2003 Sept 8
Google found this and cached it as follows:
Chip vendors are being called to the front lines in a war against cyberterrorists trying to sabotage networks and thieves seeking access to sensitive data. And many vendors of processor devices and related intellectual property are heeding the call to action.
OEMs and carriers are looking to make mobile phones and wireless networks airtight with chips that encrypt data for safe transmission. Such devices are beginning to make their way into handsets and other mobile gear, but could also find a home in PCs and even cellular basestations.
Mobile phones, it turns out, are susceptible to attack, as clever hackers have shown in recent years. Not all mobile phones are built the same way, which makes them more resistant to widespread attack than PCs. But operators with a strong economic incentive to sell more than just voice services are pushing phone makers to add more processing capability. Often this is done by adding an applications processor, which creates an opening for would-be hackers.
“There’s been a heavy investment by operators and carriers, and to get a return on investment they’re having to offer higher-value capabilities and services that involve downloading MP3s, video or financial transactions,” said Findlay Shearer, platform marketing manager for mobile products at Motorola’s Semiconductor Products Sector.
Wireless-network operators have already gotten their first taste of disaster. Last year, it was reported, hackers in Europe unleashed a wave of short messages that crashed certain phones. And in Japan, an e-mail sent to mobile phones triggered a piece of code that usurped the handset, causing it to call Japan’s national emergency hot line every 20 minutes.
It’s no surprise then that Intel Corp., which will announce its security strategy for processors going into handhelds this month, says its first aim is prevent attacks on the network. “The first thing that has to be addressed is the carriers’ concerns. For them network downtime is a loss of revenue,” said Lynn Comp, strategic technology planner for Intel’s Personal Internet Client Architecture group.
Almost by default, a disproportionate share of the burden of making mobile phones and other portable devices more secure has fallen on the shoulders of chip and processor-core vendors. One reason is that there’s not enough spare room or battery power to add a separate security chip with heavy-duty features like data encryption. More likely, it has to be done on the same die where the video- and audio-processing engines reside.
And while much can be done to make enterprise-level operating systems more secure, it’s more difficult to do the same with embedded OSes when memory constraints are so tight. “Generally the OSes run at the same level of privilege, and there’s lots of code. It makes it difficult to segregate the sensitive stuff,” said Richard York, security technology program manager for ARM Ltd., the leading provider of cell phone embedded-processor cores.
While electronic security is an established discipline, chip vendors are finding that the mobile version isn’t an entirely straightforward exercise. For starters, processor vendors are relatively new to the field, which implies a certain level of uncertainty and hesitancy. One reason is that there are holes that must be filled, such as an agreement on a digital rights management standard that will satisfy content providers and network operators. Silicon vendors don’t want to take the time to design in new hardware that won’t be used later.
“The issue for the IC manufacturer is that they take a fair amount of time to build in hardware,” said Richard Chesson, director of marketing for multimedia platforms at STMicroelectronics.
The move to more-open architectures and standard application middleware may also lead to more attacks. Many em-bedded applications are based on processor cores with well-known instruction-set architectures. A hacker who knows the ISA and studies the data sheet may try to interrogate the OS or probe voltage signals to uncover sensitive data, some say.
And even if they succeed in building in security functions, chip vendors must also explain the technology to customers who may know little about the underlying issues. “One of the things about security is that it’s meant to prevent, not to enable; it’s a difficult message to articulate,” said Intel’s Comp. “The other thing is that designing security correctly depends on the threat model and the type of application at risk [for it].”
Bring in the troops
Chip vendors say they are up for the task. Indeed, processor security is seen as one of the next big market opportunities as customers become more aware of threats to their networks. In the last year, more than a few chip vendors have announced plans to harden their processors in hopes of selling peace of mind to customers.
Among them is ARC International, which recently added security extensions to its ARCtangent processor core and developed a security software package. The company thinks the market for processors with security features is on track to grow 20 to 30 percent a year, especially as transactions over wireless LANs become more common. “It’s not a huge issue today, but all indications are that it will be in the future,” said David Fritz, vice president of technical marketing for ARC.
From a design perspective, chip makers say they have the tools to prevent security breaches with a mix of hardware and software, either by modifying the CPU core itself or adding hardware coprocessors (see story below). Some chip makers do both. And the shift to 0.13-micron design rules means they can add hardware without worrying so much about power and performance, many say.
Moreover, chip vendors can glean much from what is already known about electronic commerce. Thanks to the banking industry, chip vendors have a number of well-established cryptography algorithms they can readily build into silicon or create hooks for into instruction sets.
Much can likewise be learned from smart cards. MIPS Technologies Inc., for one, worked closely with French smart-card maker Gemplus to add security features to some of its 32-bit processor cores. Sharp and Philips have licensed the technology, specifically for smart cards.
“Smart-card manufacturers feel strongly about anti-hacking capabilities so that you can’t figure out what’s going on in the card and the reader, either from physical inspection or electrical analysis,” said Mike Uhler, chief technology officer at MIPS. “If you haven’t been through it, you don’t realize its importance.”
There’s no set formula on how to make a processor hack-proof, but some common approaches are emerging. One is to add extensions to the instruction-set architecture, a tactic favored by companies like ARM, MIPS and ARC. In some cases these instructions can support cryptography “primitives” that are common in all cryptographic techniques.
Another practice is to sequester the sensitive data from the rest of the CPU. ARM goes so far as to call this technique a “virtual CPU” that works in parallel with the main processing engine.
With these developments, it’s not hard to imagine a day when nearly all embedded processors have some minimal level of security, especially as more devices connect to the Internet. As chip vendors take on more of the embedded systems’ hardware and software tasks, they have plenty of tools and expertise at their disposal. The question now is whether they will prove as adept at thwarting attacks on the hardware as they have in developing faster, cheaper and lower-power CPUs.