“A booting computer is as vulnerable as a newborn baby”

Hackers are increasingly exploiting weaknesses in IT system hardware rather than software. To close this gap, we are introducing a new open source project based on Google’s Titan security technology and the “Ibex” open source processor from ETH. Luca Benini, Professor at the Institute for Integrated Systems, explains how.

Luca Benini
Luca Benini (Photograph: ETH Zürich / Giulia Marthaler)

Mr Benini, “Root of Trust” (RoT) solutions are vital to ensuring the security of hardware. But what does this term mean?
Luca Benini: Nowadays, system hardware is increasingly the target of malicious attacks. While software vulnerabilities can be patched relatively quickly, the hardware is much more static. Faults generally go undiscovered for longer and are corrected much later – if at all. RoT refers to a method to validate the integrity of hardware. An RoT solution generally involves a microchip that checks whether a system is behaving as expected.

How does it do that?
Put simply, this works in a similar way to electronic banking with two-way authentication. The system sends a code to the RoT chip, and the chip checks whether the code is correct. If anyone makes changes to the system under observation, the code changes and the chip aborts the process.

And is that what OpenTitan does too?
OpenTitan monitors the computer as it starts up – in what is known as the boot process. Like a newborn baby, a computer requires special protection in the seconds after it is switched on. The “firmware” – that is, the software that controls the boot process – is active before the antivirus software is operational, for example. Many attacks therefore target these first few seconds and attempt to compromise the firmware. If this attempt succeeds, the attackers can take control of the system without being noticed. OpenTitan checks whether the code generated by the firmware matches the expected code. If it doesn’t, the boot process is terminated.

Various companies are already supplying this kind of RoT chip. Isn't that enough?
The conventional systems are proprietary and require users to put blind trust in a technology they can’t inspect - with OpenTitan we take a much different approach.

"So what use is it if the software is open source but the processor it runs on is still a black box whose potential vulnerabilities are invisible to me? OpenTitan is transparent right across the board."Luca Benini

How can an open source solution improve on this?
The IT security community is increasingly putting its faith in open source. It doesn’t matter if your system is freely accessible or proprietary, hackers will always find a vulnerability. I therefore think it’s better if the potential victims of an attack work together instead of relying on a single manufacturer. If any one vendor pulls out of the OpenTitan project one day, the community can continue to develop the solution. That wouldn’t be possible with a conventional solution.

Your “Ibex” open source processor is a key element of the project. Why is an open source processor necessary?
The same motto applies here: the more transparency, the more security. An RoT chip can, of course, also be attacked. So what use is it if the software is open source but the processor it runs on is still a black box whose potential vulnerabilities are invisible to me? OpenTitan is transparent right across the board.

Who is involved in the OpenTitan project?
Several organisations are already participating in the project, including ETH Zurich, Google, G+D Mobile Security, Nuvoton, Western Digital and the non-profit organisation lowRISC. The latter was founded by the inventors of Raspberry Pi, which made headlines around the world as the first open source computer and is still used in many open source projects today. The more partners collaborate in OpenTitan, the more secure the solution and the smaller the influence of each individual partner will be. For ETH, OpenTitan therefore represents an excellent opportunity to apply its technology for the good of society.

Further information

Pulp Platform: The “Parallel Ultra Low Power”-Platform (PULP) started in 2013 to explore new and efficient architectures for ultra-low-power processing. The aim is to develop an open, scalable hardware and software research and development platform with the goal to break the energy efficiency barrier within a power envelope of a few milliwatts, as well as satisfy the computational demands of IoT applications. www.pulp-platform.org

OpenTitan: OpenTitan is the first open source silicon root of trust (RoT) project. OpenTitan will deliver a high-quality RoT design and integration guidelines for use in data center servers, storage, peripherals, and more. Open sourcing the silicon design makes it more transparent, trustworthy, and ultimately, secure. external pagehttps://opentitan.org/

JavaScript has been disabled in your browser