Paper Submitted by Gopi Sirineni, CEO of Axiado Corporation and Prakash Sangam, Founder and Principal of Tantra Analyst
Cybercrime cost an estimated $6 Trillion[1] a year to the global economy. Everybody claims security is their top priority. But sadly, during product design and implementation tradeoffs, performance and other considerations take the front seat and security often becomes an afterthought, and in most cases, after-the-fact. Even when implemented properly, today’s security architecture is static and limited to individual components of the system, lacking a holistic, system-wide approach. scenario to be verified. This description includes the expected outcome, and this outcome is used as a basis on which to run the planning algorithm.
In this article, we propose how AI-powered, hardware-based, and preemptive architecture is the best solution to achieving comprehensive, tamper resilient security. We also argue how such an architecture, by adapting to the changing landscape, can be a game changer.
Vicious “identify-patch-new exploit” cycle
Today’s security has become an unending cycle of “breach identification—patching—intruders moving on to new vulnerabilities.” We can only estimate the losses from the identified security breaches. However, the most dangerous attacks are the ones that are not discovered, and damages from them are probably magnitudes higher.
The only way to stop this vicious cycle is to move away from the after-the-fact remedies and adopt a preemptive approach, where the attacks are stopped in their tracks before the damage is done.
Also, the compromised components must be quickly isolated, threats neutralized, and if possible, recovered and brought back to service. Additionally, a static security regime is no match against highly sophisticated intruders and keeps the vicious cycle alive. The security architecture must continually learn, evolve, and stay ahead of the threats.
Current security landscape and challenges
The complexity of the security challenge is extremely hard to fully comprehend and even more difficult to address. According to the analyst firm Gartner, global security spend in 2019[2] topped $120 Billion. It is expected to grow very rapidly as almost every aspect of human life is being digitized and the digital transformation of the society is hitting high gear.
According to some estimates[3], there are more than 140,000 security vulnerabilities identified in today’s information systems. These vulnerabilities can be found in servers, terminal devices, hardware, firmware and application software, and everything in between. Moreover, within each node, there are vulnerabilities at every layer of hardware and software stack.
For example, the well-publicized “Spectre”[4] attack was a classic case of intruders exploiting vulnerability around processors utilizing its internal memory called a cache. Hundreds of vulnerabilities are discovered and patched in the firmware, operating systems, and applications every year. The constant security updates our devices and networks receive is a clear indication of this reality.
Security threats can be largely divided into three categories: The biggest one is (1) credentials—being stolen by malware or keyloggers, followed by (2) device ID—tampered with or cloned, and lastly (3) ports—unauthorized opening allowing malware to enter the system. The weakest link in security is humans. No matter how much systematic improvement you bring, any security that does not address irrational human behavior is doomed to fail.
Industry response to all these threats, so far, has been applying band-aid solutions, largely implemented in software in the form of patches. As evident, this has not been highly effective. Fortunately, the tech industry is realizing that root-of-trust must be based on hardware and not relegated to software. There have already been some commendable efforts, such as Arm’s Trust Zone, and Intel’s or AMD’s secure boot, and establishing chip or device ID as the root-of-trust, etc.
But recent instances[5,6] have illustrated that this alone is not enough. There has to be an architecture that takes a holistic view of the full system instead of having each component managing its own security in a node, be it a single host processor in a simple IoT device or multiple different kinds of host processors in today’s servers.
Security addressed at every layer
It is very clear that an ideal architecture should address security at every layer of the stack, both in hardware, and software domains.
A security architecture should support hardware root-of-trust, based on a chip’s or device’s immutable hardware ID. This architecture is a necessary prerequisite for a Trusted Execution Environment (TEE), a mix of hardware and software features used to enable an environment in which the OS and applications and users can trust that the execution of software is as intended and not compromised. It will also have to rely on securely storing data, including the firmware, encryption keys, sensitive user, and application data, as well as space for running secure applications. Furthermore, the architecture should support secure boot with signed firmware. All sensitive functions, such as operating system and key user applications should run in the TEE. Many of these functions might run on same processors side-by-side with other non-secure applications. However, there should be a clear, logical separation between the two; the interaction between secure and non-secure applications, as well as access to secure data, should only happen through secure APIs.
These are the basic needs of any system, especially when they are deployed in public places such as hospitals or outdoors, where physical security is not feasible. Further, depending on the application, there might be even more fortification needed. For example, servers for highly sensitive use cases such as military installations might have their own specialized OS, compilers, and applications, so that intruders do not have any access to them at all.
Dedicated hardware for holistic, system-wide security
Looking at any computer system, be it servers or personal computers, you will usually find multiple processors with varying levels of processing power, on-board memory, and other capabilities, and of course, cost. That means some of these systems might have a full suite of security features we discussed in the previous section, and some others, only a subset. It is nearly impossible to have a uniform security profile across a system that is only as secure as its weakest link. As it happens with most breaches, intruders attack the parts with weak security to break-in.
Another classic case: even processors with top-notch security might still have some minor vulnerabilities that on their own might be harmless, but when integrated into a system, might create a much bigger security hole. Again, another hacker favorite!
In many cases where individual, component-level security is grossly inadequate to protect the full system, the only plausible approach to solving the problem is to have a holistic architecture. We propose that the best way to achieving this goal is to outsource security to a purpose-built, hardened, dedicated, onboard security processor that monitors all components of a system round the clock, and identifies and blocks all attacks, be it against weak components or system exploits.
This security processor, hardened to the brim, could be a central secure storage for the whole system, and can hold firmware images and other data that we discussed in the previous section. So, even if one of the host processors is compromised, it can always get a correct copy of the firmware image, keys, and other data from the security processor.
