The ASCON cryptographic algorithms are designed to protect data created and transmitted by Internet of Things (IoT) devices. These devices require robust security, but their small size means that they have resource constraints. This is where lightweight cryptography comes in as it means that symmetric cryptography can be used to achieve the required level of security, all while ensuring the efficient use of a device’s resources. Check out our white paper for background information on Lightweight Cryptography, as well as a closer look at the ASCON algorithms.

The ASCON-IP-41 Crypto Engine supports the two primary algorithms proposed under the ASCON family: ASCON-128/HASH and ASCON-128A/HASHA, for both authenticated encryption with associated data (AEAD) and HASH modes of operation. With minimal area requirements, the ASCON-IP-41 crypto engine is extremely suitable for several low-cost and low-power applications.

Example use cases include:

• Lightweight secure boot for (battery operated) IoT devices
• Crypto foundation of small size root of trust implementations
• Vehicle-to-Vehicle communication
• Digital fingerprinting of messages
• RFID tag message counterfeiting protection

Download the ASCON-IP-41 product brief to get the full details on this new ASCON-compliant IP solution.

Wondering how you can use lightweight cryptography to reduce power AND keep the same level of security in your next IoT design? Contact our security IP team to kick off the discussion!

That’s why Kyocera selected the FIPS 140-2 CMVP-certified Rambus RT-130 Root of Trust, and AES-IP-38 AES Accelerator to secure their multi-function products. Kyocera is passionate about protecting their customers’ business data. They even published an ebook to explain how companies can secure these vital digital assets. FIPS certification is the gold standard for security solutions signaling that Kyocera solutions provide customers with the highest level of data protection.

What about for other kinds of IoT devices? Well, there’s good news. Rambus has a full family of FIPS-certified, powerful but lightweight, Root of Trust solutions. These support secure boot, manage secure firmware upgrades, administer keys and provide cryptographic services with models appropriate for nearly every kind of IoT device. Our broad line of crypto accelerators and protocol engines encrypt and protect data moving over the network. So whatever IoT devices your chip design addresses, Rambus can help provide the highest level of security for your product.

About Frank Ferro

Frank Ferro is the senior director of product management at Rambus Inc. responsible for memory interface IP products. Having spent more than 20 years at AT&T, Lucent and Agere Systems, he has extensive experience in wireless communications, networking and consumer electronics fields. Mr. Ferro holds an executive MBA from the Fuqua School of Business at Duke University, an M.S. in computer science and a B.S.E.T. in electronic engineering technology from the New Jersey Institute of Technology.

Session Topic: Selecting the Right High Bandwidth Memory Solution

“Today you see CPUs and GPUs running the neural networks…but as these networks mature and become more specialized we’re seen new architectures emerging that are going to take advantage of the specific problem they’re trying to solve.”

An exponentially rising tide of data has led to the development of application-specific silicon to tackle the requirements of demanding workloads such as AI/ML training, Advanced Driver Assistance Systems (ADAS) for automotive, network graphics and HPC. To keep these processors and accelerators fed requires state-of-the-art memory solutions that deliver extremely high bandwidth. Frank Ferro will discuss design and implementation considerations of HBM2E and GDDR6 memory subsystems to address the bandwidth needs of next-generation computing applications.

View this session on-demand here!

“Relative to its 4G predecessor, 5G promises 10X the data rate, 100X the efficiency, and 1000X the capacity, at 1/100th the latency,” he elaborates. “With 1Gbps speed at 1ms latency, 5G makes it possible to offer a host of real-time applications and services.”

Real-time is critical, says Messegee, because the rise of artificial intelligence (AI) runs in parallel to the roll out of 5G.

“As AI increasingly moves into controlling devices in the physical world, from delivery drones to autonomous vehicles, the high-speed, Ultra-reliable Low Latency Communication (uRLLC) links that 5G provides become a critical enabler,” he explains. “Most of 5G’s ‘users’ will be the things of the Internet of Things (IoT). Human users will benefit both from the improved high-data rate mobile experience of 5G, and from the AI-enabled and 5G-connected devices that will make our world smarter, safer, and more convenient.”

The vast number of 5G-connected IoT devices, Messegee notes, will generate a torrent of data.

“In a true virtuous cycle, 5G networks will make possible the collection of this enormous quantity of data,” he adds. “AI training requires vast amounts of data, and AI will be the only practical means of managing all this data.”

In this way, says Messegee, the success of 5G and AI are inextricably tied. While independently they create enormous value, together they create exponentially more. And with significantly increasing value, the imperative to protect said value rises commensurately.

