The story of Riscure, like with many other technology businesses, started in the garage. Dissatisfied with the quality of then available hardware testing tooling, Marc Witteman founded Riscure with the goal to advance the capabilities in the field known as device security. We sat down with Marc to discuss the history and the future of hardware attacks and methods to protect chips and devices from them.
Let’s start with discussing the early days of the company. How was Riscure created?
Before I started Riscure, I worked in a government research organization. We worked on research requests from customers who were concerned about the security of their products. Most often, these were payment cards, the first products that really needed to be robust. Back then I’ve seen a lot of inspiration from the scientific field about potential attacks, but there was a total lack of equipment. So even if we succeeded in testing the attack, it took us a lot of time to create ad-hoc setups, with the available equipment, which was often very limited.
At some point, I thought, okay, we can do this much better, we can make many more attacks practical if we really focus on that test equipment. The organization where I worked didn’t want to do that, because they had a focus on services. I wanted to do something different. I received positive feedback from potential customers, as well. They understood the need for that test equipment because they had concerns about this or that paper being published. And nobody could tell them whether this was pure theory, or that it was practical. I started Riscure to bring practical chip security testing to the next level. Our first assignment came from a big financial organization wondering whether a new theoretical attack presented at the RSA conference was practical. Two months later I demonstrated that we could extract the keys from their newest payment cards.
What has changed in the device security field over the years?
I think the entire concept of hardware security started once devices became exposed in the field. Keep in mind that if you go back, say, fifty years, computers back then were sitting in protected environments. It was towards the end of the 80s that people started buying home computers. And it would take until the end of the 90s that people would start buying other sorts of consumer devices where the hardware was exposed. Only recently, maybe 10-15 years ago, the industry recognized the need for all those devices to be secure. If you think back to your very first cell phone, you probably didn’t really care if it was secure or not, because you only used it for making phone calls. Now you run your life on your smartphone, so there are so many things on your smartphone that you expect to be secure. You expect your privacy to be protected, which is not necessarily a given. So the number of risks and threats has actually increased with the capabilities of the devices.
Now, going back to the days when Riscure started, or a bit before that, academia started discussing potential hardware threats. Two important papers kicked off that discussion. Dan Boneh, a professor at Stanford, wrote about the devastating impact of physical faults on cryptographic security. Paul Kocher, Chief Scientist of CRI, invented Differential Power Analysis, combining multiple disciplines to extract cryptographic secrets by observing information leakage through side channels. During the early years, this was primarily a concern for the payment community which wanted to avoid fraud with banking chip cards. Later on, these attack classes became gradually more important for all sorts of devices. Nowadays, this includes cell phones, home automation, and cars. But what I noticed at the time was that most of the people discussing those security challenges had a very theoretical background, typically a mathematical crypto background. They did not really think about practical application and the consequences of attacking real devices. I think, Paul Kocher with his DPA research was amongst the first people who actually made that happen. He achieved that by bringing together multiple disciplines. From there, people started to gradually add capabilities to prove the practicality of hardware attacks.
How is the field of device security different, compared to, for example, the software security domain?
First of all, the difference is in the scope. At Riscure we typically look at devices, not so much at, let’s say, data centers because they are physically relatively well protected. We feel that hardware is a fundament for software. The security of hardware is of the utmost importance, just like the foundation of your house: if it’s bad, then your house may catastrophically collapse at some point. For an attacker, the hardware interface offers more avenues than a software interface. Yes, there may be all sorts of vulnerabilities in software with different impacts. But if an attacker breaks the security of a hardware interface, basically, everything is at risk. Software attacks are often focused on exploiting a specific application. Weaknesses in hardware often lead to exploitation at the operating system level. And once we’re in the operating system, every application is at risk, not just one. The attack surface is much bigger.
How do you mitigate the threat of hardware attacks?
Security is a cat-and-mouse game. So as long as nobody sees a problem, no one is willing to fix it. We need to see a problem first before we give it attention. Security, especially device security requires a lot of expertise and a lot of time dedication. From a customer perspective, once a problem is demonstrated, budgets become available for fixing. Over the years, we’ve seen many both theoretical and practical approaches to mitigate attacks. I would say the most important contribution is what is called a Secure Boot. Secure Boot is a very fundamental approach to system security, where you make sure that every step in starting up a device is protected. Every subsequent step is authenticated by the previous one, making it difficult to attack the device from a software perspective.
This is where our role is the most important. Almost always we find potential weaknesses in hardware when we try to break a Secure Boot implementation. A better Secure Boot implementation does mitigate a lot of potential threats. Besides that, there is a variety of measures that we see device makers take and I would call that device robustness. It’s the collection of mitigations that all add up to make it more difficult for an attacker to break a product. However, with all available mitigations, there’s one thing to keep in mind. There’s no such thing as perfect security, anything that we can make, we can also break. The goal that a device developer is to make an attack on the device more expensive than an attacker will be willing to spend. If that is achieved, then you’re good to go. In simple terms, the lock on your house door needs to be just a little better than that of the neighbor.
