Following claims that Chinese chips were used to infiltrate Amazon and Apple servers, as well as the recent Spectre and Meltdown flaws, robust cybersecurity will now have to be baked into chips.
Researchers at Microelectronics Circuits Centre Ireland (MCCI) have warned that future chips will have to be “secure by construction” as a prerequisite as we enter the world of internet of things (IoT) devices, self-driving cars and 5G.
The warning comes on the heels of a major hue and cry prompted by a Bloomberg Businessweek report, which claimed that tiny Chinese chips had infiltrated the production of chips and circuit boards that powered the servers used by Amazon and Apple, planting a microchip on their servers manufactured outside the US.
The claims have sparked a furious debate. While their veracity is still being debated and they are hotly denied by the two tech giants (with these denials backed up by the US government), the claims, along with the recent Spectre and Meltdown flaws, will require the industry to rethink how it manufactures its electronics securely.
‘That’s always been the key to security; nothing is ever completely secure, only increasing degrees of difficulty to gain access’
– DONNACHA O’RIORDAN
At the MCCI 2018 Forum in Cork tomorrow (11 October), researchers and industry leaders will debate the research requirements for creating chips that are “secure by construction”.
Philip Harris of the United Technologies Research Centre will address attendees on the complexities of cybersecurity in the future, while MCCI’s Emanuel Popovici, who has worked on hardware accelerators for e-commerce cryptography, will discuss embedded system design for secure communications.
The secure future of chip manufacturing
“In terms of secure by construction, what we mean is, designing circuits at the most fundamental level, with a security mindset,” explained MCCI’s executive director, Donnacha O’Riordan.
“Design of circuits and semiconductors to thwart side-channel attacks, for example, or, rather than using a binary search algorithm, using a random number search; obscuring the electrical characteristics which can be gleaned from reverse-engineering a chip today.”
Last week, we reported on the explosive report published by Bloomberg Businessweek on 4 October. The report claimed that a pencil tip-sized spy chip, which was assembled by a company called Super Micro Computer (known as Supermicro), would allow spies to secretly modify data centre servers and provide the Chinese government with a backdoor into some of the world’s largest technology firms.
Asked if it is possible for hackers to infiltrate chips in the way claimed in the Bloomberg Businessweek report, O’Riordan said it is technically possible if hackers were motivated to do so.
“That’s always been the key to security; nothing is ever completely secure, only increasing degrees of difficulty to gain access. China is playing catch up with the west in terms of semiconductor innovation, and it is investing vast amounts of money to build an indigenous semiconductor industry. China also manufactures a majority of the world’s electronics. So, you have both motivation and capability.”