Invasive cyberattacks on data centers cost billions of dollars annually, but they can be mitigated with sophisticated software and hardware-based security countermeasures. But a physical attack on machines in a data center using various fault injection methods can cause harm without breaching security. So Intel has developed its Tunable Replica Circuit (TRC) telemetry monitoring technology already supported by its 12th Generation Core Alder Lake platform to detect such attacks.
"Software protections have hardened with virtualization, stack canaries, and code authentication before execution," said Daniel Nemiroff, senior principal engineer at Intel. "This has driven malicious actors to turn their attention to physically attacking computing platforms. A favorite tool of these attackers is fault injection attacks via glitching voltage, clock pins and electromagnetic radiation that cause circuit timing faults and may allow execution of malicious instructions and potential exfiltration of secrets."
Intel's Alder Lake 600-series chipsets (which Intel calls platform controller hub, or PCH) that support the company's Converged Security and Management Engine (CSME) already feature a TRC module that constantly monitors the operation of other components in the system, including the CPU itself.
TRC monitors such things as timing failures due to a voltage, clock, temperature, or electromagnetic glitch, which a variety of things might cause. For example, when specific CPU timings are out of the ordinary, this may indicate a cyberattack (one that uses a fault injunction or exploits holes in security). The set of TRC sensors is calibrated to detect errors caused by a fault injection rather than by normal workload voltage droops, so Intel is confident that the technology will not activate mitigation techniques to ensure data integrity in normal conditions due to a false positives probe.
"By changing the monitoring configuration and building the infrastructure to leverage the sensitivity of the TRC to fault injection attacks, the circuit was tuned for security applications," said Carlos Tokunaga, principal engineer in Intel Labs, explaining the research approach.
While the TRC technology is test driven on a client platform, it will likely find itself in Intel's upcoming data center platforms as well. For obvious reasons, it is harder to get into a data center physically that to gain access to a PC. But once a perpetrator is in, he gets access to loads of systems simultaneously so TRC might be pretty helpful.