Fighting malware with hardware can produce better security
- By William Jackson
- May 16, 2013
Rather than trying to keep up with the threats posed by rapidly evolving malicious software, agencies can leverage the security features being built into hardware to ensure that computing devices are safe and remain uninfected, says Larry Hamid, chief architect for IronKey by Imation.
Malware has gone from being a nuisance to a serious tool for crime, espionage and possibly terrorism, Hamid said during a presentation at the FOSE conference in Washington, D.C. Responding to these developments puts defenders in a perpetual game of catch-up in which the bad actors have the advantage. Moving away from software for security solutions could help shift the advantage to defense, he said.
“They are fighting with software; what you have is the ability to use hardware,” he said.
Functionality built into hardware is robust, high-speed and reliable, but putting that functionality into software often is more economical, easier to distribute and implement and more flexible. There is a trend toward implementing security features into secure devices that need a high level of protection, however. These include the Trusted Computing Group’s Trusted Platform Module and Opal Storage Specification, full-disk encryption in hardware and boot-from-USB devices.
There is opportunity to greatly expand the security hardware provides by taking advantage of the pre-boot phase of secure devices, a phase that usually is limited to authentication before starting the operating system, Hamid said. Hardware can support not only authentication, but also cryptography and key management, digital signature verification and storage management.
Pre-boot antivirus and other types of scanning could be enabled so that devices can be checked and problems eliminated before they present a threat. Devices could be evaluated before booting to see if they conform to required or expected states, ensuring that all proper software and configurations are in place, no unexpected changes have been made and nothing improper has been added.
The Opal specification allows policy controls to be applied to storage devices, enabling partition of storage space with different requirements and limitations, such as read-only areas, hidden areas, encrypted and digitally signed areas.
The downside to enforcing these types of controls in hardware when a device is booted is the added time it takes to get up and running. But performing more security functions and tests with hardware prior to booting a device could undermine attackers’ advantage by catching their software before it has a chance to run.
“The hardware features are there today” to enable this, Hamid said.
William Jackson is freelance writer and the author of the CyberEye blog.