***
< [Home](https://github.com/SeanOhAileasa) | [README](https://github.com/SeanOhAileasa/cap-software-and-systems-security/blob/main/README.md) >

## CompTIA Cybersecurity Analyst (CySA+) - Course Material 2022
###### Topic: ``Hardware Assurance``
***

Course material for the ``CompTIA Cybersecurity Analyst (CySA+)`` module of the ``ICT Associate Apprenticeship (Cybersecurity)`` programme.

<a id="top"></a>
***
## Table of Contents
***

### [Hardware Assurance](#a) <br/><br/>

- [Hardware Assurance Best Practices](#b) <br/><br/> 
- [Supply Chain Assessment](#c) <br/><br/> 
    - [Due Diligence](#d) <br/><br/> 
        - [Legal Principle](#d) ``Used Best Practice/Reasonable Care in Setting up/Configuring/Maintaining System`` <br/><br/> 
            - [Vendor/Supplier](#d) <br/><br/> 
                - [Due Diligence Questionnaire Checklist](#d) <br/><br/>
                    - Do they offer ``IR`` and/or ``Forensics Services`` on their behalf? <br/><br/>
                    - Do they have their own ``Established CS Risk Management Program`` in place? <br/><br/>
                    - Do they regularly ``Patch``/``Update`` their ``Product`` in a timely manner? <br/><br/>
                    - Do they inject any type of ``Security/Development Best Practices`` into their ``Creation Process``? <br/><br/>
                    - What ``Security Controls`` do they have in place when ``Accessing`` your ``Data``? <br/><br/>
                    - What does their historical ``Background Check`` look like? Have they gone ``Bankrupt``? Have they been ``Breached``?
<hr width=50%;>                    

- [Hardware Source Authenticity / Trusted Foundry](#e) <br/><br/> 
    - [Hardware Source Authenticity](#e) <br/><br/> 
        - [Procured Tamper-free from Trustworthy Suppliers](#e) ``Validate Supply Chain at all Costs`` <br/><br/> 
    - [Trusted Foundry](#e) <br/><br/> 
        - [Microprocessor Manufacturing Utility](#e) ``Part of Validated Supply Chain`` <br/><br/>
            - [``HW``/``SW``](#e) <br/><br/>
                - [~~Deviate from Documented Functions~~](#e) <br/><br/>
        - [Defense Microelectronics Activity](#e) <br/><br/> 
            - [``DMEA``](#e) <br/><br/>  
    - [Hardware Root of Trust](#f) <br/><br/> 
        - [Embedded Cryptographic Module](#f) <br/><br/> 
            - [Endorse Trusted Execution](#f) | [Attest Boot Settings/Metrics](#f) <br/><br/> 
    - [Trusted Platform Module](#g) ``TPM`` <br/><br/> 
        - [Specification](#g) | [Hardware-based Storage](#g) <br/><br/> 
            - [Digital Certificates](#g) | [Keys](#g) | [Hashed Passwords](#g) | [Other User/Platform ID Information](#g) <br/><br/>              
        - [Implementation](#g) ``Chipset`` or ``Embedded Option of CPU`` <br/><br/> 
            - [Microprocessor](#g) <br/><br/> 
                - [Asymmetric Private Key](#g) ``Unchangeable`` <br/><br/> 
                    - [Create Subkeys](#g) ``Perform Select Access Tasks`` <br/><br/> 
    - [Hardware Security Module](#h) ``HSM`` <br/><br/> 
        - [Appliance](#h) <br/><br/> 
            - [Generating / Storing Cryptographic Keys](#h) <br/><br/> 
                - Less Susceptible to Tampering / Insider Threats than SW-based Storage <br/><br/> 
        - [Implementation](#h) | [Third-party Vendor](#h)
            - [Primarily used for Storing Symmetric Encryption Keys](#h) <br/><br/> 
                - [``Thales``](#h) <br/><br/> 
                - [``nCipher``](#h) <br/><br/> 
    - [Anti-Tamper](#i) <br/><br/> 
        - [Field-Programmable Gate Array](#i) ``FPGA``<br/><br/> 
            - [Create a Digital Fingerprint](#i) <br/><br/> 
        - [Physically Unclonable Function](#i) <br/><br/> 
            - [``PUF``](#i) ``Combined with FPGA`` <br/><br/> 
                - [Detect / Remediate any Nefarious Activities](#i) ``Anti-tamper Solution`` <br/><br/> 
- [Trusted Firmware](#j) ``Firmware``/``Most Sensitive / Vulnerable`` <br/><br/> 
    - [Encryption](#j) ``Techniques`` <br/><br/> 
        - [Unified Extensible Firmware Interface](#j) ``UEFI`` <br/><br/> 
            - [Boot Security](#j) Supports ``64-bit CPU Operation at Boot``/``Full GUI``/``Mouse Operation at Boot`` <br/><br/> 
                - [Secure Boot](#j) <br/><br/> 
                    - [Prevents Unwanted Processes Executing during Boot](#j) <br/><br/> 
                - [Measured Boot](#j) | [Gather Secure Metrics](#j) ``Validate Boot Process`` <br/><br/> 
                    - [Attestation Report](#j) <br/><br/> 
        - [``eFUSE``](#j) <br/><br/> 
            - [Software/Firmware](#j) <br/><br/> 
                - [Permanently Alter Transister State](#j) <br/><br/> 
    - [Trusted Firmware Updates](#k) <br/><br/> 
        - [~~Untrusted Update Exploitation~~](#k) <br/><br/> 
            - [``Intel Boot Guard``](#k) <br/><br/> 
        - [Trusted Special Key](#k) <br/><br/> 
            - ``Used each time to Validate before Updating`` <br/><br/> 
        - [Self-Encrypting Drives](#k) <br/><br/> 
            - [``SED``](#k) ``Disk Drive`` <br/><br/> 
                - Controller can Automatically Encrypt Data written to it <br/><br/> 
- [Secure Processing](#l) <br/><br/>
    - [Mechanism for Ensuring CIA Triad of Software Code and Data](#l) <br/><br/>
        - [Executed in Volatile Memory](#l) <br/><br/> 
    - [Malware](#l) <br/><br/> 
        - [Obfuscation](#l) ``Technique to Hide its Activity`` <br/><br/> 
            - [Identify Known Versus Uncommon Process Activities](#l) <br/><br/>
        - [Eliminate Untrusted Processing](#l) ``Further Solidify Security Stance`` <br/><br/>
            - [Use Bus Encryption](#l) <br/><br/> 
                - [Lock Down Ports/USB/HDMI](#l) ``Without Proper Authentication`` <br/><br/>
            - [Use a Secure Enclave for Trusted Processes](#l) ``Dedicated Secure Subsystem`` <br/><br/>
            - [Ensure Processor Security Extensions are Enabled](#l) <br/><br/>
            - [Try Atomic Execution](#l) <br/><br/>
                - [Process Executes Only the Number of Times it Needs](#l) ``Stripped of its Access``       
                     
