The need for flexibility and faster development times have raised interest in distributed computing systems. Distributed systems are based on two or more subsystems that have a well-defined role, commonly agreed interfaces towards other subsystems and can, in principle, be replaced with another implementation of the same subsystem. The corresponding high-level description of the system, architecture, describes these aspects of the distributed system.
There exist a number of reasons for moving towards distributed computing systems, for example, the emergence of multi-part products. It should be noted, however, that a distributed system does not need to be multi-part in a physical sense. Another reason for moving towards distributed computing systems is the need to comply with various standards (formal or de facto) that are based on well-defined subsystems and interfaces. Finally, interoperability between different vendors and possibility to use e.g. third party accessories are promoting the emergence of distributed architectures.
Distributed computing, however, has one clear disadvantage when compared to a monolithic system, namely security. Accessing the internals of a physically monolithic product can be difficult. Compromising a monolithic system, thus, is difficult because an attacker cannot easily access data or communication on a die or the proprietary interfaces between application specific integrated circuits (ASICs) inside the system chassis.
A system implementing a product, whether it is monolithic or distributed, can have three major phases of operation: boot, normal operation, and shutdown. Boot phase can prepare and initialize the system. Normal operation phase in a distributed system can start when the distributed executables are authorized and able to communicate with each other. It is essential to secure the boot phase so that secure system operation can be ensured during the subsequent phases.
The modern security bootstrapping architecture in monolithic systems typically contains trusted hardware services, including boot protection and secure execution. Secure execution performs cryptographic algorithms, random number generation and system monitoring. Furthermore, such monolithic systems contain secure storage for software certificates and perform integrity checks and authorization of software. The certificates are typically hashes of software, protected with public key cryptography. The permanently stored device vendor certificate is the root of trust chain for the identified device. The trust chain consists of certificates that are verified using higher level certificates, and ultimately root certificates.
For example, bootstrapping of a monolithic architecture device was based on a phased initialization starting with the trusted computing base and continuing with the verification of integrity in subsequently activated, less secure layer of hardware or software.
Use of public key infrastructure for keys or certificates that form the chain of trust in the phased initialization of the monolithic device is another technique that is used. Finally, centralized key distribution mechanisms, where one trusted node brokers the establishment of mutual trust between other nodes is another technique that is used.
However, techniques for securing monolithic devices are not effective to secure distributed devices, and accordingly, there is a need, for example, to secure the boot phase of a computing system implemented as a distributed architecture device.