Cyber security experts in Abu Dhabi have found a way to create an “unhackable” electronic chip that could potentially be used in phones, cars and computers.
With the evolution of technology and manufacturing process giving way to less safety, researchers at New York University Abu Dhabi have just received a grant to deploy their work into a solution.
“This is the first prototype for a chip that has security features built in at the hardware level,” said Ozgur Sinanoglu, associate dean of engineering and associate professor of electrical and computer engineering at the university. “The purpose of this chip is a proof-of-concept to show that we can take any chip design, apply our software on the design to lock [it], and create trustworthy locked chips that are resilient to hardware-level threats such as counterfeiting, piracy, reverse-engineering and tampering.”
His research at the university’s Centre for Cyber Security on hardware security and trust is being funded by the US National Science Foundation, the US Department of Defence and the UAE-owned semiconductor manufacturing company Global Foundries, as well as Mubadala Technology.
“We take smart devices for granted but can we really trust them?” asked prof Sinanoglu, who is also the director for design at the excellence lab at the university. “When hackers break into certain devices, they want to share that with everyone so they come up with a set of instructions published on a website. It goes viral and it’s a huge revenue loss for the company.
“Up until a decade ago, this is mainly what hardware security was about – chips with secret assets for people to extract or manipulate this secret information.”
Implications of breach are serious as such chips are found in phones, cars, computers, airplanes, nuclear power plants, medical devices and critical safety and security applications. “So once our trust is compromised on these chips, then it’s compromised on pretty much all applications that [almost] control our lives one way or another,” he said. “Everything used to be centralised in one controlled facility under the control of a few people but now, the process on a single chip spans across the globe, various teams and different companies.”
He spoke of Apple, which has headquarters in California but sources design facilities in Europe, China and India, fabricates in South Korea, tests in Taiwan and assembles its packaging in China.
“Because the flow is highly distributed today, people are concerned about a variety of things,” he said. “We’re talking about all sorts of piracy problems to be able to control chips remotely, or disable them, or leak information from them.”
The new chip ensures a secure platform from start to finish in terms of the hardware.
“If the hardware is compromised, you can have the strongest operation system but you can’t talk about a trustworthy system,” Mr Sinanoglu said. “The UAE is investing heavily in this research and we’re more confident that this will be unhackable because we have mathematical definitions and theorems backing [its] security. We were now offered a grant by the [Defence Advanced Research Projects Agency] as part of a four-university team to turn it into an actual solution that can be deployed and we are hoping to have our software solution adopted by chip design companies so they can produce trustworthy chips.”
He has also set up a platform allowing potential hackers to attempt to break in, because “crowd-sourcing is the best way to test your security”.
“Our locks are in there but they don’t know the secret key,” he added. “We give them virtual access to the chip too but the idea is to see whether someone with this information can break it. We expect no one to.”
Experts said hardware is an area sometimes overlooked in terms of cyber security.
“It’s an issue that is forgotten about,” said Dr Fadi Aloul, head of computer science and engineering at the American University of Sharjah. “Hardware also has bugs and today, with the Internet of Things, those are also being targeted, so it is needed with new smart chips.
“The closer the security measures are to the hardware, the harder it is for the hackers to really take advantage of this chip.”
However, Dr Aloul also said that “unhackable” is very hard to say as the general rule of security is that there is no perfectly secure system. “We can say it’s very hard to hack, but nothing is impossible,” he said. “Given the time and resources, a weakness, like a vulnerability, can be found and exploited.”
Matthew Cochran, chairman of the Defence Services Marketing Council, said security must be holistic as “you are only as strong as the weakest link”.
“Chip security and hardening is fundamental to this as everything else above it in the stack is dependent on the chip not being compromised,” he said. “There is no point in having a secure operating system and encryption if the chip control of all these functions is accessible by [criminals].”