Only a few other things ignite passion in software and hardware enthusiasts more than the question of open source vs proprietary. While a majority of us only want our stuff to work- no matter how it was built, the discussion of which is better: open source or proprietary gets a lot of philosophical traction in various technology areas.

Let’s consider the hardware front. Suppose you have two options to store a secret document that contains highly sensitive information:

  1. You could buy a safe made by a company that has been working diligently on it and kept the workings of the safe’s lock a secret.
  2. Or, you could buy a safe whose manufacturer has made the entire lock design public for everyone, including the thieves, to see.

Which would you choose?

Without the knowledge of how open source hardware work, we would all go for the first option. But, security experts vouch for the second.

Here’s why:

The first option might be safe. You would have to blindly trust the company that manufactured the lock and you wouldn’t have a way of checking their traditions. You would simply have to believe that they are standing true to their value and making locks that are secure.

Contrast that with the second option. There, you can check the security of the lock yourself or hire a cybersecurity expert to do it for you. As you will be better informed about the security of the document, you will be in a position to worry more or less depending on the truth of the security of the safe your document is in.

No surprises or regrets there. Make an informed decision.

Why Use Open-Source Hardware?

Computer hardware is, for the most part, hidden from us. Hardware components are designed by companies and security is introduced or eliminated as they wish.

Consider the incident when it was revealed that Chinese spies may have compromised the security of over 30 companies in America using a tiny computer chip (not bigger than a rice grain). Hardware manufactured by SuperMicro (a giant name in hardware) was compromised. Companies that may have been affected include Amazon, Apple, the CIA, and the US Military. Since these revelations have become a part and parcel of our lives, it is better for us to rely on better hardware for our secrets and sensitive information.

This is where open-source hardware comes in.

Open-source hardware is hardware designs that are publicly available for anyone to study, assess, modify, test, distribute, make, or sell. Hacking hardware is goosebump-ishly dangerous because all your software security arrangements fail when an attacker has access to your hardware.

How Open-Source Hardware Increases Security

Open-source hardware offers the same choice to us as open-source software. It allows us to check for ourselves the level of security in the product, press for more secure systems, and buy expert-verified systems if we want to.

While we buy hardware and electronic component, often we have no idea of what’s inside them. Even companies such as Amazon hire outside experts to check and confirm the security of hardware they are relying on.
Open-source hardware gives us an opportunity to study and check the security controls in our hardware components. Sure, transparency is a little terrifying considering the same information is openly available to hackers.

But, the information also helps customers downstream a lot, giving them the means to verify the security of their hardware and make an informed decision. This does not mean we would have to build our own hardware. The open-source software movement gave entrepreneurs and security researchers the opportunity to sell systems and services based on software that is inherently free. For instance, 90 percent of Fortune Global 500 companies pay for a brand-name version of open-source Linux OS from Red Hat, a company that makes billions of $$ a year for the service they offer on top of free software.

The same can be done in the hardware space. Open-source hardware does not have lesser opportunities than open-source software- they are only behind the latter by 15 years or so.

The Future of Open-Source Hardware and Distributed Manufacturing

Better availability of open-source hardware systems empowers users with verifiably secure hardware. This gives the option of manufacturing your own hardware if your concern for security is that extensive.

Websites such as Hackaday, Open Electronics, and the Open Circuits Institute already have a variety of hardware designs publicly available. People are even using open-source chips to create hardware components so that the entire component is put together through open-source- from the chip to the physical components.

The learning curve to manufacture an open-source hardware component is also not very steep, either. Earlier, you had to be an electronics expert to build a chip. Now, you can leverage open-source communities and make reasonably sophisticated hardware seamlessly.

Who Could Use Open-Source Hardware?

Open-source hardware are critical in governance where nations want to prevent sensitive data and work toward future-proofing their hardware systems in terms of security.

Organizations and companies that deeply care about cybersecurity should definitely consider open-source hardware by first laying down purchasing policies for open-source hardware and software so they can test both for security loopholes.

All manufacturers and customers of open-source hardware will have a different idea of a secure system. But, that shouldn’t stop someone to pick components that meet their needs.

Ongoing Open-Source Hardware Projects and Case Studies

  • Aleph Objects is the manufacturer of the popular LulzBot brand of 3D printers. These printers are designed to be hacked and the community of users have made dozens of modifications to the design. But, Aleph only uses the ones that meet its QC standards in each version of the printer.
  • Consider an example in wireless networking hardware. OpenPicus is a platform for smart sensors and IoT. The Italian hardware company manufacturers IoT systems on modules called FlyPort. FlyPort is open hardware and the openPicus framework and IDE are open-source software.
  • CrypTech Alpha is an open-source hardware security module developed by an international and independent coalition founded with a purpose to create inexpensive, open-source, and trusted hardware cryptographic engines.

Learn More About Hardware Security

Hardware security is a crucial aspect of cybersecurity for organizations that house highly sensitive information.

Did this article excite you?

If you want to be part of a community that thinks, talks, and walks hardware cybersecurity, consider attending a leading hardware security conference, Hardwear.io 2019 in the USA and the Netherlands. The event brings together like-minded people from around the world and interests security enthusiasts in training, workshops, exhibitions, and more!

Ready to attack and defend hardware with the best minds in security?

Learn more about Hardwear.io here.

— Written by Divya Agarwal & edited by Pratik Ghumade for hardwear.io