Benchmarking the Security Protocol and Data Model (SPDM) for component authentication

Benchmarking the Security Protocol and Data Model (SPDM) for component authentication

Efforts to secure computing systems via software traditionally focus on the operating system and application levels. In contrast, the Security Protocol and Data Model (SPDM) tackles firmware level security challenges, which are much harder (if at all possible) to detect with regular protection softw...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:arXiv.org 2023-07
Hauptverfasser: Alves, Renan C A, Albertini, Bruno C, Simplicio, Marcos A
Format: Artikel
Sprache:eng
Schlagworte:
Authentication
Data encryption
Data models
Hard disks
Performance evaluation
Software
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
container_end_page
container_issue
container_start_page
container_title arXiv.org
container_volume
creator Alves, Renan C A
Albertini, Bruno C
Simplicio, Marcos A
description Efforts to secure computing systems via software traditionally focus on the operating system and application levels. In contrast, the Security Protocol and Data Model (SPDM) tackles firmware level security challenges, which are much harder (if at all possible) to detect with regular protection software. SPDM includes key features like enabling peripheral authentication, authenticated hardware measurements retrieval, and secure session establishment. Since SPDM is a relatively recent proposal, there is a lack of studies evaluating its performance impact on real-world applications. In this article, we address this gap by: (1) implementing the protocol on a simple virtual device, and then investigating the overhead introduced by each SDPM message; and (2) creating an SPDM-capable virtual hard drive based on VirtIO, and comparing the resulting read/write performance with a regular, unsecured implementation. Our results suggest that SPDM bootstrap time takes the order of tens of milliseconds, while the toll of introducing SPDM on hard drive communication highly depends on specific workload patterns. For example, for mixed random read/write operations, the slowdown is negligible in comparison to the baseline unsecured setup. Conversely, for sequential read or write operations, the data encryption process becomes the bottleneck, reducing the performance indicators by several orders of magnitude.
format Article
fullrecord <record><control><sourceid>proquest</sourceid><recordid>TN_cdi_proquest_journals_2837190017</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>2837190017</sourcerecordid><originalsourceid>FETCH-proquest_journals_28371900173</originalsourceid><addsrcrecordid>eNqNi7EOgjAUABsTE4nyDy9x0YGktCK4KhoXEhN0Jk0pUoQ-LGXw72XwA5xuuLsZ8RjnYZDsGFsQfxgaSinbxyyKuEceR2Vk3Qn70uYJrlaQKzla7T5ws-hQYgvClJAKJyDDUrWwyW9ptoUKLUjsejTKOBDj9BqnpXAazYrMK9EOyv9xSdaX8_10DXqL71ENrmhwtGZSBUt4HB4oDWP-X_UFbw5ANw</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>2837190017</pqid></control><display><type>article</type><title>Benchmarking the Security Protocol and Data Model (SPDM) for component authentication</title><source>Free E- Journals</source><creator>Alves, Renan C A ; Albertini, Bruno C ; Simplicio, Marcos A</creator><creatorcontrib>Alves, Renan C A ; Albertini, Bruno C ; Simplicio, Marcos A</creatorcontrib><description>Efforts to secure computing systems via software traditionally focus on the operating system and application levels. In contrast, the Security Protocol and Data Model (SPDM) tackles firmware level security challenges, which are much harder (if at all possible) to detect with regular protection software. SPDM includes key features like enabling peripheral authentication, authenticated hardware measurements retrieval, and secure session establishment. Since SPDM is a relatively recent proposal, there is a lack of studies evaluating its performance impact on real-world applications. In this article, we address this gap by: (1) implementing the protocol on a simple virtual device, and then investigating the overhead introduced by each SDPM message; and (2) creating an SPDM-capable virtual hard drive based on VirtIO, and comparing the resulting read/write performance with a regular, unsecured implementation. Our results suggest that SPDM bootstrap time takes the order of tens of milliseconds, while the toll of introducing SPDM on hard drive communication highly depends on specific workload patterns. For example, for mixed random read/write operations, the slowdown is negligible in comparison to the baseline unsecured setup. Conversely, for sequential read or write operations, the data encryption process becomes the bottleneck, reducing the performance indicators by several orders of magnitude.