In today’s connected world, there are many facets of technology that we do not directly see, but these still play a very important role in our digital safety. Among the ranks of encryption algorithms and authentication mechanisms, we have a contender for the hidden watchdog of the digital world – secure element chips. 

Secure element chips, or SEs, have been around since the late 90s and have become one of the most-overlooked parts of our hardware. These chips are an integral part of the Secure Enclave, a set of hardware and software features which prevent a wide range of attack vectors for malicious attackers. These elements are tamper proof and must adhere to a strict standard. But what is surprising is how pervasive they are. 

Smartphones, tablets, and laptops all have Secure Enclaves to carry out a variety of security-based actions. The secure element is tamper-proof from both hardware and software perspective, and provides a secure environment to enable other cybersecurity features. The chip is able to provide certain security guarantees that create a root of trust for encryption systems, as well as the provision of secure memory which can be used to store encryption keys and other sensitive information. The presence of a Secure Enclave prevents attackers from being able to access this information even if the system has been compromised. 

The development process behind this security offering is one of the most closed ecosystems in the hardware development space. Working on a secure element usually means signing multiple NDAs and guarding the code repository with the highest degree of security. But that might change soon. 

Why do we need secure elements?

To understand why secure elements are so important, we must first take a look at how encryption works. Through a process of using complex mathematical algorithms and digital keys, computers can encode sensitive data to prevent cyberattacks. However, the keys are used to decode the same data for the recipient, making them one of the most sensitive data that can be stored on a device. Storing these keys is just one of the functions of a Secure Enclave. 

In short, Secure Enclaves provide confidentiality, attestation, and integrity to devices. Confidentiality refers to the quality of an SE that prevents attackers from knowing the execution state of the chip. This means that any action undertaken in the chip is kept secret from the user or the attacker. Attestation is a hardware-based feature of the SE that allows a remote party to verify what has run inside the enclave in a trustless fashion. Integrity is a feature of the enclave that ensures that no matter what happens on the external operating system, the SE will continue to work as intended. 

These three features allow the SE to enable secure computation, both locally and in the cloud. Even in a situation where the end user cannot see or interact with the hardware they are working on, Secure Enclaves can give them the confidence that malicious parties cannot hijack their data. Even though software techniques exist to enable secure computation with multiple parties, SEs bring the security of these methods while still providing fast computation. Due to their nature as fully-integrated systems, SEs have a low computational cost and add a high degree of value to the system they are integrated into. 

The race towards an open-source SE

Just as with any argument in the cybersecurity space, there are two sides to creating an SE with completely open-source tools. Kerckhoffs’s principle states that any cryptographic system must be secure even if all information about the system is out in public; a law open-source enthusiasts swear by. This puts the onus on developers and creators of SEs to keep them secure even if the inner workings of the system is common knowledge. However, security through obfuscation is the other side of the coin, an easy cop-out for companies to keep everything secret and, by extension, secure. 

Closed-source designs aim to preserve security by not disclosing the architecture and implementation of the SE. Most SEs are written in Java Card and MULTOS, and as with any kind of human-written code, it comes with a host of bugs. However, by making the SE tamper proof and closed to penetration testing, companies can get away with having security-breaking bugs in their code. This also extends to the architecture of the SE, as the way the chips are placed can also open up an opportunity for malicious attackers to use high-tech attack vectors such as ion beams. 

An open-source SE, by contrast, will have all code in the open, with architecture partially being open, only constrained by silicon foundry NDAs. Low-level silicon like SEs usually use ARM-based SoCs, which are closed source. However, we are now seeing a trend towards the completely open RISC-V architecture, which is completely open-source. Using open-source code can also speed up the discovery of errors, an area where closed-source SEs have been lacking. 

A prime example of the damage caused by closed-source SEs is Foreshadow, an exploit that targets SE on Intel processors. The vulnerability was only discovered after researchers put in behemoth efforts to uncover it, which was made even more difficult due to the measures taken by Intel to prevent information gathering. It is likely that an issue of this size would have been identified and patched within a week of the SE launching on an open-source product. 

We have already seen many companies undertaking the task of creating an open-source Secure Enclave, such as Keystone and Cranium. While these companies are still bound by silicon foundry NDAs, meaning they cannot disclose the specifics of the architecture of the chip, the open-source access to the code will allow the manufactures to leverage the pen-tester ecosystem to make a stronger product. 

This also sets an interesting precedent for the SE industry as a whole, as NDAs are par for the course in this field. There is a huge elephant in the room when it comes to SEs; the rise of quantum computing. However, the encryption community as a whole has considered that to be a problem to be tackled when it actually becomes a problem, leaving space and time for SE manufacturers to turn to the libre side. 

The post A Quest to Develop an Open-Source Secure Element Chip appeared first on Analytics India Magazine.