Why is it so hard to make secure chips?

摘要

Chip security has long been the domain of smart cards. These microcontrollers are specifically designed to thwart many different attacks in order to deliver typical security functions as payment cards, electronic passports, and access cards. With the advent of IoT everything is changing. Billions of devices will need security. We need access to our information sources and property. We expect our privacy to be respected and rely on the confidentiality of our sensitive information. We trust that our assets are well protected and cannot be manipulated by criminals. Can chip technology actually deliver on these demands? In this presentation we start by looking at the security architecture of electronic devices and mechanisms to restrict access and protect information. Then we explain the threat landscape and explain different types of attacks. Next we zoom in to security properties of the chips, which are at the core of all electronic devices. Finally we show how attack resistance can be tested and how chip vendors can gain assurance about the security of their products.