Will hack-resistant chips really work?
They're touted as the future of cyber security, but how much they will increase safety is in dispute
While cyber crime is a very real and dangerous threat faced by all businesses today, many are still failing to take significant steps to protect themselves and are falling victim to attacks as a result.
Research from technology firm Beaming shows that UK businesses were impacted by an average of 157,528 attacks each, or one attack every 49 seconds, during the third quarter of 2019. This represents an increase of 243% compared to the same period last year.
For many organisations and individuals, poorly protected devices can be a primary cause of hacks. But looking to address this issue, the UK Government recently partnered with Cambridge-based chipmaker Arm on a £36m, five-year research project that will result in new attack-resistant chip technology.
Announced by business secretary Andrea Leadsom in October, the project aims to reduce the number of businesses affected by cyber attacks and the loss of sensitive data. However, given that the Department for Business, Energy and Industrial Strategy (BEIS) has yet to release technical details of this proposed technology, what will it look like and how will it work?
Fighting cyber crime
As cyber attacks grow in both number and complexity, there’s increased pressure on manufacturers to develop products that are more secure by design. For many, hack-resistant chips play an important role here.
Asaf Ashkenazi, chief strategy officer of Verimatrix, explains that hack-resistant chips are designed to be resistant to different attacks. In particular, they’re useful for tackling side-channel attacks. “These break cryptographic systems by exploiting routinely leaked information in the internal process of computing,” he says. “By preventing side-channel information from leaking, and by shielding the chip from other invasive and non-invasive attacks, engineers design hardware that is more resistant to hacks.”
When compared to other chips, they can stop valuable information from getting into the wrong hands. Ashkenazi continues: “Chips process and store sensitive data and cryptographic keys. If a normal chip operation is compromised, or if sensitive data can be accessed by an unauthorised entity, it can compromise the entire computer and network system that rely on these chips to operate.”
But he notes that there’s no such thing as a 100% hack-resistant chip. “It is impossible to anticipate all future attacks and possible side channels not yet known. Therefore, while hack-resistant chips can be more secure and resist many attacks, they are not guaranteed to resist future attacks,” he says.
Ashkenazi expects cyber criminals to keep finding sophisticated ways to bypass security systems and launch successful attacks, but believes that more secure chips will make this difficult. He adds: “While leveraging the security level of chips is important, it will not be a silver bullet that will solve cyber security issues.
“Hackers come with new ways to attack designed security systems, but it will continue to be a race between hackers and security experts. Thanks to more secure chips, we can make it much more difficult for hackers to reach their goals.”
Four cybersecurity essentials that your board of directors wants to know
The insights to help you deliver what they needDownload now
An exciting development
Hack-resistant chips aren’t a completely new invention, though. Frank Downs, director of cybersecurity practice at ISACA, calls the development of these chips an old idea with a modern twist.
“Similar to how the cloud has existed for decades but a cultural relabeling has revitalised the idea of storing data offsite, so has the development of unique, highly customised hardware which limits functions during processing,” he says
“Specifically, over the last decade, Advanced Reduced Instruction Set Computer Machine (ARM) has worked with governments and corporations to build an architecture which has provided only approved functionality to specific organisations.”
Downs admits, however, that these chips could still be infiltrated by attackers if they’re not designed well enough. “Corporations believe that through coordinating directly with chip designers, such as ARM, they will strengthen their risk portfolio and reduce potential exploitation by nefarious actors such as hackers and advanced persistent threats (APTs),” he says.
“However, no matter how uniquely a chipset is designed, unless the designers also produce the chip on site, under their own scrutiny, these devices still go through susceptible manufacturing processes.”
The main issue, according to Downs, is that the final owners of the chipset do not control the entirety of the manufacturing process of the chip. He continues: “As such, the supply chain represents a perpetual vulnerability for organisations hoping to secure their hardware by building a chip that is specific to their functions.
“Previous famous hardware attacks discovered that many compromised chipsets had no changes made to the chip architecture as designed. Until organisations can ensure the security of their chipset supply chains, corporations, governments, and enterprises will still stand at risk from hardware hackers.”
Far from perfect
While many experts view hack-resistant chips as an exciting development in the cyber security arena, others are more doubtful about this technology. Joseph Carson, chief security scientist and advisory CISO at Thycotic, points out that 100% security doesn’t exist and that everything has a weakness.
As a result, he believes that hack-resistant chips will never really live up to their name. He tells IT Pro: “The so called hack-resistant chips will probably make it more difficult for cybercriminals but could mean they will be expensive or too complex to use.
“Such chips also mean they are likely going to be single purpose and have strict configuration changes for updates, meaning that any time new features are available it means a new chip. Chips that are more resistant to cyber-attacks are always welcome, but they must be easily enabled, not complex, affordable and available for everyone.”
He says that to make chips more secure, they must have security enabled by default that is easily configured and updated. “This makes secure chips more accessible to be used by more organisations globally as the more organisations use it, the more relevant they become. Secure chips must also be easily replaceable when vulnerabilities or major risks are identified,” adds Carson.
In today’s interconnected and digital economy, cyber attacks are a big challenge for businesses of all industries. Although mitigating these risks isn’t easy, innovations such as hack-resistant chips will surely excite many. However, like any emerging technology, they have their fair share of downsides and won’t ever be 100% perfect.
Managing security risk and compliance in a challenging landscape
How key technology partners grow with your organisationDownload now
Evaluate your order-to-cash process
15 recommended metrics to benchmark your O2C operationsDownload now
AI 360: Hold, fold, or double down?
How AI can benefit your businessDownload now
Getting started with Azure Red Hat OpenShift
A developer’s guide to improving application building and deployment capabilitiesDownload now