Contact Us

How Cybersecurity Is Changing the Landscape of Homeland Security Around the World

Key Takeaways from Milipol 2019

 

Milipol 2019 Event Review

What is Milipol

Milipol—an acronym for “Military and Police”— is the largest European event showcasing innovation and invention in homeland security. For four days every other year, 30,000 industry stakeholders and over 1,000 exhibitors from 150+ countries attend Milipol to network, share the latest industry news and breakthroughs, and procure or sell everything from tanks and armored vehicles to uniform fabrics, supplies, and surveillance
and countersurveillance equipment.

What Milipol Looks Like

As first-time exhibitors, we were initially surprised that Milipol was such a long event – four days of expo, workshops, meetings, and speaking opportunities. However, given the number of participants from so many countries, as well as the massive volume of information disseminated, it was easy to see why the event lasted as long as it did.

Milipol is a tradeshow where traditional hardware—particularly tangible military and homeland security equipment—rules. Virtually every booth offers something you can hold in your hands: grenades, surveillance cameras, drones, tactical gear, shields, etc. This year, however, there was a noticeable spike in software, AI-based products, and services – new products that are built to thwart growing cybersecurity threats to homeland security.

Who Attends Milipol

The expo receives 167 official delegations from 68 countries made up of experts from different procurement areas and representatives hired to investigate the latest industry innovations on behalf of the buyers. Major defense contractors sent numerous teams to pick up the newest technologies.

For example, we met several teams from the giant French high-tech and manufacturing company, The Thales Group, who oversee diverse business sectors and projects. Every day different company representatives would stop by our booth, enriching their knowledge of new global technologies.

Promoting Products at Milipol

On the expo floor, large countries like China, Germany, Israel, and the U.S., as well as some smaller ones, like Croatia, have organized country pavilions where multiple exhibitors share the space and resources.

As you might expect from a homeland security conference, not every exhibit was open for display. One section of the exhibit floor was closed off to the public, concealed under a giant opaque tent. This classified pavilion was protected by security 24/7, and unauthorized personnel were strictly prohibited from entering. Considering that accessible exhibits featured a broad array of defensive, offensive and counterintelligence tools—including sophisticated weapons systems and drones—it’s intriguing to consider what products were too classified to display.

FortifyIQ at Milipol

FortifyIQ went to Milipol to showcase to the European hardware makers and designers that there is a way to solve for one of the most challenging weaknesses of electronic and communication systems: vulnerability to the side-channel attacks.

At the event, FortifyIQ demonstrated the world’s first comprehensive solution suite enabling chip and OEM manufacturers to protect existing and future electronic products against these insidious threats—namely Differential Power Analysis (DPA), Simple Power Analysis (SPA), Electromagnetic Emissions (EME), and Fault Injection (FI).

Milipol designates an area for startups like FortifyIQ to congregate and present their innovations. Exhibiting alongside other startups, FortifyIQ embraced the opportunity to network with teams developing some of the most advanced and innovative technologies of the future.

The FortifyIQ team made two on-stage presentations about side-channel attacks and the threats they present to homeland security systems.
Our team also had the opportunity to give press interviews and spread the word to the hundreds of attendees who stopped by our exhibit throughout the 4 days.

FortifyIQ is the 1st Place Winner of the Cybersecurity Innovation Award

 

Milipol Innovation Awards are judged by a panel of 15 experts assisted by external specialists as needed. The jury collects detailed documentation
to determine if applicants have in fact developed an innovation that is both impactful and has high commercial potential in its field.

In prior years, the award categories were limited to material goods typically procured in homeland security:

  • Safe and Smart Cities (transportations & connected car security & safety, smart lighting, video surveillance and monitoring, etc.)
  • Drone & anti-drone systems (robotics for efficient and effective perimeter defense, reconnaissance missions, and logistics)
  • Individual protection equipment (products for first responder protection: materials, textiles, fabrics & accessories)
  • Crisis management (emergency population warning systems, crisis management, command & control solutions)

In 2019, the organizers added the new Cybersecurity Innovation Awards category to reflect the changing nature of homeland security challenges and opportunities underscored by the proliferation of cybercrime and cybersecurity.

A total of 162 companies applied in 2019, doubling the number of submissions from 2017.

FortifyIQ was nominated in two categories—Cybersecurity and Safe & Smart Cities—and was named a top 3 finalist in both.

 

Winning 1st place in the Cybersecurity category was an incredible honor, especially considering we were competing against some of the most innovative companies in the world.

This recognition shows the value experts place on hardware security, which is often overlooked in favor of better-known safeguards for software, and highlights the renewed emphasis on protecting critical infrastructure equipment, including military, utilities, perimeter security systems, etc. from side-channel attacks on hardware secure elements.

