Google has detailed how its custom Titan security chip will prevent cyberattacks that use firmware-based attacks.
As Google explained when it unveiled its tiny Titan chip, it would use it to give each server in its cloud its own identity.
Now, it’s provided a more detailed rundown of what that means and how Titan will serve as a “hardware root of trust” to ensure each machine’s firmware is safe to load and provide other cryptographic functions in its data center.
The chip’s role is to thwart the type of attacks where, say, government spies intercept hardware and insert a firmware implant. Attackers are also exploring firmware vulnerabilities to overcome operating system defenses and install rootkits that can persist even after reinstalling the operating system.
“Google designed Titan’s hardware logic inhouse to reduce the chances of hardware backdoors,” explain Google Cloud Platform engineers.
Titan comprises a “secure application processor, a cryptographic co-processor, a hardware random number generator, a sophisticated key hierarchy, embedded static RAM (SRAM), embedded flash and a read-only memory block.”
The chip scans the CPU and other components to monitor “every byte of boot firmware” and executes code from its read-only memory when a server is switched on. It also checks whether firmware has been tampered with.
Titan’s boot memory uses public key cryptography (PKI) to verify its own firmware before loading it, and then uses PKI to verify the host system’s firmware. Google’s verified boot firmware then configures the machine and loads the boot loader and the operating system.
According to Google, these checks go beyond what would normally happen under Secure Boot, which verifies firmware on startup, since it can also patch Titan firmware and identify the first bytes of code that run at startup.
Google also explains how Titan serves to give each machine its own cryptographic identity, which also helps it patch Titan firmware when necessary.
“The Titan chip manufacturing process generates unique keying material for each chip, and securely stores this material — along with provenance information — into a registry database. The contents of this database are cryptographically protected using keys maintained in an offline quorum-based Titan Certification Authority (CA).
“Individual Titan chips can generate Certificate Signing Requests (CSRs) directed at the Titan CA, which — under the direction of a quorum of Titan identity administrators — can verify the authenticity of the CSRs using the information in the registry database before issuing identity certificates.”
This system allows Google’s back-end systems to provision keys to Titan-enabled machines, as well as sign audit logs in a way that shows whether they’ve been tampered with, even by a malicious insider with root access to a machine.