Supporting Hardware Security Through Software
When selecting hardware, it often comes down to functionality versus cost. However, the growing importance of security and privacy in a world of intelligent systems strongly impacts hardware; clients now consider hardware security capabilities as well as their constraints. And some hardware (a given medical device, for example) is not connected to the internet, which causes a different problem: Software updates can be difficult to implement. Any vulnerability on such a device will remain there until the firmware is manually updated — and such updates may never be available.
These challenges increase in devices with a long service life, such as a medical pacemaker or the control system in a nuclear power plant.
Hardware can also face challenges from those who refurbish old systems and resell them online. The reseller may not have properly wiped the device of all past data, or the device may have been hacked or could contain vulnerabilities that were never addressed. The use of nonvolatile memory to store program code and configuration data can also lead to security challenges during device recycling, as it can retain sensitive information such as login details. This hardware can easily be reverse-engineered.
This paper provides an overview of the different levels of attack on hardware devices, then reviews the various ways of using software to protect these devices.