New approaches are in research, but threats continue to grow.
Cyberattacks are increasing in frequency and sophistication, and the impact of those attacks is increasing almost exponentially as the amount and value of data continues to grow.
Cybersecurity Ventures projected the annual cost of cybercrime will grow from $8 trillion in 2023 to $210.5 trillion by 2025, with no end in sight. On the target list are a slew of industrial and commercial segments, including health care, infrastructure, banking, and education, as well as government agencies.
The question now is how “unbreakable” can these systems really be, and what is the cost?
More cyberattacks are coming
In April 2023, NCR was attacked. BlackCat ransomware hackers hit the company’s Aloha point of sales (POS) application, blacking out data center operations for NCR hospitality customers.
In March 2023, Western Digital reported a ransomware attack on its online memory platform, My Cloud Home, creating frustration for its users. Bloomberg reported that the crime also compromised 16,000 Western Digital users’ Social Security numbers.
The list goes on. What is alarming is the creation of a new hacking method called Bring Your Own Vulnerable Driver (BYOVD) capable of implementing the AuKill tool, which can disarm the security program by inserting malware with kernel privileges. Usually, these attacks start with phishing emails.
Designing an “unbreakable” system
With enough time and compute resources, even the most secure systems are assumed to be vulnerable.
“No system is absolutely unbreakable,” said Steve Hanna, distinguished engineer at Infineon Technologies. “With enough resources, any system can be broken. Still, there are many things we can do to make a system strongly resistant against attacks. A cybersecurity professional determines which security measures are needed for each situation – neither too much nor too little.”
Any security expert will tell you there is no such thing as unbreakable.
“A more accurate statement would be ‘practically unbreakable within a given timespan’ while considering the effort invested in the attempt,” said Nir Tasher, CTO of Winbond Israel. “A strong encryption scheme is one that, given what we know today, will take longer than our lifetime to break while using technologies we are aware of, either existing or in development, such as post-quantum computing.”
The key phrase here is “practically unbreakable,” and that is becoming harder to achieve. So even though a password with eight letters has 209 billion possible combinations, a computer can decode it in less than a second. The World Economic Forum has posted some interesting information to demonstrate how to protect a system with a good password. Adding an uppercase letter, for example, lengthens password decoding time to 22 minutes. A computer would take even longer to decode a 12-character password that includes one uppercase letter, one symbol, and one number – 34,000 years to be exact.
Practically unbreakable systems require balancing cost and risk. So even if you could create a system that is “literally” unbreakable, the cost would likely be so high that no one could afford it. For a smart home application, though, that would be overkill. A good password might be sufficient. In contrast, a much more sophisticated defense would be needed for a banking system or government agencies.
Chris Clark, senior manager for automotive software & security in Synopsys’ Automotive Group, said there is no unbreakable system. “A better perspective to address the unbreakable system issue is to ask what is the level of acceptable risk that we would refer to as ‘unbreakable.’”
Then the question becomes how much is that worth? “Using the automotive industry is an example, the price point of a vehicle ranges from $25,000 all the way to multiple millions of dollars,” Clark said. “OEMs need to answer how much overall value and cost does security add to the vehicle? While there is no unbreakable system, we do have the ability to design systems to be much more proactive on the new generations of vehicles in order to address cybersecurity threats. They have to be able to react or be proactive addressing cybersecurity threats in order to make the system seem unbreakable. When we architect system security appropriately and have all the supporting infrastructure to address cybersecurity risks effectively and quickly, then we can have the perception of an unbreakable system — even though we know in reality it’s not.”
Fig. 1: A secure architecture provides round-the-clock security monitoring and management along with remote debugging. Source: Twilio
While cybersecurity is important, it is shocking to experts that some users are still not keenly aware of the importance of designing security upfront.
“It is still common to see a security solution that is clearly an afterthought and essentially a wrapper to a system with a heavy-duty lock,” said Lee Harrison, director of product marketing for the Tessent division of Siemens EDA. “Security by design takes a different approach, analyzing the details of a system and adding security elements to ensure that all aspects of the system are secure — not just the front door. The common example used here is the locked gate with no other protection.”
