Trusted Infrastructure in a 5G World
As I reflect on Mobile World Congress, what an incredible event as we explored innovation that will shape humanity made possible with 5G. User Endpoint (UE) that will transform healthcare, manufacturing, smart cities and more is not just about mobility connectivity, but about critical infrastructure that brings broadband to everyone, provides ultra-reliable low-latency communications, and supports the rollout of massive IoT.
I am so excited about our future!
Cisco has been very busy as well. At MWC, we showcased Cisco 5G strategy to help Service Providers grow revenue, reduce costs, and mitigate risk in a 5G economy. A few Cisco highlights include Rakuten’s First-of-its-Kind Cloud Native Mobile Network, 5G innovations at Verizon, Softbank, and Sprint, and Cisco’s innovation announcement.
Double clicking on risk, secure is a “perfect” end state that you must tirelessly work toward, however a secure state will always be an aspirational goal. Nonetheless, you must develop a mindset and persistence toward security, then double down. As fast as 5G innovations are taking place, the same can be said about innovation in security threats, but the difference in SP critical infrastructure is that the stakes are higher than ever.
Examples from the United States Computer Emergency Readiness Team:
- SPs are under attack – TA16-250A warns of increasing threats to network infrastructure devices. The risk is your brand, your reputation, and your clients.
- Critical infrastructure is under attack – TA18-106A warns motives are sophisticated and highly funded. The risk is the nation’s critical infrastructure.
So, what can you do?
Continue to apply pervasive network security – firewalls, encrypted tunnels, packet filters, traffic inspection, and DDoS. Cisco 5G security architecture is foundational to protect your network leveraging these traditional security approaches.
But “traditional” security is not enough anymore.
The new approach requires the pursuit to build and operate a trusted infrastructure.
Key questions for SP operations: what is trusted?
- How do you know your security mechanisms are working? You don’t.
- Before traditional security mechanisms can kick in, you have to ask…
- How do you know that your hardware hasn’t been compromised?
- How do you know your software hasn’t been compromised?
- How can you compare against known good values (KGV) for your devices?
- Can you provide immutable storage of evidence for integrity checks?
This approach is not new to the technology industry; examples from other technology leaders:
- Google Titan – Established a hardware root of trust for Google Cloud Provider servers
- Microsoft Project Cerberus – Built a hardware root of trust for secure clouds
I’m happy to announce Cisco’s focus to support a complete chain of trust from development to hardware to software. Cisco is paving the road in networking for trusted platforms. Trust has to start at the beginning of the device lifecycle, built into hardware and software. I’ll provide a highlight on the main principles of trust with a follow-on three part blog series that will dive into the details.
Trust Begins in Hardware
History shows that the only way to be able to completely trust software on a device is to control the hardware. It’s the reason that very large laptop companies secure ASICs on their boards to bring the system up securely and manage on-board secrets.
Cisco’s Trust Anchor Module (TAm) is fully tamper-resistant and provides the root of trust for the entire system to begin the process for the “chain of trust.” Secure Unique Device ID (SUDI) is a unique cryptographic key built into the TAm that establishes a unique, immutable hardware identity. Secure storage built into TAm provides a place to safely store secrets.
- Verify Trust in the Network OS
The next step in the chain of trust is a secure boot that ensures image device boots are genuine and untampered. Without verification at this level, threat identification becomes much more difficult and can go undetected leading to potential loss of control on critical infrastructure. Cisco’s process begins in the hardware. The TAm verifies the BIOS and then starts the first step in the chain of trust leading up to the verification of the IOS XR operating system integrity.
Cisco Secure Boot is based on hardware built into Cisco devices. It controls the CPU, measuring itself and establishing a hardware root-of-trust before the CPU is enabled, and before the bootloader and OS are executed. And it maintains a continuous chain-of-trust from hardware to the OS boot.
Maintain Trust at Runtime
Cisco has built into the IOX XR a few sophisticated techniques delivered during runtime to further a defense posture and build trust. In addition to other methods, we use:
- X-Space (aka Write XOR Execute) that prevents the successful injection of code attacks
- Address space layout randomization (ASLR) to prevent return orientated programming attacks
- Visualize and Report on Trust
The problem with trust is that you can add controls like Secure Boot, but after you add them, how do you prove you are trusted? Also, since you can’t trust a device to tell you it’s trusted, you need a more effective way to report on the trustworthy status of your devices. With your trusted platform (hardware and software), how can you identify and verify against a KGV? By continually capturing cryptographic evidence from the equipment in your network, you can produce a report to establish and show the integrity of your network against baseline KGV. Using a third party to securely store this evidence, provides you traceability and operational simplicity on reports of your global infrastructure that will undoubtedly aid your operational teams.
Trust is an important part of Cisco’s Pervasive Security Strategy that delivers comprehensive security everywhere. Across all aspects of your infrastructure or when delivering security for your customers, Cisco is fully invested.
Protect your critical infrastructure with trust and pervasive security.
Protect your customers with Cisco Cloud managed services.
You must be tireless and relentless in this effort, because the attackers are, too. And Cisco is your tireless partner.
Trust and security HAVE BEEN, ARE, and always WILL BE Cisco’s #1 priority. Visit our website to learn more.