New Generation of FPGAs Anchor a Multi-Layered Strategy for Combating Cyber Threats
Embedded system designers have new cyber security weapons for information assurance, anti-tamper capabilities and creating trusted systems.
The Internet of Things (IoT) continues to grow in size and complexity, creating an increasingly critical need for enhanced and proactive security measures. It is no longer enough to tackle known cyber threats with software security alone. A far more effective approach is a layered technology strategy that starts with a new generation of system-on-chip (SoC) FPGAs capable of delivering a hardware root of trust at the IC level. On top of this solid foundation, a scalable solution should then include a risk-appropriate selection of additional elements such as security for data-in-motion, data-in-use, and data-at-rest, as well as cryptography, and software protection.
The entire network infrastructure of today is now more vulnerable to attacks than ever, further complicating the challenge of security. The number of connected IoT devices is growing exponentially, increasing the security risks for hardware and embedded systems. Network infrastructure and information systems (across a growing spectrum of increasingly complex installed networked devices) must be safeguarded with the right level of security and proactive protection methods that are optimized based on the number, frequency and types of threats.
Taking a Multi-Layered Approach
Adequate security must be scalable, and must start with a hardware root of trust at the IC level. Other component technologies and support elements are also essential to secure hardware, enforce design security, and lock down data security.
The first set of technologies and support elements are for information assurance, which is delivered through key storage using a Physically Unclonable Function (PUF), advanced crypto accelerators, and Differential Power Analysis (DPA) resistance provided through a pass-through patent license.
The second set of technologies comprises anti-tamper capabilities. This set includes a secure bitstream, tamper detection and response, and mechanisms for preventing copying, cloning, or reverse engineering.
The third set is for creating trusted systems, which can be accomplished through licensed and certified patent-protected DPA resistance, NIST-certified crypto accelerators, and a secure supply chain.
FPGAs Provide System Root-of-Trust
A new generation of SoC FPGAs offer a variety of features necessary to establish the system root-of-trust, which is essential for protecting critical data from attacks.
For instance, today’s FPGAs deliver licensed, patented, and certified DPA protection to ensure that a design’s intellectual property (IP) is protected from copying and reverse engineering. DPA protection also provides supply chain assurance by validating that an FPGA is authentic. Today’s SoC FPGAs also provide authentication against the parameters certified by the device certificate, and by proving knowledge of the unique device secret key. This technique is the most effective approach available for ensuring that the device being programmed is not vulnerable to supply chain counterfeiting issues.
Beyond protecting IP, today’s FPGAs also increase cyber security by preventing product reverse engineering. An FPGA-based design is secured by encrypting and protecting configuration bitstreams. When tampering is detected, devices must be able to identify this unauthorized access and reset all values to zero. This significantly reduces the chances that an attack will be successful. For even greater protection of data-in-use, the inclusion of licensed DPA countermeasures gives FPGAs even stronger resistance to harmful DPA key-extraction attacks. Even better, the inclusion of special security Lock-Bit features enables FPGAs to define security barriers so that authorization is required before certain system capabilities can be used.
In addition to DPA protection and anti-tamper capabilities, other key FPGA features that provide a system root-of-trust include encrypted bitstreams, multiple key storage elements, secured flash memory, and incorporating a PUF.
Adding Security Layers
With SoC FPGAs providing a design’s hardware root-of-trust, the next step is to take what the Department of Defense calls a “defense-in-depth” approach to adding multiple layers of security throughout a system. The associated hardware solution offers multiple layers of IA and cryptographic technology support to secure data-at-rest, data-in-motion and data-in-use in software applications, FPGAs, and SoC designs.
For data-at-rest, storage is a key focus area. The best approach for demanding embedded computing applications is to use high-reliability secure SSDs. Highly secure SSDs must protect sensitive data from threats while mitigating the vulnerabilities inherent in storage media. Therefore, ruggedized SSDs with hardware-based encryption and loss prevention are mandates for optimum information assurance.
To protect data-in-motion, there are new options to use with Ethernet because it operates at Layer 2 (L2) with its own encryption protocol defined in the IEEE 802.1AE MACsec standard. There is a direct correlation between a solution’s security strength and the layer where security is implemented. Because of this correlation, Ethernet connectivity demands L2 security encryption. There are security solutions available today that enable flow-based, end-to-end IEEE 802.1AE MACsec security encryption over any network, including multi-operator and cloud-based networks. This security is independent of whether the network is aware of security protocols, and physical layer solutions (PHYs) offer 128-/256-bit AES encryption to meet evolving cyber threats.
Whether data is at rest, in motion, or in use, it should be secured using multiple layers of cryptography. One example is the use of software cryptography to mitigate a security vulnerability that can occur if the crypto key is extracted from static or runtime memory. New innovative, software-based technologies provide a beneficial key-hiding solution that protects passwords and crypto keys with broad algorithm and platform support.
Another important system element that must be protected is synchronous timing, especially for critical communications infrastructure. Many organizations rely on publicly available time servers to provide sources of Coordinated Universal Time (UTC). To deliver these UTC sources and maintain a comprehensive and secure timing infrastructure, there must be robust end-to-end timing solutions that generate, distribute, and apply precise time.
Pulling all of these elements together often requires specialized expertise. Independent labs sponsored by component suppliers offer developers a resource for embedded systems security. These centers employ security and systems analysts, cryptologists, and hardware and software engineers who can offer valuable cross-vertical expertise to companies by working with them to plan their protection strategies, assess risks, evaluate black box designs, and perform security engineering, among other important tasks.
Cyber security must be a priority for embedded system designers. Today’s SoC FPGAs provide the root-of-trust cornerstone for multi-layered solutions that safeguard critical program information and technology. Creating a risk-appropriate solution requires the right combination of the right technologies, and the ability to scale security solutions so that they can meet evolving threats.
Paul Pickle is President and Chief Operating Officer, Microsemi Corporation.