With the growth in mobile devices, the Internet of Things and new electronics connecting formerly-isolated systems to the Internet comes new and rapidly evolving cybersecurity risks. Security professionals now consider protecting their systems against not only bad actors from outside the trusted network but also against malicious or incautious insiders and supply chains with potentially counterfeit parts. Currently, many electronic technologies are secured using encryption. Verification that a device can be used typically is performed by authenticating the user using passwords, biometrics or similar solutions. However, user verification protections have proven compromises, and the device components may themselves be compromised. Current solutions usually increasing the time and effort needed to develop and perform a compromise – essentially trusting that a bad actor won’t have or use the resources necessary to break the security. Security is usually layered according to risk, with more valuable systems generally secured with multiple layers of increasing security. However, “bad actors” with sufficient dedication, time, and resources have been known to compromise even systems deemed very secure.
LLNL’s Intrinsic Use Control (IUC) technology significantly enhances the security of electronic devices and components within the device. The technology is designed to protect electronics against not only the outsider with malicious intent but also the knowledgeable, skilled, privileged insider with malicious intent. The IUC system can add more layers of security to existing competitive solutions and can significantly increase the time and effort required to compromise an IUC-secured system.
LLNL’s IUC system protects electronic systems from tampering and protects the electronic system’s components from unauthorized use. This is directly aimed at solving known issues in cybersecurity and electronic device counterfeiting.
LLNL’s IUC system can be programmed to enable a variety of responses at a component level and at the device level if verification of the authenticity of any components fails. The system can also be set up so for centralized management – keeping the initial set-up of the device and its controls during operations separate and managed outside of the device’s end user purview. For devices that may not require centralized controls, the IUC can be enabled to allow verified human operators to securely enable or disable the IUC system – an added benefit for device users who need reliable operations more than security.
LLNL’s IUC offers a significant increase in security for electronic devices. Advantages of the IUC include: 1) substantially lower risk of any undetected compromise compared to current solutions; 2) controls within the device to minimize the “insider threat risk”, 3) tailorable functions if a device or component fails verification or if a verified operator wants to change device settings, and 4) centralized secure system management.
LLNL’s IUC can also be applied to secure mechanical hardware/software systems or information processing systems to thwart attempts in ghosting or spoofing the systems to gain unauthorized control.
As an added layer of cybersecurity protection, LLNL’s IUC technology could be integrated with any electronic device with form functions that could add another chip. This invention could be readily added to existing secure device product lines or used to create a multitude of products customized for specific markets.
LLNL has demonstrated its IUC prototype. Additional development may be necessary to tailor the IUC system for application-specific needs. LLNL has established its IUC patent portfolio and continues to file new patent applications