Social Icons

Showing posts with label hardware. Show all posts
Showing posts with label hardware. Show all posts

Tuesday, December 22, 2015

NULL MEET - OWASP : HARDWARE TROJANS

1.    null is India's largest open security community. It is registered as a non-profit society in 2010 and has been active since even before that. null is about spreading information security awareness. Activites such as null Monthly Meets, null Humla, null Bachaav, null Puliya, null Job Portal are for the overall cause of spreading awareness on the evolving cyber threat.


2.  In my continued association with the community I had recently given a presentation on Hardware Trojans which is shared below for info.

Monday, May 04, 2015

Hardware Trojans : Do we have a Solution or Clue to resolve?

1.    IT Security is an ever interesting field and those passionate about this field will always find surplus to read about so many happening things in the field.In the already chaotic environs of Cyber Security there comes another GIGANTIC issue...by the name of HARDWARE TROJANS and I use this word Gigantic not just to reflect my reaction on the subject...but for any first time reader on the subject this will be a huge issue in times to come and is already in for majors.The issue is yet unattended because no one has clue where to detect,how to detect and what to do to resolve?

2.   Electronic systems have proliferated over the past few decades to the point that most aspects of daily life are aided or affected by the automation, control, monitoring, or computational power provided by Integrated Circuits (ICs). The ability to trust these ICs to perform their specified operation (and only their specified operation) has always been a security concern and has recently become a more active topic of research. Without trust in these ICs, the systems they support cannot necessarily be trusted to perform as specified and may even be susceptible to attack by a malicious adversary.A new disruptive threat has surfaced over the past five years  , a hardware-based security threat known as the Hardware Trojan.Hardware Trojans are intentional,malicious modifications to electronic circuitry designed to disrupt operation or compromise security including circuitry added into Integrated Circuits (ICs). These ICs underpin the information infrastructure of many critical sectors including the financial, military, and industrial sectors.Consequently, hardware trojans pose a security risk to organisations due to the broad attack surface and specific organisations’ reliance on ICT infrastructure. Hardware trojans can be difficult to prevent and even more difficult to detect. Most of the current security protection mechanisms implicitly trust the hardware, allowing hardware trojans to bypass software or firmware security measures .Hardware trojans inserted during fabrication or design stages can become widely dispersed within an organisation and pose a systemic threat.

3.   Hardware Trojans are usually composed of a Trigger and a Payload.The trigger is the activation mechanism and the payload generates the effect. Prior to triggering, a hardware trojan lies dormant without interfering with the operation of any electronics.The trigger mechanism for our network hardware trojan is based on a communication channel in network packet timing, while the payload is an adjustable degradation level of the ethernet channel through noise injection into the ethernet controller’s clock.
4.  The ease with which Hardware Trojans can make their way into modern ICs and electronic designs is concerning. Modifications to hardware can occur at any stage during the design and manufacturing process, including the specification, design, verification and manufacturing stages. Hardware Trojans may even be retro-fitted to existing ICs post manufacture.

5.   With above as a preview it makes any one wonder upto what extents would one require to go for a 100 % secure IT attribute.Imagine the risk stake this would put on a typical country who is entirely dependent on global vendors for its own Defence and Consumer goods....or for that matter even developing countries would feel the pinch....no clue as to where to start from...or even if a frame work is desired to setup a standard for controlling this menace it would be prudent to only get dependent off shores since in most of the cases expertise would not exist only.......

Thanks to these two papers for giving me an over view on the subject.

Hardware Trojans – A Systemic Threat by John Shield, Bradley Hopkins, Mark Beaumont, Chris North

Hardware Trojans – Prevention, Detection,Countermeasures by Mark Beaumont, Bradley Hopkins and Tristan Newby

Friday, October 08, 2010

Security Enabled Hardware :INTEL - McAfee Merger

1.      “Security is more effective when enabled in hardware” provisions for something in the pipe known as Security Enabled Hardware.Howzzz that???? There has been a lot of speculation about the rationale behind Intel's recent acquisition of McAfee....well if u r not aware of this Intel’s proposed $7.7billion purchase of McAfee that comes as the most magnanimous takeover deal in the chip giant’s 40-odd-year history....u better be now....although there is no product roadmap to speak of yet.




2.       McAfee technology deeply desegregated into Intel products would mean adding security functionality into Intel’s chip. But would this pushing security into silicon be able to negate the increasingly sophisticated and dynamic threats from cyber crime? Though components of security could be significantly enhanced if chips were designed integrating this way. What about updates,patches etc


3.       Security in the 21st century is about being dynamic, responding to the ever-changing threat landscape in real-time, which you can do with a cloud-based system powered by a network of threat intelligence sensors and reputation-based technologies that stop threats before they even hit the device. Pushing security down to the hardware level makes it very difficult to be reactive, agile or fundamentally secure.

Powered By Blogger