In the lead up to Mobile World Congress, where NXP will present its vision for making ‘secure connections for a smarter world’, we revisit an interview with Mathias Wagner, an NXP fellow and chief security technologist.
Earlier this month, Mathias spoke to Semiconductor Engineering about the latest thinking in security, telling the publication that it’s unlikely that the semiconductor industry would ever get a firm handle on all the security issues in SoCs (system on a chip).
“There are just too many papers on attacks and countermeasures.” Mathias began. “In the embedded security field alone there are about 100 papers every year, so if you design a product in hardware—which takes about 1.5 to 2 years, and then the software on top of that, which takes another year—then you have missed out on 200 to 300 papers.”
Mathias explained the importance of a forward-looking approach, considering security challenges before the design process of a chip begins. Security is not a bolt on, Mathias confirmed, ‘you can’t just add this later on into the process.”
In the in-depth interview, Mathias also took a closer look at the anatomy of a hack – and set out how semiconductor firms could second guess potential attackers.
“The attacker will reverse engineer a chip and seek out any weak points, so you have to conclude there is no safe harbour anywhere on the chip. Everything is exposed, and everything can be undone with advanced machinery. The goal is to reduce the likelihood that an attacker would be able to overcome them all on a single die.”
He called out the need to address all motivations of attackers – from money, theft and sabotage to personal. “Don’t underestimate the personal motivator of a software or hardware hacker who wants to just prove they can do an attack. They see themselves as gods protecting society.”
To read more, and to find out how Mathias addresses the need to balance security with cost constraints, visit Semiconductor Engineering.
Mathias chairs the JHAS group – a cross-industry / public-sector working group within the Common Criteria scheme that defines the EAL ratings for all hardware and software attacks on smart cards and other embedded security devices. If you are interested in exploring this topic further please get in touch to arrange a briefing.