中文 English

Protecting ICs Against Specific Threats


Identifying potential vulnerabilities and attack vectors is a first step in addressing them. Anders Nordstrom, security application engineer at Tortuga Logic, talks with Semiconductor Engineering about the growing risk of remote hardware attacks, what to do when a chip is hacked, and where to find the most common weaknesses for chips. » read more

Building Security Into ICs From The Ground Up


Cyberattacks are becoming more frequent and more sophisticated, but they also are starting to compromise platforms that until recently were considered unbreakable. Consider blockchains, for example, which were developed as secure, distributed ledger platforms. All of them must be updated with the same data for a transaction to proceed. But earlier this year a blockchain bridge platform calle... » read more

Hardware-Supported Patching of Security Bugs in Hardware IP Blocks


New research paper from Duke University, University of Calgary, NYU & Intel. Abstract: "To satisfy various design requirements and application needs, designers integrate multiple Intellectual Property blocks (IPs) to produce a system-on-chip (SoC). For improved survivability, designers should be able to patch the SoC to mitigate potential security issues arising from hardware IPs; for incre... » read more

Common Weakness Enumeration


Understanding potential design vulnerabilities up front can help prevent future cyberattacks. Jason Oberg, CTO at Tortuga Logic, talks with Semiconductor Engineering about why CWE is so important, when it needs to be considered, and why no hardware design is completely bulletproof. » read more

Verifying Side-Channel Security Pre-Silicon


As security grows in importance, side-channel attacks pose a unique challenge because they rely on physical phenomena that aren’t always modeled for the design verification process. While everything can be hacked, the goal is to make it so difficult that an attacker concludes it isn't worth the effort. For side-channel attacks, the pre-silicon design is the best place to address any known ... » read more

Hardware Security Optimization With MITRE CWE


Whether you’re just starting to build out a hardware security program at your organization, or you’re looking to optimize existing hardware security processes, the MITRE Common Weakness Enumeration (CWE) database is an excellent resource to keep in your toolbox. What is CWE? A CWE is a type of vulnerability, or flaw, in the design of either hardware or software in embedded systems. Indi... » read more

IC Security Threat Grows As More Devices Are Connected


Designing for security is beginning to gain traction across a wider swath of chips and systems as more of them are connected to the Internet and to each other, sometimes in safety- and mission-critical markets where the impact of a cyber attack can be devastating. But it's also becoming more difficult to design security into these systems. Unlike in the past, connectivity is now considered e... » read more

Radix Coverage For Hardware Common Weakness Enumeration (CWE) Guide


MITRE's hardware Common Weakness Enumeration (CWE) database aggregates hardware weaknesses that are the root causes of vulnerabilities in deployed parts. A complete list can be found on the MITRE Hardware Design Webpage. Hardware CWEs are ideal to be used alongside internally developed security requirements databases and have been developed and submitted by both government and commercial design... » read more

Make Hardware Strong With CWE


What is a weakness? And why should we care? These questions are relevant in probably any field or context you may think of, well beyond engineering or electronics. While in some cases the first-level answers might be obvious, in many others they are not. Generally, weaknesses are considered bad things that can lead to malfunctions, injuries, and other undesirable situations. In many cases, they... » read more

Establishing A Special Interest Group On Common Hardware Weaknesses


It seems like almost every week yet another hardware security vulnerability is announced. Just last week a team of researchers disclosed a new attack called “Platypus”, an acronym for "Power Leakage Attacks: Targeting Your Protected User Secrets.” This is another attack exploiting the simple fact that hardware sits below the conventional security abstractions and finding a vulnerability i... » read more

← Older posts