Hardware security

Last updated December 22, 2023

Hardware security is a discipline originated from the cryptographic engineering and involves hardware design, access control, secure multi-party computation, secure key storage, ensuring code authenticity, measures to ensure that the supply chain that built the product is secure among other things.^[1]^[2]^[3]^[4]

A hardware security module (HSM) is a physical computing device that safeguards and manages digital keys for strong authentication and provides cryptoprocessing. These modules traditionally come in the form of a plug-in card or an external device that attaches directly to a computer or network server.

Some providers in this discipline consider that the key difference between hardware security and software security is that hardware security is implemented using "non-Turing-machine" logic (raw combinatorial logic or simple state machines). One approach, referred to as "hardsec", uses FPGAs to implement non-Turing-machine security controls as a way of combining the security of hardware with the flexibility of software.^[5]

Hardware backdoors are backdoors in hardware. Conceptionally related, a hardware Trojan (HT) is a malicious modification of electronic system, particularly in the context of integrated circuit.^[1]^[3]

A physical unclonable function (PUF)^[6]^[7] is a physical entity that is embodied in a physical structure and is easy to evaluate but hard to predict. Further, an individual PUF device must be easy to make but practically impossible to duplicate, even given the exact manufacturing process that produced it. In this respect it is the hardware analog of a one-way function. The name "physical unclonable function" might be a little misleading as some PUFs are clonable, and most PUFs are noisy and therefore do not achieve the requirements for a function. Today, PUFs are usually implemented in integrated circuits and are typically used in applications with high security requirements.

Many attacks on sensitive data and resources reported by organizations occur from within the organization itself.^[8]

Related Research Articles

Computer security, cybersecurity, digital security or information technology security is the protection of computer systems and networks from attacks by malicious actors that may result in unauthorized information disclosure, theft of, or damage to hardware, software, or data, as well as from the disruption or misdirection of the services they provide.

A field-programmable gate array (FPGA) is a type of integrated circuit that can be programmed or reprogrammed after manufacturing. It consists of an array of programmable logic blocks and interconnects that can be configured to perform various digital functions. FPGAs are commonly used in applications where flexibility, speed, and parallel processing capabilities are required, such as in telecommunications, automotive, aerospace, and industrial sectors.

A secure cryptoprocessor is a dedicated computer-on-a-chip or microprocessor for carrying out cryptographic operations, embedded in a packaging with multiple physical security measures, which give it a degree of tamper resistance. Unlike cryptographic processors that output decrypted data onto a bus in a secure environment, a secure cryptoprocessor does not output decrypted data or decrypted program instructions in an environment where security cannot always be maintained.

A rootkit is a collection of computer software, typically malicious, designed to enable access to a computer or an area of its software that is not otherwise allowed and often masks its existence or the existence of other software. The term rootkit is a compound of "root" and the word "kit". The term "rootkit" has negative connotations through its association with malware.

A backdoor is a typically covert method of bypassing normal authentication or encryption in a computer, product, embedded device, or its embodiment. Backdoors are most often used for securing remote access to a computer, or obtaining access to plaintext in cryptosystems. From there it may be used to gain access to privileged information like passwords, corrupt or delete data on hard drives, or transfer information within autoschediastic networks.

Data security means protecting digital data, such as those in a database, from destructive forces and from the unwanted actions of unauthorized users, such as a cyberattack or a data breach.

<span class="mw-page-title-main">Trusted Platform Module</span> Standard for secure cryptoprocessors

Trusted Platform Module (TPM) is an international standard for a secure cryptoprocessor, a dedicated microcontroller designed to secure hardware through integrated cryptographic keys. The term can also refer to a chip conforming to the standard ISO/IEC 11889.

A physical unclonable function, or PUF, is a physical object that for a given input and conditions (challenge), provides a physically defined "digital fingerprint" output (response) that serves as a unique identifier, most often for a semiconductor device such as a microprocessor. PUFs are often based on unique physical variations occurring naturally during semiconductor manufacturing. A PUF is a physical entity embodied in a physical structure. PUFs are implemented in integrated circuits, including FPGAs, and can be used in applications with high-security requirements, more specifically cryptography, Internet of Things (IOT) devices and privacy protection.

Virgil Dorin Gligor is a Romanian-American professor of electrical and computer engineering who specializes in the research of network security and applied cryptography.

A Hardware Trojan (HT) is a malicious modification of the circuitry of an integrated circuit. A hardware Trojan is completely characterized by its physical representation and its behavior. The payload of an HT is the entire activity that the Trojan executes when it is triggered. In general, Trojans try to bypass or disable the security fence of a system: for example, leaking confidential information by radio emission. HTs also could disable, damage or destroy the entire chip or components of it.

Mobile security, or mobile device security, is the protection of smartphones, tablets, and laptops from threats associated with wireless computing. It has become increasingly important in mobile computing. The security of personal and business information now stored on smartphones is of particular concern.

