Presentation is loading. Please wait.

Presentation is loading. Please wait.

SPIRAL: Security Protocols for Cerberus

Published byKathleen Mason Modified over 4 years ago

Similar presentations

Presentation on theme: "SPIRAL: Security Protocols for Cerberus"— Presentation transcript:

1 SPIRAL: Security Protocols for Cerberus
Initiated for OCP by January 2019

2 Outline of Talk Intel’s Secure Boot, and problem we faced
Solving our problem using Cerberus/USB Authentication Protocol Optimization opportunities Practical difficulties encountered in implementation Options to address difficulties – new SPIRAL protocol

3 Intel’s Secure Boot on Client and Server
During manufacturing, OEM burns into CSME’s FPF (field- programmable fuses) hash of public key that verifies BIOS signature During boot CSME sends the public key hash to CPU CPU verifies OEM signature on BIOS, sends result to CSME CSME enforces policy (i.e., platform reset) Intel’s Secure Boot on Client and Server During boot, CSME also sends other sensitive messages to CPU

4 Our Concern: Man-in-the-Middle Attack
The goal of a MitM attacker between CPU and CSME is to run his own BIOS signed with his own keypair. He could achieve his goal using one of two ways Replace OEM_pubkey_hash with attacker’s public key hash Alter Result from failed to passed Similar case for other secrets Our Concern: Man-in-the-Middle Attack Applicable to many other solutions containing a CPU and discrete RoT

5 Searching for a Solution: Cerberus
Cerberus: CPU authenticates to CSME using DICE credential and Cerberus protocol Cerberus uses USB Type-C Authentication Protocol OEM public key hash is sent to only authenticated CPU. CSME expects to receive BIOS verification result from the authenticated CPU within certain time limit. Searching for a Solution: Cerberus Before CPU accepts secrets from CSME, CPU needs to be assured that the secrets are coming from a legitimate CSME, not a malicious entity. We need mutual authentication – applying Cerberus protocol (USB Type-C Authentication Protocol) both ways

6 Scaling Cerberus – Beyond Servers
Secure boot is essential in many segments, not just servers: client PC, phones, IoT, etc. Boot time performance is critical in constrained environments: client PCs, phones, sensors, wearables, etc. Cerberus could scale to other segments with or without remote attestation. Scalability Challenges USB Type-C authentication protocol is not optimized for performance Requires asymmetric credential on both endpoints Requires asymmetric cryptography every boot Not all CPUs can support DICE No revocation of compromised credentials

7 Scalability Requirements
Credentials and algorithms must scale with segment CPU & RoT constraints Multiple credentials & algorithms schemes have to be supported Most segments can tolerate delays in the first boot or new pairing scenarios. Asymmetric operations could be tolerated at first boot Subsequent boots must be faster Solution – Symmetric operations are typically fast

8 Boot Time Performance: Optimized Two-Way Cerberus
CPU as CA-RoT owns CpuKey derived from part-unique secure fuses. CPU has no NVM. CSME as PA-RoT does. Registration: runs only once. The two agreed on a shared key SK. CPU encrypts SK with CpuKey and sends to CSME for secure storage. Every boot: the two exchange SK-wrapped nonces to show both know the same SK. Session keys can then be derived from SK and nonces. Every boot: No asymmetric operation! Boot Time Performance: Optimized Two-Way Cerberus PA-RoT AC-RoT mutual authentication + key agreement . Result in shared key SK ( SK ) CpuKey NVM R e g i s t r a o n , CsmeNonce CpuNonce Hash E v y b

9 Every boot: CSME as PA-RoT has to send CsmeNonce without protection (but it’s OK) CPU as AC-RoT decrypts (SK)CpuKey and gets SK CPU derives CpuHmacKey from SK and CsmeNonce CPU generates CpuNonce and HMAC’ed with CpuHmacKey CSME and CPU both derive CsmeHmacKey from SK and CpuNonce AES keys may be derived similarly Don’t Ever Use SK Itself to Protect Messages: Securely-Optimized Two-Way Cerberus PA-RoT AC-RoT mutual authentication + key agreement . Result in shared key SK ( SK ) CpuKey NVM R e g i s t r a o n , CsmeNonce [ CpuNonce ] CpuHmacKey E v y b

10 Let’s Give It a Short (and Cool) Name: SPIRAL
Why named it SPIRAL? It stands for Security Protocol with Independent Recovery Algorithms Essentially, SPIRAL = Optimized security protocol designed for Cerberus to protect communication for PA-RoT and AC-RoT Let’s Give It a Short (and Cool) Name: SPIRAL PA-RoT AC-RoT DICE Cerberus SPIRAL PA-RoT Datacenter DICE SPIRAL

11 SPIRAL vs. USB Authentication Protocol
Property SPIRAL USB Auth. Prot. Asymmetric operation Only during pairing / first boot Every boot Credential May be DICE or hash-based* DICE Revocation of compromised credentials** Standard X.509 CRL No solution * See SPIRAL-Lite slides and whitepaper. ** SPIRAL defines a “firmware version” extension to X.509 cert, allowing efficient revocation of compromised firmware.