</description><identifier>EISSN: 2331-8422</identifier><language>eng</language><publisher>Ithaca: Cornell University Library, arXiv.org</publisher><subject>Authentication ; Data encryption ; Data models ; Hard disks ; Performance evaluation ; Software</subject><ispartof>arXiv.org, 2023-07</ispartof><rights>2023. This work is published under http://creativecommons.org/licenses/by/4.0/ (the “License”). Notwithstanding the ProQuest Terms and Conditions, you may use this content in accordance with the terms of the License.</rights><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><link.rule.ids>780,784</link.rule.ids></links><search><creatorcontrib>Alves, Renan C A</creatorcontrib><creatorcontrib>Albertini, Bruno C</creatorcontrib><creatorcontrib>Simplicio, Marcos A</creatorcontrib><title>Benchmarking the Security Protocol and Data Model (SPDM) for component authentication</title><title>arXiv.org</title><description>Efforts to secure computing systems via software traditionally focus on the operating system and application levels. In contrast, the Security Protocol and Data Model (SPDM) tackles firmware level security challenges, which are much harder (if at all possible) to detect with regular protection software. SPDM includes key features like enabling peripheral authentication, authenticated hardware measurements retrieval, and secure session establishment. Since SPDM is a relatively recent proposal, there is a lack of studies evaluating its performance impact on real-world applications. In this article, we address this gap by: (1) implementing the protocol on a simple virtual device, and then investigating the overhead introduced by each SDPM message; and (2) creating an SPDM-capable virtual hard drive based on VirtIO, and comparing the resulting read/write performance with a regular, unsecured implementation. Our results suggest that SPDM bootstrap time takes the order of tens of milliseconds, while the toll of introducing SPDM on hard drive communication highly depends on specific workload patterns. For example, for mixed random read/write operations, the slowdown is negligible in comparison to the baseline unsecured setup. Conversely, for sequential read or write operations, the data encryption process becomes the bottleneck, reducing the performance indicators by several orders of magnitude.</description><subject>Authentication</subject><subject>Data encryption</subject><subject>Data models</subject><subject>Hard disks</subject><subject>Performance evaluation</subject><subject>Software</subject><issn>2331-8422</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2023</creationdate><recordtype>article</recordtype><sourceid>ABUWG</sourceid><sourceid>AFKRA</sourceid><sourceid>AZQEC</sourceid><sourceid>BENPR</sourceid><sourceid>CCPQU</sourceid><sourceid>DWQXO</sourceid><recordid>eNqNi7EOgjAUABsTE4nyDy9x0YGktCK4KhoXEhN0Jk0pUoQ-LGXw72XwA5xuuLsZ8RjnYZDsGFsQfxgaSinbxyyKuEceR2Vk3Qn70uYJrlaQKzla7T5ws-hQYgvClJAKJyDDUrWwyW9ptoUKLUjsejTKOBDj9BqnpXAazYrMK9EOyv9xSdaX8_10DXqL71ENrmhwtGZSBUt4HB4oDWP-X_UFbw5ANw</recordid><startdate>20230712</startdate><enddate>20230712</enddate><creator>Alves, Renan C A</creator><creator>Albertini, Bruno C</creator><creator>Simplicio, Marcos A</creator><general>Cornell University Library, arXiv.org</general><scope>8FE</scope><scope>8FG</scope><scope>ABJCF</scope><scope>ABUWG</scope><scope>AFKRA</scope><scope>AZQEC</scope><scope>BENPR</scope><scope>BGLVJ</scope><scope>CCPQU</scope><scope>DWQXO</scope><scope>HCIFZ</scope><scope>L6V</scope><scope>M7S</scope><scope>PIMPY</scope><scope>PQEST</scope><scope>PQQKQ</scope><scope>PQUKI</scope><scope>PRINS</scope><scope>PTHSS</scope></search><sort><creationdate>20230712</creationdate><title>Benchmarking the Security Protocol and Data Model (SPDM) for component authentication</title><author>Alves, Renan C A ; Albertini, Bruno C ; Simplicio, Marcos