Only secure hardware can safeguard standards

Craig Rawlings, Kilopass Technology
(05/13/2008 11:50 AM EDT) -- EE Times

Who would have imagined that a 13-year-old kid could compromise an industry standard overnight?

But that's what happened in 1999 when Norwegian teen Jon Johansen and two hacker "colleagues" unlocked the secret of the Content Scramble System (CSS) designed to protect DVDs from piracy. DeCSS, the program they created, quickly found its way onto the Internet and into DVD-copying tools sold through legitimate retailers. Despite litigation by Hollywood studios and a legal ruling enjoining one manufacturer from further sales, the genie was out of the bottle.

With global competition growing in ferocity, standards of conduct getting looser and the manufacturing supply chain operating in countries with weak intellectual-property protection, what's the best way to safeguard the security keys integral to standards-based security schemes for everything from HDTV to iPods?

Clearly, no matter how elegant an encryption scheme may be, if it's insufficiently protected and if encryption keys can be reverse-engineered or otherwise hacked, a standard--and an industry--is in jeopardy. There's a great need for effective physical-layer security for the sensitive information residing in consumer system-on-chip architectures.

If you accept that statement, the first question to ask is, how physically secure is the technology in question? Most keys are hidden in the nonvolatile memory (NVM) of DVDs, hard drives, EPROM, E2PROM and flash. Solid-state NVM is certainly more secure than a hard drive, for example, but it's still relatively easy to crack. The real challenge is to protect keys so well that they are invulnerable.

To read the full article, click here