In response to the market need for a truly secure system as evidenced by recent DDoS attacks, such as VPNFilter, Axiado has developed a boot subsystem that achieves true security without the risk of “bricking” the system.
Axiado’s secure boot includes tamper-proof authentication of both the code and the user, and full encryption of the code.
“The boot process is the most fundamental part of every system start-up. If the boot code is compromised, nothing else matters, because either the system is dead or hacked,” says Axel Kloth, founder and CTO of Axiado.
The boot sequence has recently become a popular attack point for hackers, because it is the initial start-up process of every digital system, hence providing access to changing the behavior of the system to gain complete access. Until now, developers have claimed a boot process that provides some level of security. Nevertheless, today’s processors fail to provide a truly secure start up since they do not authenticate the user executing the BIOS update nor the integrity of the boot code, and they do not guarantee that the code is free of malware or that it has not been tampered with. In these processors, an interrupted or compromised boot code “bricks” the device, which prevents subsequent booting and makes the device inoperable permanently. The currently accepted but unsecure practice of attempting to recover from bricking is to disable the Trusted Platform Module (TPM) coprocessor. This procedure, however, makes it possible to install malicious software into the BIOS, resulting in either an non-secure or a possibly permanently inoperable system.
Axiado’s boot subsystem does three things that other developers have not been able to demonstrate: (1) it authenticates the person or organization executing the BIOS update, (2) authenticates (signs) the code, and (3) encrypts the code. Due to these capabilities and Axiado’s unique architecture, attacks against Axiado’s secure boot will not be able to penetrate the system and alter the BIOS, and hence, not result in bricking. Furthermore, systems that require continuous availability will benefit from in-service upgrades of the firmware. To our knowledge, no one else has been able to do this yet.
“What we have achieved is the foundation for a secure internet,” said Axel Kloth, CTO of Axiado. “Axiado’s fully secure boot can be deployed, for example, in financial services, manufacturing, businesses, and data centers. It is the first one of a comprehensive set of proactive defenses that are built in Axiado’s security platform,” he continues.
Rik Turner, an analyst at Ovum says that “if Axiado can demonstrate that its boot is truly secure, they can claim having the primary pillar for an impenetrable digital system.”