The Importance of Security Features in a CXL Memory Controller to Protect Mission-Critical Cloud Data

The explosion of modern applications such as Artificial Intelligence, Machine Learning and Deep Learning is changing the very nature of computing and transforming businesses. These applications have opened myriad ways for companies to improve their business development processes, operations, and security and to provide better customer experiences. To support these applications, platforms are being designed to utilize SoCs that can process large data sets in cloud data centers, have specialized processing power to service the use cases, create customized solutions, and scale this market. The market size of AI was valued at $65.48 billion in 2020, and is projected to reach $1,581.70 billion by 2030, growing at a CAGR of 38.0% from 2021 to 2030, according to a recent report by Allied Market Research.

With this exponential growth comes rising concerns about the security on these platforms running mission-critical applications in emerging markets such as healthcare, automotive, and data analytics. Security is one of the major factors that is contributing to the complexity as well as cost of development and maintenance of these systems. In fact, per the 2022 report published by IBM Security, the global average total cost of a data breach increased to USD 4.35 million in 2022 and is the highest in history. What’s even more concerning is that it took an average of 207 days to identify the breach and 70 days to contain it.

The complexity of the threats by malicious actors who can breach these platforms has been increasing significantly over the past decade and it needs to be addressed with concrete security measures at the hardware, software, and protocol level on platform SoCs.

Figure 1: Average total cost of a data breach in USD millions (Source: IBM Security, 2022)

Security Threats Plaguing Cloud-Centric SoCs

The challenge for chipmakers is not only to develop high performance SoCs for cloud applications, but also to have features that can counter the sophistication of the threat vectors to secure confidential and sensitive assets on the platforms. The big question companies now ask is how much security is enough and, even if a device starts out with its security intact, will it remain secure throughout its lifetime.

This became evident with recently discovered vulnerabilities: Meltdown, Spectre, and Foreshadow which were based on speculative execution and branch prediction. Through such incidents, we have discovered how attackers use sophisticated attack vectors to breach a system. These attack vectors include:

Attacks on data-in-transit such as intrusion attacks using sniffing devices, which can lead to data leakage or alteration of code or data being transmitted on high-speed links.
Attacks on data-in-use such as side-channel attacks which include Electromagnetic (EM) attack and Differential power analysis (DPA), where the information during code execution is exploited to alter the device behavior.
Attacks on data-at-rest such as availability related threats, including disruption or Denial-of-Service (DoS) attacks against stored data in systems.

Figure 2: Security attack vectors on data

As these attacks become more sophisticated, next generation interconnect standards such as Compute Express LinkTM (CXL™) are also continuously adapting to protect against these threats by defining better security protocols to provide data confidentiality, integrity, and data encryption (IDE) mechanisms transiting a CXL link.

Security Features Needed in a CXL-based Memory Controller

Cloud based applications such as AI and ML require SOCs that can increase memory bandwidth to unlock the performance required for next-generation data centers. Compute Express Link™ is an open standard developed to provide high-speed, low-latency, cache-coherent interconnect for processors, accelerators, and memory expansion. CXL Type-3 memory controllers can provide a cost-effective and high-performance solution to expand memory bandwidth and capacity. Additionally, to protect against attacks described earlier, a CXL Type-3 device also needs to implement security features using cryptographic techniques defined in CXL 2.0 specification as well as other industry standard data encryption, authentication mechanisms. The following sections describe some of the important security features that a CXL-based memory controller needs to implement to protect sensitive assets in a data center.

CXL 2.0 IDE

Considering the modern threat vectors, the CXL Consortium, in close collaboration with other industry-standard bodies such as PCI-SIG and Distributed Management Task Force (DMTF), has incorporated the Integrity and Data Encryption (IDE) features in the CXL 2.0 specification. IDE features are designed to provide confidentiality, integrity, and replay protection at a FLIT level (Flow Control Units). It defines Message Authentication Code (MAC) which are designed to protect against attacks such as interception of packets between point-to-point devices CXL links. While security is an essential requirement, system designers must also consider the performance needs of their systems when enabling IDE. To address the balance between performance and security, CXL 2.0 specification defines two IDE modes:

Containment Mode where the data is released for further processing only after the integrity check passes. This mode impacts both latency and bandwidth. The bandwidth impact comes from the fact that integrity value is sent quite frequently.
Skid Mode where the data will be released for further processing without waiting for the integrity value to be received and checked. This allows for less frequent transmission of the integrity value. Skid mode allows for near zero latency and very low bandwidth overhead.

Hardware-based Root of Trust (RoT)

An immutable hardware-based Root-of-Trust (RoT) is essential for implementing an entity that can be trusted to always behave in the expected manner and is the foundation upon which all further security layers are created. To ensure that all the layers involved in device operation are secure, it is imperative to extend the circle of trust from hardware-based RoT to every single component that stores firmware and configuration settings used by the device.

Secure Boot

Extending security from RoT requires implementation of a secure boot mechanism to verify the integrity of every code being loaded on the device before it’s allowed to execute. Secure boot process uses asymmetric private-public key pair. A private key is used with a corresponding asymmetric public key in a cryptographic algorithm for computation and verification of digital signatures. The private key is uniquely associated with the owner, is not made public, and is used for generation of the digital signature of the data. The public key is used to verify a digital signature that was signed using the corresponding private key. Since the public key itself isn’t considered a device secret, it is made public. Immutable RoT enforces authentication of the next stage mutable bootloader by checking the code for proper signature by an approved signer. Secure boot is considered successful if the integrity check passes and fails if it doesn’t. This process is repeated on all other layers of the firmware.

Memory Encryption

Memory encryption is an important feature for a CXL-based Memory Controller since it interfaces with off-chip memory devices to enable memory expansion, pooling and sharing. Encrypting memory is one of the most reliable techniques to prevent data being accessed across different guests/domains/zones/realms.
AES-XTS, is the de-facto cryptographic algorithm for protecting the confidentiality of data-at-rest on storage devices. It is a standards-based symmetric algorithm defined by NIST SP800-38E and IEEE Std 1619-2018 specifications. Advanced memory encryption technologies also involve integrity and protocol level anti-replay techniques for high-end use-cases. DRAM inline cipher engines protect data in use for secure memory transactions at high data rates between hosts and attached memory. With memory encryption in place, even if any of the isolation techniques have been compromised, the data being accessed is still protected by cryptography and it prevents physical attacks like a hardware bus probing on the interface.

Conclusion: Leo Memory Connectivity Platform Provides End-to-End Security

Security is essential for high-performance CXL interconnects to protect private and sensitive user information transmitted on the links. Leo Memory Connectivity Platform provides a complete set of end-to-end security features to protect mission-critical user data. Leo’s security features provide data confidentiality, integrity, and data encryption (IDE) mechanisms transiting a CXL link, as well as additional security features to ensure modern cloud-based systems and valuable user data are protected. These security measures apply to a wide variety of use models, offer broad interoperability, and align to industry best practices.