“By their very nature, 5G networks will have increased attack surface that adversaries will try to exploit. For instance, to meet its [low] latency targets, 5G architecture pushes more computing to the edge of the network,” he writes. “For AI, this will enable both inference and even training at the edge. This distributes valuable AI algorithms (more opportunities for attack) and takes them out of the hardened data center environment (a lower barrier for attack).”

According to Messegee, this is precisely why it is so critical to safeguard the data carried by 5G networks. For example, with AI-powered devices flying the skies, driving the roads, and protecting neighborhoods, an attack which compromises the data coursing to and from these devices can threaten privacy, property, and personal safety.

“Thirty years of the web have made it abundantly clear that software-level security alone is not up to the task of protecting the real-time, always-on world of 5G and AI,” he explains. “The whack-a-mole game of patching software vulnerabilities is far too risky given the stakes. Protecting 5G networks, and the AI-enabled IoT devices that depend on them, will require security anchored in hardware.”

More specifically, says Messegee, secure processing cores embedded in the chips at the heart of 5G and AI devices can enable a system-level security architecture that can protect the entire network.

“Provisioned at time of manufacture, these trusted devices can attest to the validity of electronic systems and the data they process and communicate,” he states. “Hardened against direct and side-channel attacks, they extend protection to the edge and to end-point devices. Intelligent and flexible, they can be managed in the field to adapt to an evolving threat landscape.”

As Messegee emphasizes, there are incredible synergies to be realized when 5G meets AI.

“It is imperative that security anchored in hardware is part of the fundamental design philosophy of 5G and AI systems given the great value at issue,” he concludes.

According to the website the researchers set up, “The vulnerability enables remote attackers to execute arbitrary code on your modem, indirectly through an endpoint on the modem. Your cable modem is in charge of the internet traffic for all devices on the network. Cable Haunt might therefore be exploited to intercept private messages, redirect traffic, or participation in botnets.”

The researchers further state that the affected modems are vulnerable to a DNS rebind attack followed by overflowing the registers and executing malicious functionality. Use of default credentials and a programming error in the spectrum analyzer also contribute to the vulnerability.

While a buffer overflow exploit would normally be written directly to the memory stack, the memory structure of the MIPS assembly language that runs the spectrum analyzer requires the attack code to know the precise memory address of the vulnerable code. To get around this, Cable Haunt uses return-oriented programming to move between pre-existing pieces of code and then create a patchwork of existing code.

This approach indicates that through the use of a hardware root of trust model, this vulnerability could have been eliminated.

Bart Stevens, senior director of product marketing for Rambus elaborates. “The recent Cable Haunt exploit demonstrates the need for a security by design approach, led by a hardware root of trust to silo away secure processes from the main CPU. This siloed approach to security ensures that a potential compromise of the main processor does not expose critical keys and credentials — or impair the execution of security applications that monitor system operation and detect tampering. A hardware root of trust would not necessarily prevent the host CPU from being attacked by a similar attack like Cable Haunt. But at a minimum, a hardware root of trust could prohibit alternate firmware from replacing the original firmware. In addition, many future vulnerabilities could be prevented if sensitive configuration and network parameter handling is moved from the normal host CPU onto a separate and dedicated, secure CPU residing inside the root of trust section.”

It is important to note that this is a proof-of-concept exploit and has not been seen in the wild. The exploit is complicated by the fact that the vulnerable spectrum analyzer component is available on the cable modem’s internal network, and not directly exposed to the internet. While it would require a lot of skill, and maybe a bit of luck, if successful it would give a hacker intimate access to all the data coming in and going out. In a high-value target, the value of that access could inspire some to try.

Additional Resources:
“Hundreds of millions of Broadcom-based cable modems at risk of remote hijacking, eggheads fear,” The Register, 1/10/2020

“Hundreds of millions of cable modems are vulnerable to new Cable Haunt vulnerability,” ZDNet, 1/10/2020

“Cable Haunt Vulnerability Exposes Modems to Remote Attacks,” Tom’s Hardware, 1/13/2020

“Cable Haunt vulnerability affects millions of Broadcom cable modems,” Security Boulevard, 1/13/2020

Passed by former California governor Jerry Brown, cybersecurity law SB-327 is slated to go into effect on January 1, 2020. This proactive legislation requires manufacturers to equip IoT devices with “reasonable” security features to prevent unauthorized access, modification and data leaks. Specifically, SB-327 requires manufacturers to implement a unique preprogrammed (default) password for each device. Additionally, manufacturers must ensure that users create a new password the first time a device is activated. Together, these steps are expected to help protect California consumers, as hackers are known to routinely target vulnerable devices shipped with generic or default login credentials.

