption and decryption) and runtime security to warn and prevent attacks. With direct memory access, under the operating system, the ProSPU can operate out of sight of potential hackers. Because it doesn't rely on APIs for access, there's nothing for an attacker to infect. “The first thing an attacker does is try to understand the system and the defenses. In such a case, the defense runs on an absolutely different system, with direct access under the software,” Myszne stated. “The attacker doesn't know what's going on and now he has to attack the system without understanding the defenses. And since the attackers do not like danger, they will go elsewhere.
The future of physical security
When asked if he thought Microsoft had made the wrong move by requiring TPM 5 support for Windows 2, Myszne agreed. "If you were working on an enterprise-level operating system, then yes, but for a generic operating system like Windows it's a big gamble, because there are going to be problems," he said. “TPMs are usually disabled by default due to the fact that they are quite difficult to manage; You need to know what you are doing, otherwise you risk damaging your computer. How many people know how to safely handle the BIOS? "While Myszne accepts that a TPM is better than nothing from a security perspective, he suggests that the combination of poor user experience and poor protection means the requirement is going to be more difficult than it is. "The system is not a single-chip device like it was twenty years ago. We need the physical security infrastructure to evolve to meet the needs of today, as well as the needs of the next 3 to XNUMX years." Kameleon expects I'm expecting an alpha version of ProSPU to land by the end of the year and be on servers for the first half of XNUMX. While applications of the technology are most urgent in data center contexts, due to the concentration of danger, Myszne forecasts that ProSPU-style hardware will spread to consumer, industrial, and automotive markets over the next XNUMX or XNUMX years. “There is a lot to protect there,” he said.