In line with expectations, Google has published more details about the inner workings of Titan, its proprietary chip developed to protect server and networking equipment against tampering.
The tiny piece of silicon secures Google Compute Platform (GCP) hardware by verifying the integrity of essential software - like firmware and BIOS - at boot time, using cryptographic signatures.
Titan is installed on every motherboard deployed in Google’s data centers, and establishes something known as a hardware root of trust, or a trust anchor - a cryptographic element that cannot be compromised.
This approach is not new - it sounds similar to the Trusted Platform Module (TPM) technology, standardised in 2009 and widely used by system vendors including Dell EMC, Cisco and Lenovo.
All about trust
Titan was originally unveiled in March at the Google Cloud Next ‘17 conference in San Francisco.
This purpose-built chip is used to securely identify and authenticate legitimate access at the hardware level, minimizing the chances of running altered software.
The chip consists of a secure application processor, a cryptographic co-processor, a hardware random number generator, embedded static RAM, embedded flash storage and a read-only memory block.
“In our data centers, we protect the boot process with secure boot. Our machines boot a known firmware/software stack, cryptographically verify this stack and then gain (or fail to gain) access to resources on our network based on the status of that verification,” a team from Google explained in a blog post. “Titan integrates with this process and offers additional layers of protection.”
One of these layers is the ability of the chip to verify first-instruction integrity - the earliest code that runs on each machine’s startup cycle, something current TPMs cannot do. Titan also runs a built-in memory self-test every time the chip boots to ensure that all memory (including ROM) has not been tampered with.
Once Titan has booted its own firmware in a secure fashion, it will turn its attention to the host’s boot firmware flash, and verify its contents using public key cryptography.
According to Google, Titan is capable of not simply preventing, but even solving security issues: in the event that bugs in its own firmware are found, they can be immediately patched to re-establish trust.
“In addition to enabling secure boot, we’ve developed an end-to-end cryptographic identity system based on Titan that can act as the root of trust for varied cryptographic operations in our data centers,” the team explained.
“The Titan-based identity system enables back-end systems to securely provision secrets and keys to individual Titan-enabled machines, or jobs running on those machines. Titan is also able to chain and sign critical audit logs, making those logs tamper-evident.”