How Physical Security is crucial for IoT Devices

Enterprise Security Magazine | Thursday, March 28, 2019

Physical securityThe ubiquity of IoT devices has put added emphasis on the need for adopting efficient security measures. Physical security, which was considered to be the most secure feature for organizations, is also at stake because of the distributed and fragmented nature of the IoT devices. An inefficient physical security solution can cause catastrophe for an organization.

Security service providers have identified four significant vulnerabilities for the Security of a system-on-chip (SoC), and those are software, communication, lifecycle, and physical. All these factors need to work efficiently, as any vulnerability can jeopardize the entire security of a system. Physical security means securing all the hardware and silicon element of a system. Breaching physical security is an uphill task, as unlike software security the attackers need to be close proximity to compromise a system. Many attackers have been implementing various ways to breach the physical security of an organization. There are two vulnerabilities for physical security which are as follows:

Non-Invasive: Attackers use non-invasive attacks to sense the electrical characteristics of a chip to change the behavior of the devices or gather sensitive information. The attackers need to be in close proximity of the chip to sense the electrical characteristics.

Invasive Attacks: Invasive attacks can only be possible if the chip surface is exposed to the attackers. Attackers can manipulate chip physically to extract vital information stored in the chip.

There are many other vulnerabilities which come within these two vulnerabilities. They are as follows:

Side Channel Analysis: Attackers use side channel analysis analyzing power signature or Electro Magnetic radiation emanating from an IC. It is a non-invasive attack which has the potential to extracting sensitive information such as secret keys.

Tamper Attack: Tamper attacks are invasive attacks in which the attackers meddle with the IC to extract sensitive information present in the metal wires using microprobes. Attackers can also alter the circuit behavior by overdriving the state of the IC.

Fault Injection Attacks: faulty attacks are invasive attacks in which a miscreant induces faulty behaviors in the system to compromise the security. These faulty behaviors include temperature, frequency, voltage, power, clock, and many others. 



Weekly Brief