Tamper-proof Computing

By: Chris Piedmonte

Ask the vast majority of information technology professionals today if it is possible to completely secure a computing system against cybercrime and the answer you will get is a resounding “no.”  Through a series of events too long and convoluted to address in this article, we have established a global computing infrastructure that is fundamentally incapable of protecting itself, creating both a playground and a candy store for cybercriminals.

Our current global computing infrastructure is based on technology first conceived almost forty years ago, long before the global network of billions of computers was created to manage our banking, communications, defense, entertainment … even the everyday mundane facts of our lives, like the Instagram of the yogurt parfait we had for breakfast.  The open communication protocols of the Internet were designed to insure that data can be transferred and shared under the most adverse of circumstances.  The computer architectures in vogue today are the great, great grandchildren of the original IBM PC, which was best secured by locking your office door at night.  These technologies were simply not designed with the forethought of their then far future applications in secure and trusted computing. 

We are now faced with the consequences of this legacy – the loss of billions of dollars annually due to cybercrime and the social and political ramifications of not being able to secure knowledge that we would prefer to keep private.  To date, we have attempted to address this problem by creating firewalls, scatter-shot use of cryptography, anti-virus software, intrusion detection systems, two-phase authentication and a variety of other methods attempting to Band-Aid our flawed infrastructure.  What is needed is a fundamental overhaul of the architecture of our computing infrastructure and the introduction of better security from the ground up.  What is needed is tamper-proof computing_[1].

Search the web for information related to the term “tamper-proof computing” and you will find plenty of material on tamper-evident and tamper-resistant computing, but you will find very little on tamper-proof computing.  So, perhaps we should best start with a definition of what exactly is tamper-proof computing.  To be tamper-proof, the computing system must not permit itself to be altered while running in a production environment through means readily available to those with access to the system.  That requires that it have the following characteristics:

1. hardware comprising the computing system cannot be added, changed or removed,
2. software cannot be added, changed or deleted by a single individual,
3. software cannot be injected and executed from a remote source or via data,
4. proprietary “secrets” such as private keys and checksum values are undiscoverable,
5. hardware and software can always be verified to be known and trusted, and
6. attempts to compromise the system are prevented or result in protective actions.

These six characteristics must be enforced from the time power is applied to the computing system until it is shut down and decommissioned from production use. To accomplish this requires new hardware and software only now becoming available.  Leading the way toward the future of tamper-proof computing are innovative computer technology companies like Freescale Semiconductor (soon to be part of NXP).