With the proliferation of attack surfaces in the Internet of Things, the increase in firmware-based attacks on hardware and the growing threats to systems throughout their lifecycles, companies are embracing the new zero-trust model for systems.
For the past decade, it’s been common practice for information technology (IT) teams to require end users to authenticate themselves before they are granted access to a system or network. But in a zero-trust world, this requirement extends beyond the user. Neither the system nor its components are assumed secure at any given time. This drives companies to verify not just the identity of system users, but the integrity of the systems themselves — in every phase of the lifecycle.
To facilitate this zero-trust model, Intel continues to embrace and innovate its Compute Lifecycle Assurance (CLA) initiative. CLA is a framework that helps analyze and address the security and integrity of a system and its components across its lifecycle. Intel breaks the lifecycle into four distinct stages: build, operate, transfer and retire. CPUs and other compute elements can be at risk because of counterfeiting, tampering or even out-of-date firmware versions. And in many cases, IT has no visibility into the problems. Attacks can occur in manufacturing during the build stage or during day-to-day use in the operate stage.
To help build zero trust across the CLA framework, Intel offers Transparent Supply Chain – a set of tools, policies and procedures implemented on the factory floor at PC and server manufacturers. It helps enterprises verify the authenticity and firmware versions of systems and their components.
During manufacture and assembly, there is some risk that systems could receive counterfeit or replacement parts, which may be malicious or unintentionally vulnerable to future attacks. CLA recommends companies verify that what they ordered is what they received – not just at the system level, but at the component level if the component runs active firmware. Active firmware can be a path into hardware; it is important that it hasn’t been tampered with and that it’s up to date.
Intel's Transparent Supply Chain captures information on the hardware components as they are assembled directly from a shop floor control unit. It stores the data securely and uniquely on each device, providing customers the ability to retrieve the data themselves and view their system’s full bill of materials and traceability report. A digitally signed statement of conformance for every platform attests to the authenticity of each platform. This allows a laptop manufacturer to verify the authenticity of components (in a motherboard or server, for example), installed firmware and the system configuration by capturing all the production information and sending it securely to a remote server for verification later.
Highway robbery looks different in the digital age. Systems can be tampered with or compromised while they are physically in transit from the site of manufacture to their final location. For example, a solid-state drive shipped to an original design manufacturer for integration into a computing system could be tampered with by having the drive’s firmware replaced with a malicious version.
Organizations work hard to eliminate these types of problems through methods including facility security requirements, such as closed-circuit cameras, access controls and more, but also with layers of transport security such as tamper-evident packaging, security reviews of shipping lanes, locks, container integrity, GPS tracking and others.
Intel's Transparent Supply Chain technology helps customers determine if a system has been tampered with in transit by verifying critical elements, such as that active firmware arrives in the state it is expected to.
There are several subphases within the operate state, each with its own risks, such as provisioning (whether on-site or remote), daily use and updates. CLA recommends, at minimum, verifying system integrity prior to provisioning a system to the network or assigning it to an end user. For even higher levels of security, companies can require systems to self-authenticate every time they attempt to access the network to ensure they are in a known good state. This means verifying between uses that the system firmware is up to date and hasn’t been tampered with, and that the physical components on the system such as the solid-state drives haven’t been swapped out for unknown replacements.
Intel's Transparent Supply Chain technology generates platform certificates linked to discrete trusted platform modules that provide system-level traceability (from a hardware root of trust). This helps ensure that when a customer takes possession of a computing system, it is tamper-free before releasing control to the operating system. It delivers component-level traceability via a direct platform data file that contains all integrated components including processor, storage, memory and add-in cards. An auto verification tool compares the direct platform data, allowing the customer to identify certain system changes from the time of manufacturing to the time of first boot.
Often systems or their components are re-used in second-life scenarios. Data needs to be completely wiped, especially before being re-provisioned to a different user or for a different purpose. CLA also recommends verifying the system has been returned to IT in the same state in which it was loaned out. There should be a record of any physical component or firmware changes, including upgrades, made to the system while it was in operation, and each of these should be accounted for.
The Intel Transparent Supply Chain tools help verify the system being returned has not been compromised. It compares components to help ensure they have not been swapped out for counterfeit parts. The technology can also read the firmware version to determine if the device is up to date with patches and safe for deployment in a new environment.
Intel continues to invest in practices, tools and technology across the entire ecosystem to help customers and partners verify system integrity at every phase of a lifecycle.
More Context: Intel Compute Lifecycle Assurance (CLA) initiative | Introduction to Compute Lifecycle Assurance (Intel Whitepaper) | The Next Security Frontier: Taking the Mystery Out of the Supply Chain (Intel Whitepaper with Goldman Sachs) | Zero Trust Architecture During and Post-Pandemic with Cathy Spence (Video)| Lifecycle Assurance for Platform Integrity and Security (Intel’s Tom Garrison in Cyber Defense Magazine) | Corporate Responsibility plays a Significant Part in Compute Lifecycle Assurance (CLA) (Tom Garrison Blog on Technology@Intel)