Definition: Highly reliable hardware, firmware, and software components that perform specific, critical security functions. Because roots of trust are inherently trusted, they must be secure by design. Roots of trust provide a solid foundation upon which security and trust can be built.
Root of Trust explained
Encryption, signing, authentication, and authenticated key exchange are all cryptographic operations that rely on secret keys that must be kept secure and remain secret. Therefore, any deployment of cryptography must be carefully considered on the basis of how the secret keys are stored and protected. A robust method of protection is critical in order to become the ‘root of trust’ - the foundation of trust for the entire computing ecosystem.
A root of trust is a vital component of any Public Key Infrastructure (PKI) and Symmetric Key Infrastructures to generate and protect root Certificate Authority keys which are required for:
- Code signing to ensure software remains secure, unaltered, and authentic,
- Generating and safe-guarding digital keys and certificates for credentialing and authenticating devices for IoT applications (managing the life-cycle of the device), and other network deployments.
Secure Root of trust functions usually include hardware security modules. A hardware root of trust serves as the foundation for all secure operations of a computing system. It generates, protects and stores the keys that are needed for cryptographic functions within its secure environment, and it is generally part of the secure boot process that provides the foundation for a software chain of trust.
The concept in a hardware root of trust stands out as highly effective compared to lower-level security measures. It is mandatory in many industry-grade standards and regulations (e.g., government, banking, military). A programmable hardware root of trust is designed to be updated on a regular basis in order to keep up with the latest network, app, and device threats and exploitations.