By Dennis Mattoon, Co-Chair of the Data Center Work Group

Owing to the value of information and applications stored in them, data centers remain key targets for cybercriminals. A series of cyberattacks carried out between September 2021 and January 2023 targeted GDS Holdings and ST Telemedia Global Data Centers whose major customers, including  Amazon and Walmart, were negatively impacted by the hack. Attackers managed to steal data from corporate helpdesk systems and remote management services and attempted to gain access to embedded sever management services. Over 2,000 customer records were put up for sale in the aftermath of the first attack, with researchers later finding evidence a further 1,210 records were stolen later that year.

Current data center hardware designs make it difficult for the Central Processing Unit (CPU) to be bonded with a hardware Root of Trust (RoT), such as the Trusted Computing Module (TPM). This results in a gap for malicious individuals or organizations to exploit. Through sophisticated methods, interposers are able to be positioned between the CPU and the TPM. If this is successful, attackers can quickly gain control of legitimate code signalling between the two elements. This would enable them to inject their own boot code into the CPU and wield an authorization key to fool a remote verifier. As a result, the TPM may attest the integrity of fraudulent code or data, giving the attacker control over the information traversing the data center.

Should the interposer be able to spy, suppress, and modify any vital signals and measurements, a hacker will be able to access and exploit crucial secrets held within the facility, and turn these against an operator.

Establishing trust within the data center

To overcome these types of threats, the TCG has formed a new work group in order to establish trust within the systems and components used in data centers. The ‘Data Center Work Group’ (DCWG) will focus primarily on developing protective measures against potential active interlopers within the system. They will examine key attack enumerations consistently used against data centers. These include feeding compromised boot code to the CPU, impersonations of the CPU to the TPM, the suppression and false measurements to a legitimate TPM, as well as the re-routing of legitimate measurements to an attacker controlled TPM.

They will also consider the best approach to protecting data centers against interposers looking to clear platform configuration registers (PCRs) within a legitimate TPM through false assertions indicating the CPU has reset. This will enable operators to trust the components and hardware found within the facility are operating successfully and give them the peace of mind that the threat of these being weaponized has been vastly reduced.

Attest and protect

As part of this mission, the DCWG is currently working with other work groups within the TCG, including the TPM, DICE, and Server work groups, to establish RoT profiles to support data center infrastructure. This will enable a CPU complex to protect the communication between itself and the TPM. The CPU’s own objects will be secured, and the TPM will be able to verify it is only talking to the trusted CPU. This empowers the TPM to protect the resources and communications of the CPU to which it is bound through precise given measurements. These measurements, alongside the correct CPU instance of a given object, will be able to be proved by a TPM to a verifier, ensuring all information processed can be trusted.

Through the DCWG, data center operators will be given the tools they need to mitigate potentially critical cyberattacks and ensure a trusted computing approach to protecting their critical data.