What do you see as the next major development in device security?
In device security, one has to find and solve security issues as early as possible. The later you find the problem, the more difficult it is to fix it. You need additional effort and manpower, but there’s also more time lost by going back to the drawing table. In the field of software, a security problem is fixable, I’d say, at any stage of the life cycle. This is what actually happens if you look at your computer or smartphone: we are already used to getting those updates on a regular basis. We know that they will bring some new features, but more importantly, they will fix newly discovered security issues. In hardware, it’s not as easy.
We’ve seen over the years that some of our customers are really disappointed when we find problems with their chips at a very late stage. They either have to revise the product at the cost of time or money. Or they have to accept that those vulnerabilities are there. They have to find all sorts of mitigations to prevent the exploitation of an unfixable hardware flaw. We’ve been getting feedback from customers for many years that they would like to have a method to find vulnerabilities earlier. And this has resulted in our efforts to develop a field that we call pre-silicon security. We try to help our customers to find these vulnerabilities during the design phase, basically at the drawing board, before the product is even there.
Pre-silicon testing is definitely not an easy thing to implement. We’ve been working on this concept for more than five years. We’ve been collaborating with chip makers, research institutions, and universities, and all of them seem to recognize the need for pre-silicon. But now we are getting very close to making pre-silicon available for our customers. Recently, we worked with a major chipmaker and evaluated a recent product, where we tested the actual chip, but also its design in various phases. We did have some very interesting learnings, learnings that complement our knowledge, but learnings that also show us that our post-silicon test experience is extremely important in sufficient verification. What we are trying to do is to make our post-silicon testing experience available for device and chip vendors during the design phase. The end result, in a form of an upcoming Riscure Inspector product, will bring actionable insights for hardware developers, to help them mitigate hardware vulnerabilities with less cost and time.
How could you define innovation?
The way I see it, innovation is an invention brought to market. If we invent something that nobody needs, this is not innovation. It has to be something that the industry needs. Bringing innovation to the market is an essential ingredient. That way we are making sure that the latest development matches the real needs of a customer. How to be innovative, and stay ahead of the industry is something that we are learning over time. And this is a continuous process, which can be extremely satisfying, but sometimes also frustrating. Because in innovation, it’s never a given that your first idea is the best. Typically, your first idea is not good. We have to try ideas, experiment with them, learn from them, and then make a change. Sometimes you have to pivot multiple times until you have the right solution.
In our case this means bringing together technical experts, and your customers, trying to make sure that your ideas are actually addressing real developer problems. There needs to be a business case as well, as there is no benefit in developing a solution that would be too expensive for anyone to implement.
Is there something unique in device security innovation?
Device security innovation needs to happen both in development and verification, but this cannot be in a single role. I mean that testing your own design results in a conflict of interest, where people might be unable to see the flaws in their own work. At Riscure we aim to be the best in verification.
We expect our customers to do a great job in developing new products. We want to be their partners along the way to confirm their right choices and correct their wrong choices. This we do by training them on security threats, by reviewing their designs, by testing their prototypes, and by certifying their products. At any stage in the development process, we help them to understand weaknesses and give them inspiration for fixing or mitigating them. We make our contribution efficient by using dedicated test tools we specifically designed to measure robustness against practical security threats, and we even provide these tools to our customers to avoid too much dependence on scarce external evaluation capacity.
How do you inspire innovation in a security company?
This is one of the more interesting parts of my job. Even though we know that Riscure is a technical company, it is also a people company. The people that work here, most of them are very capable experts, and they could apply their talent in any other tech company. That is why we need to inspire our experts, we need to give them something that is more valuable than salary alone. Something that would give them a reason to show the best of themselves. So, inspiration is key to successful innovation. What I’ve learned over time has not always been easy for me. Everybody has different thoughts and different ways of thinking.
In our industry, there is never a single approach or solution that is right. There are often multiple ways of achieving a result. It is important that we respect the ways of our colleagues, that we encourage them to improve themselves, and that we encourage them to seek solutions. Sometimes we even have to bite our tongue and not give the solution that we would have in mind ourselves. Instead, we let them invent their own approach and discuss this with their peers. By working in teams and challenging each other, they enjoy the creative process and often find better solutions. Yes, if we see mistakes, we can help people and coach them to improve. But it’s important to give people the freedom to explore.
Also, while we are obviously a company that needs to earn money to pay our salaries, we also need to be aware that people do not just live to make money. People also live to have fun and purpose. Therefore I think it’s important that we provide room for creativity, for trying new things that are not always immediately leading to revenue, or work on problems that appeal to their ideals. We do our best to allow a culture where people like to improve themselves. Where they have time to learn and ultimately make that valuable contribution. So yes, culture is key. And I think over time, we’re learning more and more about how to be successful there.