The Cyber Defense eMagazine February Edition for 2024

More documents

Recommendations

Info

Weaknesses of software-based cryptography One of the most crucial weaknesses of software-based cryptography is the need for implicit trust in a very deep stack of software layers. Software-based cryptography relies on a complex stack of technologies, including cryptographic library, operating system, drivers, compilers, CPU, etc. If security at any layer fails, it could compromise the entire cryptosystem. Sharing physical resources with potentially malicious programs exposes software-based implementations to multiple security risks – despite modern security protection, a successful attack to any of the physical resources can jeopardize other functions in the system. It is also common for many computer systems to have their most sensitive data (for example, encryption keys) located in the same memory with non-sensitive data, which can be exposed by even fairly trivial bugs in a program. One of the most infamous examples is the Heartbleed buffer over-read bug in OpenSSL published in 2014, which allowed a remote attacker to read large portions of the victim’s memory that could include passwords, encryption keys, and other sensitive data. Software-based cryptographic implementations are also harder to protect against side-channel attacks. These cryptanalytic attacks target the implementation rather than the mathematical foundations of a cryptosystem. Side-channel attacks can be based on, for example, execution time or power consumption of the computing device. Software-level implementations often lack the low-level control required to protect against such attacks due to the microarchitectural optimizations of modern processors. Hardware-level bugs in processors may also compromise software-based security, posing challenges to fixing vulnerabilities in deployed systems. Examples of such security attacks include the Meltdown and Spectre attacks, which well demonstrated the challenges and costs of fixing processor vulnerabilities for already-deployed systems. Benefits of hardware-based solutions When implementing cryptography directly as hardware logic design (FPGA or ASIC), the critical computations and data can be isolated into a dedicated IP core (Intellectual Property core) segregated from the main system. Cryptographic keys are the most vital components of the entire cryptosystem. Storing these in a separate cryptographic IP core provides a significant security enhancement compared to the software-based security approach. Many software-based systems rely on hardware to secure cryptographic keys, by storing them to a Hardware Security Module. Hardware-based cryptography offers superior resilience compared to the software-based approach when it comes to side-channel attacks. Hardware designers have granular control over implementation details, enabling fully constant-time IP cores that nullify timing attacks. This level of control is challenging to achieve in software-based implementations due to microarchitectural optimizations beyond the programmer's reach. In addition to enhanced security, using hardware-based cryptography offers superior performance and energy efficiency compared to software-based cryptography. High-performance cryptographic IP cores Cyber Defense eMagazine – February 2024 Edition 128 Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.
can achieve throughput levels of up to hundreds of Gigabits per second with significantly lower energy consumption per cryptographic operation. Conclusion A higher security level, better performance, and lower energy consumption build trust and preference in hardware-based cryptography over software-based approach in implementation of security-critical operations, such as key management or cryptographic operations. FPGAs and ASICs are already used in various industrial control and automation systems. FPGA platforms combine the best of both worlds, as they can be re-programmed and updated for already existing applications without additional hardware, or other prohibitively costly investments, while also offering full isolation of security-critical data and operations from the rest of the system. ASIC-based implementations offer further performance and lower power consumption, as well as potential cost benefits for high-volume deployments. About the Author Kimmo Järvinen is the co-founder and CTO of Xiphera. He received the Master of Science (Tech.) and Doctor