From our perspective, SB-327 is clearly long overdue. Indeed, unprotected IoT devices continue to pose a threat to both consumer privacy and security across the country. For example, a Ring camera installed in the Memphis bedroom of a young girl was recently hijacked by a hacker who seized control of the device to spy on the 8-year-old, taunt her with music and encourage destructive behavior. Another instance of a Ring camera falling victim to a hacker was reported in December by a Houston family who heard an eerily disembodied voice ask if “anyone [was] home” and promised it was “gonna find out.”

According to various reports, the recent spate of Ring hacks likely involved basic attack techniques such as credential stuffing. This simple process involves accessing accounts with stolen account credentials and large-scale automated login requests. Consequently, Ring users who don’t enable the optional two-step authentication skip setting a unique password or recycle credentials across multiple online services, and are at a greater risk of being hacked. To be sure, malicious hackers have coded dedicated software for breaking into Ring security cameras. Beyond Ring cameras, a wide range of vulnerable consumer IoT devices are frequently targeted by hackers who actively search for devices with default or weak login credentials such as “admin” usernames and “1234” passwords.

Although SB-327 sets an important precedent by requiring a unique preprogrammed (default) password for each IoT device, we believe much more needs to be done to secure connected devices. Security starts at the hardware level, and it should begin on day one of product design. Device designers need to prioritize security as a primary design goal of a connected device; not an afterthought, and certainly not lip service. A solid start to security is basing the foundation of your security in silicon; specifically, a siloed security co-processor capable of executing all security-centric processes completely independently of the main CPU.

Our CryptoManager Root of Trust is an ideal implementation. While located on the same chip as the main CPU, its physical separation and 7 layers of hardware security ensure that secure processes remain exactly that – secure. The root of trust can better help protect consumers by enabling robust remote access authentication and monitoring of anomalous system activity. This siloed approach to security ensures that a potential compromise of the main processor does not expose critical keys and credentials – or impair the execution of security applications that monitor system operation and detect tampering.

Cybersecurity law SB-327 is a good start for California consumers, although far more needs to be done to comprehensively protect IoT devices. Implementing a unique preprogrammed (default) password for each device and requiring users to create a new password can help prevent basic attacks, although a siloed security co-processor is necessary to thwart determined adversaries and complex hacking techniques.

Additional Resource:
California’s IoT Law Is A Good Start, But More Needs To Be Done

“Silex works by trashing an IoT device’s storage, dropping firewall rules, removing the network configuration, and then halting the device,” writes Cimpanu. “It’s as destructive as it can get without actually frying the IoT device’s circuits. It’s expected that some owners will most likely throw devices away, thinking they’ve had a hardware failure without knowing that they’ve been hit by malware.”

Akamai researcher Larry Cashdollar, who first identified the malware in late June, tells ZDNet that Silex exploits known default credentials for IoT devices to log in and kill the system. More specifically, the malware strain writes random data from /dev/random to any mounted storage it finds. Subsequently, Silex deletes network configurations, runs rm -rf / to delete any remaining data, flushes all iptables entries, and adds an entry todrop all connections.

Ben Levine, a Senior Director of Security Product Managementat Rambus, tells Rambus Press that Silex is one of multiple malware strains that actively seeks out devices with default or weak login credentials such as “admin” usernames and “1234” passwords.

“Essentially, Silex exploits unprotected system functions to brick IoT devices,” he explains. “However, it is important to understand that a hardware-based root of trust can help protect against malware like Silex by ensuring robust remote access authentication and monitoring anomalous system operation.”

A hardware-based root of trust, says Levine, can be implemented as an independent security co-processor that is integrated into IoT devices. Put simply, a hardware-based root of trust allows execution of security applications, provides tamper detection and protection, and enables secure storage and handling of keys and security assets.

“An independent hardware-based root of trust offers chipmakers a siloed approach to security. Although it is typically placed on the same silicon as the main processor, the secure processing core is physically separated,” Levine elaborates. “This means that compromise of the main processor does not expose critical keys and credentials – or impair the execution of security applications that can monitor system operation and detect tampering. The root of trust can continue to provide security functionality – even if the attacker gains access to the device.”

A hardware-based root of trust can also implement strong authentication for remote access to a device, avoiding reliance on simple credentials that are often left in a default state.

“A hardware-based root of trust can be used to provide secure and flexible control over who and what can access a device. Different entities can be given different amounts of access based on how much they are trusted, and all of this can be enforced in hardware,” he concludes.

