If you are designing electronics to go into a satellite or a military drone, it better have a useful lifetime of 15-20 years or more. Ditto for the grid or other critical infrastructure, your car, medical devices, anything where we demand absolute reliability. Reliability also requires countermeasures against hacking by anyone from a teenage malcontent to a nation-state actor with unbounded resources.
Hacks and defenses are a moving target, demanding forward planning and agility in how a system can respond to new threats and defenses. A purely software-based security system would provide maximum flexibility but is no longer a credible option – software is easier to hack than hardware. Hardware options such as a root of trust provide better defense but are not arbitrarily flexible. A combination of hardware and software would be ideal, but the hardware must be optimized to support evolving defenses over that extended life. How is this possible?
We can’t be certain what future attacks might look like, but we can tap into the collective wisdom of those agencies and organizations most sensitive to security risks as a pretty good proxy. We ourselves also need to become more comfortable with anticipating risks we cannot yet see. As geopolitical tensions build and attack surfaces grow thanks to automation and concentrated targets of opportunity in cloud and communications infrastructure, a blinkered obsession over short-term priorities may be a fast path to obsolescence following the next big hack.
Raising the bar in security
While I’m not an avid fan of the hype around quantum computing, an organization with unlimited funds should eventually be able to build a system capable of cracking a production application based on say integer factorization. Cloud access would then herald open season on hacking pretty much anything.
Fortunately, there are algorithms that are resistant to quantum attacks (here is an easy intro to lattice-based ideas as one example). The Department of Homeland Security has documented a timeline for adoption of NIST approved standards for post-quantum cryptography (PQC), anticipating release of a “cryptographically relevant quantum computer” by 2030.
The cryptography engine forms the heart of any root of trust, in turn the heart of hardware security, supporting secure boot, anti-tampering, side-channel hardening, key isolation and more. Concrete evidence of the readiness of such an engine for long-term deployment in demanding security environments would then be its adoption in military grade applications operating under harsh environments (satellites for example). In automotive applications, compliance with the relatively recent ISO 21434 standard is a new hurdle to clear. Together, naturally, with ASIL-D compliance since security among all electronic functions must comply with the highest standards of safety.
Authentication, the ground truth for communication between the cloud and a device, depends on a strong PUF which should be certified for ISO/IEC 20897 compliance, a set of standards on how to assess PUF quality over an extended life cycle.
In addition, any credible long term solution must include a secure communication solution – secure in cloud support, in the communication channel and in the chip – for provisioning, updates, monitoring and intrusion detection.
Futureproofing is probably not going to be possible through piecemeal incremental extensions to an existing security strategy. But that shouldn’t be surprising; you wouldn’t expect a security architecture expected to meet a 15-year lifetime to require less than a major step forward. Secure-IC appears to worth investigating as a potential provider.
Secure-IC is a pure-play security company with focus on IP, software, and services. They are based in Cesson-Sévigné (France), with offices in Paris and subsidiaries in Singapore, Tokyo, San Francisco, Shanghai, Taiwan, and Belgium. They have over 130 staff, a billion IP shipped and over 200 customers worldwide. They spun out of Paris Telecom University in 2010 with a strong and continuing commitment to research in security, as evidenced in papers published regularly in multiple conferences and journals.
Secure-IC are involved in a number of standards organizations and are actively familiar with standards such as Common Criteria (CC), FIPS140-3, ISO21434, OSCCA (China), and IEC62443. They also actively involved in client security planning and development through security evaluations and services in support of security compliance and certification.
As usual given the sensitivity of the security domain they are reluctant to discuss customers. However, from my discussion with Benjamin Lecocq (head of sales for the US) and poking around on their website I was able to infer that they are already deployed in satellites (I’m guessing for defense/intelligence applications), they have a DARPA partnership, and they seem to have quite widespread adoption among automotive Tier1/2 and OEMs. They were also listed in the Financial Times survey of fastest growing companies in Europe based on highest CAGR for 2017-2022.
A company you should include on your shortlist of security partners, I would think. You can learn more from their website.
Share this post via: