中文 English

Creating Comprehensive And Verifiable Hardware Security Requirements


Developing effective hardware security requirements is one of the trickiest aspects of building trustworthy electronic products. Even highly skilled and experienced teams don’t always get it right. Why? First, it’s very difficult to anticipate every security risk – much less cover every possible scenario with a specific security requirement. Instead, hardware security requirements o... » read more

A Security Maturity Model For Hardware Development


With systems only growing more sophisticated, the potential for new semiconductor vulnerabilities continues to rise. Consumers and hardware partners are counting on organizations meeting their due diligence obligations to ensure security sensitive design assets are secure when products are shipped. This is an iterative process, so a security maturity model is a critical element in getting it ri... » read more

Security Verification Of An Open-Source Hardware Root Of Trust


By Jason Oberg and Dominic Rizzo OpenTitan is a powerful open-source silicon root of trust project, designed from scratch as a transparent, trustworthy, and secure implementation for enterprises, platform providers, and chip manufacturers. It includes numerous hardware security features ranging from secure boot and remote attestation to secure storage of private user data. The open-source de... » read more

A New Phase In The Journey To Trustworthy Electronic Products


Semiconductor chips drive our everyday lives – and our global economy – in more ways than any of us could have envisioned when Tortuga Logic was founded in 2014. And similarly, the importance of hardware security has grown dramatically beyond what anyone could have predicted at that time. This has led us to redouble our effort to help the industry develop trustworthy products in the next ph... » read more

Ensuring Security By Design Is Actually Secure


Today’s connected systems touch nearly every part of consumers’ lives, from smart thermostats in our homes to self-driving cars on our roads. The adoption of these new devices has led to an explosion of new semiconductors and use models. But these novel conveniences also come with new risks. With vulnerabilities on the rise and the potential for remote attacks growing, product companies mus... » read more

Hardware Security Optimization With MITRE CWE


Whether you’re just starting to build out a hardware security program at your organization, or you’re looking to optimize existing hardware security processes, the MITRE Common Weakness Enumeration (CWE) database is an excellent resource to keep in your toolbox. What is CWE? A CWE is a type of vulnerability, or flaw, in the design of either hardware or software in embedded systems. Indi... » read more

ISO/SAE 21434: Secure Hardware Development In Modern Vehicles


Demonstrating the importance of security doesn't get much more memorable than Charlie Miller and Chris Valasek successfully hacking a Jeep and driving it into a ditch. The effects of that drive have been long-reaching, sparking conversations in both the media and automotive industry about the evolving threat landscape as vehicles become increasingly automated. The average car contains over 1... » read more

Building A More Secure U.S. Microelectronic Design Infrastructure


The security of the U.S. microelectronic designs and their supply chain is becoming a significantly growing concern for both commercial semiconductor companies and the Department of Defense (DoD). The industry has seen significant impact from both silicon shortages and vulnerabilities that have caused disruption in the assurance of microelectronics that power our autonomous vehicles, 5G, and co... » read more

COVID-19 And Cybersecurity: Pay Attention To Exponential Growth!


COVID-19 and cybersecurity – you may wonder what these two seemingly very different topics have in common. I would list two: Both of them are exponential in nature, which, as a society we have difficulties grappling with – making this one of the reasons for our uneven responses. Both of them require a multi-layered solution strategy that, while it does not need to be perfect, must b... » read more

Establishing A Special Interest Group On Common Hardware Weaknesses


It seems like almost every week yet another hardware security vulnerability is announced. Just last week a team of researchers disclosed a new attack called “Platypus”, an acronym for "Power Leakage Attacks: Targeting Your Protected User Secrets.” This is another attack exploiting the simple fact that hardware sits below the conventional security abstractions and finding a vulnerability i... » read more

← Older posts