Digital supply chain security refers to efforts to enhance cyber security within the supply chain. It is a subset of supply chain security and is focused on the management of cyber security requirements for information technology systems, software and networks, which are driven by threats such as cyber-terrorism, malware, data theft and the advanced persistent threat (APT). Typical supply chain cyber security activities for minimizing risks include buying only from trusted vendors, disconnecting critical machines from outside networks, and educating users on the threats and protective measures they can take.

Quantum readout is a method to verify the authenticity of an object. The method is secure provided that the object cannot be copied or physically emulated.

A trusted execution environment (TEE) is a secure area of a main processor. It helps code and data loaded inside it to be protected with respect to confidentiality and integrity. Data integrity prevents unauthorized entities from outside the TEE from altering data, while code integrity prevents code in the TEE from being replaced or modified by unauthorized entities, which may also be the computer owner itself as in certain DRM schemes described in SGX. This is done by implementing unique, immutable, and confidential architectural security such as Intel Software Guard Extensions which offers hardware-based memory encryption that isolates specific application code and data in memory. Intel SGX allows user-level code to allocate private regions of memory, called enclaves, which are designed to be protected from processes running at higher privilege levels. A TEE as an isolated execution environment provides security features such as isolated execution, integrity of applications executing with the TEE, along with confidentiality of their assets. In general terms, the TEE offers an execution space that provides a higher level of security for trusted applications running on the device than a rich operating system (OS) and more functionality than a 'secure element' (SE).

Physical unclonable function (PUF), sometimes also called physically unclonable function, is a physical entity that is embodied in a physical structure and is easy to evaluate but hard to predict.

Computation offloading is the transfer of resource intensive computational tasks to a separate processor, such as a hardware accelerator, or an external platform, such as a cluster, grid, or a cloud. Offloading to a coprocessor can be used to accelerate applications including: image rendering and mathematical calculations. Offloading computing to an external platform over a network can provide computing power and overcome hardware limitations of a device, such as limited computational power, storage, and energy.

Hardware backdoors are backdoors in hardware, such as code inside hardware or firmware of computer chips. The backdoors may be directly implemented as hardware Trojans in the integrated circuit.

This is a list of cybersecurity information technology. Cybersecurity is security as it is applied to information technology. This includes all technology that stores, manipulates, or moves data, such as computers, data networks, and all devices connected to or included in networks, such as routers and switches. All information technology devices and facilities need to be secured against intrusion, unauthorized use, and vandalism. Additionally, the users of information technology should be protected from theft of assets, extortion, identity theft, loss of privacy and confidentiality of personal information, malicious mischief, damage to equipment, business process compromise, and the general activity of cybercriminals. The public should be protected against acts of cyberterrorism, such as the compromise or loss of the electric power grid.

<span class="mw-page-title-main">Mark Tehranipoor</span>

Mark M. Tehranipoor is an Iranian American academic researcher specializing in hardware security and trust, electronics supply chain security, IoT security, and reliable and testable VLSI design. He is the Intel Charles E. Young Preeminence Endowed Professor in Cybersecurity at the University of Florida and serves as the Director of the Florida Institute for Cybersecurity Research. Since June 2022, he has served as the chair of the Department of Electrical and Computer Engineering at the University of Florida. He is a fellow of IEEE, ACM, and NAI as well as a Golden Core member of the IEEE. He is a co-founder of the International Symposium on Hardware Oriented Security and Trust (HOST). He is the recipient of the 2023 SRC Aristotle award. Tehranipoor also serves as a co-director of the Air Force Office of Scientific Research CYAN and MEST Centers of Excellence.

In computing, defense strategy is a concept and practice used by computer designers, users, and IT personnel to reduce computer security risks.

References

1 2 Mukhopadhyay, Debdeep; Chakraborty, Rajat Subhra (2014). Hardware Security: Design, Threats, and Safeguards. CRC Press. ISBN 9781439895849 . Retrieved 3 June 2017.
↑ "Hardware security in the IoT - Embedded Computing Design". embedded-computing.com. Retrieved 3 June 2017.
1 2 Rostami, M.; Koushanfar, F.; Karri, R. (August 2014). "A Primer on Hardware Security: Models, Methods, and Metrics". Proceedings of the IEEE. 102 (8): 1283–1295. doi:10.1109/jproc.2014.2335155. ISSN 0018-9219. S2CID 16430074.
↑ Rajendran, J.; Sinanoglu, O.; Karri, R. (August 2014). "Regaining Trust in VLSI Design: Design-for-Trust Techniques". Proceedings of the IEEE. 102 (8): 1266–1282. doi: 10.1109/jproc.2014.2332154 . ISSN 0018-9219.
↑ Cook, James (2019-06-22). "British start-ups race ahead of US rivals to develop new ultra-secure computer chips to defeat hackers". The Telegraph. ISSN 0307-1235 . Retrieved 2019-08-27.
↑ Sadeghi, Ahmad-Reza; Naccache, David (2010). Towards Hardware-Intrinsic Security: Foundations and Practice. Springer Science & Business Media. ISBN 9783642144523 . Retrieved 3 June 2017.
↑ "Hardware Security - Fraunhofer AISEC". Fraunhofer-Institut für Angewandte und Integrierte Sicherheit (in German). Retrieved 3 June 2017.
↑ "Hardware Security". web.mit.edu. Archived from the original on 22 May 2017. Retrieved 3 June 2017.

