[00:00:27] Tom Garrison: Hi, and welcome to the InTechnology podcast. I’m your host, Tom Garrison. And with me as always as my co-host Camille Morhardt. How you doing Camille?
[00:00:35] Camille Morhardt: Hi Tom. I’m doing well today.
[00:00:39] Tom Garrison: Well, today we’ve got a good topic. We’re going to talk about protecting platforms and specifically the low level software that’s required to protect platforms in a way that higher level software really can’t. And how do you keep the platform safe?
[00:00:57] Camille Morhardt: Yeah, I think it’s really interesting diving into firmware security and root of trust and looking at partitions at lower levels. It’s very complicated stuff, but I think the guest does a good job of making it easy to understand.
[00:01:10] Tom Garrison: Yeah. So let’s jump right into it.
[00:01:13] Camille Morhardt: Sounds good.
[00:01:18] Tom Garrison: Our guest today is Jorge Myszne. He is Co-founder of Kameleon, a hardware security startup company. He’s a serial entrepreneur with more than 20 years of experience in the semiconductor, communications and security industries. Jorge has a rare mix of technical and business acumen, having held technical and management roles in big and small companies. Welcome to the podcast, Jorge.
[00:01:44] Jorge Myszne: Thanks for having me.
[00:01:45] Tom Garrison: So our topic today, we wanted to talk about root of trust. We’re going to start with root of trust. We’re going to kind of migrate from there. But Jorge, for all those folks out there that have probably heard the term, but maybe don’t fully understand what it is, can we just start with, what is your definition of root of trust?
[00:02:06] Jorge Myszne: Sure. So basically we need something that we know to be authentic that we can trust, right? And the same way that if we are friends and you present me your friends, so then I will trust him because I trust you and you trust him. So by transitive, I will trust him. So in any computing system, at the end of the day, we want to verify that everything is authentic and everything that we load specifically, the firmware or the software that we load is authentic. We need to start somewhere. We need to have something in the system that is the anchor of trust that we know to be real. And from there, we can have a friend of a friend of a friend of a friend and just verify that everything, or a test that everything is authentic.
[00:02:58] Tom Garrison: And so if we carry that same sort of analogy or understanding then into firmware and software, root of trust sounds great. I think everybody would want to have it. It kind of makes sense, but why is it so important when it comes to firmware and software?
[00:03:17] Jorge Myszne: The security history, the first attacks or the first threats were at the application layer. Right? So people will try to install something that is malicious and that way do things. And as defenses were built and were good enough to stop those kinds of attacks, attackers started to go deeper and go one level down and go into the operating system. Now, the lower you get it’s definitely more protected, but at the same time is more difficult to find it, to detect it. Right? And you have access to other things. If you are able to attack successfully, and applications, but it will be difficult from there to go and steal things in other places of the computer, if you are at the operating system, so you see everything that is in that computer, right, so you are able to do other things. When you go into the firmware, the challenge is that the firmware is loaded before the operating system exists.
So all the tools, all the security tools that we use, let’s call it, for example, an antivirus, it’s loaded after the operating system. It’s an application or kind of an application, right? So it happened after the firmware is loaded. So if the firmware is malicious, it’s very difficult for an application to understand that that firmware is malicious. So that’s why we need the root of trust. We need to stop that when it’s happening. And when it’s happening, there is no software. So it has to be done in hardware. We need to have a device in the system that is the root of trust that is in charge of verifying that that is correct, that is authentic.
[00:05:13] Tom Garrison: Yeah. I gave a talk a couple years ago and I use the same type of analogy. If you think about the context, like a building where you want to build a secure building, well, the hardware and the firmware are the bedrock. There’s nothing below the hardware and the firmware. And so attackers are now basically trying to attack the firmware, because if they can get there, of course they can defeat all the other defenses that exist above it. There’s nowhere else for them to go. There’s nothing below the firmware.
[00:05:47] Jorge Myszne: Yeah, that’s exactly right. And it’s the base of the pyramid, if you want. Right?
[00:05:53] Tom Garrison: Right.
[00:05:54] Jorge Myszne: If you get there, it’s very difficult, one, to detect it, but two, it doesn’t disappear. It’s persistent, right? You turn off your computer, you turn it on and it will load the same malicious firmware again. If you are at the application layer, probably you turn off your computer and when you turn it on, it’s clean. The case of the firmware is persistent. And then you need to go and change it. And if you are smart attacker, you will disable the update so you can’t change it. So then physically you need to go and remove the flash or do something physically. So it’s very expensive. It’s not just having an antivirus and okay, let’s update the antivirus database. Right? It doesn’t work that way. And if you have it in a server, in a data center with a 100,000 servers and you need to find that server and physically go and open it up and do something that is very, very expensive. So that’s why the root of trust is needed.
