In advance of his ESC (Embedded Systems Conference) Boston keynote presentation, Joerg Borchert, vice president of chip-card and security ICs for Infineon Technologies North America, spoke to Design News site publication EDN about silicon-based security, privacy issues, market drivers, and user needs. An excerpt of that interview follows.
ESC keynoter Joerg Borchert, VP of chip-card and security ICs for Infineon Technologies North America.
Q: What are the key market drivers and user needs for silicon-based security?
A: Silicon-based security is used in identification tokens for mobile phones, or SIM [subscriber-identification-module] cards; for payment cards to reduce fraud in debit- and credit-card schemes; in government IDs around the world; and in transport [ticketing and IDs]. When we are talking about embedded security, the market drivers are, on one hand, traditional, secure computing. An important vertical market is smart grid or, in a broader scheme, critical infrastructure. Then, it’s safety meets security. We have to differentiate between safety and security. When a safety system fails, there is immediate and direct harm. A security system could harm or enable the ability to harm.
Q: How does silicon-based security complement other security features while still protecting privacy?
A: Security is mainly done today by software. There are some inherent issues with software, especially in the connected system. Silicon-based security can put an anchor into the system that allows the implementation of information assurance through an embedded system. Basically, that means management related to the use, storage, and transmission of information on a silicon level.
On the topic of privacy, recent attacks that have made people nervous targeted service providers, which hold large amounts of data. Better mechanisms to prevent these [attacks] are already [available] but may not be widely used. These [mechanisms] are for standard topics of information security, such as access-rights management combined with authentication, full disk encryption, trusted network-connection technologies, and combined use of trusted platform modules and service and protocols. If you combine that [group of mechanisms] with authentication methods, [you could prevent] a lot of these [attacks]. Security and privacy are topics that the industry has to become better at explaining, especially when it comes to these kinds of things in which the massive amount of user data is suddenly available and for sale.
Q: What are the main vulnerabilities that chips are addressing in secure-identification documents?
A: In the case of ePassports, the chip is in addition to existing security features. The threat scenario is different when you are talking about ID cards that can do electronics signatures. Then, you have to provide the highest security available. There have been documented attacks to smart-card ICs. We [at Infineon] believe that you have to constantly invest in security. It’s a constant race with the bad guys. If you do electronics signatures, then you have to provide a best-of-class security level to prevent vulnerability.
Q: What opportunities for silicon-based security do you see in NFC [Near Field Communication] and smart payments?
A: We [estimate] that in the worldwide marketplace, [Infineon] will ship 50 million to 70 million NFC secure controllers this year. They can support [various] payment types; transport tools; and access [IDs], such as an access pass when you go into a company building. Last but not least, there are applications on the horizon, such as loyalty points, that can be on a phone. The NFC secure element is basically the hardware manifestation of an identity -- a payment identity, your identity with a company, loyalty identity, or mass-transport identity -- so you can hold your phone, swipe, and go.
Q: What other opportunities do you see for silicon-based security?
A: There’s a tremendous opportunity in embedded systems in the future. Embedded systems are in everything from washing machines to mission-critical systems, which are programmable-logic controls in water and electricity supply. These embedded devices are connected and have a big impact. There’s a good opportunity in the future. There will be more systems with embedded controllers that have to be secured than PCs [with Trusted Platform Module], for example, in the numbers of systems shipped this year.
Q: You’ll be speaking at ESC Boston in a few weeks. What key issues and trends will you address?
A: I will address the key vulnerabilities, lessons learned from the PC and server-client architectures, applying things to the embedded side, what can be done better by taking into account lifecycle management, and applying information assurance and logic to those problems, as well as reliability. These issues are especially important to systems that have to perform, even if they are attacked.
For more information on ESC Boston, part of UBM's DesignDays event September 26 to 29, visit our ESC Website.
Story courtesy EDN.