Security

Alexander Sword of Computer Business Review says cyber security is often thought of as a software issue that can be solved with a software solution. However, this paradigm ignores hardware-based attacks, a type of cyber threat security providers are now taking quite seriously.

“There are still plenty of unsecured chips out there, vulnerable to several major types of hardware attack,” he explained. “These include side-channel attacks, which are techniques that allow attackers to monitor the analogue characteristics and interface connections and any electromagnetic radiation.”

Over the past few years, Rambus has evolved from a pure IP licensing business to a product-centric semiconductor company. Our diverse product portfolio currently includes memory and interfaces, along with security and smart sensor solutions.

The recent acquisition of Bell ID, along with its products, personnel and technologies, represents a strategic addition to our security division. Now an integral part of Rambus, Bell ID continues to help banks, governments and enterprises issue and manage credentials on smartphones, smart cards and connected devices. As an established leader in host card emulation (HCE), we are deployed worldwide and support all major cloud-based mobile payment platforms.

White hat security researchers Charlie Miller and Chris Valasek have once again hacked a 2014 Jeep Cherokee, this time plugging a laptop directly into the vehicle’s CAN network via a port under the dashboard.

“Instead of merely compromising one of the so-called electronic control units or ECUs on a target car’s CAN network and using it to spoof messages to the car’s steering or brakes, they also attacked the ECU that sends legitimate commands to those components, which would otherwise contradict their malicious commands and prevent their attack,” explained Wired’s Whitney Curtis. “By putting that second ECU into ‘bootrom’ mode—the first step in updating the ECU’s firmware that a mechanic might use to fix a bug—they were able to paralyze that innocent ECU and send malicious commands to the target component without interference.”

Asaf Ashkenazi, a senior director at Rambus’ security division, recently gave a keynote presentation about the future of mobile security at the Linley Group’s Mobile and Wearables Conference.

According to Ashkenzai, the demand for trusted applications on mobile devices has increased significantly in recent years.

“As the amount of valuable data stored and communicated across mobile devices continues to grow, the need for robust security solution becomes even more important,” he told conference participants.

Motherboard’s Michael Byrne recently covered a paper written by Rambus chief scientist Paul Kocher for Communications of the ACM. In the paper, Kocher observes that computer security issues have far exceeded the limits of the human brain. To illustrate his point, the chief scientist points to Ohio’s infamous Silver Bridge, which collapsed during rush hour in 1967.

“Instead of redundancy, the bridge used high-strength steel. The failure of a single eyebar was catastrophic. Today’s computing devices resemble the Silver Bridge, but are much more complicated,” Kocher explained. “They have billions of lines of code, logic gates, and other elements that must work perfectly. Otherwise, adversaries can compromise the system. The individual failure rates of many of these components are small, but aggregate complexity makes vulnerability statistically certain.”

As Bryne notes, Kocher views computer security as a scaling problem.