[00:07:02] Tom Garrison: Yeah.
[00:07:03] Camille Morhardt: How do you recognize this kind of an attack then?
[00:07:06] Jorge Myszne: Basically what you do is, the firmware is loaded in a small device that is called a flash memory, and it’s loaded into the processor, and case of a server, there is also firmware for the BMC. That is a management processor. So the root of trust, interposes those lines, meaning that when the data is loaded from the memory into the processors, it goes through the root of trust and the root of trust is checking that code. Now, the root of trust has a manifest, kind of a database. So he knows what should be there. So it just compares. There are signatures, there is encryption. Right? And that’s the way that we can verify if things are authentic or not.
At the same time, the root of trust also protects the whole update process because having the first boot being correct doesn’t mean that I cannot change it later. Right? And then it will happen later. So there’s a lot of protections. For example, if you know that there is a firmware version that is problematic or has a vulnerability, so you can put it in a blacklist so you don’t allow it to have. So if you try to update the firmware to a version that is problematic, so you won’t allow to do that. There is a whole protocol where you need to prove that you have the right authority to be able to do that. Right? And that way you can guarantee that when the system boots, the code that is there is authentic. Doesn’t mean that it is bug free. It just means that’s what you wanted to have in the system.
[00:08:55] Tom Garrison: So for a server farm, let’s call it that way, so you’ve got maybe hundreds, thousands, maybe tens of thousands of servers in a particular location, I’m interested in your experience in terms of the firmware attack itself. And writing to firmware is not like just anybody can do it. Based on your experience, how is it that the attackers actually get to write to the firmware? And do they attack the device itself, or do they go try to mimic themself as a legitimate firmware update?
[00:09:32] Jorge Myszne: There are multiple ways that this can happen. The first one is in the supply chain. So the system comes from the factory and somewhere in the supply chain, whether it is in the manufacturer, it’s during the shipping, someone changed something. Can be a component, can be just the code. And when you get it, the code that you have is not the right one. Right? That’s one vector of attack. Usually the other vector is remotely. Right? So of course, especially for a big data center, for a server farm, nobody wants to physically go server by server and update the server, right? So there is a way through the system to update that. So usually using some kind of vulnerability in the system, you are able to update the firmware to whatever you want.
Now, in some cases you don’t even need to update the firmware. As I was mentioning before, there might be that there is a bug in the firmware, then there is a vulnerability and you are able to exploit that vulnerability. So the root of the problem is not really the firmware, but that firmware that is a buggy firmware allows you to exploit the system and get being able to remotely attack that system. Now, there is a third vector, in my experience is definitely in a data center setup is almost non-existent, that is physically going and doing something. Right? Today’s cloud setups and data centers have also physical security. So it’s not that anybody can go into a server farm. So that types of attacks are rare, but the more we concentrate servers and information, and the information that you have there becomes vulnerable. That can happen.
[00:11:38] Camille Morhardt: So if you were able to launch a firmware attack through like, I don’t know, let’s say somebody’s PC, but then the PC connects to a server farm, like we were just discussing, can this attack then at the firmware level tunnel in through the PC down to the server farm, and then once it’s there go underneath the OS, underneath the virtual machine monitor and proliferate throughout a server farm?
[00:12:08] Jorge Myszne: Firmware attack at the end of the day means changing the firmware. Or even exploiting a firmware bug, it’s not necessarily a firmware attack. I’m not changing anything on the firmware. I just know that specific version has a problem so I can do something. At the end of the day, the firmware is loaded into the memory of the system and runs while the system is running. Right? So if I know that there is a vulnerability that I can exploit, right, then I can do something.
Now, assuming that I’m able to change the firmware, now it depends of what I do. What I will do is add some type of vulnerability that then I will be able to exploit during runtime while the system is running, that will allow me to, for example, get access to the network. And if I get access to the network, I will be able to jump from one server to another. Right? And then I might be able to do the same on the next one. Right? So it’s very specific of what I do with that and how I am able to insert the vulnerability and exploit it later.
[00:13:22] Tom Garrison: How do companies protect themself against these attacks? I mean, obviously you’re working at a company right now that specializes in helping companies. But start with the basics and then work your way up to the more sophisticated ways of protecting yourself.
[00:13:39] Jorge Myszne: What we do is we added some features in the root of trust to start the protection before we get into the system. Actually the protection starts in the supply chain. And there are things that we do while the root of trust is added into server motherboard to bind it to the memory so be able to detect if someone changes things. Right? So we try to connect everything in a way that we can detect any changes that happen even before the system is turned on. And then when the system is turned on, is what I explained before, we have a manifest, we have a database, we know what it should be there and we need to verify that what we have is there. And eventually we also can interrogate peripherals that are on the system and verify that those peripherals that boot by themselves are also original and authentic.
