"Hanna stressed the significance of hardware security chips"...................................................
"But in the era of IoT and IIoT, it’s no longer unusual to find renowned security experts at chip companies."
Even software solutions require a ton of bits.
Security is just one of many NBTs just now ramping.
Hardware security chips
Throughout his presentation, Hanna stressed the significance of hardware security chips.
Notably, Hanna’s background in security — prior to joining Infineon — was decidedly concentrated on software. Hanna worked as principal investigator for the Internet Security Research Group at Sun Microsystems Laboratories for the first 20 years of his career. At Sun, Hanna’s team was instrumental in creating a PKI library that could automatically handle the limited trust between companies. They integrated this library into Java, where it remains to this day.
After Sun, Hanna joined Juniper Networks as a distinguished engineer in the office of the security CTO.
Twenty — or even 15 — years ago, semiconductor companies might not have been seen as the natural habitat for security technologies. But in the era of IoT and IIoT, it’s no longer unusual to find renowned security experts at chip companies.
Asked why he decided to work for a hardware company, Hanna explained, “It’s because I now know that we are not going to solve security problems with software alone.”
Take a look at the Heartbleed bug, he noted.
The Heartbleed bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows the theft of information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs).
Heartbleed was introduced into the software in 2012 and publicly disclosed on April 7, 2014. Even though an upgraded version of OpenSSL was released on the same day Heartbleed was publicly disclosed, popular websites continued to suffer.
“We thought we stopped it, but last year, 40 more bugs were discovered and this year alone another 40 bugs emerged,” Hanna said. “We now know that we’ll never get the bug out.”
In his opinion, Heartbleed proves why software can’t be trusted to protect important keys. Many security experts “have now seen cracks in the armor,” Hanna said. “And that’s why I work for Infineon, hoping to learn more about hardware.”