Will hack-resistant chips really work?

They're touted as the future of cyber security, but how much they will increase safety is in dispute

While cyber crime is a very real and dangerous threat faced by all businesses today, many are still failing to take significant steps to protect themselves and are falling victim to attacks as a result.

Research from technology firm Beaming shows that UK businesses were impacted by an average of 157,528 attacks each, or one attack every 49 seconds, during the third quarter of 2019. This represents an increase of 243% compared to the same period last year.

For many organisations and individuals, poorly protected devices can be a primary cause of hacks. But looking to address this issue, the UK Government recently partnered with Cambridge-based chipmaker Arm on a £36m, five-year research project that will result in new attack-resistant chip technology.

Announced by business secretary Andrea Leadsom in October, the project aims to reduce the number of businesses affected by cyber attacks and the loss of sensitive data. However, given that the Department for Business, Energy and Industrial Strategy (BEIS) has yet to release technical details of this proposed technology, what will it look like and how will it work?

Fighting cyber crime

As cyber attacks grow in both number and complexity, there’s increased pressure on manufacturers to develop products that are more secure by design. For many, hack-resistant chips play an important role here.

Asaf Ashkenazi, chief strategy officer of Verimatrix, explains that hack-resistant chips are designed to be resistant to different attacks. In particular, they’re useful for tackling side-channel attacks. “These break cryptographic systems by exploiting routinely leaked information in the internal process of computing,” he says. “By preventing side-channel information from leaking, and by shielding the chip from other invasive and non-invasive attacks, engineers design hardware that is more resistant to hacks.”

When compared to other chips, they can stop valuable information from getting into the wrong hands. Ashkenazi continues:  “Chips process and store sensitive data and cryptographic keys. If a normal chip operation is compromised, or if sensitive data can be accessed by an unauthorised entity, it can compromise the entire computer and network system that rely on these chips to operate.”

But he notes that there’s no such thing as a 100% hack-resistant chip. “It is impossible to anticipate all future attacks and possible side channels not yet known. Therefore, while hack-resistant chips can be more secure and resist many attacks, they are not guaranteed to resist future attacks,” he says.

Ashkenazi expects cyber criminals to keep finding sophisticated ways to bypass security systems and launch successful attacks, but believes that more secure chips will make this difficult. He adds: “While leveraging the security level of chips is important, it will not be a silver bullet that will solve cyber security issues. 

“Hackers come with new ways to attack designed security systems, but it will continue to be a race between hackers and security experts. Thanks to more secure chips, we can make it much more difficult for hackers to reach their goals.”

Related Resource

Four cybersecurity essentials that your board of directors wants to know

The insights to help you deliver what they need

Download now

An exciting development 

Hack-resistant chips aren’t a completely new invention, though. Frank Downs, director of cybersecurity practice at ISACA, calls the development of these chips an old idea with a modern twist.

“Similar to how the cloud has existed for decades but a cultural relabeling has revitalised the idea of storing data offsite, so has the development of unique, highly customised hardware which limits functions during processing,” he says

“Specifically, over the last decade, Advanced Reduced Instruction Set Computer Machine (ARM) has worked with governments and corporations to build an architecture which has provided only approved functionality to specific organisations.”

Downs admits, however, that these chips could still be infiltrated by attackers if they’re not designed well enough. “Corporations believe that through coordinating directly with chip designers, such as ARM, they will strengthen their risk portfolio and reduce potential exploitation by nefarious actors such as hackers and advanced persistent threats (APTs),” he says. 

“However, no matter how uniquely a chipset is designed, unless the designers also produce the chip on site, under their own scrutiny, these devices still go through susceptible manufacturing processes.” 

The main issue, according to Downs, is that the final owners of the chipset do not control the entirety of the manufacturing process of the chip.  He continues: “As such, the supply chain represents a perpetual vulnerability for organisations hoping to secure their hardware by building a chip that is specific to their functions.  

“Previous famous hardware attacks discovered that many compromised chipsets had no changes made to the chip architecture as designed. Until organisations can ensure the security of their chipset supply chains, corporations, governments, and enterprises will still stand at risk from hardware hackers.”

Far from perfect

While many experts view hack-resistant chips as an exciting development in the cyber security arena, others are more doubtful about this technology. Joseph Carson, chief security scientist and advisory CISO at Thycotic, points out that 100% security doesn’t exist and that everything has a weakness. 

As a result, he believes that hack-resistant chips will never really live up to their name. He tells IT Pro: “The so called hack-resistant chips will probably make it more difficult for cybercriminals but could mean they will be expensive or too complex to use.

“Such chips also mean they are likely going to be single purpose and have strict configuration changes for updates, meaning that any time new features are available it means a new chip. Chips that are more resistant to cyber-attacks are always welcome, but they must be easily enabled, not complex, affordable and available for everyone.”

He says that to make chips more secure, they must have security enabled by default that is easily configured and updated. “This makes secure chips more accessible to be used by more organisations globally as the more organisations use it, the more relevant they become.  Secure chips must also be easily replaceable when vulnerabilities or major risks are identified,” adds Carson. 

In today’s interconnected and digital economy, cyber attacks are a big challenge for businesses of all industries. Although mitigating these risks isn’t easy, innovations such as hack-resistant chips will surely excite many. However, like any emerging technology, they have their fair share of downsides and won’t ever be 100% perfect.

Featured Resources

2021 Thales cloud security study

The challenges of cloud data protection and access management in a hybrid and multi cloud world

Free download

IDC agility assessment

The competitive advantage in adaptability

Free Download

Digital transformation insights from CIOs for CIOs

Transformation pilotes, co-pilots, and engineers

Free download

What ITDMs did next - and what they should be doing now

Enable continued collaboration and communication for hybrid workers

Recommended

Senate report slams agencies for poor cyber security
cyber security

Senate report slams agencies for poor cyber security

3 Aug 2021
Most employees put their workplace at risk by taking cyber security shortcuts
cyber security

Most employees put their workplace at risk by taking cyber security shortcuts

27 Jul 2021
61% of organizations say improving security a top priority for 2021
cyber security

61% of organizations say improving security a top priority for 2021

29 Jun 2021
ProtectedBy.AI’s CodeLock blocks malware at source code level
software as a service (SaaS)

ProtectedBy.AI’s CodeLock blocks malware at source code level

9 Jun 2021

Most Popular

Microsoft 365 prices to soar by 20% for pay monthly subscribers
Managed service provider (MSP)

Microsoft 365 prices to soar by 20% for pay monthly subscribers

7 Dec 2021
CTO job description: What does a CTO do?
Business strategy

CTO job description: What does a CTO do?

6 Dec 2021
VMware Cloud workload migration tools
Whitepaper

VMware Cloud workload migration tools

3 Dec 2021