[00:14:40] Tom Garrison: Yeah. It seems like just the basics of making sure that your device, whether it’s a server or a client or any device, just has the latest firmware. That’s one important step, because as you pointed out, these attacks are sometimes just leveraging buggy firmware. And as a result, you may be exposed to some issue that you didn’t realize, but if you just moved to the latest update, you’d be protected.
[00:15:11] Camille Morhardt: How prevalent are these attacks? Because it sounds a bit more difficult to launch one of these than say from application layer.
[00:15:20] Jorge Myszne: Yeah. So definitely it’s more difficult and you need, I would say, a more skilled hacker to do it. In the last three, four years, the amount of firmware attacks have increased by five fold. Article from Microsoft, I think it’s from last year, that they’re showing that 80% of the enterprises have acknowledged that they have had firmware attacks in the last two years. So it’s definitely less common than application attacks, but it’s growing exponentially and the infrastructure today is not capable of stopping them. And that’s the main challenge here.
[00:16:07] Camille Morhardt: So another question I have is, we’ve seen critical infrastructure attacks in the news, and I’m wondering, is there a way to protect, I guess we could call them legacy or brownfield systems or systems that are already in the field, like for example, a lot of critical infrastructure for these kinds of attacks, or is it something that you really have to do as you’re rolling out the machines?
[00:16:33] Jorge Myszne: Definitely it’s something that can be done. It’s not easy because you need to engineer the solution for that specific infrastructure. Some of that critical infrastructure is very old. Right? So it’s not just as simple as adding a card or something like that. Most of the solutions today are tailored for the next generation, but definitely there are things that can be done. It will be a tailor made solution, based on the same principles, but it has to be custom made.
[00:17:14] Tom Garrison: Before we let you go, we do have a segment on our podcast that we like to do, which is called fun facts. And so I wonder if you have a fun fact that you’d like to share with our audience.
[00:17:27] Jorge Myszne: Sure. I’m about, I would say six, seven years ago, probably when I crossed my 40, I started to think about flying. I became a private pilot and today I really enjoy flying over San Francisco. And now completing my instrument rating so I can fly into the clouds. So it’s one of the things that I enjoy when I’m not working. So at least I fly.
[00:18:00] Tom Garrison: Wow. Have you ever have you flown to some pretty cool locations?
[00:18:04] Jorge Myszne: Well, one of the pretty things to do is to fly on top of Alcatraz and the Golden Gate Bridge.
[00:18:10] Camille Morhardt: Oh yeah.
[00:18:11] Jorge Myszne: So there is a famous tour that’s called the Bay Tour. So all the pilots know that. Usually anybody that comes to visit gets one. Right? So you are all invited. And we just go over and just go around on top of Alcatraz. So actually I’ve never been physically to Alcatraz, but I know everything from the top.
[00:18:32] Tom Garrison: Yeah. That’s great. That’s great. How about you, Camille?
[00:18:37] Camille Morhardt: Well, I am going to do kind of a simple one today because I am at the coast and getting ready to plant over the next week. So this is some Swiss chard. And I planted some a couple years ago and it grew like crazy for two years with no tending at all. So I thought I would read something about it and turns out Swiss chard does not come from Switzerland. It originated in the Mediterranean, they think, and it’s closely related to the beat. But delicious a little veggie that if you’re willing to separate the stalk, if you’re willing to separate that from the leaf, when you eat it, if you saute the stock in saffron and butter, and then separately you prepare the green leaf in olive oil, lemon juice and black pepper, it’s an amazing combination.
[00:19:32] Tom Garrison: Wow. This is a cooking show today. Fantastic. Well, I am going completely different. Continuing on the theme of sort of the earth we live on and kind of cool little fun facts around that. So we all have heard the fun fact that just over 96% of the total amount of the world’s water is held in the ocean. Being in the ocean, it’s all salt water. So to find the bulk of fresh water, you actually need to trek to the Poles, to the North and the South Pole. 68.7% of all the fresh water on the globe is actually encased in ice caps in permanent snow and glaciers. I was thinking more like the great lakes and that kind of thing, but anyway, I was wrong. And I learned something I thought that’s pretty interesting.
[00:20:28] Camille Morhardt: Very cool.
[00:20:29] Tom Garrison: Yeah. All right. Well, Jorge, thank you so much for joining us. It was a great conversation. Certainly one that we’ve worked around the edges on over the last couple years when we’ve been doing this podcast, and we’ve talked about sort of root of trust, but we’ve never really do dove into it and why it was important. So appreciate you spending the time with us and educating us and our listeners on firmware root of trust.
[00:20:52] Jorge Myszne: Thank you for having me. It was a pleasure.