Google open sourced its secure computer chip last week. The new OpenTitan project promises to make computing cheaper and more secure. But it will be a while before data centers outside of Google can reap the benefits, experts say.
The company unveiled a custom dedicated security chip for servers in its data centers, called Titan, back in 2017.
The new open source chip architecture is based -- loosely -- on the secure chip powering Google’s Pixel phones, but the technology can be used in data center IT hardware, according to the company. Each chip has a secure element in it, where key payment and authentication information is stored, and where the decryption and encryption processes take place.
For example, the smartphone scans your fingerprint and sends the scan to the secure enclave. Inside the secure enclave, the scan is compared to a previously saved scan and, if it matches, a confirmation message is sent back. Similarly, if a phone is used to make a payment at a store checkout, the payment information is encrypted before it leaves the secure area.
Even if a hacker can plant spyware on the phone, they won't be able to get their hands on the private information.
Apple has its own version of this technology. And it's not just limited to smartphones. Intel has created something similar for its chips, called SGX (Software Guard Extensions). Arm has TrustZone, and AMD has Secure Encrypted Virtualization.
But those are all proprietary, which increases the cost for customers and slows competition. And designing a a new chip from scratch is prohibitively expensive.
Now, Google hopes to change that. Its goal for OpenTitan is to do for silicon what Linux did for operating systems – offering a dependable and secure open source platform for everyone to build on.
In addition to providing a hardware-based secure area in which to encrypt and decrypt data – what Google calls "root of trust" – the OpenTitan chip architecture ensures that the server boots up with the correct firmware that hasn't been tampered with.
"It also provides a cryptographic unique identity for each server to prevent unauthorized changes," said Satya Gupta, founder and CTO at Virsec Systems, a San Jose-based cybersecurity company.
OpenTitan authenticates the machine itself and provides a secure set of audit records and other security services.
"This should give data center managers some assurance that their systems can’t be hacked at the processor level," said Gupta. "However, it doesn’t change the dynamics of attackers targeting vulnerable software, or file-less and memory-based malware attacks."
The OpenTitan project will be managed by lowRISC, a Cambridge, UK-based nonprofit.
In addition to Google, early backers include Swiss university ETH Zürich, cybersecurity firm G+D Mobile Security, semiconductor manufacturer Nuvoton Technology, and storage vendor Western Digital.
Richard New, VP of research at Western Digital, said all secure chips with the "root of trust" (RoT) capability available today are proprietary.
"Because implementations are opaque, there is no way for an end user to independently verify the quality of the RoT chip’s architecture, firmware, or hardware design," he wrote in a blog post.
The proprietary approach has its disadvantages as well as advantages. On the one hand, it’s harder for attackers to find security problems. On the other, if attackers do find security problems, they can exploit them without anyone finding out what they're doing. Anyone can find problems in an open source project, and the community can quickly fix them.
“Customers are asked to put faith in proprietary hardware RoT chips for their mission-critical systems without the ability to fully understand, inspect, and therefore trust them,” Dominic Rizzo, OpenTitan lead at Google and OpenTitan project director at lowRISC, said in a statement. “By creating OpenTitan with the broader hardware and academic community, we can leverage the experience and security principles used to create Google’s own Titan chips to make hardware RoT designs more transparent, inspectable, and accessible to the rest of the industry. Security should never be built on opacity.”
According to Rizzo and Royal Hansen, a Google VP and OpenTitan lead at Google Cloud, OpenTitan can be used in data center servers, storage, network cards, routers, IoT devices, client devices, such as laptops and phones, and peripherals.
"This is going to be huge," said Ray Wang, principal analyst and founder at Constellation Research. "It's really about democratizing the way chips are built."
In theory, OpenTitan could bring new competitors into the chipmaking industry and spur innovation. "Think about how expensive it is to get a chip to market," he said. "People are looking for other alternatives."
But it will take at least twelve months for any impact to become apparent, Wang said, since it will take time for manufacturers to evaluate and adopt the technology. In the end, however, data centers should see costs drop and overall security improve, he said.
OpenTitan isn't the first open source chip project. Open Compute Project is a host to Microsoft's open source Cerberus security chip project, for example, and the open source RISC-V processor instruction set architecture has taken off dramatically in recent years.
OpenTitan focuses on security and competes less with OCP and more with offerings like Intel's SGX.
Lower costs and higher efficiency – the drivers behind projects like OCP – could help adoption of OpenTitan, if enough manufacturers get on board.
"There are challenges open sourcing something like this," said Thomas Hatch, CTO and co-founder at SaltStack, a Utah-based technology company. "It neither guarantees widespread adoption or that it will be regularly audited."
But overall, he said, OpenTitan is a "fantastic design and foundation for secure chips."
"This is a great step in the right direction, even if it isn’t the ultimate solution to the problem," he said. "I look forward to watching this project unfold."