Good security is built on layers that have been tested and designed to work together. The latest systems are designed from the ground up for security, starting with private encryption keys that never exist outside of the chip. Secure boot is simply the next step of the process. All of this security, hardware, and protocols are designed to prevent specific types of attacks. There are many ways to attack a system, and it only takes one success to cause major headaches.
There are ways to provide hierarchical security within many systems, but that’s by design. Backdoors bypass this design. It will be even worse if a backdoor gets added after the fact.
Another problem with backdoor security is that those who feel secure because of the primary security system have been deluded. The premise for a backdoor is that the “good guys” can do things the “bad guys” will not know about. Unfortunately, that’s often not the case—the backdoor can be used for nefarious reasons regardless of who is controlling the backdoor. Gaining access by compromising a backdoor system or attacking a poorly designed one results in a system that’s not only hacked, but the security layers designed to isolate other attacks are completely bypassed.
The bottom line is that backdoors should not be included in any system, and everyone should understand why. There’s no secret sauce that will make a backdoor safe. Don’t let anyone try to convince you otherwise.
This article first appeared in Electronic Design - www.electronicdesign.com