Print
Email
Print Edition Stories
Friday, June 12, 2009
How I See It
Protecting our hardware allows us to protect ourselves
Breaking down the MIT $100K
MHT's Efrain Viscarolasaga: Tech companies may have to wait for stimulus funds
Local Motors: Open source car maker
Today, war is taking place not only on real-life battlefields, but in the digital realm as well. The number and scale of assaults on electronic systems and infrastructure worldwide is growing. Attacks once perpetuated by small, ad-hoc collections of people are now being conducted by well-funded organizations. There have been high-profile assaults against defense, government, utility and financial sector infrastructures, as well as attacks and illegal activities involving digital rights management and intellectual property. In the past few months alone, spies have infiltrated the Pentagon’s highly secret fighter-jet project and have breached the Air Force’s air-traffic-control system — two shocking blows to the nation’s defense capabilities.
To thwart attacks, the U.S. government has been working to strengthen its digital defenses. But to date, efforts to secure the nation’s electronic systems and the information stored within them have been insufficient. Data shows that cyber security problems are getting worse. The attackers are winning. More is needed, and fast.
While much of the media attention has been focused on the need to secure our software and networks, experts are now beginning to understand that hardware security is equally important. Consider, for example, integrated circuits — the chips embedded in all hardware, from our phones and computers to our microwave ovens. The problem of integrated-circuit security is extremely important, because these chips are involved in nearly every aspect of our lives.
But securing these chips is a daunting challenge. For economic reasons, foreign companies manufacture nearly all of the chips used in the U.S. today. These overseas manufacturers assemble the chips using parts that come from multiple outside suppliers. The chips are designed and tested by other outsourced companies during the manufacturing process, and these companies use tools from yet other vendors.
With so many hands and so many parts involved in the design and manufacturing process, adversaries have many opportunities to insert malicious programs (known as Trojan logic) to sabotage a chip that may be used in critical applications.
This fact has significant national security implications. A Trojan-horse attack could create havoc in basic civilian infrastructures such as the electric grid or communications and banking networks. It could also sabotage critical missions, disable weapon systems, or provide back-door access to otherwise highly secure systems. There have also been reports about unsecured chips penetrating the supply chains of companies and organizations with very high security requirements.
It is clear that more must be done at the hardware level to prevent tampering and unauthorized use, because it is through such methods that attackers learn enough about a system to expose its weaknesses. Steps must be taken during chip manufacturing to secure the hardware that increasingly runs our lives. One way is through technology that would allow system designers to implant small monitors within the electronics system to look for suspicious “behavior” in a chip both during and after manufacture. These monitors would help prevent tampering and reverse engineering.
One thing is certain: If our hardware is not secure, neither are we. With electronic devices, security is like quality. It cannot be “tested in” — it must be designed in from the very start.
Paul Bradley is chief technology officer at DAFCA, a company headquartered in Framingham that makes post-silicon system-on-a-chip validation software.
RSS Feeds
Comments
Please Login/Register to post comments.
No comments have been added or approved.