12 Next Steps Present to OCP Security forum
Distribute SPIRAL specification/whitepaper for OCP review Incorporate SPIRAL in next revision of Cerberus protocol specification

13 Backup

14 We Think All Is Good Until A Bummer. Then We Came up with SPIRAL-Lite
It is very difficult for uCode to implement DICE and RIoT Core layer No hardware ECC accelerator Extreme requirements on speed and nonblocking- ness of boot Especially on client CPUs We Think All Is Good Until A Bummer. Then We Came up with SPIRAL-Lite CSME ( PA - RoT ) CPU AC DICE Cerberus SPIRAL X So we have to use something else as CPU credential It cannot be built on ECC or other complex crypto CPU has SHA-NI, so we invented hash cert as CPU credential CSME ( PA - RoT ) CPU AC Hash cert DICE Cerberus SPIRAL-Lite

15 SPIRAL-Lite at a Glance
Shared secrets SS is derived from CPU secure fuses, CPU firmware versions, and CSME personality (e.g., public key). SS is different for different CSME instances. Registration: CSME decrypts (SS)CsmePubKey and stores SS in secure NVM. Every boot: CSME prompts CPU to derive same SS. Then the two exchange nonces and derive session keys. SPIRAL-Lite at a Glance

16 Putting it Together SPIRAL is a security protocol designed for Cerberus. It is built upon two-way Cerberus protocol with optimizations for performance SPIRAL-Lite is a poor-man’s alternative of SPIRAL. Poorness is in that current client CPU cannot implement DICE as credential. SPIRAL and SPIRAL-Lite may also be suitable for general AC-RoT <-> PA-RoT links. Flexible – use DICE credential, or hash credential where DICE is not available Lightweight – no asymmetric operations after initial pairing

Download ppt "SPIRAL: Security Protocols for Cerberus"

Similar presentations

Chapter 14 – Authentication Applications

Chapter 14 – Authentication Applications
Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.

Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Grid Security Infrastructure Tutorial Von Welch Distributed Systems Laboratory U. Of Chicago and Argonne National Laboratory.

Grid Security Infrastructure Tutorial Von Welch Distributed Systems Laboratory U. Of Chicago and Argonne National Laboratory.
Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.

Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.
November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.

November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.
Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.

Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.
Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.

Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.
CMSC 414 Computer and Network Security Lecture 16 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 16 Jonathan Katz.
TrustPort Public Key Infrastructure. WWW.TRUSTPORT.COM Keep It Secure Table of contents  Security of electronic communications  Using asymmetric cryptography.

TrustPort Public Key Infrastructure. Keep It Secure Table of contents  Security of electronic communications  Using asymmetric cryptography.
Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.

Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.
Computer Science Public Key Management Lecture 5.

Computer Science Public Key Management Lecture 5.
Cryptography and Network Security Chapter 14 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 14 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Symmetric Cryptography, Asymmetric Cryptography, and Digital Signatures.

Symmetric Cryptography, Asymmetric Cryptography, and Digital Signatures.
Cryptography and Network Security Chapter 14 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 14 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
Lesson Introduction ●Authentication protocols ●Key exchange protocols ●Kerberos Security Protocols.

Lesson Introduction ●Authentication protocols ●Key exchange protocols ●Kerberos Security Protocols.
 Attacks and threats  Security challenge & Solution  Communication Infrastructure  The CA hierarchy  Vehicular Public Key  Certificates.

 Attacks and threats  Security challenge & Solution  Communication Infrastructure  The CA hierarchy  Vehicular Public Key  Certificates.
Cryptography and Network Security Chapter 14 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 14 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Trusted? 05/4/2016 Charles Sheehe, CCSDS Security Working Group GRC POC All information covered is from public sources 1.

Trusted? 05/4/2016 Charles Sheehe, CCSDS Security Working Group GRC POC All information covered is from public sources 1.

Similar presentations

Ads by Google