Security in I/O Interconnects

I got a chance to chat with Richard Solomon at Synopsys recently about a very real threat for all of us and what Synopsys is doing about it. No, the topic isn’t the Coronavirus, it’s one that has been around a lot longer and will continue to be a very real threat – data and interconnect security.

First, a bit about Richard. He is the technical marketing manager for DesignWare PCI Express (PCIe) Controller IP at Synopsys. He previously worked at NCR Microelectronics, Symbios Logic and over two decades at LSI Logic, including the position of architect for host interfaces there. Richard has seen a lot of complex design challenges in his career, and we spent some time discussing data/interconnect security in the context of his experience and the plans Synopsys is developing.

Richard began with a big picture view of the problems associated with a lack of security.  Looking through a “cost” lens, here are some facts:

• 2013 – Target stores hacked; breach may have cost over $250 million
• 2016 – Yahoo hacked, dropped sale price to Verizon by $350 million
• 2017 – Equifax hacked, costs approaching $1.4 billion to date
• Consumer confidence loss even more expensive

A lot of discussion around the issues above has centered on software. Things like encryption and establishing trusted sources. To make all this efficient and to add additional layers of protection requires a look at hardware.  This is where Richard spent the bulk of his time during our discussion. At a hardware level, the “attack vectors” become quite diversified. Consider the following:

• Supply chain: substituting a compromised component before end delivery – e.g. NIC card, BMC controller, SSD, potentially even CPUs, etc.
• In-system component compromise: reprogramming (“hacking”) the firmware of a “good” device for nefarious purposes
• Physical access attack: using a logic analyzer, oscilloscope, or purpose-built “monitoring” hardware to snoop system operation
  • Edge devices are often in exposed areas subject to easy physical access

Do you have a headache yet? I did. All this can be quite subtle as well. Richard provided a good illustration: How many times have you plugged your phone into a USB port at an airport for a re-charge? Are you sure it was only charging your phone?  We all know a USB port can do a lot more than charge your phone.

Next, Richard outlined the work going on at Synopsys to deal with these, and other security challenges. An effective approach requires a wide-ranging look at hardware security, from the SoC and its IP through the entire ecosystem. To begin with, one must consider servers, routers, individual PCs, tablets and smartphones. Getting into the details of each architecture is required as well. That opens up components such as CPUs, I/O controllers (NVMe, SAS, Ethernet, etc.) and even power and cooling units. At a lower level, IO interconnects (e.g. PCIe, CXL, etc.) need to adopt security features to provide a solid foundation for everything else. The bulk of our discussion was on security in I/O interconnects.

How does one secure I/O interconnects reliably? There are a lot of parts to the answer. Here’s a short version of the list:

• Authentication
  • Standard bodies are working on specs that leverage certificate concepts from the software world
  • Components provisioned at manufacturing time with certificate chain & key pairs that can be matched against their pre-provisioned expectations
• Measurement
  • Run-time component checking of firmware, configuration, FPGA bit files, chip straps, etc.
  • Components send signed measurement data to host for comparison with allowed values
• Integrity (data encryption)
  • Ensuring data on the wire is secure from observation *and* tampering

Getting all this done requires a lot of work from standards bodies and the associated implementation of those standards in hardware. Richard explained that Synopsys is active in many of these efforts and will be ready to support those standards in its IP and tools when they are announced. PCIe is the dominant I/O interconnect and this is likely where a lot of early work will be done across areas such as authentication, measurement and integrity.

Compute Express Link (CXL) is a new high-speed CPU interconnect standard. Richard pointed out that it’s based on PCIe and will likely build on PCIe security additions. It turns out there are a lot of interlocking pieces to affect real improvements in network and data security; low-level key exchanges, measurement algorithms and packet definitions that support encryption and integrity information to name a few. The last one has the added complexity of handling replay mechanisms for link error recovery in a way that doesn’t weaken cryptographic strength.

I have a new appreciation for the complexity of hardware-level security after my discussion with Richard. It’s comforting to know that Synopsys is active on many fronts and will be prepared to support early adopters. Expect to hear a lot more about these efforts over the coming months. Start thinking about how this impacts your future design work NOW and then talk to Synopsys. You can also learn more about the Synopsys DesignWare IP solutions for PCI Express here. You’ll find lots of information and resources there, including several good videos.