OCP L.O.C.K..pdf

1、OCP L.O.C.K.LayeredOpen-sourceCryptographicKey-managementJeff Andersen,Staff Software Engineer,GoogleEric Eilertson,Principal Engineer,MicrosoftOCP L.O.C.K.Security and Data ProtectionWho we areLife of a data center storage deviceDrive arrives from the supplierDrive is given user data to storeDrive

2、is decommissionedDecommissioning drivesThe physical drive is leaving the data centerUser data cannot be permitted to escapeDefault policy:destroy the driveSafest way to ensure bits on the drive dont escapeProduces significant e-wasteImpacts bottomline of drive ownerInhibits second-hand marketsOne te

3、chnique:overwriteWrite over every piece of data held within the driveEvery portion of the drive must be overwritten,before the drive is allowed to leave in one pieceMulti-pass overwriteProblem:drive failureIf any portion of the drive cannot be overwritten,erasure fails and the drive must be destroye

4、dErgo,we still destroy a lot more disks than wed likeMulti-pass overwriteProblem:NVMe page managementOn NVMe drives,bad pages are hidden from the hostThe host cannot even address such pagesHidden pages may have user dataMulti-pass overwriteSolution:drive encryptionEnsure all data on the drive is enc

5、rypted to a keySolution:drive encryptionEnsure all data on the drive is encrypted to a keyForget the keyNVMe self-encrypting drivesThe drive manages encryption keysAllows granular mapping of keys to address rangesNVMe self-encrypting drivesThe drive manages encryption keysAllows granular mapping of

6、keys to address rangesAllows granular mapping of keys to usersUser 1User 2Risk:drive theftKeys must be erased before the drive leaves the DCIf the drive is stolen,the keys surviveA determined adversary may obtain user dataMitigation:key material held outside the driveAll media keys protected with a

7、secret the drive does not haveIf the drive is stolen,the root secret remains safeBy extension,all media keys remain safeProtected byHow in practice:admin credentialsSet up a strong admin passwordHold the password off-drive,such as in a TPMRely on the drive to transitively protect all media keys with

8、 the admin passwordAdmin passwordUser 1User 2AdminMediaMedia keyMediaEncrypted media keyMedia keyA working implementationAdmin secretMedia keyMediaEncrypted admin secretEncrypted media keyDecryptDecryptEncryptAdmin passwordEncrypted media keyStored persistently within driveOver-simplified diagramMed

9、iaMedia keyMediaEncrypted media keyMedia keyBroken implementation#1Admin secretMedia keyMediaEncrypted media keyDecryptCompareEncryptAdmin passwordEncrypted media keyStored persistently within driveOver-simplified diagramStored persistently within drivePassword hashMediaMedia keyMediaMedia keyBroken

10、 implementation#2Media keyMediaCompareEncryptAdmin passwordStored persistently within driveOver-simplified diagramStored persistently within drivePassword hashMediaMedia keyMediaEncrypted media keyMedia keyBroken implementation#3Admin secretMedia keyMediaEncrypted admin secretEncrypted media keyDecr

11、yptDecryptEncryptAdmin passwordEncrypted media keyStored persistently within driveOver-simplified diagramExtractable via external interfaces(JTAG,UART,PCIe,etc.)or glitch attacksOverall problemStorage key management is critical to get rightThreat model is significantDrive theft,supplier infiltration

12、,hardware attacksImplementations vary in qualityAuditing implementations is a chorePost-deployment fixes are herculeanUser 1User 2AdminRecall:CaliptraSilicon roots of trust are critical components in data center hardwareCaliptra is an OCP specification for an internal root of trust IP block for SoCs

13、An open source implementation has been delivered at CHIPS AllianceEnsures consistency,transparency,openness and reusabilityAt this level,security should be boringIntroducing:OCP L.O.C.K.A project to deliver an open implementation at CHIPS Alliance,leveraging and following CaliptraScoped specifically

14、 to storage devicesProvides key management services to the drive and host,utilizing services from CaliptraUser 1User 2AdminL.O.C.K.LayeredOpen-sourceCryptographicKey-managementKMB:Key Management BlockAES crypto engineStorage controller firmwareComponentsKMB:Key Management BlockComponentsAES crypto e

15、ngine(existing)Performs line-rate encryption of data as it enters and exits the storage deviceStorage controller firmwareAES crypto engineKMB:Key Management BlockComponentsController firmware(existing)Manages users and wrapped keysAES crypto engineStorage controller firmwareAES crypto engineComponen

16、tsKMB(new)Generates keys and protects them at restBinds keys to externally-injected seedsStorage controller firmwareKMB:Key Management BlockComponentsKMB(new)Securely communicates media keysto the crypto engineStorage controller firmwareKMB:Key Management BlockAES crypto engineKMB:Key Management Blo

17、ckAES crypto engineComponentsCaliptraProvides attestation services for KMBProvides root secrets for media key encryptionStorage controller firmwareComponentsTrust boundaryCaliptra+KMB removes system management and control interfaces from the data-at-rest TCBStorage controller firmwareKMB:Key Managem

18、ent BlockAES crypto engineComponentsTrust boundaryL.O.C.K.enables I/O path innovation,while maintaining a common,minimal TCBStorage controller firmwareKMB:Key Management BlockAES crypto engineMedia keyMedia keyKMB key hierarchyStorage root keyKDFKDF:key derivation functionExternal root seedPersisten

19、tly-stored dataGenerated secret,visible only to KMBDecryptWrapped device secretDevice secretKDFDecryptWrapped media keyMedia key seedMedia keySecurely programmed into the AES crypto engineWrapped media keyWrapped media keyController firmwareExternal systemSummary and Call to ActionL.O.C.K.will deliv

20、er a common IP block for storage devicesL.O.C.K.ensures secure management of media keysCall to Action:Look for the 0.5 spec later this summerJoin CHIPS Alliance if interested in collaborating on the implementationL.O.C.K.Thank you!BackupMedia keyMedia keyKMB key hierarchy w/KPIOStorage root keyKDFKD

21、F:key derivation functionExternal root seedPersistently-stored dataGenerated secret,visible only to KMBDecryptWrapped device secretDevice secretKDFDeriveMedia key seedMedia keySecurely programmed into the AES crypto engineController firmwareExternal systemInjecting external seedsDICE Protection EnvironmentFresh wrapping keypairNoncePub key+nonceWrapping pub keyDICE signatureExternal seedWrap keyWrapped seedExternal seedUnwrap key23451Generated secret,visible only to KMBExternal systemVerify signature