Skip to Main Content
Cyber
circuit board

Addressing Hardware Cybersecurity

Posted by Battelle Insider on Jul 13, 2017

A vulnerability in software is a problem. A vulnerability in hardware is a disaster. 

Software problems can be addressed easily with an inexpensive patch.  A hardware vulnerability is nearly impossible to fix and incredibly costly – think millions of dollars. 

That’s why the Defense Advanced Research Projects Agency (DARPA) is seeking tools that provide security against hardware vulnerabilities. 

“DARPA is usually looking toward the future. They’re asking researchers what can be done that will be a game changer. This initiative is saying ‘we don’t want another evolutionary step. We want a revolutionary step,’ ” said Tom Bergman, a Project/Program Manager on Battelle’s Cyber team.

Battelle is already working on such a step. Battelle Barricade™ is a tool that provides non-destructive authentication of integrated circuits and microchips. 

Barricade can be used to verify a chip is doing what it’s supposed to be doing. But that’s just part of the puzzle. A microprocessor isn’t an independent piece. It interacts with an entire system. Barricade can help verify all the components that make up the system. 

Barricade is just one piece of a future solution. It doesn’t address discovering vulnerabilities in  existing systems in use. That’s where Chris Domas comes in. 

Chris is a Cyber Scientist at Battelle and will be presenting at Black Hat USA 2017 in July. His session will focus on x86 processors, which run most computers. 

There are ways to check software for vulnerabilities, but hardware is often referred to as a “black box” because you can’t really see what’s going on inside. And there haven’t been any tools to do that, until now. 

Battelle’s created a toolset – called Sandsifter – that enables you to look inside the hardware. 

“This is the first tool of its kind. This gives us a way to glimpse inside the processor to see what it’s doing – to look for flaws or vulnerabilities, or just anything we didn’t anticipate,” said Chris. 

His presentation at Black Hat will talk about the vulnerabilities that his team has found using Sandsifter, which will be open sourced, so that people can try it out. 

“We’ve found some interesting things with this tool. Nothing critical, but it’s a little bit unnerving to know there’s something there you didn’t anticipate,” said Chris. 

 

Search