A security processor can also limit the spread of intrusion to other parts of the system. Once detected, this processor could simply isolate the infected parts, or in the worst-case scenario, fully shut down the system to avoid any further damage.
Even with hardening, this security processor may be attacked as well. However, being a sperate component, it can be better equipped to recover itself or other processors after the intrusion. Above all, there is another major reason—running security AI, which we will go into more detail in the next section.
In essence, an architecture where a dedicated security processor could be the first and the last line of defense between an intruder and the whole system, always monitoring, protecting, and even recovering compromised components. Considering all this, such dedicated hardware, albeit with the additional cost, is well worth it.
AI for preemptive security
A major issue with today’s security regime is an after-the-fact approach. Patching vulnerabilities is akin to closing doors after everything is looted from a home. An even bigger challenge is the intrusions that are not even detected. In high-value hacks, such as industrial or military espionage, hackers usually attack with pinpoint accuracy, and leave without any tracks or trace. This means that those attacks and damages are not discovered, and intruders can continue utilizing those vulnerabilities, almost at free will.
The best security approach is to preemptively stop attacks even before they start or when they are in their tracks, so that the damage can be minimized if not fully avoided. AI can be extremely helpful in achieving that.
To illustrate this, a simple example is if data transfer from a device identifying itself as a keyboard is much faster than a human can type, it is easy to determine that the device is suspicious, and can be isolated. This type of behavioral analysis detecting threats can be exceedingly complex. Remember we mentioned, humans are the weakest links in security? A good AI is a great antidote to analyzing user behavior and quickly spotting anomalies.
An AI-based security architecture can continuously learn, monitor, and perform security assessments based on user, device, and session profiles. It can detect runtime anomalies, and either send alerts or take automated action based on the policy set by the user.
The security and risk landscape keeps continually changing. In many cases, it evolves in parallel or even faster than the security improvements themselves. Considering that many systems, such as servers or industrial IoT devices typically have ten or more years of life span, a static security regime is not sustainable. AI makes security systems agile and always updated on the latest threats, not only from its own learning but also from models trained elsewhere on large datasets.
AI is another reason why dedicated security hardware, i.e., a security processor, is extremely important. For an AI to be effective, it must monitor the behavior and functions of the entire system, which may not be possible if it is running on the host processor. In cases where the host processor running its own AI algorithms is hacked, the AI effort is futile. Hence, it makes sense to run them on a hardened, dedicated security processor.
In closing
Cybersecurity is one of the major challenges faced by the global tech industry. The global economy incurs huge losses because of compromised security and spends large amounts of money and resources to protect against attacks. Additionally, unidentified attacks probably cost magnitudes more than the known ones. With the digital transformation of the global economy at full speed, security challenges will be getting even harder and the costs even steeper.
The current after-the-fact approach to security has resulted in an unending vicious cycle of “identify-patch-new exploit.” To break this cycle, the industry should adopt a holistic, preemptive security architecture that consists of security at every layer of the stack, and an onboard dedicated, hardened security processor running AI. Such an architecture can learn and monitor the entire system, quickly identify suspicious behavior, disarm intruders from utilizing vulnerabilities, and stop attacks even before they begin or cause any damage. Finally, it can continuously adapt to the constantly changing security risk landscape. Such an architecture will no doubt be a game changer for the security industry.
References
[1] Morgan, S. (2018, December 7). Global cybercrime damages predicted to reach $6 trillion annually by 2021. Cybercrime Magazine. https://cybersecurityventures.com/cybercrime-damages-6-trillion-by-2021/
[2] Gartner. (2020, June 17). Gartner forecasts worldwide security and risk management spending growth to slow but remain positive in 2020. https://www.gartner.com/en/newsroom/press-releases/2020-06-17-gartner-forecasts-worldwide-security-and-risk-managem
[3] Common Vulnerabilities and Exposures (CVE). (2020). Homepage. https://cve.mitre.org/
[4] Graz University of Technology. (2018). Meltdown and Spectre: Vulnerabilities in modern computers leak passwords and sensitive data. https://spectreattack.com/
[5] Eclypsium. (2020, July 29). There’s a hole in the boot. https://eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/
[6] Eclypsium. (2020, January 30). Direct memory access attacks—a walk down memory lane. https://eclypsium.com/2020/01/30/direct-memory-access-attacks/
_________________________________________________________________
About the Authors
Gopi Sirineni
Gopi Sirineni is a Silicon Valley veteran with over 25 years of experience in the semiconductor, software and systems industries. He has held various executive positions at Qualcomm, Ubicom, Marvell Semiconductor, Cloud Grapes and AppliedMicro. As a senior executive, he has demonstrated exceptional skill at building highly efficient, cost-effective organizations, managing rapidly changing environments and bringing industry-changing technologies to market.
Prakash Sangam
Prakash Sangam is the founder and principal at Tantra Analyst, a leading research and consultancy firm. He is a recognized expert in 5G, IPR strategy, IoT, and AI. Prakash’s research and analysis are inspired by his more than 20 years of well-rounded experience at Qualcomm, Ericsson, and AT&T. He has a column at RCR Wireless News and regularly contributes to Forbes, EE Times, and others. He is often quoted in the media, including CNBC, NBC, VoA, Times of India, and has been on the speaking circuit for leading industry events, including Mobile World Congress, MWC Americas (CTIA), and IWCE. Prakash holds a Bachelor’s in Electronics and Communications from Karnatak University in India, and an MBA from San Diego State University.