Don’t soften your cybersecurity - why secure hardware is critical

Author : Mathias Wagner, NXP Semiconductors

03 November 2016

By 2020 it’s estimated that there will be 6.1 billion smartphones in circulation, up from 2.6 billion smartphone subscriptions globally today, according to the latest annual Mobility Report from Ericsson.

(Click here to view article in digital issue)

The growth of mobile devices, particularly smartphones, gives users access to an array of ubiquitous services, making them a prime target for attacks. 

In the 1980s when cryptography began gaining popularity in commercial applications, the security model was based on two endpoints (i.e. human and computer) where messages are sent back and forth and therefore only the endpoints need to be secure. In this traditional “black box” model, the internal design is trusted and only the ‘in’ and ‘out’ points are considered in a security evaluation. 

In the 1990s, it was proven that this model wasn’t as secure as originally thought with the discovery that this black box may leak some meta-information, in terms of timing or power consumption, making it vulnerable to what’s known as a “side-channel” attack, referred to in this case as a “grey box attack”. For the first time, a true picture of the vulnerability of hardware started to become clear.

Evolution of security

Fast-forward to the 2000s and the “white box” model of cryptographic security became the de facto standard for digital rights management (DRM) cases such as streaming music, films and television. For example, with Netflix, the movie is sent to a device that’s encrypted, is decrypted and streamed to the device. The provider (Netflix) wants you to be able to decrypt it but they don’t want you to have the key or else you could share it with your friends and they could watch the movie for free. 

While this white box model was initially only for DRM, it’s become a much more important security model because of host card emulations, which is a technique that’s being increasingly used for mobile payments. In this case, the cryptographic key ensures that your hard-earned money is sufficiently secure in your electronic bank balance.

The problem with the white box model is that it too, like the older black box model, can be attacked. As computing has evolved from the second (client/server) to the third platform of computing, there are now multiple endpoints between mobile computing, social media, cloud computing and information/analytics (big data), and to some extent, the Internet of Things (IoT). 

The white box model emulates the hardware chip in software, however, it’s not as secure as improving the security of the chip itself. Hardware, unlike software has the advantage that it can be made tamper resistant. For example, if you were to pay for a train or metro fare with your smartphone, you need the cryptographic key for the transportation service to take the correct fare from your bank card. However, if that was intercepted, you could be charged an incorrect amount. This was demonstrated in a recent paper by NXP in which the researchers took hardware and used memory versus excess software implementation and therefore were able to extract the cryptographic key from the white box implementation.  

From this example, we’ve learned that in practice all the white box implementations are not secure enough – it has been proven this can be broken. With the white box model, it’s much more difficult with software to create counter attack measures than it is with protecting the keys by secure hardware elements, thus securing hardware by design. For example, with my own phone, I could lift the application and run it in an emulator on my laptop. This way I am able to control all inputs to the application, most notably random numbers or their seed values. These are used to derive the secret key, and eventually I’ll be able to circumvent encryption and gain access to sensitive data.

However, even hardware is susceptible to attacks. So why are these flying under the radar?

Why hardware security is seemingly taking a backseat to software security

Hardware attacks aren’t as prominent because they are much more difficult to perform as the criminal often needs access to the device and/or chip itself. Although this doesn’t mean that it isn’t happening.

Here are some examples of the more common types of hardware attacks and how businesses can protect themselves. 

Physical or Implementation attacks

In most cases with implementation attacks on microchips, the criminal needs to be in possession or have access to the device to be able to tamper with it. 
A powerful type of attack in this case is when a chip is exposed to a laser or an electric power glitch by sending a high voltage level that exceeds the limits of the chip’s power supply to make the microchip trip. If a light is shone onto the chip, it generates additional charges that aren’t intended to be there and can create havoc. The result is a chip that doesn’t execute as expected. 

Side-channel attacks

There are, however, other powerful attacks where the adversary doesn't need to actively manipulate the device's operating conditions -and sometimes not even physical access to the device/chip- to carry out a physical attack. This type of attack is referred to as a “side-channel” attack where information leaks out of a device unintentionally. 

In cryptography, a side-channel attack can occur when the attacker gains access to information through the physical implementation of a cryptosystem. All of the following methods provide the attacker with extra information they can then use to break the system.

Information can be obtained through timing information (i.e. how much time various computations take to perform), power consumption, (i.e. making use of varying power consumption by the hardware during computation and correlating the crypto computation to uncover the secret key) electromagnetic leaks (i.e. obtaining plaintext and other information from leaked electromagnetic radiation) or even through sound (similar to a power-monitoring attack where the attacker obtains information by monitoring sound produced during a computation). 

Hardware reverse engineering attacks

Probably the most difficult type of chip attack, however, is what’s known as “hardware reverse engineering”. Again, this type of attack requires the person to be in physical possession of the chip. 

However, in this case, the person would use an x-ray, MRT or microscope to zoom into the chip so they can understand all of the transistors in order to reconstruct the architecture of the chip. That way, they can understand when the best time is to attack. This is the most invasive of hardware attacks but it takes heavy machinery to succeed.

How attacks can be prevented

So what are the steps that companies can take to ensure their hardware is secure? In order to carry out the majority of these types of attacks, the person needs access to the actual device. There are relatively few attacks – around 5 percent or less – where the person can carry them out remotely if the device is online.

For example, the strongest form of a side-channel attack (in an information theoretic sense) known as a template attack requires the person to have access to an identical experimental device that can be programmed to their liking. In this case, the person buys a chip somewhere else and gains access to the actual target of the device from which they read out the characteristics and put them into a shape sorting machine to see if they work or not – think of it like a shape sorter that children play with – the peg either fits or it doesn’t.

This is why chips have to be secure by design. To shield its products against known and future hardware attacks, NXP has set up a Vulnerability Analysis Team to test products against 200 to 250 types of attacks. 

Security as a standard

It’s imperative for secure hardware to become a condition for maximum security in sensitive environments, such as securing IoT devices and self-driving cars

Besides ensuring software and hardware are more secure, the IT industry and governments around the globe as a whole need to look at creating and establishing reliable security standards. NXP foresees this as one of the greatest challenges in the near and distant future for the safe design of the IoT.

One challenge for the whole system will be how to proceed with personal data, anonymity and privacy. In the future, the protection of users, clients and their data will become more and more important. Among other issues, the question will be raised how to effectively guard and control one’s data. 

It will become even more important to define and to evaluate individual levels of security. This will be the key in order to develop hardware and software that is ideally attuned to each other. 

Therefore, the development of connected devices must incorporate security by design as a principle. The goal is to develop an architecture and/or a design that denies attackers promising and exploitable angles of approach and protects the user’s privacy. 

Perhaps the most decisive aspect of secure systems is the ability for people to trust them. This is why we need verifiable minimum standards for system security. In other words, an independent security authority and a transparent framework of rules that guarantees compliance with standards. This will increase the level of security in the IoT and consolidate the trust of businesses and consumers into connected technologies. 

Contact Details and Archive...

Print this page | E-mail this page