Threats and protection mechanisms for the trustworthiness of electronic hardware

RealIZM blog series »Hardware Security« – Part 1

With increasing globalization and more complex supply chains, electronic hardware is also becoming more susceptible to manipulation. Jan Hefer, a member of the RF & Smart Sensor Systems department, is working hard on creating “trustworthy electronics” at Fraunhofer IZM. Here, he gives our readers insights into potential threats to the trustworthiness of electronic hardware along the entire value chain and presents possible mechanisms to protect them.

A chain is only as strong as its weakest link. This simple adage also applies to the Industrial Internet of Things (IIoT), with its autonomous and connected vehicles and critical infrastructures, as even massive investments into software security are no guarantee for a genuinely secure system. Complete security for Industry 4.0 applications, from self-driving cars to intelligent transport networks, can only be achieved if truly comprehensive hardware security is achieved.

To prevent IP theft, manipulation, and network attacks, an end-to-end security concept is required that starts at the hardware level. Intelligent, connected products and systems are based on secure and trustworthy software and hardware. Electronic components such as sensors and actuators, which are manufactured and used a lot in Industry 4.0 contexts, must deliver data and execute actions in a trustworthy and reliable manner at all times.

“Trust in electronics means that products and systems based on electronic hardware are manufactured in such a way that unexpected behavior and safety incidents can be ruled out as far as possible,” as Jan Hefer puts it in a nutshell.

Due to the sheer complexity of high-tech electronics development and production, the value chains of electronic products span across the entire globe, from development to production and all the supply chains involved. However, this makes traceability difficult, especially for safety-relevant electronic components.

Risks to the trustworthiness of hardware and electronics

“While software vulnerabilities can often be fixed with patches or updates, correcting hardware – especially if a large number of affected devices have been released into the wild – is much more difficult, as redesigns or recalls can be very costly,” explains Jan Hefer. “Therefore, the extent of damage is usually greater when hardware is attacked or manipulated.”

The threats to the trustworthiness of electronic hardware can essentially be summarized in three categories:

1. Vulnerabilities that are inadvertently built into chips and electronics and later exploited during operation.

“Production today is increasingly interconnected. Ideally, a control system in production should only be accessible in the internal corporate network and communicate with the outside world solely via protected channels. However, such systems are sometimes freely accessible on the internet due to inadequate protections. If third parties gain unauthorized access to such a system, they could manipulate the device and potentially disrupt production processes. It should not be forgotten that most attacks are aimed at the low-hanging fruit,” explains Jan Hefer. “Many attacks are not really targeted. Rather, attackers are looking around to see if they can find something that can be manipulated.”

2. A more serious category includes backdoors deliberately built into chips and electronics, e.g. in the form of chips implanted as hardware trojans or manipulated firmware, in order to be able to exploit them later.

3. The third problem area is gray market hardware from chip production due to the illegal use of excess production or even rejects or illegally recycled chips after their regular end-of-use. Supply bottlenecks and high prices also encourage the emergence of counterfeit electronics. This refers to threats such as the emergence of illegal chip/board counterfeits, copies, inferior and incorrectly labeled reject goods, and the theft of intellectual property as a result of reverse engineering.

Hardware security: Identified protection mechanisms

A cross-departmental and cross-location “Trustworthy Electronics Task Force” at Fraunhofer IZM has set itself the goal of developing proposals and solutions based on technologies available at Fraunhofer IZM. These should help to integrate security concepts for the operational phase of a system that can help react to potential threats. As a result, various approaches were identified that can help boost hardware security as protective mechanisms:

• Obfuscation in the area of assembly and connection technology (AVT) and in packaging: A measure that can often be implemented quickly and cost-effectively would be to hide or disguise functionalities or authenticity features of the hardware that unauthorized third parties should not immediately come across. The disadvantage of this is that the protective effect is quickly lost as soon as the underlying functional principle is discovered, meaning that new solutions have to be found regularly (“security by obscurity”).
  
• Shielding: A second approach is to make attacks on hardware more difficult or prevent them completely by means of integrated protective structures in functional circuits and components. This can best be thought of as a kind of protective shield.
  
• Detection: In the event that, for example, an obfuscation strategy has become known and circumvented, it is important for those affected to recognize the attack immediately. This can be done, for example, with the help of integrated or external sensors for monitoring the performance parameters of a system. If their normal cycle changes, this can be an indication of a possible security risk. The aim is to detect attempted attacks or manipulation as quickly as possible.
  
• Zeroization: If no other defensive measures can be applied after an attack or manipulation attempt has been detected, important data on the processor and in the working memory should be deleted as quickly as possible or systems or components should be reset to defined states. This request is often made by the industry. The deletion of content is intended to prevent sensitive information from being read or manipulated.
  
• Destruction: The nuclear option would be the physical self-destruction of the components and systems concerned following a recognized attack.
  

In addition to the mentioned protection mechanisms, Fraunhofer IZM is also pursuing approaches to ensure trustworthiness during the design and manufacture of a product in order to cover the entire value chain. This aspect will be explored in greater depth in the second part of the RealIZM blog series “Hardware security” based on the SiEvEI 4.0 research project.

Following a risk assessment for the system or application under consideration, individual decisions must be made as to which measures are best suited to protect preferred points of attack and minimize risks. For hardware-based critical infrastructures, for example, multi-level security concepts would make sense. These are usually very complex and expensive. This can also be a challenge when it comes to hardware development.

“Nobody wants to invest too much money into security precautions for hardware. The investment must be worthwhile. After all, hardware security must not cost more than the damage that could be caused by an attack. A cost-benefit analysis also plays an important role in the selection of protective measures,” explains Hefer.

2021 saw the launch of the “Trustworthy Electronics” flagship initiative of the Federal Ministry of Education and Research’s (BMBF) digital strategy. The ZEUS guideline aims to research and develop concepts and solutions for new design methods, technologies, and manufacturing processes as well as analysis, testing, measurement, and inspection methods for electronic components and systems with a high degree of trustworthiness.

As part of the funding of research projects for “Trustworthy Electronics (ZEUS)“, the four projects in which Fraunhofer IZM is involved are funded by the Federal Ministry of Education and Research (BMBF):

– VE-REWAL Know-how protection for trustworthy heterogeneous electronic systems with chiplets
– VE-SAFE Prevention of attacks on electronic systems through innovative multi-sensor technology
– VE-Silhouette Heterogeneous photonics electronics platform for trustworthy open-source processors
– VE-Velektronik Platform for trustworthy electronics and secure value chains

More information about Fraunhofer IZM solutions for the challenges of hardware security

Save the date: On June 4 and 5, 2024, the Day of Trustworthy Electronics will take place at the headquarters of the Fraunhofer-Gesellschaft in Munich.