Embedded Security Update: Semiconductor Suppliers Fortify Subsystems
The threat of physical attacks on embedded designs has inspired semiconductor manufacturers to double down on hardware security in new subsystems.
This week, DARPA gained another partner to its DARPA Toolbox Initiative—Secure IC—to develop "end-to-end cybersecurity solutions for embedded systems." This announcement marks yet another manifestation of how manufacturers are looking to secure IC design, both at the hardware level and throughout the supply chain.
DARPA has a long history of focusing on IC design security. Image used courtesy of DARPA
Modern systems are always potential targets for cyberattacks, which has made many manufacturers increase security requirements from processors to ICs. A higher level of protection can be achieved by integrating security subsystems within a system’s IC. These subsystems can secure data and cryptographic keys when they are being stored, transmitted, or in use.
Security Vulnerabilities Suppliers Guard Against
A system’s virtual machine will always return to view the last inputted data, which leaves the system susceptible to different attacks. These threats can fall into different categories, attacking a system's:
- Physical structure
Confidentiality threats occur when untrusted components directly read the information inside a virtual machine. Integrity attacks can present themselves during data replays, file corruption, and data re-mapping. Availability attacks impact availability for users with the denial of service, interrupting access to information, devices, and network resources.
Physical access attacks can occur when an attacker plants an infected USB drive or device in order to capture confidential data. Since this threat allows attackers to access data within minutes, early detection is crucial. The reality of these physical attacks makes it crucial for designers to consider countermeasures to secure different layers of a subsystem.
Addressing Subsystem Security
As an illustration of how manufacturers are guarding against these threats at the subsystem level, here are a few examples of semiconductor companies that have recently released security platforms.
NXP Edgelock Secure Enclave
NXP says its EdgeLock Secure Enclave is a self-managed and autonomous security subsystem that aims to protect IoT edge devices.
The subsystem has its own dedicated core, internal ROM, and secured RAM, all while storing and protecting cryptographic keys to prevent physical and network attacks. NXP’s EdgeLock Secure Enclave is designed to monitor for integrity and availability threats that can come from untrusted devices.
Block diagram of the i.MX8ULP processor, including a self-managed security subsystem. Image (screenshot) used courtesy of NXP Semiconductors
The Enclave also provides a flexible array of controls to extend security practices that include run-time attestation, trust provisioning, key management, and managing agents to look beyond standard cyberattacks.
AMD Infinity Guard
Another manufacturer addressing security vulnerabilities is Advanced Micro Devices (AMD), which has been at the forefront of producing high-performance computing, graphics, and visualization technologies. AMD recently announced a new series of server processors, the AMD EPYC 7003 Series with a security subsystem, Infinity Guard.
While AMD’s Infinity Guard was used in the previous AMD processors, it now has expanded capabilities. The Infinity Guard is built-in at the silicon level and offers a unique feature that was introduced back in 2016, called secure encrypted virtualization (SEV). SEV allows processors to have a separate layer of protection through 509 encryption keys that are only known to one given processor.
AMD's Secure Encrypted Virtualization (SEV) and Secure Nested Paging (SNP) threat models. Image used courtesy of AMD
AMD’s Infinity Guard is able to address confidentiality attacks by addressing threats at the register state before it exposes any data to an untrusted device. Physical attacks are more complex and require a significant level of local access and resources to perform. What AMD can ensure is the ability to monitor and alert trusted devices if a threat is approaching.
Tortuga Logic Security Governance Platform
Founded in 2014, Tortuga Logic has vowed to provide security verification throughout the entire lifecycle of a semiconductor chip's development. Earlier this month, Tortuga Logic launched a security governance platform (SGP), which expands the company's security portfolio.
This platform is being utilized in Tortuga’s Radix technology, a series of devices that will detect and prevent security vulnerabilities. The Radix solution provides designers flexibility by easily fitting into existing SoC and FPGA setups without additional components.
Tortuga Logic's hardware security development lifecycle. Image used courtesy of Tortuga Logic
Radix provides circuitry to debug and analyze during system verification, a period when potential threats can introduce themselves. Tortuga Logic claims Radix technology is capable of preventing unauthorized SoC access and encryption key leakage while increasing IP security from third-party interfaces.
Adding Secured Subsystems
Security subsystem domains share one goal: to control security-related assets and services. There is no clear path or blueprint to follow when creating defendable security subsystems. While the architecture may vary slightly between each manufacturer, many share similar layouts.
What questions do you have about hardware security? Share your thoughts in the comments below.