Summary
This article covers the definition, uses, and future prospects of security chips, as well as their security features and ability to withstand attacks. It also highlights the robust security features of the imKey hardware wallet.
As technology advances, information security becomes increasingly important. Security chips, as the core technology for protecting data security, are widely used in various fields such as finance and the Internet of Things (IoT). This article will provide a detailed introduction to what security chips are, their uses and prospects, why they are considered secure, what types of attacks they can resist, and showcase the powerful security features of the imKey hardware wallet as an example.
What is a Security Chip?
A security chip, primarily referring to a Secure Element (SE), is a microcomputer that achieves secure data storage and encryption/decryption operations through unique security components and a chip operating system (COS). SEs are characterized by their small size, low power consumption, high reliability, and strong confidentiality, making them suitable for embedding in various products such as IC cards, SD cards, SIM cards, eSEs, online banking USB keys, and wearable devices.
Uses of Security Chips
Security chips have many applications in our daily lives, such as bank cards (with metal contact surfaces), mobile phone SIM cards, ID cards, and online banking USB keys. Their application in emerging technologies such as artificial intelligence, the Internet of Things (IoT), and vehicle networks is also increasing, providing robust security guarantees for these fields.
Prospects of Security Chips
With the global promotion of new technologies such as 5G, quantum communication, artificial intelligence, vehicle networks, the Internet of Things (IoT), and the industrial Internet, the demand for security chips continues to grow. China has also released action plans to promote the development of artificial intelligence and vehicle networks, creating a favorable policy environment for new technologies. The development of smart terminals, IoT, and smart homes all rely on the support of chips. The security chip industry has been listed as part of the national information security strategy, indicating tremendous potential for future development.
Why Are Security Chips Secure?
The security of chips can be analyzed from the perspectives of the chip's inherent security design and testing standards.
First, the chip itself must possess high security, both in terms of internal software design and physical structure. Due to the complex and numerous design principles of security chips, a few key aspects are highlighted:
- Whether a secure CPU is used, primarily for the computation of keys and data, and security detection during operation
- Whether the CPU registers have masking protection functionality
- Whether the memory (NVM, RAM) is encrypted and has dedicated integrity verification protection
- Whether there are sensors for temperature, voltage, frequency, light, and specialized protection nets
- Whether it includes a coprocessor for secure encryption and decryption calculations
Secondly, security is not absolute or eternal. It is relatively secure under certain conditions for a certain period. Therefore, it can be understood that there are standards that can be referenced within certain limits, and only through compliance with these standards can something be considered relatively secure.
In this context, it is essential to mention the ISO/IEC 15408 standard (Information Technology - Security Techniques - IT Security Evaluation Criteria) released by the ISO International Organization for Standardization in 1999, often referred to as the CC (Common Criteria) standard. ISO 15408 is a security evaluation criterion for information security-related products or systems and has become an international standard certification and the most rigorous global security system evaluation criterion.
The significance of the CC standard lies in its ability to…
- Enhance users' security confidence in IT products through evaluation,
- Promote the security of IT products and systems,
- Eliminate redundant evaluations.
For security chips, the CC standard specifies that their security assurance levels range from EAL1 to EAL7, with higher levels indicating that more stringent security assurance requirements must be met, and thus the security features are more reliable. Each level of security certification requires evaluation from multiple perspectives. It is worth noting that in the financial sector, products generally use EAL4+ or EAL5+ levels, while EAL6+ is considered military-grade.
What Types of Attacks Can Security Chips Resist?
According to international CC standards, security chips must meet specific anti-attack requirements, as outlined below:
- Ensure the security chip can resist physical attempts to measure the logical contents of memory units.
- Ensure the security chip can resist attacks that involve exposing the logic of memory units or internal wiring to recover useful codes or information.
- Ensure the security chip can protect against side-channel analysis that could lead to the exposure of sensitive information in memory, such as analyzing power consumption patterns, electromagnetic emissions, or timing of primary processing functions.
- Ensure that mechanical probing attacks on the security chip are difficult to use to expose memory codes and information.
- Ensure that attacks using voltage contrast and electron beam probing are unlikely to reveal memory information.
- Ensure that the security chip application is not affected by environmental changes. If internal changes or out-of-spec values for clock rate, voltage, reset pulse width, and temperature are detected, they should be rendered ineffective.
- Ensure that the execution of security chip applications is not affected by probing attacks.
- Ensure the security chip can resist modifications by individuals with extensive knowledge of security chip design using advanced tools like FIB systems or laser cutters.
- Ensure the security chip can withstand optical fault attacks, electromagnetic interference, and radiation without affecting the normal operation of applications or entering a safe state.
- Ensure the security chip's design complexity makes it challenging for attackers to extract logical building blocks through reverse engineering, requiring significant effort and the use of advanced specialized tools.
In summary, even for technically skilled personnel, attacking a security chip is quite difficult.
How Secure is imKey?
imKey has implemented rigorous security designs for its products from both software and hardware perspectives. This section focuses on the hardware aspect. imKey uses a CC EAL6+ security chip, which has reached military-grade levels and possesses the following security features:
- Built-in true random number generator (TRNG)
- Dual-core CPU, with one core for execution and the other for security detection
- Mask protection for all CPU registers
- Encryption of all NVM and RAM, with dedicated integrity verification protection
- Temperature, voltage, frequency, and light sensors, along with a specialized protective net
- DES, AES, and coprocessors for PKI calculations
Note: The core of a blockchain wallet is the private key, which is essentially a string of random numbers. The security of these random numbers directly affects the strength of the private key's security. The chip used by imKey generates random numbers through a true random number generator (TRNG). TRNGs typically generate random numbers using thermal noise, which provides strong randomness and high security, making them difficult to predict. This ensures the confidentiality of the private key at its source, thereby ensuring the security of the wallet. Consequently, the assets you store through imKey are secure because the private key's security is guaranteed.
Should Security Chips Be Open Source?
Whether security chips should be open source is a contentious issue. Open-sourcing means exposing the security design, which could introduce immeasurable security risks. It's akin to your military force constructing a defense fortress with great effort; to prove its security to the world, you would have to make your security designs public, inadvertently exposing them to enemies and providing opportunities for exploitation.
Security chips follow industry guidelines and international standards, and they have been widely used in military, financial, governmental, and civil sectors. Therefore, open-sourcing should not be the criterion for judging the security of a security chip.
The knowledge about security chips can be quite esoteric. In summary, when purchasing a hardware wallet, it is recommended to choose products that use security chips and have security certification qualifications to ensure the safety of your assets.
0 comments
Please sign in to leave a comment.