Hardware-based cloud security solutions provide a higher level of protection as compared to software only security measures. Unfortunately the industry has found adopting and deploying hardware based security technologies on a broad scale challenging due to the lack of solution integration and deployment tools available. To overcome these challenges, Intel created the Intel® Security Libraries for Data Centers (Intel® SecL–DC). Intel® SecL–DC consists of software components providing end-to-end cloud security solutions with integrated libraries. HyTrust CloudControl utilizes software components provided through Intel® SecL–DC to leverage next generation hardware based security technologies.
What is a TPM?
A Trusted Platform Module (TPM) is a hardware device that provides mini HSM (Hardware Security Module) like capabilities, random number generation, and more secure protection of certain data including encryption keys. Applications can use the TPM to help authenticate hardware devices as each TPM chip has a unique, secret RSA key burned into the chip during manufacturing. TPMs conform to the Trusted Platform Module 2.0 specification. Here are the main functions of a TPM:
How does the TPM perform integrity measurements on a system?
Static Root of Trust for Measurements
Static Root of Trust for Measurements (SRTM) takes place at system boot. The platform is assumed to be in a secure state and starts in an immutable environment when it is booted (Core Root of Trust for Measurement (CRTM)). The next item in the boot chain is then measured and that measurement is stored inside the TPM. This has scalability, inclusivity, and timing issues that Dynamic Root of Trust for Measurements (DRTM) addresses.
Dynamic Root of Trust for Measurements
Dynamic Root of Trust for Measurements (DRTM) happens while the system is running. A good example of this is Intel’s implementation called Trusted Execution Technology. The goal is to create a more trusted environment from an untrusted state. Intel Trusted Execution Technology (TXT) creates a more secure and clean state, helping provide a hardware root of trust for platform integrity measurements to be extended to a Trusted Platform Module (TPM) by reporting measurements to the Platform Configuration Registries (PCR’s). This can be called the Chain of Trust, which acts as an unchanging hardware measurement agent, also referred to as hardware Root of Trust. Each measurement is performed by a component that was itself measured by the previous component in the chain of trust. This is remotely verified through the trust attestation process.
Why do these measurements matter?
Trusted computing consists primarily of two activities – measurement and attestation. Measurement is the act of obtaining cryptographic representations for the system state. Attestation is the act of comparing those cryptographic measurements against expected values to determine whether the system is booted into an acceptable state. Any entity can verify that the measurements originate from a TPM, allowing for better detection of tampering, corruption, and malicious software such as rootkit attacks. For example, when an ESXi host is added to, rebooted from, or reconnected to vCenter Server, vCenter Server requests an Attestation Key (AK) from the host. Part of the AK creation process also involves the verification of the TPM hardware itself, to ensure that a known (and trusted) vendor has produced it. vCenter Server requests that the host sends an Attestation Report, which contains a quote of Platform Configuration Registers (PCRs), signed by the TPM, and other signed host binary metadata. Click here to get more details on the remote attestation process that VMware follows. These measurements, or Attestation Report, provide cryptographically verifiable evidence that can help with the following:
- Compliance – such as PCI, SOX, or HIPAA, by helping ensure workloads are subject to appropriate configurations and remain on the correct compute resources
- Data sovereignty – if a company is subject to any data privacy law, integrity measurements can help prove data remains housed on servers within a given country. For example, European General Data Protection Regulation (GDPR)
- Trust based policy or isolation such as organizational boundaries
- Internal or external audits
How does HyTrust fit into this?
Virtual machines are by nature dynamic and highly portable. They generally contain everything needed to run an application or workload, largely independent of the underlying hardware. Historically, there has been no automated way to ensure these workloads can only be instantiated on a specific, designated, or trusted server in a trusted location. It’s important to understand that while the TPM collects these measurements, it does not take action on them. So how might I take action on them? HyTrust will be integrating Intel® Security Libraries for Data Centers (Intel® SecL-DC) with CloudControl, providing a number of enhancements to the Platform Integrity and Data Sovereignty functions. When combined with HyTrust DataControl, they can utilize policy rules to authorize delivery of encryption keys called HyTrust BoundaryControl. Intel® SecL-DC dramatically streamlines management of these more trusted features, adding new support for TPM 2.0 and Intel TXT compatible with VMware version 6.7u1. Intel® SecL-DC also provides Asset Tag functionality, which allows information like location to be written more securely to hardware. The Asset Tag is exposed to HyTrust CloudControl to use for logical segmentation and improved data security through Policy-based access control. Writing of Asset tags to the TPM directly was added in ESXi version 6.5 u2 for TPM 1.2. The Asset Tag functionality complies with NIST IR-7904, and can be used to aid in meeting compliance requirements like those mandated by the European General Data Protection Regulation (GDPR).
HyTrust BoundaryControl solves three main use cases:
- Geographical mandates: There are a burgeoning number of privacy and data sovereignty laws—such as those in Australia, Canada, and Europe—that require residents’ personal data to stay within country borders. As organizations expand their cloud deployments, they are increasingly concerned about how easily virtualized data sets can be moved across geographies, national boundaries, or legal jurisdictions.
- Zoning: Organizations have traditionally kept data of different risk classifications physically separate by “air gapping” servers and applications. As companies adopt virtualization and cloud computing for mission-critical or regulated applications, they seek ways to create more secure zones and enclaves within this consolidated infrastructure.
- Availability and uptime: Human error accounts for a significant percentage of datacenter downtime. Virtualization makes it easier for simple errors to have far reaching impact. For example, a virtual machine can be suspended or deleted in a mouse click. If that VM is running your credit card processing system, the implications and costs can be enormous. IT organizations consistently seek to ensure availability— and for cloud service providers, uptime is also mission critical.
Hardware-based cloud security solutions provide a higher level of protection as compared to software only security measures. HyTrust CloudControl’s trust based policy is rooted in Intel® Trusted Execution Technology (Intel® SecL-DC). It provides processor-level attestation of the hardware, BIOS, and hypervisor, allowing sensitive workloads to run on a more trusted platform. Cloud Orchestrators, SIEM tools, and security applications can consume these cryptographically verifiable hardware-tagged attributes to add visibility and control over workload placement. In subsequent blog posts we will dive deeper into some use cases where HyTrust and the use of Intel® Trusted Execution Technology (Intel® SecL-DC) can benefit an organization.