Currently, Boris Balacheff is coordinating security research on cyber physical system as well as personal device architectures in HP Labs. In addition to setting up technology strategies for the HP portfolio as a whole, he is also committed to academic collaboration and standard establishment in industry. On behalf of HP, Boris is participating in Trusted Computing Group (TCG) and Certification Program Committee, and is the founder of the first concepts. He has also been successful in smart card research and HP Trusted Computing research and has conducted cloud client security research to support the IT needs of cloud-based mobile customers.
At the interview, he said that the starting point for the security of enterprise IT environments starts with 'devices', and the process by which companies select IT devices to use in addition to their network over the next few years is also a decision process in aspect of security. Furthermore, he emphasized that the ‘devices’ refers to all devices connected to the networks as well as the PC. And HP well understands the importance of this hardware-level security, continues to apply it to the product with ongoing research, and continues to work hard to keep the industry moving along with ongoing technology development.
 |
| ▲ Boris Balacheff, Chief Technologist for System Security Research and Innovation at HP Labs |
Boris Balacheff stated that he has been committed to improving security at the interfaces of hardware and network, inventing key elements of early stage of trust computing technology, and designing the first version of the Trusted Computing Module (TPM). In addition to making these industry standards, Boris has taken a step further to study firmware security. Through this, he is striving to cope with the increasingly sophisticated attacks and to jointly design and respond to firmware and hardware security based on this.
In hardware security, two primary vulnerable sources were mentioned. The first is that the number of devices is increasing, more and more users are using more devices, the interface between physical and mechanical world such as IoT is increasing, and new applications are emerging. Endpoint devices are used to create information, access information, and output information for users, and while there has been much effort in orchestration related to infrastructure security and cloud management security in an enterprise environment, the device environment has become more and more complex and more security-related solutions have been added. This also means that the attack surface and opportunities have increased for attackers.
The second point is that devices are connected to more diverse networks in the IT environment. The workspace is changing to open space, and devices are connected to various types of wired and wireless connections anytime and anywhere, thereby weakening the security of the connection. In response to this situation, HP has been working on the overall situation of threat, and designing and developing products by analyzing where the attacks are taking place and where the attackers with what capabilities are active.
Over the past several years, both the attackers and the security industry have been in a relationship of ‘cat and mouse’. Now, however, Boris explained that attackers are no longer willing to play hide-and-seek, and their attacks are showing attempts to attack at different levels, not software levels. There are two major types of attacks at ‘different levels’. The first is an attempt to penetrate deep into the system below the OS layer. In this case, if the intrusion works successfully up to the firmware level, there will be no software for detection or defense. Of course, this is not easy, but the reward will be great.
It is expected that these attacks will not be done only on PCs. Another way to avoid detection of anti-malware solutions is to move to other devices on the network. And Boris introduced that HP has been working on a study of this possibility, since some of HP's businesses, such as printers and IoT devices, are connected to the network and are likely to be used in such attacks. Especially in recent years, printers are connected to almost all devices, and malware could be hidden in the network by sneaking into the devices such as printers that are less manageable or protected than PCs. In this case, it will be difficult to cope with traditional security solutions.
In addition, expertise to attack firmware embedded in PCs and printers can be applied to IoT, etc., and various security-related conferences have been actively announced about attacks on printers. Whereupon, HP stressed that manufacturers are the only vendors that can respond to hardware and firmware security, and that solutions for software and network are not enough. In addition, security enhancements in terms of devices and firmware are becoming more important, so ‘HP SureStart’ technology for it continuously check whether firmware is falsified and prevent firmware tampered by malware attacks from running.
Boris introduced that HP is securing resilience against attacks by applying protection, detection and recovery technologies from the hardware level in the design of enterprise-class appliances. On top of that, not only at the individual device level but also over the situation connected by network, management tools to ensure the integrity of devices are provided. Also, he emphasized that the starting point for corporates’ cyber security starts with 'devices', and the process of selecting IT devices that companies will use in addition to the network over the next few years is a process of decision in aspect of security.
 |
| ▲ Boris Balacheff stated that technology-leading companies are responsible for proving and disseminating the technology. |
Q) (Acrofan) Recently, the area to consider regarding security is becoming wider. It seems that the movement to utilize ‘standard technology’ is becoming more prominent in the industry as a whole, focusing on cooperation among companies rather than the movement by a single corporation. For example, TPM is now used by a variety of manufacturers like the standard technology of the PC platform. In this case, it is unlikely to be differentiated from an individual corporation’s position. In this situation, what do you think about how can companies solve differentiation and verification of this differentiated technology?
A) (Boris Balacheff) In terms of the quality of the security features we provide, verifying and demonstrating that the security features are working well is also a challenge in security. As a matter of fact, in the cases of TPM and TCG Group, we have tried to make various related programs. And not all TPMs are certified. However, HP only ships certified products. The review committee is also reviewing whether our assertions about security are well supported.
In addition to the standard, it is not easy to prove the security features that we have differentiated, but we know that security is important at the hardware level. For instance, in the case of the 'HP SureStart' function, it is being certified by an external certification authority for microcontrollers and endpoint security controllers that are used to the function. In fact, in the position of an innovative company or leader in the industry, there are difficulties such as the burden of representing cutting-edge technology on behalf of the industry. It is also important to showcase new features and help industry follow.
Although the process of the authentication is slow, it is slow and costly. But I think there may be other options besides the certification. HP also has internal processes for security technology, testing, and evaluation. Testing through external agencies is also important. In addition, HP announced the industry's first 'Bug Bounty' program for printers a few months ago. Because we have put a lot of effort into internal security technology, investment and development, we now think it is important to include outside experts. HP is testing more robust platforms internally. Nonetheless, HP believes certification is also very significant.
