Google’s OpenTitan Chip Could Make Data Centers More Secure… Someday

Data Center Knowledge, November 12, 2019, with comments by Satya Gupta

Based on the secure chip in Pixel phones, the recently open-sourced project holds promise for data center hardware.

Google made its new computer chip, OpenTitan, open source last month. The project is a hopeful one for making computing chips more secure and cheaper, in time. It will take a while for that to become reality.

In 2017, Google released another chip called Titan, also dedicated to security for its data center servers.

The new chip has open-source architecture loosely based on the secure chip that powers Google’s Pixel phones. Per Google, OpenTitan technology can go beyond phones to data center IT hardware. Security is built into the chip, which stores payment and authentication info, and powers the encryption and decryption of that information. On phones, these secure chips include storing and comparing fingerprint scans to prior scans and confirming matches. This encryption is designed to block hackers and spyware from accessing this private data even if they were to access the device.

Google didn’t develop this technology and it’s not unique to them. Apple has its own version of chips that also goes beyond its phones. Intel too, SGX (Software Guard Extension). And ARM and AMD have their versions as well. But a big difference with Google’s is theirs is open source whereas the others are proprietary. Designing a new chip from the ground up takes years and years and is so expensive it’s all but impossible for any but the wealthiest of companies. Google aims to provide a different alternative, one that encourages and accelerates collaborative development of these efforts – providing a free open-source dev option for chips similar to what Linux has done of OSs.

The public OpenTitan project will be managed by the UK nonprofit Cambridge organization, lowRISC.

Satya Gupta, founder and CTO at Virsec Systems, a San Jose-based cybersecurity company, says “[The OpenTitan chip architecture] also provides a cryptographic unique identity for each server to prevent unauthorized changes. This should give data center managers some assurance that their systems can’t be hacked at the processor level. However, it doesn’t change the dynamics of attackers targeting vulnerable software, or file-less and memory-based malware attacks.

According to the OpenTitan lead at Google and project director at lowRISC, Dominic Rizzo, “Customers are asked to put faith in proprietary hardware RoT chips for their mission-critical systems without the ability to fully understand, inspect, and therefore trust them. By creating OpenTitan with the broader hardware and academic community, we can leverage the experience and security principles used to create Google’s own Titan chips to make hardware RoT designs more transparent, inspectable, and accessible to the rest of the industry. Security should never be built on opacity.”

Even if progress is affordable and achievable, it will still take time, a minimum of a year for any change to happen, involving testing and evaluation from manufacturers before adopting anything new. But the end goal could mean data centers could see lower costs and better security in time. 

Further Resources:

2-Minute Virsec story

Datasheet: Cyber Catalyst Designation

Datasheet: Virsec Security Platform