Devices such as remote car keys, cable boxes and even credit card chips are all vulnerable to hardware attacks, typically because of their design.
These devices are small and lightweight and operate on minimal power. Engineers optimize designs so the devices can work within these low-power constraints. Most disturbing, cybercriminals don’t need physical access to a device to take this information. Attackers can remotely detect frequencies in car keys and break into a car from more than the distance of a football field.
To secure the hardware in these devices, experts believe the greatest protections lie in the design. For example, manufacturers could restructure hardware designs and code devices in a way that doesn’t leak any information. This requires the development of algorithms that provide more secure hardware.
Essentially, this approach requires taking the design specification and restructuring it at an algorithmic level, so that the algorithm, no matter how it is implemented, draws the same amount of power in every cycle.
This basically equalizes the amount of power consumed across all the cycles, whereby even if attackers have power measurements, they can’t do anything with that information.
The big picture problem, according to cybersecurity professionals, is that hardware is fundamentally unsafe. Security is an aspect that is often overlooked in an engineering education across the spectrum from hardware to software.
For new systems engineers, there are so many tools, concepts, paradigms that students must learn, that there is little time to include security considerations in the curriculum — graduates are expected to learn on the job.
Fortunately, this mindset is changing, but ever so slowly.
Another issue: Companies that actually fabricate chips don’t necessarily design them from scratch, as the building blocks are bought from third parties. Ideally, specifications perfectly match the design. In reality, undocumented or erroneously documented features across different building blocks may interact in subtle ways to produce security loopholes that attackers might exploit.
Unlike in software, these weak points have long lasting effects and are not easily corrected.
Want to learn more? Tonex offers Hardware Security Training, a 2-day course that introduces participants to a variety of cryptographic processor and processing overhead, side-channel attacks, physically unclonable functions, hardware-based true random number generator, watermarking of IPS, FPGA security, passive and active metering and hardware based secure program execution.
Additionally, Tonex offers nearly three dozen more courses in Cybersecurity Foundation. This includes cutting edge courses like:
For more information, questions, comments, contact us.