Design principles
Cybersecurity is a dynamic process. While hackers are becoming more sophisticated, a defense mechanism needs to dynamically respond to the threats of the future. There is no set formula in designing a practically unbreakable system. However, some important design principles can help designers achieve that goal. These principles include being proactive, putting well-known and proven security standards in place, effective security deployment, chip architecture, securing memory, and proper AI implementation.
In relation to principles of designing a secure system, it is not difficult to understand at a high level, but the implementation can be quite complex.
Using security key as an illustration, Mike Borza, scientist, solutions group at Synopsys explained, “When you store the key in a chip, what is that key accessible to and what is its purpose in the system? The key used for identifying yourself should not be used to encrypt the code for the system. You also need to understand the vulnerability footprint of the system. Let’s assume the logical security of that key is very strong, but if it’s stored in a memory that’s easily accessible by somebody who can gain physical access to the chip, that may not be secure enough. Some developers use fuses to program keys into a chip. Those fuses encapsulated in the chip can be decoded easily with a microscope or with the magnification of a camera.”
Another principle is to avoid a “break once, break everywhere” attack. “In this case, once the key is stolen by hackers, every copy of the chip becomes vulnerable,” Borza said. “Additionally, you need to implement proven encryption and hacking algorithms to build secure protocols, integrity, protection for the software running in the chip to create security layers. These are all important parts of security.”
Standards
NIST, the federal body responsible for promoting and standardizing cybersecurity in the United States, publishes guidelines for achieving strong cybersecurity. Among the stronger recommendations by NIST is moving to quantum-safe cryptography.
Winbond’s Tasher noted this cryptographic scheme includes a set of encryption/decryption and signing/authentication algorithms that are considered to be strong — almost to the same extent with or without the advent of quantum computers. “NIST strongly urges that designs intended for use in the next 20 years move from classical algorithms to their quantum-safe counterparts,” said Tasher. “We are seeing this trend starting to become widespread in recent Internet Engineering Task Force (IETF) RFCs for next-generation internet protocols.”
A secure chip architecture
A nearly unbreakable system begins with a secure chip architecture. “This must include a way to articulate dynamic, at-run-time requirements,” explained Frank Schirrmeister, vice president of Solutions and Business Development at Arteris IP. “Examples include Arm’s v9 security capabilities, Memory Tagging Extensions, and Dover Microsystems’ CoreGuard’s Heap Micropolicy. MITRE’s Common Weakness Enumeration (CWE) lists software and hardware weakness types defined as a community effort, and the industry is actively driving techniques to check all those. Of course, an enumerated list in this domain is never complete and outdated when published, as the next one is always looming.”
The more data is moved, the greater the threat. “If you have a CPU or any processing unit today, many times there are vulnerabilities that are built within the architecture of how the system operates,” said Raj Jammy, chief technologist at MITRE Engenuity and executive director of the Semiconductor Alliance. “There’s firmware that gives instructions, and there are vulnerabilities from how prefetch happens. There are vulnerabilities in the operating system, and how it operates the internal data movement and data processing. And there are vulnerabilities when the data is sought from a memory device, which may be external or embedded and internal. Whenever data is getting transported, there is a vulnerability that hackers try to exploit.”
Hacker targets
Data is vulnerable when it is stored, as well. Memories are important components within a system because they are used in almost every design. Whether they are IPs, chipsets, memory modules, or data banks, they all need to be secured.
The term ‘memory’ actually refers to a few different types of storage elements, including runtime memory, temporarily holding code, and data accessed during the operation of the device. The information in this volatile memory is lost after every power cycle of the system, or when the information is replaced with other information during normal operation.
“Hacking the content of such memory has been the aim of malicious code inserted into the system (computer viruses, trojans, etc.), and there are state-of-the-art methods for protecting the content of such memories,” Winbond’s Tasher said. “The other type of memory, which is more appealing to attackers, is used to store data at rest. This data is not lost when the power is removed from the system. Such memories include hard drives, memory cards, boot memory devices, and secure storage elements in the system. These memories are unique in that they can theoretically be removed from the system and accessed directly by hackers, circumventing the system software protection layers. Understandably, they are more complicated to protect. Moreover, attackers use these memories to mount attacks to systems in a way that is harder to remove and rectify, since a simple power cycle will not remove malicious code stored in them.”
