Get email delivery of the Cadence blog featured here
There are plenty of reasons to be pessimistic about the state of security in electronic design. But at the same time, we can’t afford to dwell on the fact that software will always be buggy, and hackers, clever and cunning.
“As we look at Moore’s Law, the value of the product doesn’t grow with complexity. Yet the risks do grow with complexity,” said Paul Kocher, chief scientist in the Cryptography Research Division of Rambus, during his January 21 keynote talk at DesignCon at the Santa Clara Convention Center. “If we can’t control the risk of the systems we’re building…the more complex products will be less valuable than the things we were making before.”
Bottom line, the tech industry must continue investing in security.
Kocher, a National Cyber Security Hall of Fame inductee who helped author the widely used SSL 3.0 standard, admitted that the challenges can be “enormously depressing.” And, he said, the problem scales with three underlying trends that are driving Silicon Valley, but are bad news for security:
For context, more of the bad news. According to IDC, within two years, 90% of all IT networks will experience an IoT-based security breach. What happens, Kocher asked, if we have 50 billion connected devices by 2020? A typical connected device contains lots of fractured, yet critical, elements—in the neighborhood of about 10 billion single points of failure, said Kocher. Ten years from now, that number will grow to around one trillion single points of failure. Plus, he noted, as systems become more complicated, the number of person-hours to work on these systems doesn’t scale accordingly.
How can we safeguard our designs?
“Security is a fundamentally different problem than creating functionality,” said Kocher. “It requires very different engineering strategies and assumptions.”
Obviously, making the right assumptions is key. To that end, Kocher outlined three incorrect assumptions that lead to bad outcomes:
1) With defect densities, there’s an assumption that hardware and software logic will be bug free. But in reality, current devices are one to three exploits away from a total breach, with an overwhelming likelihood of vulnerabilities at each layer. SoCs are usually one bug away from ruining their software protections.
2) On side channels, there’s an assumption that attackers will only see binary I/O data. However, power and RF measurements show tiny correlations to individual gates, presenting a signal-to-noise ratio problem. Now, cryptography is deep in the noise, with signals that are many orders of magnitude smaller than the noise. Some countermeasures can be found in hardware, software, or protocols, by splitting security keys into parts and randomizing the parts.
3) Finally, on the business side, there’s an assumption that security doesn’t affect the bottom line. Well, considering the high-profile security breaches we’ve endured of late, this assumption may be less of an issue, at least in some industries.
So, what’s the good news in all of this? Separate security chips can help, though this approach adds to overall cost and can also impact performance because the interfaces can be vulnerable, Kocher noted. Kocher said he is most optimistic about architecting SoCs for better security. Building in security on SoC logic blocks, isolated from the main processor and all of its software, presents a better and cheaper solution. Differential power analysis (DPA) countermeasures that protect secret keys from noninvasive side attacks and utilizing cryptography IP cores and other solutions can also help.
Looking ahead, Kocher noted that there isn’t a lot of good news at the macro level. However, it’s crucial for hardware to provide a stronger foundation for security. And it’s imperative, he said, for the technology industry to keep investing in security. The industry’s ability to continue impacting the world depends on it.
P.S. Congratulations to Dr. Eric Bogatin of the Teledyne LeCroy Signal Integrity Academy, who was presented with the Engineer of the Year Award just before Kocher’s keynote.