Hardware-based attacks

Everytime I’m asked to deploy a new service or a new machine I always think about the strategies to keep them safe about internal and external attacks.
This requires extra time in studying, testing and feeling comfortable with a security policy that has to be shared with other system administrators and the software developers. But everything I have ever done is software oriented and it has nothing to do with the hardware.
Then I stumbled on this article.
It is about trojan horses that are inserted inside the integrated circuits during the design period of a chip before it is printed onto silicon.
Who can do this? Malicious attackers inside the engineering team or someone that is able to access one of the many designing phases: today the different parts of a complex chip are designed in different countries.
It could be a nasty task to check and test the final chip for every possible hacked part so the author of the article (John Villasenor) is hoping that every chip will have some security feature to examine its internal behaviour and stop strange activities, like an IPS does today to protect a network and an antivirus to keep clean our operating system.
Security has its costs and few clock cycles will be used to this part of the chip but before we think of a performance loss we should study a proper implementation.
This is not a big deal compared to the task of a chip designed to be “updated” like we do every day with our software, from the operating system to the latest application. Yes, a chip that could be reconfigured to stop known hardware based attacks.
Another hard task is to keep safe this security part of the chip: if you cannot trust the security checks then you cannot trust the whole CPU. The design process of this security circuits must be protected, maybe with a generic public implementation like what is done with the cryptographic algorithms, and before printing it onto silicon there should be a way to confront it with the original design.
Villasenor is sure that such attacks will be here soon and they are inevitable: it’s just a matter of time.
A few references to this subject:
trojan-resistant system-on-chip bus architecture,
trojan detection using IC fingerprinting,
securing the information highway,
old trick threatens the newest weapons.

This entry was posted on Friday, March 18th, 2011 at 8:22 PM and is filed under hardware, security.

You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

Comments are closed.