External links

Hardsec: practical non-Turing-machine security for threat elimination "Hardsec" concept outline Archived 2020-11-11 at the Wayback Machine

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[:0-1] 1 2 Mukhopadhyay, Debdeep; Chakraborty, Rajat Subhra (2014). Hardware Security: Design, Threats, and Safeguards. CRC Press. ISBN 9781439895849 . Retrieved 3 June 2017.

[2] "Hardware security in the IoT - Embedded Computing Design". embedded-computing.com. Retrieved 3 June 2017.

[:1-3] 1 2 Rostami, M.; Koushanfar, F.; Karri, R. (August 2014). "A Primer on Hardware Security: Models, Methods, and Metrics". Proceedings of the IEEE. 102 (8): 1283–1295. doi:10.1109/jproc.2014.2335155. ISSN 0018-9219. S2CID 16430074.

[4] Rajendran, J.; Sinanoglu, O.; Karri, R. (August 2014). "Regaining Trust in VLSI Design: Design-for-Trust Techniques". Proceedings of the IEEE. 102 (8): 1266–1282. doi: 10.1109/jproc.2014.2332154 . ISSN 0018-9219.

[5] Cook, James (2019-06-22). "British start-ups race ahead of US rivals to develop new ultra-secure computer chips to defeat hackers". The Telegraph. ISSN 0307-1235 . Retrieved 2019-08-27.

[6] Sadeghi, Ahmad-Reza; Naccache, David (2010). Towards Hardware-Intrinsic Security: Foundations and Practice. Springer Science & Business Media. ISBN 9783642144523 . Retrieved 3 June 2017.

[7] "Hardware Security - Fraunhofer AISEC". Fraunhofer-Institut für Angewandte und Integrierte Sicherheit (in German). Retrieved 3 June 2017.

[8] "Hardware Security". web.mit.edu. Archived from the original on 22 May 2017. Retrieved 3 June 2017.

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

v t e Computer science
Note: This template roughly follows the 2012 ACM Computing Classification System.
Hardware	Printed circuit board Peripheral Integrated circuit Very Large Scale Integration Systems on Chip (SoCs) Energy consumption (Green computing) Electronic design automation Hardware acceleration
Computer systems organization	Computer architecture Embedded system Real-time computing Dependability
Networks	Network architecture Network protocol Network components Network scheduler Network performance evaluation Network service
Software organization	Interpreter Middleware Virtual machine Operating system Software quality
Software notations and tools	Programming paradigm Programming language Compiler Domain-specific language Modeling language Software framework Integrated development environment Software configuration management Software library Software repository
Software development	Control variable Software development process Requirements analysis Software design Software construction Software deployment Software engineering Software maintenance Programming team Open-source model
Theory of computation	Model of computation Formal language Automata theory Computability theory Computational complexity theory Logic Semantics
Algorithms	Algorithm design Analysis of algorithms Algorithmic efficiency Randomized algorithm Computational geometry
Mathematics of computing	Discrete mathematics Probability Statistics Mathematical software Information theory Mathematical analysis Numerical analysis Theoretical computer science
Information systems	Database management system Information storage systems Enterprise information system Social information systems Geographic information system Decision support system Process control system Multimedia information system Data mining Digital library Computing platform Digital marketing World Wide Web Information retrieval
Security	Cryptography Formal methods Security hacker Security services Intrusion detection system Hardware security Network security Information security Application security
Human–computer interaction	Interaction design Social computing Ubiquitous computing Visualization Accessibility
Concurrency	Concurrent computing Parallel computing Distributed computing Multithreading Multiprocessing
Artificial intelligence	Natural language processing Knowledge representation and reasoning Computer vision Automated planning and scheduling Search methodology Control method Philosophy of artificial intelligence Distributed artificial intelligence
Machine learning	Supervised learning Unsupervised learning Reinforcement learning Multi-task learning Cross-validation
Graphics	Animation Rendering Photograph manipulation Graphics processing unit Mixed reality Virtual reality Image compression Solid modeling
Applied computing	Quantum Computing E-commerce Enterprise software Computational mathematics Computational physics Computational chemistry Computational biology Computational social science Computational engineering Computational healthcare Digital art Electronic publishing Cyberwarfare Electronic voting Video games Word processing Operations research Educational technology Document management
Category Outline WikiProject Commons

Hardware security

Contents

See also

Related Research Articles

References

External links