“After checking the magic in the header, the nvtboot reads the entire TBC partition (size stored in the GPT) where LoadAddressInsecure points to,” he states on GitHub. “If that points to nvtboot in the memory, it’s possible to overwrite it, leading to unsigned code execution on the BPMP. This can be used to load the rest of the bootchain without checking the signatures.”

In addition to revealing the vulnerability, Balázs created a proof-of-concept (PoC) dubbed Selfblow (using blobs from the Shield TV r30 release) to exploit the above-mentioned vulnerability.

“In this example, running the flash_exploit.sh it can be flashed to the Jetson TX1,” he adds. “After booting the TX1 it will print a ‘Secure boot is broken!\n’ message to the uart0 before going into an infinite loop.”

As Tom Spring of ThreatPost observes, the Tegra chipset vulnerability could have potentially opened the door for a wide range of attacks, including device hijacking or siphoning of data. Although it is unclear how many Tegra chips utilize the vulnerable framework, Balázs told the publication his PoC can flash (or reprogram) Tegra chips to run Jetson TX1.

“One way to exploit the vulnerability is for a local adversary to access and write to the chip’s embedded MultiMediaCard (eMMC),” writes Spring. “If that can’t be done at the local level, it can be done via [Balázs’] PoC (Selfblow). The PoC, for example, can be delivered via a malicious Android app or booby-trapped website that can write to the eMMC.”

NVIDIA responded to the Selfblow reveal by releasing software security updates for Jetson TX1 in the NVIDIA Tegra Linux Driver Package (L4T).

“NVIDIA Tegra bootloader contains a vulnerability in nvtboot in which the nvtboot-cpu image is loaded without the load address first being validated, which may lead to code execution, denial of service, or escalation of privileges,” the company states in an official security bulletin. “The update addresses issues that may lead to code execution, denial of service, or escalation of privileges.”

As we’ve previously discussed on Rambus Press, semiconductor security is dynamic and should evolve organically to intelligently and proactively protect changing workloads and applications. Indeed, silicon threat models and cyber-attack vectors rarely remain static. From our perspective, a fully programmable hardware-based security co-processor can help protect silicon against exploits like Selfblow. Indeed, a physically siloed security co-processor can offer truly secure boot capabilities, secure execution of user applications, tamper detection and protection as well as secure storage and handling of keys and security assets.

Interested in learning more about how an independent security co-processor can help prevent semiconductor vulnerabilities and protect against exploits like Selfblow? You can check out our  CryptoManager Root of Trust product page here.

The paper’s security editor, Warwick Ashford, wrote that nearly a quarter of organizations polled do not run security checks on products, and nearly a third admitted to shipping products with known security vulnerabilities.

Ashford’s article is based on key findings of a survey of 121 security professionals at the 2019 RSA Conference in San Francisco by cyber threat assessment firm Outpost24.

The article quotes Bob Egner, vice president of Outpost 24.  In the article, he said, “These figures raise concerns about the priority that organizations are placing on security, especially when attempting to beat competition by rushing products to market,” said Bob Egner, vice-president of Outpost24.

“What many of the respondents are clearly forgetting is the damage security vulnerabilities can not only do to an organization’s customers, but also to brand and reputation,” he said.

According to Egner, if a company ships products, which are notoriously flawed with security vulnerabilities, they will not keep their customers for long and may ultimately face legal issues. “The value of beating competition can be lost or even reversed,” he said.

Survey respondents were also asked about when security was added into the development stages of products, with only 56% of respondents saying their organizations add security into the product development cycle at the very beginning, while 29% said they add it in the middle and 15% said they do it at the end.

“Any organization that is developing and marketing products should look to build security into the design stage, as the cost to correct them is documented to be smaller at an early stage of the development process,” said Egner.

“Taking a secure by design approach will mean security is built into the foundations of a product and will limit the cyber risks faced by users, which will ultimately increase customer satisfaction as well,” he said.

The past few weeks have been a busy time for white hat hackers demonstrating cyber-security vulnerabilities in connected vehicles. Firstly, Keen Labs researchers published a report that details how to hack a Tesla Model S by remotely controlling the steering wheel with a gamepad.

“When the car is parked, we can take control of the steering system with no limitations; when the car has been switched from R (Reverse) mode to D (Drive) mode by shifting handle, the APE [Autopilot ECU module] seems to think the car is in APC (Automatic Parking Control) mode, which allows us to control the steering system at a speed of around 8 KM/H,” the Keen Labs report explained. “When the car is in the ACC (Adaptive Cruise Control) mode with a high speed, the steering system can be also controlled without limitations. Even when the car is not in the ACC (Adaptive Cruise Control) mode, the steering wheel can also be compromised.”

