As more electronics devices are connected and hence hackable, OEMs are having to bring good security practices, designs, and devices into their products as soon as possible
For electronics OEMs, ensuring that the semiconductor chips that they source and use are secure and safe is becoming increasingly important as the sophistication of both the systems and of cybercriminals increase. It’s important to think about security as early in the design as process possible.
“Security is much more than just chip level security, it’s about practices,” said Xavier Bignalet, security product marketing manager, Microchip Technology. “Security is as strong as its weakest link and humans are just that.”
Rather than securing the system, chip makers are building in security at the chip level. “One of the main concerns of OEMs is maintaining the integrity and security of their products,” said Steve Hanna, co-chair of the Embedded Systems Work Group in the Trusted Computing Group (TCG), an industry consortium hoping to create open standards for cybersecurity in systems. “They also want to be able to battle those trying to counterfeit their products. Even greater than the counterfeit risk, though, which you can manage, is the risk of hacking which is potentially catastrophic.”
A hacked device has the potential to cost an OEM more than its reputation, and the ubiquitous nature of the Internet of Things (IoT) has made hacking devices both easier and more lucrative for hackers. “The IoT trend is spreading,” said Hanna. “Everything that has power will have CPU, memory, network connection and its’ going to be talking to some sort of other system. Therefore, it’s all exposed to attacks.”
For example, Brickerbot malware conducts a Permanent Denial-of-Service (PDoS) attack that turns connected equipment into dead “bricks.” “The creator of it said that it was to educate people on the level of vulnerability that exists, but that’s no consolation for the consumer who finds their security camera or door lock unusable and no consolation for the OEM that has to replace tens of thousands or even 100s of thousand devices that have been bricked. For them, it’s a nightmare scenario. Ultimately, you need to build security measures at the design stage.”
To that end, the TCG has created a standard for chips called the Trusted Platform Module (TPM) about 15 years ago and now a dozen semiconductor vendors make chips that leverage the standard to securely store artifacts used to authenticate the platform. “Because it is a standard, you have a competitive marketplace, and customers can choose from a variety of vendors,” said Hanna. “Often with security chips, everyone has a flavor and there’s a lack of compatibility between solutions and switching vendors is difficult.”
Today, TPM chips have near perfect compatibility across vendors down to the pin-out level, Hanna said. “TPM or other standards give you fundamental capabilities that you can’t get other ways,” he added. Today, TPM chips are included in every Windows-based PC and many Linux-based computers.
As part of integrating security at the chip level, semiconductor makers and OEMS should make sure that security review is embedded in product design process. “It’s very important to have an independent party review security design and implementation,” said Hanna, adding that this type of review is required for TPM certification. “There are people who specialize in finding vulnerabilities and showing you how to fix them called red teams. This kind of approach can help OEMs find problems before they get into the field.”
For electronics distributors or contract manufacturers, this type of system testing might be a potential new service offering. Any device or system connecting to the internet for software updates, for example, needs a higher level of security. OEMs would benefit from help from a distributor who understood chip security. Furthermore, distributors may offer identity provisioning for security chips, said Hanna. “OEMs often want to put their corporate identity into the security chip to identify if it is legitimate or an imposter, in order to detect authenticity,” he added. “Adding that identity to chips is a complex thing and often needs a trusted third party to load the identity and a uniquely identified serial number into the chip.”
Market education will be another important role for distributors and CMs. “They need to educate themselves and train themselves on how to implement all basic security practices,” said Microchip’s Bignalet. “They will have a strong role in educating the mass market and packaging the relevant technologies from semiconductor providers to address all the basic (not best) practices.”
During manufacturing, an adequately secured supply chain is also important for semiconductors of all kinds. Semiconductor maker Microchip Technology, for example, has added a cryptographically secure supply chain for its FPGAs to its security arsenal, said Paul Quintana, director of Vertical Market for Defense & Security at Microchip. “We make extensive use of hardware security models and keep those at the wafer and packaging manufacturing houses,” he explained. “All the devices manufactured have cryptographic signature keys, and that is a point of vulnerability. Whenever loading or reading keys is done through a high security network that we provide to the supply chain. The whole idea is to make sure that the data stays private and is known only to us. We do the same thing at package testing.”
The next emerging frontier for chip security is the automotive market. Security is particularly important in this segment since automotive life cycles are decades long. Further, vehicles are increasingly internet connected through entertainment systems, leaving them vulnerable to hackers. “Automotive entertainment units include contacts with useful, private, sensitive information and are the most hackable elements of the vehicle,” said Ira McDonald, president of High North and a software architect and consultant in network management, security, and cybersecurity. “It hasn’t happened yet but it is a distinct possibility.”
Currently, SAE International is working on Requirements for Hardware-Protected Security for Ground Vehicle Applications (dubbed J3101), which will define a common set of requirements for security to be implemented in hardware for ground vehicles. “People keep cars for a long time. The intent of J3101 is to define what capabilities are needed as well as some application use cases,” said McDonald. “In the next addendum, there will be half a dozen use cases and eventually a checklist that lists all the requirements and recommendations that should be implemented.”
The connected nature of cars is also creating a lively conversation about information policy, particularly in the wake of the EU General Data Protection Regulation (GDPR) and stringent privacy laws passed in California. “Automotive engineers are sensitivity to privacy and designing that into subsystems,” said McDonald.