research institute in secure hardware & embedded systems (rise) - iot security … ·...
TRANSCRIPT
![Page 1: Research Institute in Secure Hardware & Embedded Systems (RISE) - IoT Security … · 2019-04-16 · Need for Hardware Security : Nov 2016 • Demand for Hardware Security research](https://reader036.vdocuments.site/reader036/viewer/2022081406/5f0f01bd7e708231d4420602/html5/thumbnails/1.jpg)
Research Institute in
Secure Hardware & Embedded Systems
(RISE)
Professor Máire O’Neill
![Page 2: Research Institute in Secure Hardware & Embedded Systems (RISE) - IoT Security … · 2019-04-16 · Need for Hardware Security : Nov 2016 • Demand for Hardware Security research](https://reader036.vdocuments.site/reader036/viewer/2022081406/5f0f01bd7e708231d4420602/html5/thumbnails/2.jpg)
Need for Hardware Security
Sourc
e:
Ericsson M
obili
ty R
eport
, N
ov
2016
• Demand for Hardware Security research & innovation increasing with growing security needs
in embedded & networking devices, and cloud services
• A key driver is the Internet of Things (IoT)
• Multi-layered approach to security needed
– Establish a trusted computing baseline that anchors trust in tamper-proof hardware
• A strong hardware security foundation essential for realising secure systems
![Page 3: Research Institute in Secure Hardware & Embedded Systems (RISE) - IoT Security … · 2019-04-16 · Need for Hardware Security : Nov 2016 • Demand for Hardware Security research](https://reader036.vdocuments.site/reader036/viewer/2022081406/5f0f01bd7e708231d4420602/html5/thumbnails/3.jpg)
Need for Hardware Security
Practical attacks of IoT devices have already been demonstrated.
Source: cdn.arstechnica.net Source: securityaffairs.co
Source: www.digitaltrends.com Source: drprem.com
![Page 4: Research Institute in Secure Hardware & Embedded Systems (RISE) - IoT Security … · 2019-04-16 · Need for Hardware Security : Nov 2016 • Demand for Hardware Security research](https://reader036.vdocuments.site/reader036/viewer/2022081406/5f0f01bd7e708231d4420602/html5/thumbnails/4.jpg)
Counterfeit Devices/Internet of Cloned Things
What about cloned devices and untrusted supply chains?
In 2011, the Semiconductor Industry Association estimated the cost of electronics counterfeiting at
US$7.5 billion per year in lost revenue – true extent of electronic cloning unknown.
IEEE Spectrum, Oct 2013
“State-sponsored cloning is thought to be common”, IEEE Spectrum, April 2017
![Page 5: Research Institute in Secure Hardware & Embedded Systems (RISE) - IoT Security … · 2019-04-16 · Need for Hardware Security : Nov 2016 • Demand for Hardware Security research](https://reader036.vdocuments.site/reader036/viewer/2022081406/5f0f01bd7e708231d4420602/html5/thumbnails/5.jpg)
Counterfeit Devices
• Globalisation of supply chains
- Use of overseas foundries
- Third party IP
- Third party test facilities
• Reverse engineering of complex chips enabled due to
improvements in imaging instrumentation
- 3D imaging via optical microscopes
- Electron microscopes
Source: Chester Chronicle, 2015
Counterfeit devices could also host malicious software, firmware or hardware
![Page 6: Research Institute in Secure Hardware & Embedded Systems (RISE) - IoT Security … · 2019-04-16 · Need for Hardware Security : Nov 2016 • Demand for Hardware Security research](https://reader036.vdocuments.site/reader036/viewer/2022081406/5f0f01bd7e708231d4420602/html5/thumbnails/6.jpg)
Hardware Trojan Insertion
• First successful real-world
FPGA hardware Trojan
insertion into a commercial
product.
• FPGA bitstream is
manipulated to alter the
AES-256 algorithm in a way
that it turns into a linear
function that can be easily
cryptanalyzed.
Journal of Cryptographic Engineering, Sept 2017
![Page 7: Research Institute in Secure Hardware & Embedded Systems (RISE) - IoT Security … · 2019-04-16 · Need for Hardware Security : Nov 2016 • Demand for Hardware Security research](https://reader036.vdocuments.site/reader036/viewer/2022081406/5f0f01bd7e708231d4420602/html5/thumbnails/7.jpg)
Algorithmic flaw affecting Hardware security
• Algorithm flaw in constructions
of primes for RSA key
generation found in widely-used
library by Infineon
• Allows an attacker to computer
the private part of the RSA key
pair for commonly used key
lengths
• Libraries used in ID cards,
passports, TPMs, Github –
estimated that tens of millions
of devices affected
ACM CCS Conference, Nov 2018
![Page 8: Research Institute in Secure Hardware & Embedded Systems (RISE) - IoT Security … · 2019-04-16 · Need for Hardware Security : Nov 2016 • Demand for Hardware Security research](https://reader036.vdocuments.site/reader036/viewer/2022081406/5f0f01bd7e708231d4420602/html5/thumbnails/8.jpg)
• How do we detect counterfeit devices?
• How do we detect manipulated devices?
• Is it possible to build attack-resilient hardware platforms?
• How do we deal with untrusted manufacturing processes
& untrusted supply chains?
Major Research Challenges
![Page 9: Research Institute in Secure Hardware & Embedded Systems (RISE) - IoT Security … · 2019-04-16 · Need for Hardware Security : Nov 2016 • Demand for Hardware Security research](https://reader036.vdocuments.site/reader036/viewer/2022081406/5f0f01bd7e708231d4420602/html5/thumbnails/9.jpg)
Hardware Security Use-Cases
Combining hardware roots of trust (e.g. TPM, TEEs) with functional encryption/
signature approaches can allow sticky policies to be created for protected data,
incorporating attributes, such as:
Who (User ID): a trusted authenticator along with a TPM can use
biometric or other info to attest a user ID but maintain user privacy
What (Device ID): TPM can provide root of trust from system boot to
identify a device’s trust level.