of Science (Tech.) degrees from Helsinki University of Technology in 2003 and 2008, respectively. Kimmo Järvinen has a strong academic background in cryptography and cryptographic hardware engineering after having various post-doctoral, research fellow, and senior researcher positions in Aalto University (Espoo, Finland), KU Leuven (Leuven, Belgium), and University of Helsinki (Helsinki, Finland). He has published more than 60 scientific articles about cryptography and security engineering. Learn more about Xiphera. Learn how Xiphera executes hardware-based cryptography. Cyber Defense eMagazine – February 2024 Edition 129 Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.
Page 1 and 2:
How One Industry Exemplifies the Im
Page 3 and 4:
Data Breach Search Engines --------
Page 5 and 6:
@MILIEFSKY From the Publisher… De
Page 7 and 8:
Welcome to CDM’s February 2024 Is
Page 9 and 10:
Cyber Defense eMagazine - February
Page 11 and 12:
Page 13 and 14:
Page 15 and 16:
2001 2024 Cyber Defense eMagazine -
Page 17 and 18:
Page 19 and 20:
How One Industry Exemplifies the Im
Page 21 and 22:
That is where things stand in my in
Page 23 and 24:
current on the mission and values o
Page 25 and 26:
So, monitoring and managing vendor
Page 27 and 28:
About the Author Caroline McCaffery
Page 29 and 30:
How so? Businesses can make things
Page 31 and 32:
Using Cmmc 2.0 To Transform Your Cy
Page 33 and 34:
equire the implementation of additi
Page 35 and 36:
for the Department of Energy’s Cy
Page 37 and 38:
• IT no longer controls where and
Page 39 and 40:
For example, the Cloudbrink service
Page 41 and 42:
5 Cybersecurity Resolutions for The
Page 43 and 44:
The Importance of Cyber Hygiene for
Page 45 and 46:
The key steps to improve your cyber
Page 47 and 48:
Connecting Tech to Black America By
Page 49 and 50:
Establish partnerships with HBCUs E
Page 51 and 52:
Perhaps the most obvious example of
Page 53 and 54:
Crafting AI’s Future: Decoding th
Page 55 and 56:
The implementation of regulations c
Page 57 and 58:
AI Is Revolutionizing Phishing for
Page 59 and 60:
That’s why security awareness tra
Page 61 and 62:
culmination of this race will revea
Page 63 and 64:
Traditionally, DBSEs would only inf
Page 65 and 66:
Enhancing Cybersecurity Defenses: T
Page 67 and 68:
Social engineering testing In the e
Page 69 and 70:
GitGuardian Researchers Find Thousa
Page 71 and 72:
*Emergent trends While everything f
Page 73 and 74:
There are multiple tools that will
Page 75 and 76:
Good Security Is About Iteration, N
Page 77 and 78: to incorporate architectural and de
Page 79 and 80: Hacking and Cybersecurity Trends to
Page 81 and 82: detect attacks as they are occurrin
Page 83 and 84: Legacy solutions hinder an organiza
Page 85 and 86: About the Author Thomas Müller-Mar
Page 87 and 88: Having worked closely with financia
Page 89 and 90: device is emitting its signal the t
Page 91 and 92: Navigating the API Security Landsca
Page 93 and 94: that entities (users, services, or
Page 95 and 96: examine financial transactions, net
Page 97 and 98: Offensive Awakening: The 2024 Shift
Page 99 and 100: Not only are legislators pushing fo
Page 101 and 102: Let’s dive into how security lead
Page 103 and 104: Overcoming Common Data Security Cha
Page 105 and 106: The Risks of Over-Privilege Alongsi
Page 107 and 108: Quishing Campaign Exploits Microsof
Page 109 and 110: After inserting their email address
Page 111 and 112: more expensive and time consuming.
Page 113 and 114: Cotton Sandstorm or Static Kitten h
Page 115 and 116: Spike in Layoffs Pose Serious Cyber
Page 117 and 118: About the Author Adam Gavish is the
Page 119 and 120: The Crucial Role of Data Categoriza
Page 121 and 122: The Next Generation of Endpoint Sec
Page 123 and 124: Next-Generation Endpoint Security:
Page 125 and 126: As I reflect back on the past few m
Page 127: Why Is Hardware More Secure than So
Page 131 and 132: ecome more secure. By the end of 20
Page 133 and 134: Zero Trust Matures, Insider Threat
Page 135 and 136: of the risk of insider threats and
Page 137 and 138: Zero Trust: Navigating the Labyrint
Page 139 and 140: • Enhanced Security: Zero trust b
Page 141 and 142: Cyber Defense eMagazine - February
Page 149 and 150: CyberDefense.TV now has 200 hotseat
Page 151 and 152: Books by our Publisher: Amazon.com:
Page 155: i https://www.whitehouse.gov/briefi
show all

The Cyber Defense eMagazine February Edition for 2024

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?