Why Hardware Security is Important for the Devices used in Critical Infrastructure?

The globalization of the electronics supply chain is one of the main challenges that contribute to hardware security vulnerabilities as many enterprises engaged in design, manufacturing, integration, and distribution process. It creates a big challenge for industries and users when these devices are used in critical infrastructure applications e.g., e-health care, energy sector, transport, communication, industry, defense applications, etc. Nowadays, most electronic devices are IoT based which consist of small hardware and have advanced computational power and functionality. These IoT devices use sensors to communicate with the local server through the LTE network and store the sensitive information in its memory. If an attacker gets physical access to the device, it is highly vulnerable to physical attacks, in the form of side-channel leakage, fault injection, and tampering. The hardware of these IoT devices is considered the main root of trust and the last line of defense. If the foundation of the hardware’s design is not secure, software security may not be effective, and it would be easy for an attacker to exploit the device. The extent of damage and its impacts will depend on the applications where the IoT device is connected, the type of attacks that are being executed, and the implementation of security protocol. There is no doubt that the application of IoT devices has immense benefits, but the security of these devices is not improving with the pace of innovation especially when it comes to low-level hardware security. In Norway, most IoT-based devices are designed and manufactured abroad and ought to be imported on a large scale. This situation applies across Europe to a wide range of electronic devices.

Thus, it is of utmost importance to understand the hardware security risks, design and implement physical hardware testing protocols, and derive new standards for hardware security testing. However, testing hardware-security vulnerabilities is considered too expensive and time-taking process and very few labs provide these services as it requires advanced lab infrastructure, key skills, and competence. There is an urgent need to develop test lab infrastructure, innovative test methods, skills, and competency that could be used for addressing future hardware security challenges. The recently introduced European Chips Act 2021 aims to mobilize €43 billion in 'policy-driven investment' for the EU's semiconductor industries by 2030. This act is also going to develop the necessary tools, skills, technological capabilities and secure the supply of semiconductors, and reduce its dependencies.

The Norwegian University of Science and Technology (NTNU) has established Hardware Reverse Engineering (HRE) Lab at the Gjøvik campus. The HRE lab is developed under the research-based innovation project (SFI) ‘Norwegian Centre for Cybersecurity in Critical Sectors (NORCICS) funded by the Research Council of Norway. The HRE lab aims to address the gaps identified at the national and EU levels by designing, testing, and validating the innovative & cost-effective test methods, tools, and techniques for assuring hardware security vulnerabilities of IoT. The HRE lab is also developing skill-oriented course/training

modules, including lab activities in collaboration with industries and research institutions to built-up national competence, skills, and knowledge for a rapid national capacity boost in digital security.

About the author:

Arvind Sharma is working as a Postdoctoral Research Fellow in the Hardware Reverse Engineering Lab at the Norwegian University of Science and Technology (NTNU), Norway. He is actively working under the research-based innovation project ‘Norwegian Centre for Cybersecurity in Critical Sectors (NORCICS)’ and carrying out research activities on hardware security related to IoT, Embedded System devices used for Smart grid, Secure Industries, and Healthcare applications. He has got his PhD from the University of Agder, Norway, and has more than 10 years of research experience from The Energy and Resources Institute (TERI, India), in the field of solar PV system design, customization, and testing. During his work at TERI, he has contributed to establishing the testing and research laboratory of solar PV systems and microgrids, accredited under the World Bank’s Lighting Global Programme as well as the National Accreditation Board of Laboratory (ISO 17025). He was also a core technical member of R&D’s team at TERI’s Flagship Programme Lighting a Billion Lives© which has positively impacted the lives of more than 5.4 million people around 13 countries in the world. He has a great interest in the security of the smart grid, energy systems, smart health cares, and Industry 4.0.