Separately, a group known as Team Fluoroacetate managed to successfully hack a Tesla Model 3 via its browser during the Pwn2Own 2019 contest in Vancouver, Canada.

AsZDNet reports, Amat Cama and Richard Zhu exploited a JIT bug in the browser renderer process to execute code on the car’s firmware and display a rogue message on its entertainment system. It should be noted that a previous white hat hack in 2015 targeted a Tesla Model S, with security researchers bringing the vehicle to a stop by assuming control of the entertainment system. The 2015 hack also saw security researchers remotely lock and unlock the car, control the radio and touchscreen displays, as well open and close the trunk.

Car alarms as a gateway hack

In addition to the above-mentioned Tesla hacks, a company known as Pen Test Partners confirmed that a number of high-end car alarm systems manufactured by multiple vendors are plagued by a security flaw. According to HackADay, the security flaw affects approximately three million vehicles.

In real-world terms, the flaw allows attackers to exploit the car alarms to locate vehicles in real time, control door locks and start or stop car engines. Moreover, some of the alarms are equipped with microphones, which means an attacker could theoretically eavesdrop on drivers and passengers.

Attacking Autonomous Vehicles

Looking beyond the connected cars of 2019, Skanda Vivek, a postdoctoral researcher in the Peter Yunker lab at the Georgia Institute of Technology, recently concluded that even a small-scale hack, affecting only 10 percent of autonomous vehicles in Manhattan, could cause citywide gridlock and interfere with emergency responders and services. He and his team, including Yunker, graduate student David Yanni and Jesse Silverberg, used agent-based simulations to investigate how hacks could impact traffic flow in New York. They ultimately discovered that by using percolation theory, a mathematical approach based on the statistical analysis of networks, they could quantify how these scenarios would play out in New York City in real time.

“Connected cars are the future. They hold tremendous potential for positive impact economically, environmentally, and, for former drivers no longer frustrated by congested commutes, psychologically,” Vivek stated. “[However], collisions caused by compromised vehicles present physical danger to the vehicle’s occupants and these disturbances would potentially have broad implications for overall traffic flow.”

Perhaps even more disturbing than Vivek’s study is a report published by the University of Michigan that warns of a range of new cybersecurity threats unique to automated vehicles. This includes hackers who might attempt to take control of or shut-down a vehicle, criminals who could try to ransom a vehicle or its passengers and thieves who would direct a self-driving car to relocate itself to the local chop-shop.

The University of Michigan report also warns about security threats to the wide-ranging networks that will ultimately connect with automated vehicles including financial networks (to process tolls and parking payments), roadway sensors, cameras and traffic signals, the electricity grid and personal home networks.

“Without robust, sophisticated, bullet-proof cyber-security for automated vehicles, systems and infrastructure, a viable, mass market for these vehicles simply won’t come into being,” the report concludes.

Automotive security by design

To prevent attacks against vehicles, a report issued by KPMG advises automotive manufacturers to embrace the concept of security by design.

“… Automakers will need to rethink how vehicles are designed and built. Security cannot be an afterthought. Patchwork security of individual technology components is not sufficient to prevent breaches of the open, internet-connected networks behind today’s vehicle fleets,” the report states. “Rather, a secure architecture requires that cyber security be integrated into every step of the development process. Establishing a multi-layered security model, including the cloud, telematics and on-vehicle layers, will be the key to the successful implementation of vehicle cyber security.”

Automotive cyber-security: The Rambus perspective

From our perspective, the concept of automotive security by design is absolutely paramount, as today’s vehicles are essentially a network of networks equipped with a range of embedded communication methods and capabilities. Potential automotive security exploits include intercepting unprotected vehicle-to-vehicle communication, the unauthorized collection of driver or passenger information, seizing control of critical systems such as brakes or accelerators, accessing vehicle data and altering over-the-air (OTA) firmware updates.

This is precisely why manufacturers should work to ensure the security of connected vehicles by embedding a hardware root-of-trust in electronic control units (ECUs), infotainment headend/gateway processors, as well as advanced driver assistance systems (ADAS) and autonomous car chips. Siloed from the primary processor, a hardware root-of-trust can verify OTA updates, as well as offer support for secure boot, authentication and advanced anti-tamper resistance. Additional automotive security features supported and enabled by a hardware root-of-trust can include anti-emulation protection, E2E services, secure key storage and device personalization capabilities.

Interested in learning more about securing connected and autonomous vehicles with Rambus? You can check out our automotive solutions page here.