Hardware-Based Security (HardSec): From Theory to Practice

One of our key editorial principles at Journal of Cyber Policy is to nerd out a little, but not so much that it causes eye rolls and high bounce rates. Some topics, though, really beg for some modest nerding out. Hardware-Based Security (HardSec) falls into this category.

HardSec is all about creating a stronger security posture by replacing easy-to-hack software-based solutions with purpose-built hardware. With functionality burned into the silicon, it becomes much harder, if not impossible, to hack the system. HardSec is now moving from the theoretical realms of the white board into actual products that address security risks.

To understand the appeal of HardSec, it’s necessary to get at the root cause of most security vulnerabilities.

To understand the appeal of HardSec, it’s necessary to get at the root cause of most security vulnerabilities. While poor network security and faulty trust models are to blame much of the time, the most basic and profound risk exposure stems from the endless programmability of the CPU itself. “The modern world of computing and smartphones is dominated by the concept of the ‘Turing Machine,’” explained Henry Harrison, Co-founder and CTO of Garrison, a maker of HardSec solutions.

“We love the infinite openness and adaptability of a Turing Machine. It can do anything we want!” he added. “But, it can also do whatever a hacker wants. It’s a fundamentally insecure design that creates an impossibly weak foundation for risk mitigation.”

The Turing Machine is a theoretical device envisioned in the 1930s by the legendary Alan Turing, considered the father of the modern computer. The idea of using symbolic logic (rather than manual switches) to create a universally programmable smart machine was a remarkable insight, decades ahead of its time. Today’s software-based CPUs are all essentially Turing Machines by design, i.e. the CPU is a blank slate, instructed by the OS and its various libraries and utilities along with application software.

From a security perspective, however, the Turing Machine is essentially impossible to lock down.

From a security perspective, however, the Turing Machine is essentially impossible to lock down. Malware works because it succeeds in re-programming the CPU to do what it wants, not what the CPU is supposed to do. The flexibility of the Turing Machine also makes it hard for security software to achieve its goals consistently, according to Harrison.

The HardSec security architecture and industry methodology replace the Turing Machine with hardware built with field-programmable gate arrays (FPGAs). An FPGA is an integrated circuit that can be programmed after it’s manufactured (in the field).  FPGAs comprise an array of programmable logic blocks as well a hierarchy of reconfigurable interconnects. The interconnects enable the blocks to be connected like logic gates, enabling them to perform compute functions.

Garrison has realized the HardSec concept by deploying FPGAs in a safe web browsing use case.

Garrison has realized the HardSec concept by deploying FPGAs in a safe web browsing use case. Based on work they did for the British government, Garfield and Harrison developed an FPGA-based browsing technology that eliminates the risk of malware-bearing websites corrupting the user’s device. The Garrison SAVI® (Silicon Assured Video Isolation) platform enables users to browse the web safely by loading the site content onto an FPGA-based machine. If the site content contains malware, it will be unable to re-program the logic of the SAVI machine. It’s not a Turing Machine. SAVI then forwards the web content, in video form, to the end user.

Encrypted Sensors is another firm dedicated to bringing the advantages of HardSec to the security market. The problem they are trying to solve is not based on the weakness of the Turing Machine CPU, but rather the vulnerabilities in the current standards for encryption. According to co-founder Brian Penny, “Encryption today is basically a matter of really hard math problems, which unfortunately can be cracked if enough compute power is applied against them. Computers are quite good at math, right? The looming threat of quantum computing will render current encryption methods worthless. We felt a new approach was needed.”

“Encryption today is basically a matter of really hard math problems, which unfortunately can be cracked if enough compute power is applied against them. Computers are quite good at math, right?”

Encrypted Sensors takes a hardware-based, non-algebraic approach to securing data. It uses FPGAs to do real-time encryption at the bit level. The base version of the company’s encryption has over 10⁵¹² possible variations. By putting encryption on an FPGA chip, there is also a physical barrier to attack. “There are no back doors in an FPGA chip that can only be updated physically,” Penny added.

This last point is worth explaining: As their name suggests, an FPGA can be reprogrammed, which would make it vulnerable to remote attack. However, by making the programming contingent on physical access to the chip, an FPGA chip becomes impenetrable.

Photo Credit: adafruit Flickr via Compfight cc