Companies often don’t build security into their products from the start. Instead, they add on cryptographic algorithms and primitives to achieve confidentiality and authenticity properties, but this add-on approach makes the product a target of possible attacks.

Attacks might include exploitable software bugs, the most common vulnerability, or hardware leaks, physical attacks, logical attacks and remote and localized attacks. Newly identified vulnerabilities such as Spectre, Meltdown, Foreshadow and Spoiler have shown that problems such as side-channel attacks also exist in hardware designs, and that there are likely many more vulnerabilities in current solutions from hardware vendors.

Secure hardware needs to become an industry mandate. All too often companies take shortcuts in design assurance and secure design, trying to meet certain performance, area, speed and cost requirements.

Without secure hardware, design flaws will continue to be discovered and exploited, risking serious data breaches and other serious consequences. It’s time for the industry to move away from the principle of security by obscurity and embrace open architectures like RISC-V which enable anyone to inspect and analyze the instruction set architecture (ISA) to assess its security.

A few years ago, DARPA created its System Security Integration Through Hardware and Firmware (SSITH) program to break the cycle of vulnerability exploitation. The goal of SSITH is to develop new hardware security architectures and associated design tools that provide security against hardware vulnerabilities that are exploited through software.

RISC-V Foundation member Galois is one of the companies participating in the SSITH program, developing tools and techniques for quantitatively measuring and reasoning for system security, particularly for hardware. As part of this program, Galois is working to develop baseline processors from which security improvements will be measured, port and support baseline operating systems and compilers for those CPUs and develop a demonstration application for secure hardware.

DARPA recently announced that Galois will be developing a voting system as the demonstration vehicle for this secure system, built with fully open source hardware and software. While the voting system is not intended for production, it serves as an important demonstration of how DARPA technology can be used for a critical infrastructure system.

The voting system will be built on open source RISC-V CPUs and will incorporate auditable software components, enabling the public to review both the software and the hardware since the RISC-V ISA is public and standardized. The purpose of this system is to spur continued research and innovation to develop more secure hardware and software solutions for the benefit of everyone.

The voting system will be publicly “red teamed” in the voting village at DEF CON 2019 and DEF CON 2020 so attendees can examine it and conduct penetration tests to gauge its security. The demonstration will include both an end-to-end verifiable and a traditional non-verifiable voting system.

In 2019 there will be a smart ballot box on SSITH hardware, while the 2020 event will feature all components on SSITH hardware, including both the ballot marking device and optical scan systems. A scaled down, low cost version of the system will be made available via Crowd Supply so anyone can buy it, experiment with it and use it to run even informal elections such as for school clubs or sports teams. University teams also will be participating in this program to enhance their own security research efforts.

The RISC-V Foundation expects this project will yield significant learnings for universities and researchers, and we look forward to seeing more industry traction as more companies move to open source hardware. Over the past few years there has been an uptick in companies working on RISC-V based secure processors, and a number of such solutions are already commercially available.

We believe industry collaboration is essential for tackling security challenges. Last year we formed a Security Standing Committee to bring together industry leaders to develop consensus around best security practices and identify potential security improvements for RISC-V implementations.

The Foundation also supports a group working on a trusted execution environment for microcontroller-class processors. It is developing a specification that will serve as an extension of a privilege specification. A cryptography extensions group is building on early proposals for ISA extensions for the standardized and secure execution of popular cryptography algorithms.

The future of security is in the hands of developers. We strongly encourage everyone to get involved and work together to tackle the dynamic security demands of this new era of innovation.

–Helena Handschuh is chair of the RISC-V Foundation’s security standing committee and a Fellow at Rambus.



