When the Meltdown and Spectre vulnerabilities were first uncovered in 2018, they heralded an industry-wide shift in perspective regarding processor security. As the IBM X-Force Threat Intelligence Index put it the following year, “2018 ushered in a new era of hardware security challenges that forced enterprises and the security community to rethink the way they approach hardware security.”
RISC-V is coming of age in that new era, benefiting both from lessons learned in the past and from the broad range of contributions by its open-source community.
For most attacks, threat actors don’t care which processor they might be targeting. “If someone’s doing spear phishing, it relies on you clicking on a URL,” said Rupert Baines, Codasip’s chief marketing officer. “It doesn’t matter whether you’re running an Intel processor or an Arm M2. If you click on that link, you’re vulnerable. And a lot of attacks are like that.”
But for more sophisticated attacks designed to exploit more subtle vulnerabilities, the specifics of processor architecture can make a significant difference. “As you get into things like side channel attacks, and Spectre and Meltdown, then the architecture and the implementation really, really start mattering,” Baines said.
This is where RISC-V can bring some unique strengths to the table.
Security through openness
RISC-V’s open architecture allows it to be examined closely on an ongoing basis. Baines pointed to a 2017 Princeton University study that uncovered several bugs in the RISC-V spec, as an example. While some people suggested the findings were a sign of weakness in RISC-V, most others disagreed. “We’ve never been able to do this study for Intel or Arm,” he said. “They might have the same vulnerability, but because it’s proprietary, we can’t look at it. And if that’s true, RISC-V is now more secure, because someone did look at it, and it’s been fixed.”
OpenHW Group president and CEO Rick O’Connor said RISC-V was similarly useful in response to the initial onset of side-channel attacks. “The original research papers around that work were published using RISC-V architecture, just because it was the only architecture that was open,” he said. “So you could get your hands on it, put it up on a hoist, dismantle it, figure out where the vulnerabilities were, develop algorithms to prove your thesis, and then attack the thing.”
That kind of openness, O’Connor said, ultimately makes RISC-V more secure. “It seems maybe counterintuitive, but the best way to build a secure platform is to make the entire design open and available to scrutiny in the public domain,” he said. “There are no back doors or hidden channels, and the entire community can work on securing it.”
What’s more, RISC-V offers a unique chance to do that from the beginning, by design. “We have this clean canvas,” said Crypto Quantique CEO Shahram Mossayebi. “We can do things right, build things right, in a way that is more suitable to how the ecosystem is evolving.”
The end of security by obscurity
Peter Laackmann, distinguished engineer for the Connected Secure Systems (CSS) Division at Infineon, said it all comes down to Kerckhoffs’s principle — the idea that a system should remain secure even if attackers know everything about how it works.
“The age of security by obscurity is over,” Laackmann said. “We
