Implementing security on the chip level [closed]

Closed. This question needs to be more focused. It is not currently accepting answers.

---

Want to improve this question? Update the question so it focuses on one problem only by editing this post.

开发者_StackOverflow中文版

Closed 5 years ago.

Improve this question

With Intel's recent purchase of a well known security company, I'm starting to think about what software w/could be more secure on a chip level. Examples I've come up with are:

• Random number generation
• Encryption
• Memory protection

But is hardware level security any more secure than software based security? ( I would assume garbage in garbage out no matter what level you operate at) What are the design considerations for embedded security? What are the limitations? Finally, do you have any good resources for learning more about the topic?

---

Actually intel already implemented a lot of hardware-based security technologies (chip and chipset).

Some relevant technologies are:

• intel vPro, which includes:
  • intel Trusted execution Technology
  • intel Active Management Technology
  • intel Virtualization Technology
• intel Anti-Theft Technology
• intel RNG (Random Number Generator)
• Hardware based encyption
• XD (eXecute Disable)

In general, hardware-based security is more secure, because it is virtually impossible to 'go under' your code (tweak it at a lower level).

---

Hardware level security can only solve some security problems. For instance NX zones makes buffer overflows more difficult to exploit (but not impossible, return-to-libc). The cpu archatecture you are using isn't going to affect more common vulnerablites like SQL Injection and I don't think it can. There can also be vulnerabilities in hardware, for instance this vulnerability in Intel cpu's.

Intel wants to make their current products more secure. Intel also has a lot of money in savings and they might be looking at this recent purchase as an investment in a growing field.

---

This thread is a little old, but you can also read about the Intel Secure Key technology (Random Number generation) that is built into Intel processors (starting in 2012 generation processors.) The implementation guide goes into detail about what makes it more secure than a software-based implementation.

---

Although this thread is pretty old, I came across a paper about Intel Secure Key that describes its random number generation, security, and performance aspects. The full paper is here (http://iopscience.iop.org/article/10.3847/1538-4357/aa7ede/meta;jsessionid=A9DA9DDB925E6522D058F3CEEC7D0B21.ip-10-40-2-120), but the non-paywalled version is here (https://arxiv.org/abs/1707.02212).

In short, the best technology we have for random number generation is Intel Secure Key, which uses the RdRand and RdSeed instruction sets. It is a cryptographically-secure pseudorandom number generator that uses an on-chip entropy source to randomly seed the number generator. Its fully compliant with up-to-date security specs such as NIST SP800-90Ar1/B/C, FIPS-140-2, and ANSI X9.82.