While I had looked at the challenges of hardware/software integration in various application domains like automotive, industrial and wireless before, I had the most unsettling experience last week at the Amphion Forum in San Francisco in the application area of device security. I am officially scared. And I am somewhat hopeful that hardware/software co-development will help address the security issues I heard about.
When Kurt Stammberger, VP of Market Development at security firm Mocana, kicked off the event at 8:30am with the words that "we as an industry are behind and at risk of losing the fight on device security," I was brushing it off as good marketing after I had endured a long, rainy drive from Silicon Valley to San Francisco to attend. About ½ hour in I was on the edge of my seat because the examples given were real, and really scary.
Here are my favorite three scary stories:
Earlier this year in October a mysterious algorithm
took 4% of trading activity, with a still unclear motive. It placed orders in 25-millisecond bursts involving about 500 stocks. It never executed a single trade and abruptly ended. It accounted for 10% of the bandwidth allowed for trading per day.
- Just by analyzing the emissions of our phones combined with the characteristics of the phone's power profile, hackers could derive security keys in "10 seconds from 10 feet away." The RSA reference I point to here even talks about 30 ft.
- The issue of the overheating burning printer, which can be caused by hacking into the CPU remotely and overheating it in overload. Good thing is that most printers, according to HP, include a thermal breaker to avoid thermal issues. And there will be a firmware upgrade.
OK, before I add to my Christmas wish list a safe place to put my retirement money, an emission suppressing case for my iPhone and an USB/Ethernet printer without wireless access, let's look how pervasive all this with be.
According to Mocana CEO Adrian Turner's presentation, the number of connected devices will grow from 9.8 billion connected devices to 28 billion in the next couple of years, with a business impact of $4.5 trillion. Some big numbers here.
Securely managing all those connected devices will be hard, given the complexity of various user segments combined with multiple platforms like iOS and Android, combined with a rapidly growing number of internal and external applications a corporation has to deal with, and then again combining this with a large number of different security policies.
In a panel called "2013 - When Devices Take Over," David Kleidermacher, CTO of Green Hills, emphasized software complexity and called for a government mandate on how to evaluate the quality of security. I asked the question whether this is mostly a software or a hardware problem or spans both areas, David was leaning towards software being the culprit while the other attendees were pointing to a balance of hardware and software.
Later in the Forum, Bev Crair, general manager for Intel's Intelligent Systems Framework, gave an interesting keynote, confirming that hardware and software are both part of the solution. That's where the combination of Intel's processors and specific hardware with McAfee's security technology makes intuitive sense to me.
Bev defined the Internet of Things (see the screenshot from her presentation associated with this blog post) as a "Global Revolution where billions of devices seamlessly connect, and are managed and securely interacting over a network for the purpose of intelligently acquiring data and turning data into actionable information that delivers value services." The resulting massive industry shift is driven by immersive experiences, cloud connectivity, data analytics, security and trust and workload consolidation. And security poses a real threat to this opportunity. I especially found a slide on the different stages of cyber attacks very insightful; early attacks were "ego" based, then they became "financial," evolved into real "espionage," to "weaponry" and eventually "purpose" -- Bev used the term "hacktivists" -- another form of ego again.
Security is a big issue. It spans all application domains like computers, wireless, industrial, automotive and is a combined hardware/software challenge. The EDA industry has a unique position here -- we know how to help users to develop chips without any bugs and verify appropriately. With software's growing importance and offerings like our System Development Suite for hardware/software co-development we can help play an essential role to secure the Internet of Things!