Wave Integrating MITRE's Attestation Technique Into Its Endpoint Monitor for Remediating Advanced Malware

MITRE Details Technique at Black Hat 2013


LEE, MA--(Marketwired - Jul 31, 2013) - Wave Systems Corp. (NASDAQ: WAVX), the Trusted Computing Company, announced plans to integrate The MITRE Corporation's new timing-based attestation technique into Wave Endpoint Monitor (WEM), the industry's first solution to leverage industry standard hardware to detect and remediate malware that can surreptitiously mount attacks before the operating system loads. MITRE is a not-for-profit organization that provides systems engineering, research and development, and information technology support to the government.

With this enhancement, Wave will integrate MITRE's technique that doubly verifies that the core BIOS hasn't been corrupted. The BIOS is the first software run by the PC when powered-on and is responsible for initializing hardware and getting the operating system running. It also contains the "core root of trust measurement" (CRTM) software, the first software in the boot trust chain that ends in the assurance that the computer booted safely.

"MITRE has made a significant contribution to the body of research by identifying a scenario in which malicious code could be introduced to the BIOS that would cause it to provide a false reading and allow the malicious BIOS to indicate the system had not been corrupted," said Dr. Robert Thibadeau, Wave's Chief Scientist. "MITRE's technique offers a second control for determining the CRTM does not lie about itself and any of the rest of the trust chain."

Dr. Thibadeau added, "While BIOS attacks are still fairly rare today -- less than one percent by many accounts -- they represent a new and dangerous attack vector, and we're bound to see more in future years as the more popular preboot targets are secured by our existing WEM technology."

The management of CRTM detection will be incorporated in a module for WEM, which Wave expects will be production-ready in early 2014 to meet the expected increase of these attacks. Wave Endpoint Monitor captures verifiable PC health and security by utilizing information stored within the TPM. If anomalies are detected, the attack is controlled, and IT is alerted immediately with real-time analytics.

MITRE research presented at Black Hat 2013
MITRE researchers John Butterworth, Corey Kallenberg, and Xeno Kovah presented their research on this vulnerability and technique, "BIOS Chronomancy: Fixing the Core Root of Trust for Measurement," at Black Hat 2013.

The team's research highlights a vulnerability in which a firmware rootkit tricks an endpoint's Trusted Platform Module (TPM) chip into reporting a clean BIOS firmware, when in fact it has been compromised. MITRE's research shows the importance of using timing-based attestation systems, which can defend against attackers who obtain the same privilege levels as the defender. John Butterworth, a Senior Infosec Engineer at MITRE, adds, "Additional complexities are imposed on an attacker who tries to conceal a rootkit in the presence of timing-based attestation; even concealing the modification of a single byte will trigger a measurable change."

The team's findings come as vendors work to implement BIOS protection specifications as outlined by the National Institute of Standards and Technology (NIST) special publication 800-155, published in 2011.

About Wave Systems
Wave Systems Corp. (NASDAQ: WAVX) reduces the complexity, cost and uncertainty of data protection by starting inside the device. Unlike other vendors who try to secure information by adding layers of software for security, Wave leverages the security capabilities built directly into endpoint computing platforms themselves. Wave has been a foremost expert on this growing trend, leading the way with first-to-market solutions and helping shape standards through its work as a board member for the Trusted Computing Group.

About The MITRE Corporation
The MITRE Corporation is a not-for-profit organization that provides systems engineering, research and development, and information technology support to the government. It operates federally funded research and development centers for the Department of Defense, the Federal Aviation Administration, the Internal Revenue Service and Department of Veterans Affairs, the Department of Homeland Security, the Administrative Office of the U.S. Courts, and the Centers for Medicare & Medicaid Services, with principal locations in Bedford, Mass., and McLean, Va.

Safe Harbor for Forward-Looking Statements
This press release may contain forward-looking information within the meaning of the Private Securities Litigation Reform Act of 1995 and Section 21E of the Securities Exchange Act of 1934, as amended (the Exchange Act), including all statements that are not statements of historical fact regarding the intent, belief or current expectations of the company, its directors or its officers with respect to, among other things: (i) the company's financing plans; (ii) trends affecting the company's financial condition or results of operations; (iii) the company's growth strategy and operating strategy; and (iv) the declaration and payment of dividends. The words "may," "would," "will," "expect," "estimate," "anticipate," "believe," "intend" and similar expressions and variations thereof are intended to identify forward-looking statements. Investors are cautioned that any such forward-looking statements are not guarantees of future performance and involve risks and uncertainties, many of which are beyond the company's ability to control, and that actual results may differ materially from those projected in the forward-looking statements as a result of various factors. Wave assumes no duty to and does not undertake to update forward-looking statements.

All brands are the property of their respective owners.

Michael Wheeler

Investor Relations:
David Collins
Eric Lentini
View Comments (0)