IT-Security by Secure Hardware instead of Anti-Virus-Software (State of the Art)
A hacker attack at RSA in 2011 was the trigger to find a way to make such attacks impossible or at least harmless, and led to the invention to be introduced here. It is arbitrarily named “Cyber-save Computing System“, referred to as CySCoS hereafter.
What is CySCoS?
CySCoS is a scalable hardware-architecture applicable to digital programmable devices. Accordingly built devices are technically incapable of executing malware. Its scalability makes CySCoS applicable to multi-processor mainframe systems as well as to single-user installations, embedded systems, or wearables.
What are the advantages of a hardware-based approach?
The vulnerability of most currently employed data processing systems is based on the hardware architecture of the programmable devices. This fact is not freely spoken about by the actors in the market place for different reasons:
- By hardware manufacturers, because disruptive changes might endanger
- their success in the market
- the required support by external software providers and
- the established links with their suppliers.
- By software providers, because they might lose a prospering market niche: Anti-virus-software and the like.
- By both, because the profitable mutual dependency might collapse.
What is the reason for increased security?
Increased security is caused by two measures:
- Sorting of data into categories. Traditional hardware architectures store data of different categories in an unsorted manner into the same storage volume. This disorder enables hackers to introduce code as data and have it executed afterwards.
- The distinct data categories are stored separately into independent memory units. This separation makes it technically impossible to misuse entered data as instructions.
What exactly is the effect of CySCoS?
CySCoS is an effective measure to automatically isolate any software, which is entered into a system by means of the following vectors:
- Mobile storages,
- Infected files,
This prevents the execution of the malware listed hereafter, including any malware to be installed by them. This protection is independent of the malware’s age or the time of induction, and thus provides protection against future versions.
It is unimportant, whether malware is induced as contents of files, file-less, or encrypted. Even steganographically coded malware is safely blocked.
Recent events have shown, that CySCoS also prevents failures, which may be caused by exploitation of vulnerabilities concerning the processor function „speculative execution“. These have been reported early in 2018 to have caused financial damage, and were named
- Spectre and
Thus, CySCoS may be an alternative to the expensive and time consuming development of processors, which do not possess this weakness anymore. The vulnerable processors work flawlessly with the CySCoS architecture.
What else is CySCoS capable of?
Due to its architecture, CySCoS is better suited for the development of devices as their currently available predecessors. Two groups of devices are listed as examples:
- Equipment to securely and controlled exchange data between networks of differing
- Access attributes,
- (Security-) restrictions or
- Counters, of which the readings cannot be manipulated (e.g. odometers of vehicles)
Such requirements have to be expected with certainty within the scope of „Industry 4.0“, or the „Internet of Things“. Conventional technology has shown that the secure compliance with these requirements is hard to achieve.
Further advantages of CySCoS over conventional architectures are:
- Lesser Software to be executed due to the unnecessity to execute anti-virus-software, resulting in
- Faster responses,
- Shorter delays,
- Lower storage requirements
- No necessity to purchase or update anti-virus-software.
- Time savings after hacker attacks due to the unnecessity of
- Repeated installation of operational software and
- Clearance of damages.
How does CySCoS save expenses?
The towering number of malware involving attacks led to an increasing usage of resources in terms of
- Software (purchase, licenses, updates),
- Hardware and
Especially the application of anti-virus-software with its demand of resources leads to the effect, that hardware components
- have to be exchanged after shorter than expected life cycles, or
- have to be purchased with large growth potential.
For CySCoS does not require continuous software upgrades, it extends the life span of the systems.
CySCoS may be configured in accordance with the anticipated operational requirements. The ever increasing malware threat does not need consideration. Resources reserved for anti-virus-software are not necessary, and system layout is not any longer influenced by hard to predict hacker activities.
Is CySCoS ecologic?
The answer to this question depends on the technology, which is employed to build a device. For CySCoS is an architecture, aspects of ecology are only applicable at design time and beyond. With respect to ecology, CySCoS does not influence questions, which have to be answered when designing devices following conventional architecture.