<hr width=50%;>

***
## END

< [Table of Contents](#top) | [References](#references) >
<a id="a"></a>
***
### Hardware Assurance
***

> Communicate best practices for supply chain, hardware root of trust, trusted firmware, and secure processing

< [Table of Contents](#top) | [References](#references) >
<a id="b"></a>
***
###### Hardware Assurance Best Practices
***

Cover a number of **Hardware Assurance** best practices, including ``Supply Chain Assessment``, ``Hardware Source Authenticity and Trusted Foundry``, ``Trusted Firmware``.

< [Table of Contents](#top) | [References](#references) >
<a id="c"></a>
***
###### Supply Chain Assessment
***

Start with ensuring due diligence and source authenticity in outlining the different methods of supply chain assessment.

< [Table of Contents](#top) | [References](#references) >
<a id="d"></a>
***
###### Supply Chain Assessment - Vendor Due Diligence
***

``Due Diligence`` is a legal principle in that a subject has used best practice or reasonable care when setting up, configuring, and maintaining a system. 

Performing due diligence on your vendors and suppliers is crucial to securing your specific supply chain.

> Due Diligence Questionnaire Checklist

The following are some considerations for establishing a solid due diligence questionnaire checklist:


- Do they offer incident response and/or forensics services on their behalf?


- Do they have their own established cyber security risk management program in place?


- Do they regularly patch and update their product in a timely manner?


- Do they inject any type of security or development best practices into their creation process?


- What security controls do they have in place when accessing your data?


- What does their historical background check look like? Have they gone bankrupt? Have they been breached?

< [Table of Contents](#top) | [References](#references) >
<a id="e"></a>
***
###### Supply Chain Assessment - Hardware Source Authenticity and Trusted Foundry
***

> Hardware Source Authenticity 

Is the process of ensuring that hardware is procured tamper-free from trustworthy suppliers - validating the supply chain at all costs.

> Trusted Foundry

Is a microprocessor manufacturing utility that is part of a validated supply chain (one where hardware and software does not deviate from its documented functions).

> Trusted Foundry - Defense Microelectronics Activity - [ [``DMEA``](https://www.defense.gov/News/Releases/Release/Article/2892798/the-defense-microelectronics-activity-designated-as-a-center-for-industrial-tec/) ]

Ensuring that any third parties you deal with are thoroughly vetted and have a trusted supply chain is vital to your survival. 

Checking with a Trusted Foundry like ``DMEA`` (Defense Microelectronics Activity) is a great way to get a bit of background on who your supplier actually deals with. 

< [Table of Contents](#top) | [References](#references) >
<a id="f"></a>
***
###### Supply Chain Assessment - Hardware Root of Trust
***

Hardware Root of Trust is a cryptographic module embedded within a computer system that can endorse trusted execution and attest to boot settings and metrics.

