CMA/SPDM—Một lớp bảo mật bổ sung cho PCIe Transport
In today’s data-driven world, everyone is navigating a vast ocean of information that transcends across unsecured links and can easily fall prey to digital hackers. To keep our data safe, it is crucial to beef up security and make sure that only the right users can access our data.
This article dives into the world of secure communication, where component measurement and authentication (CMA) and security protocol and data model (SPDM) are the heroes that keep our data safe. The article explores two methods for setting up this secure connection: the classic symmetric flow, where everyone shares the same secret code, and the asymmetric flow, where each device has its unique key. It covers how keys are made with the Diffie-Hellman (DHE) key exchange and how digital signature algorithms (DSA) are used for proving authenticity. Finally, the article examines why new elliptic curve cryptographic (ECC) algorithms are the latest technology: compact, fast, and effective.
Here are the basic security services you need to know about:
- Authentication: Ensures that both parties in a communication are who they say they are, so no impostors can sneak in.
- Access Control: Manages who can use specific applications and resources, making sure only authorized users get access.
- Data Confidentiality: Keeps your data private and secure, ensuring that only the intended recipients can read it and protecting it from prying eyes.
- Data Integrity: Ensures that your data remains accurate and unaltered throughout its life, using error checks and validation to prevent tampering.
- Nonrepudiation: Guarantees that neither sender nor receiver can deny sending or receiving a message, providing proof of a transaction.
Key Terms to Know:
- Plaintext: The original, unsecured message.
- Encryption Algorithm: The mathematical formula that turns plaintext into a secret code.
- Ciphertext: The secured message, which looks like gibberish until you have the right key.
- Decryption Algorithm: The reverse formula that turns the secret code back into plaintext.
- Keys: The secret codes or pairs of codes that lock and unlock the message through the algorithm.
Security through CMA/SPDM
The SPDM specification outlines a protocol for secure messaging, allowing for authentication and encrypted data exchanges, like transaction packets. The CMA specification shows how SPDM can be applied to PCIe® systems. CMA adapts SPDM for PCIe by mapping its security features to ensure safe communication between components. As SPDM evolves, CMA/SPDM will also be updated to include new features, maintaining a structured approach to security.
Fig.1: CMA/SPDM flow for establishing a secure connection.
- Starting a Secure Session: SPDM uses a series of messages to set up a secure connection, starting with checking the device versions and capabilities and then identifying which encryption method to use, .i.e., symmetric or asymmetric.
The symmetric flow uses one shared key for both encryption and decryption. Both devices need to have this key, called a pre-shared key (PSK), before starting. The PSK helps create handshake secrets to secure communication.
Fig.2: CMA/SPDM symmetric flow.
The asymmetric flow uses two related keys—a public key for encryption and a private key for decryption. This method avoids the problem of sharing a key beforehand and includes digital signatures for added security and authentication.
Fig.3: CMA/SPDM asymmetric flow.
- Elliptic Curve Cryptography: While RSA has been the go-to for secure digital signatures and encryption, it requires larger key sizes as security demands increase, which can slow things down. ECC offers similar security with much smaller keys, reducing processing time and costs. Despite being newer and less tested than RSA, ECC is gaining traction.
Key Generation with Diffie-Hellman: The DHE algorithm helps two users securely share a key, which is then used to encrypt messages. The key is used to compute a handshake secret. The process for generating this key is detailed in Table 2, comparing traditional methods with ECC.
Point Operations in Elliptic Curve Cryptography: Key operations are addition (combining points), doubling (adding a point to itself), and negation (finding the opposite point). Scalar multiplication, which scales a point using repeated addition and doubling, underpins ECC’s encryption, decryption, and digital signatures.
- Authentication with Digital Signatures: Digital signatures add a unique code to a message, created using the sender’s private key. This code confirms the message’s origin and ensures it hasn’t been tampered with. In mutual authentication, parties exchange session keys and verify each other’s identities. For one-way authentication, the recipient needs to be sure the message is from the claimed sender.
Digital Signature Algorithm (DSS): DSS uses a hash of the message and a signature function to create a signature, which includes two parts, r and s. The signature can be verified with the sender’s public key. Only the sender with the correct private key can create a valid signature.
Fig. 4: Digital signature generation and verification steps.
- ECC Computational Advantages: ECC offers the same security as traditional methods but with smaller keys, making it faster and more efficient. This is because solving elliptic curve equations is more challenging than discrete logarithms used in other methods. Smaller keys mean faster encryption and easier management.
Verification Strategies
Siemens Verification IP (VIP) for PCIe is designed to thoroughly validate PCIe designs, ensuring that secure connections are established correctly through CMA/SPDM before any encrypted data packets are transmitted. This robust tool aligns with the CMA Revision 1.1 and SPDM version 1.3.0 specifications, offering a comprehensive suite of features for secure and reliable design verification. Key features include:
- Complete SPDM Message Support: Siemens VIP provides full support for the SPDM messages necessary to set up a secure connection. This ensures that all critical aspects of the secure session are properly tested and validated.
- Customizable Stimulus Generation: Users can generate SPDM stimuli using flexible sequence items with all required fields available for modification. This allows for precise control over testing scenarios and validation processes.
- Versatile API Integration: Siemens VIP utilizes a variety of APIs to generate stimuli with valid field values, streamlining the process of creating and managing test cases.
- Advanced Error Injection: You can test your design’s resilience with built-in error injection capabilities. This feature helps identify how the system behaves under erroneous conditions, ensuring robustness and reliability.
- Extensive Testing Sequences: This feature gives you access to a wide range of available sequences to test all possible positive and negative cases. This comprehensive coverage ensures thorough validation of your design.
- Powerful Debugging and Assertions: You can benefit from multiple assertions and detailed debug messages that assist in pinpointing error scenarios and facilitating efficient debugging.
- Symmetric and Asymmetric Flow Support: Siemens VIP establishes secure connections with both symmetric and asymmetric SPDM flows. This flexibility allows you to validate a broad range of secure connection scenarios.
- Advanced Key Generation: For asymmetric flows, Siemens VIP supports key generation algorithms such as secp256r1 and secp384r1, enhancing security and efficiency in key management.
- Robust Digital Signature Algorithms: Siemens VIP verifies digital signatures with support for algorithms including TPM_ALG_ECDSA_ECC_NIST_P256 and TPM_ALG_ECDSA_ECC_NIST_P384, ensuring integrity and authenticity.
- Wide Device Compatibility: Siemens VIP supports a broad range of device configurations and advertised capabilities, making it versatile and adaptable for various testing needs.
Siemens VIP for PCIe combines advanced features, flexibility, and comprehensive testing to provide a powerful solution for validating secure PCIe designs.
In today’s world, where digital attacks are on the rise and data security is a top priority, securing data transfer protocols like PCIe is crucial. The SPDM flow can help create a secure channel for sending encrypted data packets, ensuring your information stays safe. And Siemens VIP for PCIe ensures your SPDM designs meet CMA/SPDM specifications, offering comprehensive verification support. If you’re looking for more information on how to protect your data transfers effectively, please download the new whitepaper, Averting hacks of PCIe transport using CMA/SPDM, from Siemens.
Suprio Biswas
Suprio Biswas is Lead Member Technical Staff in the Questa Verification IP team of Siemens EDA. He holds a B.Tech in Electronics and Communication Engineering from Netaji Subhas Institute of Technology. Biswas has more than 4 years of working experience in PCIe Gen5 and 6 VIPs.