Senetas CTO, Julian Fay, has advised its customers that Senetas encryptors are not affected by either of the recently reported Spectre or Meltdown vulnerabilities.
“Our customers can be assured that the reported Spectre and Meltdown vulnerabilities cannot affect the security of any of the Senetas CN hardware encryptors”, Mr Fay confirmed.
Immediately upon news of the Spectre and Meltdown vulnerabilities, Senetas reviewed its entire range of hardware encryptors and confirmed that they are not vulnerable to the Spectre and Meltdown vulnerabilities.
“In order to exploit the Spectre or Meltdown vulnerability, an attacker must be able to run crafted code on the target hardware. Senetas High-Assurance hardware encryptors are certified closed systems and do not permit the installation or execution of unsigned code, and thus are not vulnerable”, Mr Fay explained.
Spectre and Meltdown Vulnerabilities
Software isolation techniques are widely employed to protect against leaking confidential information. A fundamental assumption underpinning these techniques is that the CPU will faithfully execute software, including its safety checks. It has been demonstrated that Spectre and Meltdown allows adversaries to violate the secrecy (but not integrity) of memory register contents thereby making a security exploit feasible and hence increase the likelihood of attack.
Spectre and Meltdown are related microarchitectural attacks which leak the victim’s confidential information via a side channel to an adversay. Spectre attacks involve inducing a victim to speculatively perform operations that would not occur during correct program execution and affects microprocessors using branch prediction. By contrast Meltdown exploits a privilege escalation vulnerability specific to Intel and some ARM microprocessors whereby the speculatively executed instructions can bypass memory protection allowing user space processes to maliciously access kernel memory.
Certification, assurance, technical updates and Senetas engineering
Senetas high-speed encryptors are certified by three of the world’s leading independent, international testing authorities. The security certification procedures provide encryptor assessments as well as frequent reviews of security vulnerabilities such as those referred to above.
These certifications of Senetas encryptors include FIPS, Common Criteria, NATO and CAPS. They provide Senetas’s government, defence, commercial and industrial customers in more than 35 countries, with trusted security product assurance.
Additionally, Senetas’s engineering and operating procedures include frequent reviews and alerts to reported security vulnerabilities. Senetas maintains an active watch on industry security vulnerability lists and evaluates all reported issues.
For more information, go to: www.senetas.com
Or, email: info@senetas.com