Jon Martindale of Digital Trendsrecently sat down with Ben Levine, Rambus’ senior director of product management, to discuss the ever-growing importance of designing secure processors in the wake of Meltdown and Spectre.
According to Levine, the semiconductor industry has traditionally maintained a reactive posture to security by waiting for critical vulnerabilities to surface before fixing them. Although there are many reasons for this approach, it is important to note that designing a secure, general-purpose processor has always been a rather challenging proposition.
As Levine point out, this is precisely why the Rambus CryptoManager Root of Trustshifts critical functionality from a complex, general-purpose CPU to a secure core that is siloed from the primary processor. Indeed, the Rambus CryptoManager Root of Trustcan be safely tasked with securing encryption keys, validating banking transactions, processing login attempts, storing private information in secure memory and validating that boot records haven’t been corrupted or compromised during startup.
“The idea is not to come up with one CPU that can do everything to be very fast and be very secure, but rather, let’s optimize different cores separately for different objectives,” Levine explains. “[We’re saying] let’s optimize our primary CPU for performance or lower power – whatever is important for that system – and optimize another core for security. [For example, implementing] cryptographic algorithms, encrypting or decrypting from an algorithm like AES, or using a public key algorithm like RSA or elliptic curve is relatively slow to do in software. [However], a security core [with] hardware accelerators can do it much faster.”
Depending on the application, says Levine, the use of a secure core will likely happen at the OS and system level, rather than the application level.
“If you’re building your OS and overall system software correctly, then you can utilize most of that security functionality without application developers having to worry about it,” he states. “You can provide APIs to expose some of the security core functionality that could easily be consumed by the application developer like encrypting and decrypting data.”
In addition, Levine notes that the Rambus CryptoManager Root of Trustsecure core is (physically) tiny in comparison to the primary processor.
“There’s really no significant impact on the cost of the chip, power, or thermal requirements. You can do a lot in a small logic area if you design it carefully. We’re shooting for simplicity and if you keep something simple you keep it small. If it’s small it’s low power,” he elaborates. “These cores should be and need to be much smaller than one of the main big CPU cores that you get in a chip from Intel or AMD. It won’t be seven plus one, it will be eight or whatever core processor and one or perhaps more than one, small security core that provides security functions for all of the other cores.”
Levine also emphasizes that there will always be additional exploits and vulnerabilities beyond Meltdown and Spectre.
“These exploits are not the only vulnerabilities out there. There will always be more. The complexity of modern processors makes that inevitable. Let’s change the problem and let’s accept that there will be more vulnerabilities in general purpose CPUs and the things that we care a lot about, like keys, credentials, data, let’s move it out of the CPU and let’s bypass the whole problem,” he concludes.