Security should not be hard to implement

By CHOWDARY YANAMADALA, Senior Vice President of Business Development, ChaoLogix, Gainesville, FL 

Data is ubiquitous today. It is generated, exchanged and consumed at unprecedented rates.

According to Gartner, Internet of Things connected devices (excluding PCs, tablets and smart phones) will grow to 26 billion devices worldwide by 2020—a 30-fold increase from 2009. Sales of these devices will add $1.9 trillion in economic value globally.

Indeed, one of the major benefits of the Internet of Things movement is the connectivity and accessibility of data; however, this also raises concerns about securely managing that data.

Managing data security in hardware

Data security involves essential steps of authentication and encryption. We need to authenticate data generation and data collection sources, and we need to preserve the privacy of the data.

The Internet of Things comprises a variety of components: hardware, embedded software and services associated with the “things.” Data security is needed at each level.

Hardware security is generally implemented in the chips that make up the “things.” The mathematical security of authentication and encryption algorithms is less of a concern because this is not new. The industry has addressed these concerns for several years.

Nonetheless, hackers can exploit implementation flaws in these chips. Side channel attacks (SCAs) are a major threat to data security within integrated circuits (ICs) that are used to hold sensitive data, such as identifying information and secret keys needed for authentication or encryption algorithms. Specific SCAs include differential power analysis (DPA) and differential electro magnetic analysis (DEMA).

There are many published and unpublished attacks on the security of chips deployed in the market, and SCA threats are rapidly evolving, increasing in potency and the ease of mounting the attacks.

These emerging threats render defensive techniques adopted by the IC manufacturers less potent over time, igniting a race between defensive and offensive (threat) techniques. For example, chips that deploy defensive techniques deemed sufficient in 2012 may be less effective in 2014 due to emerging threats. Once these devices are deployed, they become vulnerable to new threats.

Another challenge IC manufacturers face is the complexity of defensive techniques. Often times, defensive techniques that are algorithm or protocol specific are layered to address multiple targeted threats.

This “Band-Aid” approach is tedious and becomes unwieldy to manage. The industry must remember that leaving hardware vulnerable to SCA threats can significantly weaken data security. This vulnerability may manifest itself in the form of revenue loss (counterfeits of consumables), loss of privacy (compromised identification information), breach of authentication (rogue devices in the closed network) and more.

How to increase the permanence of security

A simplified way to look at the SCA problem is as a signal to noise issue. In this case, signal means sensitive data leaked through power signature. Noise is the ambient or manufactured noise added to the system to obfuscate the signal from being extracted from power signature.

Many defensive measures today concentrate on increasing noise in the system to obfuscate the signal. The challenge with this approach is that emerging statis- tical techniques are becoming adept at separating the signal from the noise, thereby decreasing the potency of the deployed defensive techniques.

One way to effectively deal with this problem is to ”weave security into the fabric of design.” SCA threats can be addressed at the source rather than addressing the symptoms. What if we can make the power signature agnostic of the data processed? What if we can build security into the building blocks of design? That would make the security more permanent and simplify its implementation.

A simplified approach of weaving security into the fabric of design involves leveraging a secure standard cell library that is hardened against SCA. Such a library would use analog design techniques to tackle the problem of SCA at the source, diminishing the SCA signal to make it difficult to extract from the power signature.

Leveraging standard cells should be simple since they are the basic building blocks of digital design. As an industry, we cannot afford to bypass these critical steps to defend our data.

POST A COMMENT

Easily post a comment below using your Linkedin, Twitter, Google or Facebook account. Comments won't automatically be posted to your social media accounts unless you select to share.