Microsoft has recently announced its collaboration with leading chipmakers AMD, Intel, and Qualcomm Technologies to introduce its new security processor Pluton. The Pluton processor has already been used in Xbox and Azure Sphere. As per the company, it will bring more security features and advancements to the upcoming Windows PCs.
This processor is built at the core of the CPU where the hardware and software are integrated into a ‘unified approach’ to combat and eliminate adversarial attacks, prevent the theft of credentials, and gain the capability to recover faster from software bugs.
Security Solution Centered In CPU
With Pluton, Microsoft aims at redefining the Windows security at CPU. Very interestingly, the Pluton design was introduced in 2013 as part of the integrated hardware and OS security capabilities in the Xbox One Console, built by Microsoft in partnership with AMD.
It may be noted that operating systems’ security sits separately from the CPU in a module called the Trusted Platform Module (TPM). Notably, Microsoft too has been using TPM as its general security tool from the last ten years.
TPM securely stores the artefacts (passwords, keys, and other authentication) concerned with a particular system. It generally sits outside of the main processor in an endpoint device. An authentication and attestation request has to be passed by the system to get connected to any network. This technique helps in securing the system from adversarial attacks. Most operating systems have been using the TPM security solutions, including Windows and its critical technologies such as Windows Hello and BitLocker.
Off late there have been reports of attackers developing news to circumvent the security layer of TPM and attack the systems. This threat is more pronounced in situations where an attacker gains physical access to the system. Since TPM is located outside the CPU, it uses a channel, typically a bus interface, to communicate back and forth. An attacker breaches this communication channel to steal or modify the information being transmitted.
The newly introduced Pluton processor for Microsoft Windows effectively deals with such a situation by removing the need for having such communication channels in place. The Pluton architecture builds the security directly into the CPU. It stores sensitive information within the Pluton processor that is isolated from the system. The attack attempts are thwarted by using a unique Secure Hardware Cryptography Key (SHACK) technology that makes sure that the sensitive information is not exposed, even to the Pluton firmware.
There is one more way by which Pluton keeps the OS safe. Pluton offers a flexible, updateable platform implementing the end-to-end functionality which is maintained by Microsoft. This integration of computers with the Windows update process is done on the lines of Azure Sphere Security Service integrated with the IoT devices.
Wrapping Up
As mentioned, the success of introducing Microsoft’s IP technology directly into the CPU which has been observed over the years, motivated their research teams to experiment with the same for its Windows OS. Along with Xbox One Console, even the Azure Sphere leveraged a similar security approach to emerge as the first IoT product to meet the ideal seven properties of highly secure devices, as listed below:
- Hardware-based countermeasure challenges to thwart side-attacks
- A small, trusted computing base that consists of the software and hardware used for creating a secure environment for an operation.
- Multiple mitigation strategies in place to provide defence in depth
- Compartmentalisation between software to prevent the flaw or breach to spread
- Usage of certification in place of passwords to provide mutual authentication
- The ability of the device to automatically update to a more secure state even after being compromised
- Ability to automatically collection and analysis of the failure reports
The team will be now experimenting with delivering the chip-to-cloud security vision in the future Windows PCs. The company said in the release, “The shared Pluton root-of-trust technology will maximise the health and security of the entire Windows PC ecosystem by leveraging the security expertise and technologies from the companies involved.”