Protecting the content of these non-volatile memories from malicious attacks is a major part of making a system resilient. “We look at three security aspects for such memories,” Tasher said. “The first and most obvious has to do with protecting the content from being accessed by an unauthorized entity. When data is encrypted in the memory, an attacker will not be able to unearth the true content. The second line of protection is to prevent unauthorized modification of the memory content, keeping an attacker from mounting permanent attacks to the system. The last protection method is content authentication – making sure that the system uses only genuine and complete data from the memory, reporting any corruption to the user and preventing system operation if corruption has occurred.”
Another popular attack surface is the interface to the software. “That’s why the techniques above (Arm v9 MTE, CoreGuard) insert at that level to allow system developers to design run-time security mechanisms,” said Arteris’ Schirrmeister. “Beyond the processing itself, these requirements trickle through to semiconductor IP development aspects. For example, memory interface and networks-on-chip (NoCs) add bits to be stored and transported, and thus have higher implementation costs.
The role of AI/ML
AI and ML are playing an increasingly important role in system security design. Creating a practically unbreakable system to have a strong defense is obviously important. But there’s no guarantee that sophisticated hackers won’t eventually figure out a way to bypass the defense.
AI/ML are important in the monitoring and malware detection process. They can learn new malware variances, and they can inform developers about the emergence of new attack patterns.
“When monitoring functional data within a system using Tessent Embedded Analytic monitors, determining what is and what is not incorrect or illegal behavior, in some cases can be very straightforward and performed by simple pattern matching,” Siemens’ Harrison explained. “However, in more sophisticated cases, a broader spectrum of data is required. Here, AI can be used to significantly speed up analysis processes and to determine the optimal working operation profile.”
The ongoing pursuit of unbreakable security
While cybersecurity has made great progress, hackers can and often do change the rules.
Case in point: When a system boots up, it has to be 100% secure, but clever hackers have been able to create malware to get into the OS/kernel level. To counter that, developers spend major efforts to ensure the OS/kernel level, as well as the hypervisors that manage virtual machines, are absolutely secure. Some refer to this level as the trusted computing base (TCB). It is a concept similar to secure boot. At this level, the system is free from infection of any malware and can be tested. However, maintaining security at this level requires manual methods. To reduce the size of TCB would reduce the efforts.
The RSA Conference 2023 awarded BedRock 10 Global InfoSec Awards for its “unbreakable” approach to cybersecurity. Essentially, the company came up with the idea of a microkernel-enabled hypervisor, enabling operating systems and applications software to run on top of the hypervisor while it is fully protected from the outside world.
Another research project has been underway to develop an “absolutely unbreakable” encryption chip using Chaos theory. A team of international scientists from the School of Physics and Astronomy at the University of St Andrews, King Abdullah University of Science and Technology (KAUST), and the Center for Unconventional Processes of Sciences (CUP Sciences), led by Andrea Fratalocchi, has developed an optical prototype chip that operates on light, and its encryption/decryption does not use the traditional software. The chaotic topography works on a mixture of chaotic waves and reversible time-varying silicon chips.
At the core, this technology provides a physically protected layer that enables two users to share an identical random key for symmetric cryptography, including a one-time pad (OTP) for perfect secrecy or mathematically secure systems, such as the Advanced Encryption Standard (AES) with keys longer than 256 bits. Even though hackers possess the chips, they won’t understand the information exchanged with them as the law of thermodynamics prohibits it. The challenge ahead is scaling and commercializing these “too good to be true” solutions.
Conclusion
The pursuit of unbreakable cybersecurity systems is a journey, made more complex by threat actors that get better all the time. Cybersecurity experts have made great progress creating systems that may seem to be practically unbreakable by observing system security design rules and principles. In parallel, researchers are thinking outside the box with new design techniques that don’t follow traditional design ideas.
Leave a Reply