MID-070: Peripheral Component Authentication
Mitigation Tier: Leading
Description
To protect against malicious or compromised peripherals, a system might institute a scheme in which peripherals are considered untrusted until authenticated and authorized to access necessary system resources (e.g., system memory for DMA). Internal system components are often implicitly trusted, although many contain firmware of their own that, if modified, may cause the device to behave maliciously. Trusting external peripherals (e.g., USB devices) is always a risk. Each of a device’s processors and other components may instead treat other bus-connected components similarly to remote nodes on a network, perform cryptographic mutual authentication of a components’ identities, and use this to execute trust decisions. Measurement and attestation of component firmware can add further assurance.
Some Apple devices implement a form of this for certain security-sensitive components like the TouchID fingerprint reader [2].
Upcoming revisions of the PCI Express specification will add the Component Measurement and Authentication (CMA) mechanism [1], which will allow a system to verify the authenticity of a PCIe device and its firmware before allowing it to access system resources, preventing malicious or compromised peripherals from obtaining the degree of system access needed to perform attacks.
IEC 62443 4-2 Mappings
- CR 1.2 – Software process and device identification and authentication
References
[1] N. Edwards, T. Koulouris, M. Krause. “PCIe Component Authentication.” PCI SIG. Accessed: Aug. 28, 2024. [Online]. Available: https://pcisig.com/pcie%C2%AE-component-authentication
[2] Apple. “Apple Platform Security.” apple.com. Accessed: Aug. 26, 2024. [Online]. Available: https://help.apple.com/pdf/security/en_US/apple-platform-security-guide.pdf