Google Titan

Titan is the specialized processor.

On August 28, 2017 it became known of technology of protection of cloud services of Google company — the specialized Titan processor. Its basic purpose — to prevent cracking of servers of the company at root access level (firmwares - firmware).

For data protection the corporation uses several methods of multilevel protection. Attention is paid to a cloud platform of Google Cloud. It, substantially, is expected representatives of business^[1].

Engineers of Google Cloud Platform announced some details appointment and features of work of one of means of protecting of cloud services — the specialized Titan processor. This chip — not the pilot solution, but technology, it protects practically all servers of corporation. Basic purpose of Titan — to prevent cracking at the level of a firmware (firmware).

Titan works as the hardware of confidential loading and provides other cryptographic options of protection of servers of Google.

This processor supports preventive protection against the hacker attacks which can be initiated by intelligence agencies, including pro-active protection against implementation of backdoors. Hackers learned to implement in firmware rootkits which open access to spyware even after reinstallation of OS, but, as envisioned by developers, Titan monitors any changes in a firmware, allowing certified.

The built-in system logic of the processor reduces chances of survival of backdoors as this processor scans "each byte of information" of a firmware of the central processor and other components of the server. Among processor components:

• the protected applied processor,
• cryptographic coprocessor,
• hardware random number generator,
• difficult hierarchy of keys,
• static RAM (SRAM),
• built in a flash memory
• read-only memory block.

The last is intended for change tracking of a firmware of devices of third-party producers.

According to the statement of Google, for check of own firmware Titan uses cryptography with public key (PKI), this technology is applied to check of a firmware a host system and already then the boot firmware of Google configures the machine and loads the loader and OS. The logic of control of the chip differs from applied in the conditions of safe loading (Secure Boot) which is required for check of microprogram providing at start of OS. Details of logic of work of Titan are not disclosed, but developers stated: it prevents replacement of a firmware of the processor.

The processor allocates each server with own cryptographic identifier which if necessary allows to make changes to Titan firmware. Engineers of the company said: by production the unique identification number is assigned to each chip — it is stored in the database of the register together with information on origin. Its contents are protected using cryptographic keys of Titan Certification Authority (CA) which are required for generation of requests for obtaining certificates. CA are also applied to the signature of magazines of audit that complicates to malefactors concealment of traces of cracking at the level of root access to the machine.

Notes