Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Protection

Intel Unveils New Security Tech in Upcoming Ice Lake CPU

Intel on Wednesday announced the new security technologies that will be present in the company’s upcoming 3rd generation Xeon Scalable processor, code-named “Ice Lake.”

Intel told SecurityWeek that it’s aiming to make initial production shipments of the first 10nm-based Xeon Scalable product at the end of the year.

Intel on Wednesday announced the new security technologies that will be present in the company’s upcoming 3rd generation Xeon Scalable processor, code-named “Ice Lake.”

Intel told SecurityWeek that it’s aiming to make initial production shipments of the first 10nm-based Xeon Scalable product at the end of the year.

The company says Ice Lake will include its SGX trusted execution environment, as well as several new features for memory encryption, firmware resilience, and cryptographic performance acceleration. Intel says these features should address concerns related to data integrity and confidentiality.New security features in Intel Ice Lake processors

“Protecting data is essential to extracting value from it, and with the capabilities in the upcoming 3rd Gen Xeon Scalable platform, we will help our customers solve their toughest data challenges while improving data confidentiality and integrity. This extends our long history of partnering across the ecosystem to drive security innovations,” said Lisa Spelman, corporate VP of the Data Platform Group and GM of the Xeon and Memory Group at Intel.

One of the new security features introduced with Ice Lake processors is named Total Memory Encryption (TME), which ensures that all memory accessed from the CPU is encrypted. This includes encryption keys, user credentials, and other sensitive information on the external memory bus.

The feature uses the AES XTS standard and the encryption key is generated by a hardened random number generator in the processor. TME, Intel says, can provide better protection against attacks that involve custom-built hardware or removing the RAM sticks.

As for cryptographic acceleration, Intel says it has introduced two new innovations that should help reduce the performance impact caused by better security.

“The first is a technique to stitch together the operations of two algorithms that typically run in combination yet sequentially, allowing them to execute simultaneously. The second is a method to process multiple independent data buffers in parallel,” the company explained.

Finally, the Intel Platform Firmware Resilience (PFR) feature in Ice Lake processors is designed to protect systems against firmware attacks by detecting and addressing them before any damage is caused. Protected components include the BIOS and BMC flash, Management Engine, SPI Descriptor, and even the power supply firmware.

Advertisement. Scroll to continue reading.

Microsoft believes the new processors can be very useful for its Azure confidential computing offering.

“Azure has confidential computing options for virtual machines, containers, machine learning, and more. We believe the next-generation Intel Xeon processors with Intel SGX featuring full memory encryption and cryptographic acceleration will help our customers unlock even more confidential computing scenarios,” said Mark Russinovich, chief technology officer at Microsoft Azure.

Related: Intel Improves Hardware Shield in New 10th Gen Core vPro Processors

Related: CacheOut/L1DES: New Speculative Execution Attack Affecting Intel CPUs

Related: New Security Tech in Intel CPUs Protects Systems Against Malware Attacks

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.

CISO Strategy

Security professionals understand the need for resilience in their company’s security posture, but often fail to build their own psychological resilience to stress.