A</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-proquest_journals_28371900173</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2023</creationdate><topic>Authentication</topic><topic>Data encryption</topic><topic>Data models</topic><topic>Hard disks</topic><topic>Performance evaluation</topic><topic>Software</topic><toplevel>online_resources</toplevel><creatorcontrib>Alves, Renan C A</creatorcontrib><creatorcontrib>Albertini, Bruno C</creatorcontrib><creatorcontrib>Simplicio, Marcos A</creatorcontrib><collection>ProQuest SciTech Collection</collection><collection>ProQuest Technology Collection</collection><collection>Materials Science &amp; Engineering Collection</collection><collection>ProQuest Central (Alumni Edition)</collection><collection>ProQuest Central UK/Ireland</collection><collection>ProQuest Central Essentials</collection><collection>ProQuest Central</collection><collection>Technology Collection</collection><collection>ProQuest One Community College</collection><collection>ProQuest Central Korea</collection><collection>SciTech Premium Collection</collection><collection>ProQuest Engineering Collection</collection><collection>Engineering Database</collection><collection>Access via ProQuest (Open Access)</collection><collection>ProQuest One Academic Eastern Edition (DO NOT USE)</collection><collection>ProQuest One Academic</collection><collection>ProQuest One Academic UKI Edition</collection><collection>ProQuest Central China</collection><collection>Engineering Collection</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Alves, Renan C A</au><au>Albertini, Bruno C</au><au>Simplicio, Marcos A</au><format>book</format><genre>document</genre><ristype>GEN</ristype><atitle>Benchmarking the Security Protocol and Data Model (SPDM) for component authentication</atitle><jtitle>arXiv.org</jtitle><date>2023-07-12</date><risdate>2023</risdate><eissn>2331-8422</eissn><abstract>Efforts to secure computing systems via software traditionally focus on the operating system and application levels. In contrast, the Security Protocol and Data Model (SPDM) tackles firmware level security challenges, which are much harder (if at all possible) to detect with regular protection software. SPDM includes key features like enabling peripheral authentication, authenticated hardware measurements retrieval, and secure session establishment. Since SPDM is a relatively recent proposal, there is a lack of studies evaluating its performance impact on real-world applications. In this article, we address this gap by: (1) implementing the protocol on a simple virtual device, and then investigating the overhead introduced by each SDPM message; and (2) creating an SPDM-capable virtual hard drive based on VirtIO, and comparing the resulting read/write performance with a regular, unsecured implementation. Our results suggest that SPDM bootstrap time takes the order of tens of milliseconds, while the toll of introducing SPDM on hard drive communication highly depends on specific workload patterns. For example, for mixed random read/write operations, the slowdown is negligible in comparison to the baseline unsecured setup. Conversely, for sequential read or write operations, the data encryption process becomes the bottleneck, reducing the performance indicators by several orders of magnitude.</abstract><cop>Ithaca</cop><pub>Cornell University Library, arXiv.org</pub><oa>free_for_read</oa></addata></record>
fulltext fulltext
identifier EISSN: 2331-8422
ispartof arXiv.org, 2023-07
issn 2331-8422
language eng
recordid cdi_proquest_journals_2837190017
source Free E- Journals
subjects Authentication
Data encryption
Data models
Hard disks
Performance evaluation
Software
title Benchmarking the Security Protocol and Data Model (SPDM) for component authentication
url https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2024-12-20T10%3A40%3A46IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest&rft_val_fmt=info:ofi/fmt:kev:mtx:book&rft.genre=document&rft.atitle=Benchmarking%20the%20Security%20Protocol%20and%20Data%20Model%20(SPDM)%20for%20component%20authentication&rft.jtitle=arXiv.org&rft.au=Alves,%20Renan%20C%20A&rft.date=2023-07-12&rft.eissn=2331-8422&rft_id=info:doi/&rft_dat=%3Cproquest%3E2837190017%3C/proquest%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=2837190017&rft_id=info:pmid/&rfr_iscdi=true