Hardware Trojans (HT), which are malicious circuit inclusions into the design from an adversary with an intention to damage the functionality of the chip at a much later date or leaking confidential information like keys used in cryptography. Time to market demand has forced integrated circuit design, manufacturing and testing to be done at different places across globe. This approach has led to numerous security concerns like overbuilding of chips from foundries, IP protection, counterfeiting and hardware Trojans.
As security threats continue to grow and undermine the trust in systems performing critical operations, the ability to detect and prevent changes to vital system components is necessary to maintain system integrity. In order to get ahead of these threats, organizations need to deploy hardware roots of trust to monitor and defend critical systems. Hardware roots of trust use encryption and digital-signature technology to ensure only legitimate changes are made to system components.
At the factory, employees need to verify the hardware against the ordered equipment, check firmware versions against manufacturers’ digital fingerprints (checksums for the technical folks), and perform physical inspections to look for any suspicious alterations.
Industry has developing many solutions for hardware security. Rugged computer hardware manufacturer, Crystal Group, has established an ecosystem of trusted and respected partners to integrate an effective combination of hardware and software security from the beginning. They start by integrating Trusted Platform Modules (TPM 2.0) into all current systems by default to ensure the core component needed to utilize a hardware root of trust is in place. The TPM provides a physically dedicated encryption and key storage container.
Current generation Intel Xeon central processing units (CPUs) provide technology to create, monitor, and check the firmware and operating system for any insecure changes or alterations. Additional security features, such as Secure Boot, ensure the integrity of the operating system by preventing rootkits from altering the system before it starts. Intel’s CPUs provide additional separation of critical applications and virtual machines’ access to memory and CPU for greater protection, while also preventing attackers from gaining a foothold in the system.
Another layer of cyber defense comes company’s partnership with Seagate to provide MIL-STD-810F, accredited SAS solid state drives for use at the tactical edge. With TCG Enterprise encryption support, these drives enable full-disk encryption and instant secure erase functionality to deny unauthorized persons access to the data contained in the system.
One approach to make such physical attacks more difficult is to apply especially tamper-protected hardware security modules (HSM). In contrast to typical backend IT systems, the hardware layer of embedded systems is often directly exposed to physical attacks, which manipulate hardware or software functions by physical means (e.g., manipulate flash memory or deactivate alarm functions).
The hardware security module (HSM) is a special “trusted” network computer performing a variety of cryptographic operations: key management, key exchange, encryption etc. By executing these functions in the hardware module, software overhead is reduced, and actions such as encryption, decryption, and authentication can execute much more quickly. This also removes the need to develop an appropriate cryptographic code library for new applications.
IDST Monthly Access Membership Required
You must be a IDST Monthly Access member to access this content.