Technical white paper

Component authentication - foundation for a secured infrastructure

January 22, 2019 the U.S. Cybersecurity and Infrastructure Security Agency issued an emergency directive to mitigate DNS infrastructure tampering intended to disrupt and redirect government and business communications. Then, on August 21, 2018, Microsoft removed multiple websites allegedly created by the hacking group Fancy Bear to influence the U.S. Midterm elections (Fancy Bear is allegedly responsible for numerous cyberattacks such as deploying an UEFI rootkit attack to subvert systems without secure boot protection in order to exfiltrate, that is, steal, data). On August 16, 2017 Maersk reported that the NotPetya cyberattack could cost their business $300 million in lost revenue, then in 2016, the revelation that millions of Yahoo user accounts were hacked, cut $350 million from Verizon's Yahoo acquisition price. The December 19, 2013, Target retail store data breach cost $252 million and Target's CEO his job. These are just a sample of an ever-growing list of cyberattacks used to perform data and intellectual property theft, conduct cyber warfare, and to extort anyone and everyone through service and infrastructure disruptions.
The first step to building a resilient and secured infrastructure is to assume that every component is an attack vector, that is, it can be used to subvert, disrupt, deny, and destroy physical infrastructure and services, exfiltrate data, extort money, or coerce action. Every component means just that - every smart phone, tablet, PC, server, switch/router, USB device, processor, memory/storage/IO module, power and cooling units, firmware, IoT device, vehicle, and more. A component attack can be mounted by counterfeit component substitution through the supply chain, where components are intercepted and replaced or tampered with during transit, system assembly, or post-deployment replacement. A component attack can be mounted by compromising embedded firmware to create persistent backdoors, silently exfiltrate information, and render system firmware and operating system defenses ineffective.
How then does one assess component authenticity? How does one know what components are inside of enclosure and if they are genuine? How does one know that a system that has been in service for months or years and has been subject to periodic maintenance by internal or external staff not been tampered with or replaced? In most cases, it is impossible to reliably answer any of these questions short of visual inspection which requires taking portions of infrastructure offline in the hope that a person or scanner can accurately detect discrepancies. Such undertakings are often unreliable and impractical for most and especially for anything at scale such as an enterprise or cloud data center.