Researching the hard problems in hardware security

What’s hardware security all about?

The CEO of Intel, Pat Gelsinger, recently asked an audience: “What aspect of your life is not becoming more digital?” I found it hard to identify any. And this hints at our problem: semiconductors, microchips, whichever term you want to use, are everywhere. They’re the foundation for every aspect of our digital lives. Yet often when we’re thinking about cyber security, we see software and networks, rather than the physical hardware underpinning them

A new chapter in the problem book

But to trust in the security of these digital products, we need to be able to trust the underlying hardware. In the https://www.ncsc.gov.uk/collection/problem-book/hardware-security” target=”_self”>new chapter in the NCSC problem book, we want to address this and put some structure around problems in the field. There’s already a thriving academic research community in hardware security, with several areas of strength in the UK, including the Research Institute for Secure Hardware and Embedded Systems. We think that with the right focus, the field can have a huge impact on cyber security.

What’s included – and what’s not

We’ve set out four problem areas that we think will benefit from more focus. They build up from the physical properties of an electronic device, through designing devices with security in mind, up to integrating these devices into wider systems.

You might notice that there’s no mention of future, or novel, computing. This is deliberate, for two reasons. Firstly, the problems are largely architecture agnostic: they apply whether you’re thinking about traditional CPUs, neuromorphic chips, quantum computing or any other future device. Secondly, we have a lot of problems to solve now, but if we can resolve them for current technologies then we can carry those solutions through to novel architectures.

How does this fit into the wider NCSC problem book?

There are several common themes across this chapter and the chapter on cross-cutting problems. You can consider the problems in https://www.ncsc.gov.uk/collection/problem-book/hardware-security” target=”_self”>the hardware chapter on their own, or view them as the hardware-specific aspects of the cross-cutting ones. This is most clear when we talk about trusting devices, which feeds into the wider problem of how we build trustable systems. Other links are less obvious, but secure credential storage in hardware is an important underpinning technology to make phishing a thing of the past.

Over the next few months, we’ll continue to publish further new problem book chapters, and you’ll notice that there continue to be common themes running through them too.

How can I get involved?

We want this to inspire research, ready for future funding opportunities, and provide understanding and context about where work is needed, and how it fits in. If you have research ideas or you’re already working on something in the field of hardware, you can let us know about it.

Charlie D
NCSC Technical Director for Hardware Security

Original Source: ncsc[.]gov[.]uk