Where (Location): verify device location or user’s presence
When: time-limited attributes for automatic expiry
How: read, write, print data access controls
Can we develop novel applications based on hardware roots of trust?
© https://fidoalliance.org
![Page 10: Research Institute in Secure Hardware & Embedded Systems (RISE) - IoT Security … · 2019-04-16 · Need for Hardware Security : Nov 2016 • Demand for Hardware Security research](https://reader036.vdocuments.site/reader036/viewer/2022081406/5f0f01bd7e708231d4420602/html5/thumbnails/10.jpg)
Vision
![Page 11: Research Institute in Secure Hardware & Embedded Systems (RISE) - IoT Security … · 2019-04-16 · Need for Hardware Security : Nov 2016 • Demand for Hardware Security research](https://reader036.vdocuments.site/reader036/viewer/2022081406/5f0f01bd7e708231d4420602/html5/thumbnails/11.jpg)
RISE: Global centre for research & innovation
in hardware security
Close engagement with leading UK-based
industry partners and stakeholders.
Go-to place for high quality hardware
security research
Translation of research into new products,
services and business opportunities for the
benefit of the UK economy.
A strong network of national & international
collaborators & research project partnerships
![Page 12: Research Institute in Secure Hardware & Embedded Systems (RISE) - IoT Security … · 2019-04-16 · Need for Hardware Security : Nov 2016 • Demand for Hardware Security research](https://reader036.vdocuments.site/reader036/viewer/2022081406/5f0f01bd7e708231d4420602/html5/thumbnails/12.jpg)
RISE Research Challenges
Understanding
Technologies
Underpinning
Hardware
Security
State-of-the-art HW security primitives: TRNGs, PUFs
Novel HW analysis toolsets & techniques
Attack-resilient HW platforms, HW IP building blocks
Maintaining Confidence in
Security Throughout
Product Lifecycle
Confidence in Developing Secure HW Devices
Supply Chain Confidence
Modelling of HW Security
![Page 13: Research Institute in Secure Hardware & Embedded Systems (RISE) - IoT Security … · 2019-04-16 · Need for Hardware Security : Nov 2016 • Demand for Hardware Security research](https://reader036.vdocuments.site/reader036/viewer/2022081406/5f0f01bd7e708231d4420602/html5/thumbnails/13.jpg)
Novel HW Security
Use Cases & Value
Propositions
Hardware-based Security Services
Novel Authentication, e.g. alternatives to passwords
Secure document viewers
Securing BYOD – attestation, roots of trust
Development & Pull Through
(Barriers to Adoption)
Ease of Development &
ease of leveraging best
security option
Education of Potential
User/Developer base Understanding Barriers
to Adoption
RISE Research Challenges
![Page 14: Research Institute in Secure Hardware & Embedded Systems (RISE) - IoT Security … · 2019-04-16 · Need for Hardware Security : Nov 2016 • Demand for Hardware Security research](https://reader036.vdocuments.site/reader036/viewer/2022081406/5f0f01bd7e708231d4420602/html5/thumbnails/14.jpg)
Measurable outcomes after initial 5-years
• A strong network of National & International collaborators and
research project partnerships
• Track record of rapidly transferring technological
breakthroughs into economic impact to increase the
competitiveness of UK industry
• Secured additional £5-10M in research funding to underpin
the Institute’s research activity
• Sustainability and growth plan for RISE Phase II
QUB PUF Demonstrator
![Page 15: Research Institute in Secure Hardware & Embedded Systems (RISE) - IoT Security … · 2019-04-16 · Need for Hardware Security : Nov 2016 • Demand for Hardware Security research](https://reader036.vdocuments.site/reader036/viewer/2022081406/5f0f01bd7e708231d4420602/html5/thumbnails/15.jpg)
Component Research Projects
• Dr Daniel Page, University of Bristol
SCARV: A Side-Channel Hardened RISC-V Platform
• Dr Robert Watson, Prof Simon Moore, Dr Athanasios Markettos,
University of Cambridge
IOSEC: Protection and Memory Safety for Input/Output Security
• Prof Mark Ryan, Dr Flavio Garcia, Dr David Oswald,
University of Birmingham
User-controlled hardware security anchors: evaluation and designs
• Prof Máire O’Neill, Queen’s University Belfast
DeepSecurity: Applying Deep Learning to Hardware Security
![Page 16: Research Institute in Secure Hardware & Embedded Systems (RISE) - IoT Security … · 2019-04-16 · Need for Hardware Security : Nov 2016 • Demand for Hardware Security research](https://reader036.vdocuments.site/reader036/viewer/2022081406/5f0f01bd7e708231d4420602/html5/thumbnails/16.jpg)
Next Steps
![Page 17: Research Institute in Secure Hardware & Embedded Systems (RISE) - IoT Security … · 2019-04-16 · Need for Hardware Security : Nov 2016 • Demand for Hardware Security research](https://reader036.vdocuments.site/reader036/viewer/2022081406/5f0f01bd7e708231d4420602/html5/thumbnails/17.jpg)
RISE - Next Steps
• Open call for participation in Advisory Board
Member companies & stakeholders will have an opportunity to:
- Engage with the research projects and gain early sight of project outputs.
- Provide feedback on exploitation potential & offer commercialization opportunities.
- Inform future calls related to the Institute’s research challenges.
• Events to bring together the Hardware Security community in the UK
Spring School – March 2018
• Develop International linkages & research partnerships
• Further targeted calls throughout lifetime of project
Next call May/June 2018