Secure-Boot on OCP NIC…Secure-Boot on OCP NIC Prevent Supply-Chain and Cloning Attacks Yuval Itkin...
Transcript of Secure-Boot on OCP NIC…Secure-Boot on OCP NIC Prevent Supply-Chain and Cloning Attacks Yuval Itkin...
![Page 1: Secure-Boot on OCP NIC…Secure-Boot on OCP NIC Prevent Supply-Chain and Cloning Attacks Yuval Itkin –Distinguished Architect Elad Wind –Director, Solutions Engineer Server/Storage/Security](https://reader030.fdocuments.in/reader030/viewer/2022041005/5ea918d81c6b9c7ba3357d09/html5/thumbnails/1.jpg)
![Page 2: Secure-Boot on OCP NIC…Secure-Boot on OCP NIC Prevent Supply-Chain and Cloning Attacks Yuval Itkin –Distinguished Architect Elad Wind –Director, Solutions Engineer Server/Storage/Security](https://reader030.fdocuments.in/reader030/viewer/2022041005/5ea918d81c6b9c7ba3357d09/html5/thumbnails/2.jpg)
Secure-Boot on OCP NIC Prevent Supply-Chain and Cloning Attacks
Yuval Itkin – Distinguished ArchitectElad Wind – Director, Solutions Engineer
Server/Storage/Security
![Page 3: Secure-Boot on OCP NIC…Secure-Boot on OCP NIC Prevent Supply-Chain and Cloning Attacks Yuval Itkin –Distinguished Architect Elad Wind –Director, Solutions Engineer Server/Storage/Security](https://reader030.fdocuments.in/reader030/viewer/2022041005/5ea918d81c6b9c7ba3357d09/html5/thumbnails/3.jpg)
• Hardware attacks are part of the datacenters security threat landscape
1. Tampering with supply chain elements2. Cloning devices
• Secure Boot addresses supply chain attacks – but not cloning
• NICs must combine Secure Boot with Cloning Protection to prevent both attack methods
SECURITY
WHITE PAPERS (IN PROCESS)
NICs Are A Target for Attacks
![Page 4: Secure-Boot on OCP NIC…Secure-Boot on OCP NIC Prevent Supply-Chain and Cloning Attacks Yuval Itkin –Distinguished Architect Elad Wind –Director, Solutions Engineer Server/Storage/Security](https://reader030.fdocuments.in/reader030/viewer/2022041005/5ea918d81c6b9c7ba3357d09/html5/thumbnails/4.jpg)
Secure Boot
• NIST Special Publication SP800-193“Platform Firmware Resiliency Guidelines”
• Using Secure-boot assures that only properly signed firmware images can be loaded into a device
• Devices can only authenticate the signature using a pre-provisioned public key
![Page 5: Secure-Boot on OCP NIC…Secure-Boot on OCP NIC Prevent Supply-Chain and Cloning Attacks Yuval Itkin –Distinguished Architect Elad Wind –Director, Solutions Engineer Server/Storage/Security](https://reader030.fdocuments.in/reader030/viewer/2022041005/5ea918d81c6b9c7ba3357d09/html5/thumbnails/5.jpg)
Cloning Protection
• Datacenters may provision different rights per device-ID
• Vendors may enable capabilities using firmware image
• Cloning Protection prevents hardware replicas
• Cloning Protection mandates using an embedded device-unique key
2 Methods to Prevent Cloning
1. Attestation protocol
2. Device-based cloning protection during secure boot
![Page 6: Secure-Boot on OCP NIC…Secure-Boot on OCP NIC Prevent Supply-Chain and Cloning Attacks Yuval Itkin –Distinguished Architect Elad Wind –Director, Solutions Engineer Server/Storage/Security](https://reader030.fdocuments.in/reader030/viewer/2022041005/5ea918d81c6b9c7ba3357d09/html5/thumbnails/6.jpg)
1. Attestation Based Cloning Protection
• Devices are individually provisioned to the systems installed in using its Device-Secret and firmware image
• Device provides firmware measurements based on its Device Secret
* See more information in RIoT Paper
![Page 7: Secure-Boot on OCP NIC…Secure-Boot on OCP NIC Prevent Supply-Chain and Cloning Attacks Yuval Itkin –Distinguished Architect Elad Wind –Director, Solutions Engineer Server/Storage/Security](https://reader030.fdocuments.in/reader030/viewer/2022041005/5ea918d81c6b9c7ba3357d09/html5/thumbnails/7.jpg)
2. HW RoT Based Cloning Protection
• The device-unique key is inaccessible and invisible to the external world
• Hardware RoT verifies the firmware using a runtime-calculated device-specific signature against an off-chip stored signature
• Note: this method mandates devices to embed the cloning-protection signature during firmware update
![Page 8: Secure-Boot on OCP NIC…Secure-Boot on OCP NIC Prevent Supply-Chain and Cloning Attacks Yuval Itkin –Distinguished Architect Elad Wind –Director, Solutions Engineer Server/Storage/Security](https://reader030.fdocuments.in/reader030/viewer/2022041005/5ea918d81c6b9c7ba3357d09/html5/thumbnails/8.jpg)
Mellanox OCP NIC 3.0 Cards
![Page 9: Secure-Boot on OCP NIC…Secure-Boot on OCP NIC Prevent Supply-Chain and Cloning Attacks Yuval Itkin –Distinguished Architect Elad Wind –Director, Solutions Engineer Server/Storage/Security](https://reader030.fdocuments.in/reader030/viewer/2022041005/5ea918d81c6b9c7ba3357d09/html5/thumbnails/9.jpg)
Mellanox OCP NICs
OCP NIC 3.0 specifications opencompute.org/wiki/Server/Mezz
Mellanox OCP Products mellanox.com/ocp
Mellanox OCP-inspired
opencompute.org/products?query=mellanox
![Page 10: Secure-Boot on OCP NIC…Secure-Boot on OCP NIC Prevent Supply-Chain and Cloning Attacks Yuval Itkin –Distinguished Architect Elad Wind –Director, Solutions Engineer Server/Storage/Security](https://reader030.fdocuments.in/reader030/viewer/2022041005/5ea918d81c6b9c7ba3357d09/html5/thumbnails/10.jpg)
Choose NICs combining Secure Boot with Cloning Protection
Call To Action
• Secure Boot alone doesn’t solve hardware attacks
• Cloning Protection using attestation protocol requires keeping a log of device-secrets
• Prefer Device-based Cloning Protection
Project Specification: opencompute.org/wiki/Security
![Page 11: Secure-Boot on OCP NIC…Secure-Boot on OCP NIC Prevent Supply-Chain and Cloning Attacks Yuval Itkin –Distinguished Architect Elad Wind –Director, Solutions Engineer Server/Storage/Security](https://reader030.fdocuments.in/reader030/viewer/2022041005/5ea918d81c6b9c7ba3357d09/html5/thumbnails/11.jpg)