ARM Security Technology Building a Secure System using ...
ARM Security Technology Building a Secure System using ...
ARM Security Technology Building a Secure System using ...
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Introduction<br />
Many of the possible attackers can also be considered to be motivated by economic<br />
reasoning. The biggest losses in industry originate from attacks perpetrated by<br />
professional hackers rather than end users, and professional hackers are predominantly<br />
motivated by financial gain. They will not invest more in a hack than they can<br />
reasonably expect to see in financial return.<br />
Class-breaking attacks<br />
Many device attacks are driven by professional criminals, academic security<br />
researchers, and enthusiasts working at home. Whether for financial gain, academic<br />
prestige, or just for fun, these groups can focus significant amounts of time into<br />
analyzing a system and developing complex attacks designed to break it.<br />
The most sought after result of these attacks is a class-break; an easily reproducible<br />
attack that can be used to break a whole generation, or class, of devices. The most<br />
widely published attacks that fall in to this category are those deployed against<br />
consumer entertainment devices, such as the attacks that break the software restrictions<br />
on games consoles and the content protection schemes on DVD movies.<br />
In many class-break scenarios in which the device hardware is attacked, the first<br />
investigative research by the attackers may cost a significant amount. This money is<br />
used to fund access to tools, such as electron microscopes and transistor stimulating<br />
lasers, which are used for silicon-level analysis. The objective of such an attack is to<br />
discover security weaknesses that can subsequently be exploited on multiple devices<br />
without significant cost. These class-breaking attacks can dramatically shift the balance<br />
of the economic argument in the favour of the attacker if the number of attackable<br />
devices is sufficiently high.<br />
Positive economics<br />
The benefits of a secure environment are not constrained to only the technical. It has<br />
been shown in studies that increased consumer confidence in easy to use and secure<br />
payment systems can boost consumer spending by up to twenty percent, while also<br />
enabling faster uptake of new revenue streams and different business models.<br />
Manufacturers of devices are increasingly in a world where consumers have awareness<br />
of security issues, and security features of devices are becoming an issue of competitive<br />
differentiation. Devices with good security reviews and useful security functionality are<br />
being chosen in preference to less well specified devices. This is especially true for<br />
devices deployed into corporate enterprise environments, where mobile devices can<br />
connect to the internal network. The ability to synchronize confidential e-mail and<br />
calendar appointments to a smart phone is very useful but can, as the Washington Post<br />
1-8 Copyright © 2005-2009 <strong>ARM</strong> Limited. All rights reserved. PRD29-GENC-009492C<br />
Non-Confidential Unrestricted Access