Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

Why infosec will increasingly rely on computer hardware security

Historically, enterprise information security technology has largely relied on software security products to enforce policies, thwart malware and encrypt data. However, according to one of the industry's leading cryptographers, computer security hardware must play a greater role in the future.

"The price of building security hardware is falling and the need for better security is rising," said Paul Kocher, president and chief scientist with the Cryptography Research division of Rambus Inc., "and our ability to protect systems is not going to be adequate if we count only on the software."

In this video, recorded at the 2014 RSA Conference, Kocher discusses how his company is working to foster innovation in computer hardware security technology to augment data security in badly needed areas like point-of-sale security and low-cost smart cards.

Kocher also discusses emerging cryptographic attach techniques such as differential power analysis and simple power analysis, including how they work and why attackers are employing them.

Finally Kocher discusses the near-field communication technology may eventually pose an increasing threat to mobile payment security, but the priority in the short term is merely getting passive payment devices replaced with cryptographic payment devices.

View All Videos

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

Assuming that we have a perfectly secure hardware, we would still have to suffer from vulnerable passwords. All the security solutions should come with a viable solution to the issue of password hassle.

We expose ourselves to greater risks when we depend too much on software applications. Without computer hardware security in play, systems remain exposed to vulnerabilities.
Are you sandboxing your systems or do they have to interact with the 'outside' world? That's the big question. You can protect something that isn't connected. But to say infosec will protect your organization's infrastructure is a bit pie-in-the-sky hopefulness. Nothing is secure as we want it to be. We need to remain vigilant.