This is one of the most useful and comprehensive use cases of the Acalis secure processor, taking advantage of nearly all available security features, including secure boot, tamper-resistance, resistance to reverse engineering, and on-chip firewalling and data segregation.
A full description of the Secure Anchor Point use case is described in the white paper. In summary, however, the Secure Anchor Point is a trusted, high security system monitor used to initialize system health inquiries, black and white list data format checks, component and process authentication, and other innovative techniques. These interrogations and inquiries are aimed at early discovery of counterfeit software and hardware components, malicious and unintended communications activity, and malicious or non-malicious cascading errors within a system.
While there are a large number of new authentication and identity management solutions available today from defense and non-defense sources, few necessarily originate from a high security and trusted source processor. The CPU Tech Secure Anchor Point is designed around the capabilities of the secure processor, including the capability to pre-load, generate, and execute unique authentication requests. The Secure Anchor Point, in addition, is designed in such a way that the primary system to be protected does not need to be redesigned or rearchitected — in many cases, a new Secure Anchor Point board or module can be added to a system or architecture and generate trust and vulnerability analysis instantly.
This application is used internally at CPU Tech today, and we are in the process of productizing it for a small number of key customers. In addition, we hope to be able to instantiate the Secure Anchor Point generation capability one day within our standard Acalis Sentry security servers.
A Secure Anchor Point (what some in the academic community might call a ‘Root of Trust’) has applications in a variety of defense and non-defense applications. In networking and network management, the Secure Anchor Point can be designed to detect and flag counterfeit boards, devices, and software, and monitor for network attacks. There are similar applications in casino and gaming operations, where pattern matching can likewise be performed. In defense, extensive white-listing operations can be designed looking for approved applications, operating system abnormalities, and expected network behavior.
What makes the Secure Anchor Point different from other security software and applications is the focus on the secure processor. By placing all sensitive operations and known vulnerabilities within the secure processor, an entire system becomes highly resistant to reverse engineering and tampering. Engineering the security of a system to systematically utilize the ‘most secure part on the board’ raises the entire system’s security to the level of the secure processor.
CPU Tech would like to encourage you to begin a dialogue with us on other ways to make use of the Secure Anchor Point in your application, and how we can better define our secure anchor generator capability to meet your needs.