Baking security into customized chips
- By Eric Tegler
- Dec 21, 2017
One sector of the cybersecurity community wants to secure embedded systems, not by adding more software but by locking down the processor hardware.
The Inherently Secure Processor (ISP), developed by Draper, a non-profit engineering and research firm, offers an alternative to the software-centric approach to cybersecurity with a chip designed to protect against classes of attacks. Increasingly attackers can cross cyber boundaries guarded by software, disrupting or altering the functionality of interconnected physical systems and devices. In 2016, for example, the Air Force identified vulnerabilities in 50 weapons systems -- from satellites to the F-35.
“We have [Defense Department] clients that have very hard requirements, and it’s very difficult for them to meet those with software,” said Draper Cyber Technologies Program Manager Chris Lockett. “Adding software to secure a system adds complexity and often makes the problem worse.”
“The current CPU architecture hasn’t changed since 1947,” he added. “A processor processes data and instructions as fast as it can. What we’re doing is applying policies to the data instructions in-line to the CPU processing with a minimal performance hit.”
The ISP integrates with commercial processors and enables the hardware to identify and block bad data and instructions (how hackers compromise systems) and remediate the attack at cyber-relevant speeds. It is not simply a gatekeeper, cordoning off processing or memory from unwanted instructions. Rather than shut down or significantly limit a device/system, it works to maintain functionality and resiliency.
“How you handle what you detect is as important as the fact that you can detect it,” Lockett affirmed.
Draper is initially targeting the ISP at embedded devices. In addition to DOD applications, the company sees the ISP as highly relevant to the power grid. The technology and philosophy emerged from the Defense Advanced Research Project Agency’s 2010 Clean-Slate Re-design of Adaptive, Secure Hosts (CRASH) program, as well as previous efforts by the National Security Agency and chip makers to diminish the vulnerability of systems for which cybersecurity was not a design-phase consideration.
The ISP’s memory protection, control flow integrity, data providence and re-write/execute polices address over 95 percent of cyber vulnerabilities, according to Draper. The ISP policies can either be fixed or updated by isolated, protected firmware separated from the host processor. Clients may forgo updating the chip in the interest of even greater security.
“A lot of the current cybersecurity solutions effectively add holes and vulnerabilities,” Lockett observed. “Teams here at Draper use [add-on] hardened software to actually break into systems.”
Lockett’s sentiment was echoed by Rodney Joffe, senior fellow at IT authentication/security firm Neustar. “No matter what you do in software, it doesn’t matter if the hardware is not already secured," he said. "With software, you’re actually expanding the attack surface. What Draper is doing is a no-brainer. They’re building on the right thing. It absolutely has to be done.”
Joffe added that a hardware-centric security emphasis has been followed by the Chinese in particular, underlining its criticality. Draper is addressing the commercial security side as well, spinning out a new firm called Dover Microsystems to market the ISP to chip makers.
A holistic approach to cybersecurity that begins with securing hardware is rapidly gaining acceptance within government, Lockett affirmed. “We have government agencies who say, ‘Thank goodness. We’ve spent money on very good security software. The ISP will help protect the networking software that’s running on our embedded devices.’”
In tackling security at the CPU level, Draper’s ISP offers a chance to decentralize risk and bake protection in from the start, an approach the cybersecurity community will surely hear more about.
This article was first posted to Defense Systems, a sibling site to GCN.
Eric Tegler is a freelance writer specializing in technology and defense issues.