You can start with my security framework that lets you see all the risk in modern systems along with many techniques for addressing it in development process:
The stuff on the bottom, esp hardware, usually need either faster hardware or extra hardware to isolate functions on dedicated chips/boards. Except in most brilliant designs, the more things you counter the more chips or energy you must use.
An example is a VPN where you have one node for trusted side (Red), one for crypto component, and one for untrusted side (Black). This is called Red-Black separation: used by many high-assurance, crypto devices. Having a node/chip/board each lets you make separation work to your advantage. The Red and Black nodes will each handle transport, input validation, conversion from complicated (i.e. standard) interfaces to simpler ones (esp non-DMA), and administration to a degree. The crypto node, running state machines for just security part, can be built on all kinds of hardware, have minimal onboard software, and use about as much security as you like. Such a combo of physical isolation, interface protection, and implementation simplicity lets you have confidence that even strongest attackers hitting Black node won't steal data from Red. That's three pieces of hardware at a minimum with more if you isolate crypto node's logical functions (esp I/O).
Another angle comes from an approach I advocate against nation-states called Security through Diversity. The risk is that markets converge on a small number of hardware, peripherals, OS's, etc. Nation-state resources are large & necessary targets are small. High odds of 0-day development. Also, increasing worries that modern stuff might be subverted by NSA, China, Russia, etc. Easiest way of dealing with this is to diversify one's hardware (even processor types) and use portable software that cares not what it runs on. Plus lots of randomization and obfuscation. All this makes the job of getting from known software issue to working, stealth exploit harder. The best hardware choices are all old hardware or embedded which takes more hardware (i.e. servers, boards) to equal modern performance. Will use more space and energy.
Combining these two models will certainly use more space and energy. Plus, a lesson established by criminals and spooks alike is to treat all the equipment as disposable: constantly changing it. Sure someone might use it if you erase it and drop it off at a pawn shop, etc. The trend still causes more hardware manufacturing and waste, though.
So, there's a few ways that security against High Strength Attackers trades against the environment. There's some tradeoffs that can be made with MCU's/CPU's on low-power process nodes but development costs are prohibitive. New projects will likely combine existing ASIC's onto boards with redundant, power-using components. That power usage itself is a security hole (eg side channel attacks) guarantees this.
http://pastebin.com/y3PufJ0V
The stuff on the bottom, esp hardware, usually need either faster hardware or extra hardware to isolate functions on dedicated chips/boards. Except in most brilliant designs, the more things you counter the more chips or energy you must use.
An example is a VPN where you have one node for trusted side (Red), one for crypto component, and one for untrusted side (Black). This is called Red-Black separation: used by many high-assurance, crypto devices. Having a node/chip/board each lets you make separation work to your advantage. The Red and Black nodes will each handle transport, input validation, conversion from complicated (i.e. standard) interfaces to simpler ones (esp non-DMA), and administration to a degree. The crypto node, running state machines for just security part, can be built on all kinds of hardware, have minimal onboard software, and use about as much security as you like. Such a combo of physical isolation, interface protection, and implementation simplicity lets you have confidence that even strongest attackers hitting Black node won't steal data from Red. That's three pieces of hardware at a minimum with more if you isolate crypto node's logical functions (esp I/O).
Another angle comes from an approach I advocate against nation-states called Security through Diversity. The risk is that markets converge on a small number of hardware, peripherals, OS's, etc. Nation-state resources are large & necessary targets are small. High odds of 0-day development. Also, increasing worries that modern stuff might be subverted by NSA, China, Russia, etc. Easiest way of dealing with this is to diversify one's hardware (even processor types) and use portable software that cares not what it runs on. Plus lots of randomization and obfuscation. All this makes the job of getting from known software issue to working, stealth exploit harder. The best hardware choices are all old hardware or embedded which takes more hardware (i.e. servers, boards) to equal modern performance. Will use more space and energy.
Combining these two models will certainly use more space and energy. Plus, a lesson established by criminals and spooks alike is to treat all the equipment as disposable: constantly changing it. Sure someone might use it if you erase it and drop it off at a pawn shop, etc. The trend still causes more hardware manufacturing and waste, though.
So, there's a few ways that security against High Strength Attackers trades against the environment. There's some tradeoffs that can be made with MCU's/CPU's on low-power process nodes but development costs are prohibitive. New projects will likely combine existing ASIC's onto boards with redundant, power-using components. That power usage itself is a security hole (eg side channel attacks) guarantees this.