Since it’s so hard to analyze the security of ever-changing software configurations (see “Measuring Security”), many researchers are pursuing hardware-based security. They believe that hardware can be made simpler than software, is easier to verify, and is harder to hack once it’s deployed.
One example of this strategy is the use of smart cards and USB tokens as an alternative to usernames and passwords. The U.S. Department of Defense uses such methods to control access to sensitive websites and to digitally sign and encrypt e-mail. Another approach is the Trusted Platform Module (TPM), a fingernail-size microchip that can be built into computers. An advantage of TPM is that the chips are already in many laptop and desktop computers, as well as in game consoles such as the Xbox 360. The modules give each of these systems an unforgeable serial number and a secure place to store digital cryptographic keys, which can then be used instead of passwords.
Unlike smart cards and USB tokens, TPMs can also be used for something called “remote attestation,” which lets a computer prove to another that its operating system hasn’t been modified by a third party. And since TPMs are already widely deployed, they represent the best immediate hope for hardware-based security.
Unfortunately, relatively few applications take advantage of these modules, but people in both industry and academia are looking to change that. For example, MIT professor Srini Devadas and his students have shown how TPM microchips can improve security without requiring the operating system to be secure–an important step forward, since today’s operating systems are too complex to be secured completely. Such a system might make online banking safer for consumers, for example. And last year researchers from the Technical University Munich in Germany showed how to use the modules with OpenID, an authentication protocol increasingly used by blogs and many of the smaller social-networking websites.
It takes a significant effort to crack the chips, as Christopher Tarnovsky, a former U.S. Army computer security specialist, demonstrated in February. By dissolving the chip’s outer casing with acid, removing a protective inner mesh with rust remover, and tapping the communications channels with tiny needles, Tarnovsky was able to force a module to release its secret information. Such an attack might let someone who had stolen a laptop unlock remote websites or pose as the laptop’s owner, but fortunately, it would be impractical to do this on a large scale.
10 Breakthrough Technologies 2024
Every year, we look for promising technologies poised to have a real impact on the world. Here are the advances that we think matter most right now.
Scientists are finding signals of long covid in blood. They could lead to new treatments.
Faults in a certain part of the immune system might be at the root of some long covid cases, new research suggests.
AI for everything: 10 Breakthrough Technologies 2024
Generative AI tools like ChatGPT reached mass adoption in record time, and reset the course of an entire industry.
What’s next for AI in 2024
Our writers look at the four hot trends to watch out for this year
Get the latest updates from
MIT Technology Review
Discover special offers, top stories, upcoming events, and more.