Lessons From The Cold War

From the red phone to pay TV, it’s important to know who’s on the other end of the line.

popularity

With the ongoing threats to our electronic devices, it is obvious that security needs to be improved in the application and communication chips on the mobile platform. The ideal solution would be as secure as the celebrated red phone on the U.S. president’s desk in the Oval Office during the Cold War.

The implementation of the red phone is actually much more complicated than red-colored handsets connected by a dedicated line as we have seen in the movies over the years. It is a much more elaborate secure communication link for transmitting text messages that has evolved over time.

Although the implementation has changed from teletype writer to facsimile to computer link, the main aspect of an absolute secure link has not. Each side knows who is on the other side and the purpose of the link is for absolute critical information only with the extreme case being an accidental nuclear strike. The cost for such implementation is high but the cost for missing or false information in extremely critical situations even higher. As such, it is not economically viable for the day-to-day communication of the general public.

However, what this red phone link clearly demonstrates is the end-to-end secure link with verified contacts on both ends.

When we pick up a phone and talk with a person we know we can verify authenticity because of the capabilities of our superb senses (ears, brain). We can quickly tell if that person has caught a cold or what that person’s emotional state is. We are extremely good and fast at this. When the audio connection is bad, we ask questions that only that person would know how to answer. We can quickly figure if that person cannot speak “freely” or is in a rush. In short, we can establish and check authenticity quickly and in real time.

Contrast this with pure data communication where none of the above mechanisms are available. One has to mimic the complex sensual verification above with binary information… a tall order.

Most of today’s standards are based on establishing a root-of-trust that basically represents a unique ID (similar to a human fingerprint, retina or voice profile). That “binary” fingerprint or key needs to be stored in the chip. It must be protected against alteration attempts as well as from being copied to avoid cloning with other words to ensure that it remains unique and one of a kind.

The two main security aspects are:

  1. Establish and verify authenticity
  2. Protect unique ID against altering or cloning

One of the highest profile hacking events took place in 2013 when Target’s internal network was breached and credit card data for 70 million customers was stolen. Hackers gained access to Target’s internal network via a networked HVAC control unit.

With the era of the autonomous car on the horizon, all car manufactures and a good cross-section of drivers are concerned about creating a secure environment for passengers. They can learn from other industries for good examples of secure networks. In fact, two that have worked hard to eliminate vulnerabilities are military and gaming, both intent on protecting their intellectual property. Pay TV is another.

Vendors in the Pay TV space keep close control on their IP and use tamper-proof security measures to do so because once a set-top box is compromised, it’s impossible to collect fees for premium channels or pay-per-view content. With the trend toward streaming digital content (movies, concerts, sport events, etc.) to mobile devices such as smart phones or tablets, the same need for close control also applies to these devices. The clear objective is that only the authorized user is able to consume the digital content he or she has subscribed to.

As with human fingerprints, retina scans or voice profiles, every little detail counts. So does every single bit in digital IDs and keys that call for integrity and protection at the bit level.

The military, gaming and Pay TV industries have adopted one-time programmable (OTP) embedded non-volatile memory (eNVM) to keep their system IDs and keys secure at the bit level. Adjacent industries including mobile payment, a market conscientiously working to thwart hackers and avoid other vulnerabilities, have as well. Once the embedded memory is programmed, it’s tamper resistant.

This embedded OTP memory is built using standard, commercially available CMOS logic process technologies and delivers high density, performance and reliable electrically field-programmable solutions at a low cost. Because this embedded memory is foundry agnostic, chip vendors do not need to change their designs when they decide to port to another foundry.

All told, the closer we can get to a red phone implementation, the higher the resulting security will be. As digital communication increases exponentially, it is of utmost importance to address security. This includes use of available and proven on-chip OTP memory for secure ID and key storage to keep our electronic devices protected against hacking and will go a long way to reduce security weaknesses.