In recent years, cyber attacks have stopped focusing on mobile phones and personal computers and have begun targeting more global objectives, such as banks, multinationals and even states, as in the attack in 2017 on the national healthcare system of the UK. The typical approach to reversing or mitigating the damage caused by hackers has always been the use of software patches to cover the security breaches in the systems. But now scientists and programmers have decided to focus their resources and efforts on the development of other preventative technologies. One of the most promising is the creation of chips that protect themselves.
Different researchers already work with the concept of “digital fingerprints” for chips. They are called PUFs (Physical Unclonable Functions), random physical factors created during the manufacturing process of the chips that add a unique identity to each one. Due to this uniqueness the circuits cannot be cloned, and thus they are protected. As explained by Farinaz Koushanfar, professor in charge of the Department of Computer Engineering at the University of California, one of the first to study this technology: “All chips are manufactured from the same model. Imagine that you have a stamp and every time you stamp it on a piece of paper you get a slightly different impression, like a fingerprint. We take this idea a bit further by integrating the fingerprints into the functionality of each chip, which makes each of them have unique functional locks.”
Koushanfar and his team created a method called “hardware measurement” to extract the analogue variations that occur during the manufacturing process in digital codes and link those codes to the functionality of the processors. “Then, even if the manufacturer creates additional chips, they cannot be activated without the specific codes. You can use similar blocking or obfuscation mechanisms based on hardware to control and certify the software and the data that is executed in the system,” he adds.
A stronger technology
At the end of 2017, a team of Korean researchers—led by Kyu-Man Hwang, head of the Semiconductor R&D Centre at Samsung—took that technology one step further, creating even tougher PUFs. Their invention, called NEM-PUF, uses a nano-electromechanical switch and is created using extremely small silicon nanowires, which are suspended in a liquid between two gates that represent 1 and 0. During the manufacturing process, the liquid evaporates and the wire is randomly attached to one of the gates. When many of these chips are put together in the same system, a long and completely random security code is created, and if someone tries to access the data without this code, they will be denied access.
“The robustness of our technology was also confirmed in various hostile environments, such as high temperatures, high doses of radiation and microwaves,” says Kyu-Man, who adds that the team developed the NEM-PUFs with military organisations in mind, which need to keep their information well protected but are often exposed to hostile environments. The developers even programmed the chips to self-destruct in the event of an attempted cyber attack.
In addition to “fingerprints”, that give chips the quality of indestructibility, another advance in the prevention of cyber attacks has to do with the application of reverse engineering to easily map a chip and protect its intellectual property more effectively. Researchers at the Paul Scherrer Institute in Switzerland are doing this with X-rays. In March 2017, they aimed an X-ray beam at a piece of an Intel processor and were able to reconstruct the chip’s network of transistors and wiring in three dimensions. The team believes that in the future this technique could be extended to create large-scale, high-resolution images of the chips’ interiors.
The technique, called “X-ray ptychography”, represents a significant departure from how the computer industry has worked on reverse engineering to date: generally, to analyse whether a chip has been violated or if its intellectual property has been misused, the layers of a processor are progressively eliminated and images are taken through an electronic microscope of tiny parts of the chip one at a time. But “all that is needed are some more years of this type of research, and one can easily look at its chip and contemplate its assembly diagram,” says Anthony Levi, professor of Electronic Engineering at the University of Southern California. Total transparency in chip manufacturing is on the horizon, which is going to force a rethinking of what computing is,” he says. Its main application, he explains, will be to verify that a chip only has the characteristics it is intended to have and that the malware has not found a hole through which to attack.