Hardware attacks do not usually make the news. But they can capture headlines. Gaining physical access to hardware is difficult but not impossible. After all, this can be a way to conduct corporate espionage, extort money, or steal important documents. If you read our previous blog about why it is important to protect your hardware, you might be interested in learning the common hardware threats and how to avoid them.
You might have all necessary measures in place to make your data center and your servers physically restricted. Virtually no one without credentials and clearances can access your servers. Let’s also add that you took necessary precautions to protect your software and network. This means that your major systems are protected.
However, criminals may choose to target a side-channel through a sub-system outside the protected system. For example, most regular hard drives can be removed and plugged into another computer, thus, granting access to all the files.
The following strategies will help you improve the security of subsystems.
A Crypto Acceleration is a peripherical device that performs cryptographic functions in the hardware, instead of the software. As a result, encryption happens at the hardware level and removes software vulnerabilities that can be exploited. In fact, AES software can be injected malicious code which will facilitate decoding by a hacker. In contrast, the AES hardware will not be affected.
True Random-Number Generators
Have you ever used a “random code generator” as an authentication device to connect to a Wi-Fi network? More often than expected these random code generators follow a pattern that can be easily predicted or guessed. Most generators use time as a base to generate codes and if there is a way to know when the product was manufactured or first turned on, you might deduct the code. Time is not a true random element. If you really want to protect your company at every level, you must guarantee that your random code generators are truly random. For that, you must make sure that they are not based on non-random elements.
Memory and message encryption has been part of human history for a long time. Different cultures at different times have invented and leveraged the advantage of encryption devices to keep secrets: cyphers are just one example. With the latest technological advancements, ROM and RAM can be encrypted and prevent unauthorized access to data without the correct hardware. You can also find many microcontrollers with read-protect bits which prevent cloning firmware. Finally, you can find flashes and external hard drives with encryption in off-the-shelf options. Remember, it is important to protect the sub-systems and side channels as much as the main system and servers.
And if you really want to start protecting your systems at the root, you need to start with processors. Processors can run authentic and malicious code. So, you need to guarantee that your processor only runs authentic and non-malicious code. The core boot code in any system can never be verified for authenticity but the subsequent boot stages can. And that is where criminals will try to inject malicious code.
One way to secure the boot is by running code that is unchangeable and immune to code-injection attacks. The code checks the application to be loaded looking for confirmation of the code’s integrity. If there is malicious code injected, the system will run in a limited state or warn the operating system; thus, protecting your boot.
This strategy is related to secure boots because this technique also aims at helping verify if the code processors are running is authentic. Most CPU instructions are benign, but some can be dangerous and provide access to hardware, the stack pointer, or critical systems. Nowadays many SoC’s and microcontrollers leverage trust zones in their codes allowing the OS the highest access privilege to all instructions while processes have a lower access privilege to execute instructions and cannot access sensitive ones. As a result, if malicious code is injected, it is less likely to cause damage or attack critical systems on the processor.
Common hardware attacks include physically removing parts to gain access to I/O, like debug ports or memory channels. How to avoid these attacks? You can implement tamper pins. These pins can detect an external mechanical event, like enclosure opening. Once detection has occurred, the tamper pin will instruct the processor to perform a specific routine, like a reboot, to prevent sensitive data from being read or completely wipe the memory. Tamper pins can be disguised as obscure pins which appear to not have a specific function and, thus, avoid detection by the attacker.
This is the newest technological advancement in hardware protection: bus monitors. These busses are typically integrated into the SoC in microcontrollers and operate independently from the system. In addition, bus monitors are interconnected to several items and buses: I/O pins, registers, internal data buses, and programming ports. During regular operation, the bus leverages the internal connections of the die to monitor and learn the steady state. If an attacker injects malicious code or the steady state is disturbed, the bus monitor will act against the anomaly. Sometimes this will raise exceptions with the operating system or cause the system to reboot. The most advanced bus monitors can divert potential malicious requests away from the processor and return null values while logging the attempted attack.
We hope that these seven strategies or techniques to improve hardware protection will help your operation. Remember that protecting your sub-systems and side channels is particularly important in distributed infrastructures, IOT applications, and Edge Computing equipment because you may have installed equipment outside restricted areas. As a result, Airports, Hospitals, Automated Factories or Warehouses, Banks or Retails Stores can be more susceptible to hardware attacks.
Want to know more? Read our blog about 5 tips on how to apply hardware hardening to your facilities or learn about how a hardware OEM can help you protect your business starting at the hardware level. You can read more on our Cybersecurity Blog series.