< [Table of Contents](#top) | [References](#references) >
<a id="g"></a>
***
###### Supply Chain Assessment - Trusted Platform Module - ``TPM``
***

A ``TPM`` is a specification for hardware-based storage of:

- Digital Certificates


- Keys


- Hashed Passwords


- Other User / Platform Identification Information

Most implementations of a ``TPM`` are included in a device's ``Chipset`` or as an embedded option of the ``CPU`` itself. 

What is so unique is that the microprocessor has an unchangeable asymmetric private key that can be used to create other types of subkeys to perform select access tasks.

< [Table of Contents](#top) | [References](#references) >
<a id="h"></a>
***
###### Supply Chain Assessment - Hardware Security Module - ``HSM``
***

Is an appliance for generating and storing cryptographic keys.

This sort of solution may be less susceptible to tampering and insider threats than software-based storage.

It is important to know that ``HSM`` are usually implemented by a third-party vendor and are primarily used for storing symmetric encryption keys - examples of these third-party solutions include Thales and nCipher.

< [Table of Contents](#top) | [References](#references) >
<a id="i"></a>
***
###### Supply Chain Assessment - Anti-Tamper
***

> Field-Programmable Gate Array - ``FPGA``

Anti-tamper is simply a mechanism that makes use of the Field-Programmable Gate Array (``FPGA``) to create a ``Digital Fingerprint``.

> Field-Programmable Gate Array - ``FPGA`` - Physically Unclonable Function - ``PUF``

When combined with a Physically Unclonable Function (``PUF``) of the device, anti-tamper solutions can detect and remediate any nefarious activities that may be occurring. 

Anti-tamper methods make it difficult for an attacker to alter the authorized execution of software.

< [Table of Contents](#top) | [References](#references) >
<a id="j"></a>
***
###### Trusted Firmware 
***

> Encryption

Encryption of the firmware is extremely important as it limits an attacker's ability to gain access to one of the most sensitive and vulnerable areas on a machine. 

The following are some different types of techniques that can be used for this purpose:

> Encryption - Unified Extensible Firmware Interface - ``UEFI``

A type of system firmware providing support for 64-bit CPU operation at boot, full GUI and mouse operation at boot, and better boot security.

> Encryption - Unified Extensible Firmware Interface - ``UEFI`` - Secure Boot

A ``UEFI`` feature that prevents unwanted processes from executing during the boot operation.

> Encryption - Unified Extensible Firmware Interface - ``UEFI`` - Measured Boot

A ``UEFI`` feature that gathers secure metrics to validate the boot process in an attestation report.

> Encryption - eFUSE

A means for software or firmware to permanently alter the state of a transistor on a computer chip.

< [Table of Contents](#top) | [References](#references) >
<a id="k"></a>
***
###### Trusted Firmware - Trusted Firmware Updates
***

Using technology to prevent untrusted update exploitation like ``Intel Boot Guard`` can help in this effort. 

With trusted firmware updated, a trusted special key is used each time to validate before updating.

< [Table of Contents](#top) | [References](#references) >
<a id="k"></a>
***
###### Trusted Firmware - Trusted Firmware Updates - Self-Encrypting Drives - ``SED``

Can also use Self-Encrypting Drives (``SED``), a disk drive where the controller can automatically encrypt data that is written to it.

< [Table of Contents](#top) | [References](#references) >
<a id="l"></a>
***
###### Secure Processing
***

Secure Processing is a mechanism for ensuring the ``CIA Triad of Software Code and Data`` as it is executed in volatile memory.

> Malware - Obfuscation - Identify Known Versus Uncommon Process Activities

A popular technique with malware is to try and hide its activity in a process called obfuscation. 

One way to capture and eliminate this activity is to try and identify known versus uncommon process activities.

The following are some ways to eliminate untrusted processing and further solidify your security stance.


- Use bus encryption to lock down ports, USB, or even HDMI from being used without proper authentication.


- Use a [ [``Secure Enclave``](https://www.anjuna.io/what-is-a-secure-enclave) ] for trusted processes.


- Ensure processor security extensions are enabled if applicable.
 

- Try atomic execution, where a process has the ability to execute only the number of times it needs, before it is then stripped of its access.

***
## END

< [Table of Contents](#top) >
<a id="references"></a>
***
## References
***

&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;cybrary, "Hardware Assurance," [cybrary.it](https://web.archive.org/web/20220724081418/https://www.cybrary.it/), n.d..

***
## END

< [Table of Contents](#top) | [References](#references) >
<a id="appendix"></a>
***
## Appendix
***

***
## END

In [1]:
from IPython.core.display import display,HTML
display(HTML("<style>.container { width:100% !important; }</style>"))

  from IPython.core.display import display,HTML


# END JUPYTER NOTEBOOK