Operators will be given the tools to enhance the security measures within their data centres as a result of the new Data Centre Work Group, formed by the Trusted Computing Group (TCG).
Data centres play a crucial role for business operations across the globe, but they remain prime targets for cyber criminals. Should an interposer position themselves between the Central Processing Unit (CPU) and a hardware Root of Trust – such as the Trusted Platform Module (TPM) – within a data centre, they can cause significant damage by gaining possession of legitimate control signalling between the CPU and the TPM. Interposers can even inject their own boot code into the CPU and wield an authorisation key to fool a remote verifier to make the TPM attest the integrity of fraudulent information. This allows them to snoop, suppress and modify vital signals and measurements, and, as a result, will be able to access and exploit secrets and information from within the data centre, weaponising it against the operator.
To this end, the Data Centre Work Group at TCG has been formed to establish trust within systems and components within a data centre, focusing primarily on developing protective measures against any active interposers within a system. The Work Group will examine the existing attack enumerations against data centres, and devise ways to avoid or mitigate them. These attacks include the feeding of compromised boot code to the CPU, impersonations of the CPU to the TPM, the suppression and injection of false measurements to a legitimate TPM, and the redirection of legitimate measurements to an attacker controlled TPM.
“With the formation of this Work Group, a TPM will be empowered to protect the resources and communication of a CPU to which it is bound with precise, given measurements”, says co-Chair of the Data Centre Work Group, Dennis Mattoon. “The TPM will also be able to prove the measurements and the correct CPU instance of a given object to a verifier. We look forward to developing our plans to continue establishing trusted computing within data centres”.
Dennis and Jeff Andersen have been confirmed as the co-Chairs of the Work Group. Dennis is a Principal Software Development Engineer for Microsoft Research, and co-Chairs the attestation, supply chain security, DICE, and marketing work groups at TCG. Jeff is a Staff Software Engineer at Google and became a member of the TCG in 2021.
“We’re delighted to publicly announce the formation of the new Work Group”, says Jeff. “Current data centre hardware designs make it difficult for CPUs to be permanently bonded with the TPM, creating a gap for malicious entities to exploit. Our goal is to overcome the interposers operating within this area and mitigate the significant threats they can bring to data centres.”
The Work Group will also look at protecting the data centre against hackers looking to clear platform configuration registers (PCRs) in the legitimate TPM by falsely asserting that the CPU has reset. As a result, operators will be able to trust that the components and hardware found within the system are operating successfully without the fear it may become weaponised by an attacker.