How to securely transfer data from one device to another.
With the advent of faster processing chips, the rate of data transfer has increased enormously. Be it artificial intelligence (AI), the Internet of Things (IOT), compute intensive analytics, or cloud computing, the demand for processing data in a fraction of a second is huge. Chips with superfast computing capabilities are used in applications where malfunctions can be life threatening, such as in self-driving cars, so accuracy is of critical importance.
Have you ever wondered: how is the security of these life-critical devices safeguarded and how is data transferred securely from one device to another? These are important questions because the authenticity of data transfers is of prime importance. Imagine a case where a hacker manipulates the data going from the sensor to the processor in a self-driving car, and instead of signaling the car to turn right, the hacker manipulates it to turn left — the result could be deadly and likely very costly.
PCI Express has come up with a solution to tackle the problem of securely transferring data from one device to another. The PCI Express community, PCI-SIG, has come up with a new feature, called Integrity and data encryption (IDE). As the name suggests, integrity of data is maintained through an encryption process, and authenticity is ensured by the application of message authentication code (MAC) along with the transferred data. This is done by transferring the data in transaction layer packets (TLPs), which are first encrypted and then appended with MAC so that the receiver can ensure the packet is authentic and untampered with during transit before it is decrypted back to the original data. The algorithms used in IDE for the encryption-decryption processes are well proven, best practice, industry standard algorithms.
This article discusses the flow used in the encryption and decryption of IDE TLPs in PCI Express. It explains how IDE provides security against digital attacks for TLPs sent from the transmitter to the receiver for various use models, including the transfer of data to devices connected link-to-link or devices connected through switches. Further, it also discusses the aggregation feature in IDE and the comprehensive verification solution that PCIe QVIP provides for verification of the entire IDE feature.
Integrity and Data Encryption (IDE)
IDE feature in PCIe is introduced to provide integrity and confidentiality to TLPs transmitted and received between the requester and responder. It provides security against reordering of TLPs, deletion of TLPs, modifying TLP contents in between, malicious extension devices, etc.
In figure 1, data is neither encrypted nor integrity protected, so the attacker can listen to the data and even modify the content, for which there is no way to check it at the receiver.
Fig. 1: Without encryption.
In figure 2, data is encrypted but not integrity protected, so the attacker can modify the content without the actual receiver having knowledge of it.
Fig. 2: Data encryption.
In figure 3, data is encrypted and integrity is protected, so the attacker cannot read the contents neither can he modify the content. Any attempt to modify the content will be checked at the receiver and there will be MAC check failure.
Fig. 3: Data encryption with integrity.
An IDE stream is established between two ports and if there is no switch connected between the ports, then it is possible to secure all the TLPs transfer using link IDE or only selected TLPs can be secured using selective IDE. There are no dependencies between link IDE and selective IDE and the two can work independently together for two directly connected ports. The TLPs associated with selective IDE stream are encrypted using that stream’s key sets and for all other TLPs link IDE will be used and the packets are encrypted using that stream’s key sets. If there is a switch connected between the two ports, then selective IDE will be used to encrypt the packets transferred between the two ports. Figure 4 explains how IDE stream is connection is made for link and selective IDE.
Fig. 4: IDE stream connection diagram.
The encryption logic is shown in figure 5. TLP header including prefix and data (which is referred as plain text) is passed through AES-GCM logic and it uses the key and initialization vector (IV) to encrypt the packet and outputs encrypted data (which is referred as cipher text) and a MAC value. The resulting output is transmitted to the responder and at the receiver end, decryption of the packets is done.
Fig. 5: Encryption logic for IDE TLP.
At the receiver end, Header of the TLP, cipher text and MAC value is passed to AES-GCM logic which in turn uses the same keys exchanged during IDE key management process and IV value to decrypt the packets. MAC checking is done at here and if there is any mismatch, then the packet is not accepted by the receiver and MAC check failure error is reported. After decryption, the original header and data transmitted are recovered at receiver end. When aggregation is used, there can be sequential or parallel processing of data in the AES-GCM engine. Parallel processing has several advantages over sequential processing such as increased throughput, no Tx buffer required. ICVIP PCIe QVIP uses parallel processing of data which helps in gaining the advantages mentioned above.
Fig. 6: Decryption logic for IDE TLP.
There are two states associated with IDE stream, it can be either in insecure state or secure state. When the process to establish IDE session is started, the stream is in insecure state. To bring the state to secure state, first secure connection is established using CMA/SPDM then keys are configured using IDE key management process and then IDE is enabled by setting IDE enable bit. If the IDE enable bit is cleared, the stream transitions from secure to insecure state. The port can transition from secure to insecure state any time it determines that the security condition is compromised.
Fig. 7: State machine for IDE stream.
IDE TLPs
Once IDE session is established for a stream, IDE traffic can start flowing between the ports on which IDE is established. IDE TLPs are identified by IDE prefixes. The M bit in IDE prefix indicates whether MAC is present or not. MAC is message authentication code which is a 96-bit field and checks for the integrity of TLPs. The K bit in IDE prefix indicates the key set used for that TLP. When a TLP is received with K bit toggled, the older key set is invalidated. The T bit in IDE prefix indicates that the TLP is initiated from trusted execution environment (TEE) and the P bit indicates that the TLP contains PCRC, which is set only when M bit is also set.
IDE TLP Aggregation
Aggregation feature is used in IDE to increase the throughput. A number of the TLPs to be transmitted can be aggregated and MAC is calculated for the aggregation unit as a whole and is appended with the last TLP of the aggregated unit. The maximum number of TLPs that can be aggregated is eight and depends on the value of corresponding register in configuration space and if more than eight TLPs are received with M bit clear, then the receiver treats it as IDE check failed error and take appropriate action by transitioning the associated stream to Insecure state. Support for IDE aggregation is indicated by IDE aggregation supported bit in IDE capability register. Aggregation is sued among TLPs associated with same stream and sub-stream value.
Verification of IDE feature with ICVIP PCIe ICVIP PCIe QVIP supports the entire software stack required to verify latest IDE feature right from CMA/ SPDM for secure session establishment to keys configuring through IDE key management and link and selective IDE with and without aggregation.
There are multiple processes to support IDE verification with the help sequences and APIs for stimulus generation and sequence items are provided to generate the required stimulus. There are set of assertions to catch bugs early in design cycle.
To create error injecting scenarios, callbacks are provided at different levels. An exhaustive set of sequences are provided for each feature to rigorously verify the design under test.
There are many debug and log message which helps in debugging any issues in quick time by looking at the log files and loggers are also provided for easily resolving any issues in design. Some example snapshots are shown in figures 8 and 9.
Fig. 8: Log message for IDE enable.
Fig. 9: Debug message for KEY_PROG command.
Conclusion
For more background and a deeper dive into why it is so important to secure the transfer of packets between two devices and maintain data integrity, as well as how new features introduced in PCI Express will help you securely transfer data, read the full Siemens EDA whitepaper, Data integrity through TLP encryption in PCI Express.
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
Leave a Reply