Backing for Abu Dhabi’s ‘unhackable’ electronic chip
▶ Grant will help turn NYU Abu Dhabi prototype into a commercial product
Researchers at New York University Abu Dhabi who developed an “unhackable” electronic chip have been given a grant to turn the prototype into a commercial product in the fight for more online security.
Electronic chips are ubiquitous in modern life, and anything that enhances their security is likely to be a big success with consumers.
“This is the first prototype for a chip that has security features built in at the hardware level,” said Prof Ozgur Sinanoglu, associate dean of engineering at the university.
“The purpose of this chip is a proof of concept to show that we can take any chip design, apply our software on the design to lock it, and create trustworthy locked chips that are resilient to hardware-level threats such as counterfeiting, piracy, reverse-engineering and tampering.”
Prof Sinanoglu’s work at the university’s Centre for Cyber Security is being funded by the US National Science Foundation, the US department of defence, the UAE semiconductor maker GlobalFoundries and Abu Dhabi’s investment company Mubadala Technology.
“We take smart devices for granted, but can we really trust them?” Prof Sinanoglu said. “When hackers break into certain devices, they want to share that with everyone so they come up with a set of instructions published on a website. It goes viral and it’s a huge revenue loss for the company.
“Until a decade ago this is mainly what hardware security was about – chips with secret assets for people to extract or manipulate this information.”
Such chips are found everywhere from phones, cars, computers, aeroplanes, nuclear power plants, medical devices to critical safety and security applications.
“So once our trust is compromised on these chips, then it’s compromised on pretty much all applications that control our lives, one way or another,” Prof Sinanoglu said.
“Everything used to be centralised in one facility under the control of a few people but now the process on a single chip spans the globe, various teams and different companies.”
He referred to Apple, which has its headquarters in California, but uses design centres in Europe, China and India, makes products in South Korea, tests them in Taiwan and assembles packaging in China.
“Because the flow is highly distributed today people are concerned about a variety of things,” Prof Sinanoglu said. “We’re talking about all sorts of piracy problems to be able to control chips remotely or disable them.”
The new chip ensures a secure platform from start to finish in terms of the hardware.
“If the hardware is compromised, you can have the strongest operation system, but you can’t talk about a trustworthy system,” Prof Sinanoglu said.
“The UAE is investing heavily in this research and we’re more confident that this will be unhackable because we have mathematical definitions and theorems backing its security.
“We were offered a grant by the US defence advanced research projects agency as part of a four-university team and we are hoping to have our software solution adopted by chip design companies so they can produce trustworthy chips.”
He has also set up a platform that lets hackers try to break in, because “crowd-sourcing is the best way to test your security”.
“Our locks are in there, but they don’t know the secret key,” Prof Sinanoglu said. “We give them virtual access to the chip too, but the idea is to see whether someone with this information can break it. We expect no one to.”
Experts said hardware was an area sometimes overlooked in cyber security.
“It’s an issue that is forgotten about,” said Dr Fadi Aloul, head of computer science and engineering at the American University of Sharjah.
“Hardware also has bugs and today, with the Internet of Things, those are also being targeted so new smart chips are needed.
“The closer the security measures are to the hardware, the harder it is for hackers to really take advantage of this chip.”
Matthew Cochran, chairman of the defence services marketing council, said security must be holistic as “you are only as strong as the weakest link”.
“Chip security and hardening is fundamental to this as everything else above it in the stack is dependent on the chip not being compromised,” Mr Cochran said.
“There is no point in having a secure operating system and encryption if the chip control of all these functions is accessible by criminals.”