Von Ralf Keuper
Spätestens seit der Veröffentlichung des Beitrags Why Software Is Eating the World von Marc Andreessen wird die Bedeutung der Software für nutzerfreundliche Produkte und Services bei nahezu jeder sich bietenden Gelegenheit hervorgehoben. Im Vergleich dazu ist die schnöde Hardware bestenfalls Beiwerk, dessen man sich so schnell wie möglich entledigen will. Ohne Hardware wird es jedoch auch künftig nicht gehen, so Rob Stubbs in Why the World is Moving to Hardware-Based Security.
Die Ausgangslage:
As we move towards a cashless society, our financial transactions increasingly depend on software. More and more of our personal information is stored in countless databases. Our on-line browsing and shopping are tracked and analyzed. Everything from intellectual property to state secrets are communicated and stored under software control. Machine learning, AI, big data, analytics – it all relies on software.
Das Problem:
However, software is, by its nature, vulnerable. Its power – the ability to continually adapt, tune and improve it – is also its downfall. It can be corrupted and changed. Malicious software can be inserted. It is very difficult and expensive to write secure software, and with increasing size and complexity it becomes essentially impossible. Software developers are encouraged to develop code quickly due to financial and competitive pressures, with functionality and convenience prized over security.
Trotz ihrer unbestreitbaren Vorteile, kann die Kryptografie nur bedingt helfen, das Sicherheitsproblem zu lösen.
Perhaps the most valuable tool we have to combat such threats is cryptography – strong algorithms that mathematicians assure us are secure against any known attacks. But these are typically implemented in software, so errors can be (and frequently are) made, and if the integrity of the system is breached, then all bets are off. Moreover, cryptography depends on keys. If a key is compromised, then so is the data it is protecting. All we have done is substitute the key for the data – we still have to protect something. The only advantage we have is that the key is smaller – can we find a way to keep keys safe?
Die bislang sichersten Verfahren und Lösungen sind laut Stubbs u.a. Apple Secure Enclave and ARM TrustZone. Das größte Problem sind Data-in-use in der Cloud, so Stubbs.
While data is in use, it sits unencrypted in system memory, completely unprotected against hacking and malware or an attacker with physical access to the server. Even servers in private data centers are vulnerable, too.
Nicht ganz uneigennützig, aber in durchaus legitimer Absicht, empfiehlt der Autor den Einsatz von Intel Software Guard Extension (SGX).
SGX allows applications to execute within secure enclaves enforced at the hardware level by the CPU itself. All data is encrypted in memory and only decrypted while being used inside the CPU. This means that, even if the operating system, hypervisor or root user are compromised, the data is still completely secure. For the first time, data can be fully protected across its full lifecycle – at rest, in motion and in use.
Durch den Einsatz von SGX kann darüber hinaus sicher sein, dass die jeweilige CPU tatsächlich eingesetzt wird und die Applikationen korrekt sind und nicht manipuliert wurden. Ebenso ist sicher, dass der Code korrekt ausgeführt wird und die Daten geschützt sind.
Die Empfehlung für die Bankenbranche:
Software is simply not up to the job of protecting highly sensitive or valuable data. Cryptography helps, but it needs high-quality keys that are well protected. Thus, hardware-based security is commonly employed in banking and in particularly vulnerable applications such as credit cards and mobile devices. But the biggest problem today is with cloud-based software applications processing vast amounts of sensitive data that is completely unprotected when in use. Hardware-based security in the form of Intel® SGX technology can now provide a solution to that problem, promising to reduce data breaches dramatically and enabling the cloud to finally live up to its true potential.
Unterstützt wird diese Sicht von weiteren Beiträgen und Publikationen wie Why Hardware-Based Design Security is Essential for Every Application. Sofern die Banken auch digitale Vermögenswerte verwalten wollen, werden sie sich intensiv mit der hardware-basierten Sicherheit beschäftigen müssen (Vgl. dazu: Zurück zu den Wurzeln: Banken als Sicherheitsdienstleister für digitale Vermögenswerte). Beispielhaft dafür ist myIDsafe: Self-Sovereign-Identity – Allianz aus Österreich und die Card Wallet.