How to build CySCoS?
For CySCoS is an architecture, the answer to this question depends on the integration scale of the concerned device:
- There are only very limited cases, in which a modification of existing equipment will be an economic way to build CySCoS, probably limited to the relatively old discrete technology.
- In many cases, a redesign of the printed circuit board will be sufficient. This is true for most designs of distinct processor and memory chips.
- A redesign on the level of integrated circuits is only demanded if processors and memories are integrated in the same chip.
If an existing device shall be rebuilt in accordance with the CySCoS architecture, processors and memory need to be disconnected. They have to be reconnected observing
- the number of independent memory units, and
- their respective access attributes.
The development of new hardware components is not mandatory. However, it may be expected that components may be designed, which more effectively support the CySCoS architecture than conventional components do.
What are the counterparts of CySCoS?
At the time being, there is no other solution to security demands known, which is based on hardware architecture like CySCoS.
Therefore, CySCoS‘ competitors are
- Trusted Platform Modules:
This relatively young technology depends on an additional chip, and cryptographically supported authentication of software. Compared with CySCoS, its disadvantages are:
- Only one software or its provider is accepted.
- Dependencies are durable and hard to change.
- Authentication relies on a (considerably long) sequence of bits, which may be replicated by means of brute force.
- No protection is provided against exploitation of
- Stack overflows,
- Antivirus- and similar software with the following disadvantages:
- They are only effective against known adversaries,
- They do not recognize encrypted malware,
- They are ineffective against future malware, and
- They require frequent updates.
- User directives, which have following weaknesses:
- Repeated instructions are necessary, especially after recognition of new threats,
- Carelessness, especially during routine works,
- Susceptibilities to
- Social Engineering, and
Does CySCoS have disadvantages?
Any new architecture, applied to programmable devices, demands measures to adapt the associated software to the new realities. In the case of replacing a given device with its CySCoS-based counterpart, no reprogramming of the logic is necessary. Nevertheless, software needs to be treated as follows:
- Replace self-modifying code with static code,
- Replace source-code to be compiled on-line with corresponding object-code,
- Sort all data of the system in accordance with defined data categories.
Furthermore, CySCoS requires an interface, which is physically different from interfaces used for data exchange, to load operational software.
What is the idea behind the invention of CySCoS?
It was in spring 2011, when hackers succeeded in steeling the algorithm of RSA’s security dongles, which are an important part of RSA’s business model.
At that time, the inventor of CySCoS was employed by the German branch of U.S.-based company, which used RSA’s security dongles as identification means for their virtual private network (VPN). Following that attack, the VPN was disabled for a few weeks. Falling back to conventional communication means caused delays and excessive work.
The technical reasons for the success of that hacking attack have been analyzed in detail, and were identified within the hardware architecture. Many other systems have been looked at since, in most of them, the very same weakness was detected. Based on these examination results, the short comings of the old architectures have been eradicated while retaining the technical essentials of programmable devices. This was the beginning of CySCoS, which has been developed to finally achieve patent protection.
Point of contact:
D-26434 Waddewarden, Germany
Tel.: +49 4461 5911
Mobile: +49 152 0582 7500
Friedhelm Becker is a free inventor. He was born in 1952. After successfully graduating the study of chemistry, he worked in a laboratory for material examination for three years. Subsequently he joined the German Armed Forces for eight years. He is a retired naval officer. After leaving military services he served renowned companies in the fields of computer manufacturing (Univac, Sperry, UNISYS) and aerospace (Lockheed Martin) in various assignments. From 1974 through 2017 he continuously worked in the field of computer supported sensor-effector-integration.
During his career he acquired and applied the following qualifications, among others:
- Material testing,
- Development of materials to comply with given requirements,
- Linear Programming,
- Digital technologies,
- Computer hardware,
- Operating systems,
- Real time systems,
- System design,
- Failure analysis,
- Quality assurance,
- Schooling technics, and
- Project management.