Key Takeaways from the Event

 

Milipol features an impressive array of products and solutions whose often intimidating appearance and unconcealed functionality should inspire fear and reservations in wannabe terrorists and criminals.

While a city or federal administration can install anti-truck concrete blocks and barriers, CCTV networks to track and recognize faces, and fly drones over secure perimeters or prisons, these necessary physical safeguards are primarily reactive measures to the types of attacks that have been successful
in the past (e.g. trucks running over the pedestrians in major cities around the world).

Unfortunately, they do not protect against attacks that are unknown today, or against any type of cyber threat, or an attack mounted against critical infrastructure and day-to-day city operations.

Driven by technological innovations, every year cyberattacks increase in frequency and impact exponentially. There’s little doubt that cyberattacks
on critical infrastructure will continue to rise, exploiting accelerating digitization, IoT, and a relatively easy access to public targets.

Although minor in present times as compared to attacks against businesses, we predict that hybrid warfare and cybersecurity will be a leading factor
in homeland protection. We already observe that warfare is shifting away from the traditional battlefield and increasingly being waged in cyberspace.

Inadequate Protection Against a Massive Threat

 

During the week following Milipol, a brute force attack on a Dresden jewelry vault resulted in the loss of priceless royal jewels. This took place in Germany, where police or private security have access to virtually any product or service at their disposal in order to prevent and stop any attacks.

This major security breach illustrates the lack of a risk-based approach to the safeguarding of valuables in a critical facility. The protective measures put in place should commensurate with the value of the protected object. Having the advanced tools at your disposal works only when used in conjunction with the risk-based defense & resource allocation model.

Clearly, the measures implemented to safeguard the valuables were inadequate. Similarly, the current protection methods against side-channel attacks on a hardware secure element are insufficient.

While the last two decades have seen massive investments in software security, protecting electronic hardware—the foundation of cybersecurity—has largely remained an afterthought.

As we learned from talking to representatives from every continent and across many industries, the risk of side-channel attacks on hardware
is little understood—making such attacks even more dangerous. You can’t protect against a threat that isn’t well understood or is not clearly identified.

The participants who had some understanding of side-channel attacks agreed that current safeguards placed by most manufacturers of microchips
and systems-on-chip (SoC) are dangerously inadequate.

The threat that loss of control over the hardware can lead to potential losses of commercial and state secrets, financial loss, and damage or destruction
of property and lives, is underappreciated in the cybersecurity industry, and among buyers of equipment which should be resistant to side-channel attacks.

FortifyIQ’s Mission to Educate End Users

 

FortifyIQ’s mission at Milipol and other similar events is to educate manufacturers and end-users beyond the small circle of cryptographers and hardware security engineers about the threats of side-channel attacks on secure elements of hardware—destructive attacks that are often undetected.

Going forward, FortifyIQ will be attending similarly valuable events that attract manufacturers and buyers of security and infrastructure equipment to educate them about the need to demand well-protected devices and silicon microchips from their suppliers.

About FortifyIQ, Inc.

 

FortifyIQ is the inventor of the world’s first comprehensive solution suite that enables chip and OEM manufacturers to protect existing and future electronic products against side-channel attacks, namely SPA (Simple Power Analysis), DPA (Differential Power Analysis), and FI (Fault Injection).

FortifyIQ develops the most accurate and precise pre-silicon trace simulator, side-attack vulnerability analyzer and remediation-advising software for secure element fortification, while the product is still in its design stage. FortifyIQ offers IP Cores for electronic and IoT devices which have already been fortified against side-channel attacks.

FortifyIQ is headquartered in Newton, MA.

FortifyIQ AES Algorithm
AVA_VAN.5 Evaluation & Validation Summary
SGS Brightsight Common Criteria Laboratory
Summary. The leakage analysis (Welch t-test) on over 30 million traces did not show statistically significant first- and second-order differences between trace sets with fixed and random inputs. The template-based DPA analysis, on the pseudo-random trace set for the profiling phase (15 million traces) and on a sub-set of 300k fix input traces for matching phase targeting the first-round S-box output, and template attack on ciphertext, did not indicate any potential information leakage.”
“The results for the soft IP presented in the report were obtained on the TOE which is the basic hardware implementation of the soft IP without additional levels of security (e.g. that are present in a secure silicon layout). Therefore the internal strength of the soft IP itself was evaluated. This indicates that the investigated features and parameters of the soft IP implementation should be robust against SCA and fault injection attacks in different implementations including ASIC. Nevertheless, according to the Common Criteria rules, the strength of the final composite product must be evaluated on its own
Request Technical Details