Security in More Places: Q&A with SecureRF CEO Louis Parks



What to look out for as more FPGAs go to work as IoT gateways

Editor’s Note: “Benchmarks are pliable, moving things,” SecureRF CEO Louis Parks tells Embedded Intel Solutions. We spoke with Parks not long after SecureRF announced a security toolkit for engineers who are working with Intel’s DE10-Nano development board. The collaboration with Intel includes the availability of an SDK because Parks understands engineers who not only say “show me,” but, “step aside, I want to show myself,” and need an SDK to do so. “It can demonstrate to them, based on their own efforts, what our performance looks like against what they are currently using, or, in some cases, in an area where they have never been able to have security,” he explains. Edited excerpts of our conversation follow.

Embedded Intel Solutions: You’ve noted that one might not think of SecureRF, given its association with helping to secure extremely resource-constrained devices, in conjunction with securing larger, not-so-constrained FPGAs.

Louis Parks, SecureRF

Louis Parks, SecureRF: True, yet a lot of these FPGAs are becoming IoT gateways. And even though the gateway device or the FPGA could run other security, it needs to run the same security that the 8-bit processor is running on the other end. That is where we come in because we run very fast and efficiently on low-resource processors, so we give you a complete single-platform solution.

Embedded Intel Solutions:  With 8-bit, has it been necessary to make tradeoffs vis a vis security?

Parks, SecureRF: In the past, if you were dealing with 8-bit, yes, you would have had to make a decision that you were not going to have security down to that level or you were going to have very minimal security. And there are examples of people who have applied simple protection methods that were then easily broken when studied.

Those were the tradeoffs in the past. However, our methods, which run well on 8-, 16-, and 32-bit platforms, provide the same level of security. Security is measured just like temperature in a room, so if you are looking for 128-bit security, it doesn’t matter what method or what platform you are running on. You should be able to achieve or deliver 128-bit security if that is what the user requires.

Figure 1: On an 8-bit ATmega AVR (16 MHz), SecureRF’s solutions authenticate 100× faster (68 ms vs. 7.69 s) than ECDSA/ECDH, while using less memory. This represents major energy savings and system simplification.

Embedded Intel Solutions SecureRF has authored a technical article, which is currently available on the Intel Developers Zone website, on authenticating remote devices that use Intel Cyclone V SoC FPGAs in IoT gateways and base stations, and I’d like to hear your perspective on how Intel has developed FPGA solutions following the Altera acquisition.

Parks, SecureRF: What is interesting here is that often companies acquire other companies for specific feature function capabilities, perhaps for ease of entry into other markets. They tend to end up absorbing these things, and two years later, you might never know that the previous company, which could have been a billion-dollar entity, existed. The acquiring company has taken the pieces that they wanted, folded them into the mother ship, and all is good. And, in many cases, that is the right thing to do.

However, Intel is not only expanding or leveraging the technologies from the Altera acquisition within various areas of Intel. It is also deliberately not absorbing it 100 percent to the point where just pieces remain.

The Intel Programmable Solutions Group, or Intel PSG (the Altera Group), is very much a key and strategic platform that Intel plans to promote going forward as it evangelizes the value of FPGAs to the market.

Intel will focus on FPGAs’ ability to adapt to changes, boost performance—as well as deliver expanded I/O capability to connect to a broad range of things from the FPGA platform. What you will see is Intel looking to provide demonstrations and easy attainment of FPGAs and their functionality. A case in point is the DE10-Nano development board—a very aggressively priced feature-rich board.

Embedded Intel Solutions: That ability to readily add I/O is key.

Parks, SecureRF: Absolutely. I will try to generalize this example because this is a real example told to me by another SecureRF partner—not Intel. This company was developing a solution within a laptop, and decided to implement its security in software. Think of it as in the form of an FPGA but in a programmable space.

Another company took the approach of incorporating the security component in silicon due to lower production costs, although the cost to create the chip is of course higher than with a software solution. Silicon can potentially offer higher performance too, although performance would not have been key in this case.

As it happened, however, the area on the laptop to be addressed was a bit of a moving target, because it was an evolving standard, with each generation bringing new feature/functionality. The vendor who did it in software was able to iterate, at relatively low cost and quickly, and continually produce a solution for the laptop business.

The silicon vendor, after one or two iterations, found there was no way it could keep up and it dropped out. Now the first vendor owns that domain on the laptop. Generalize that example to the FPGA world, and you see that if you are working with a quickly evolving environment, then even at a higher per unit cost, you may want to maintain an FPGA-like platform.

And by the way, on an FPGA like the Intel Cyclone V or DE-10 Nano development board, you can have a mix of software and hardware or special instructions in fabric. You can accelerate certain components or special instruction sets while leaving in software some of the more flexible or changing things, whether it be I/O or other functions. This is why I am singing the praises of FPGAs and what we see happening at Intel and at some of our other partners like Microsemi, Xilinx, and others, who have some very interesting and compelling security products.

Embedded Intel Solutions:  Are we past the point of convincing folks that IoT devices need security?

Parks, SecureRF: I don’t know if anyone would openly say “I don’t see the need for security.” I think the threat models and use cases are different by product, by industry, by sector, and there may be still some narrow band of opportunity or functionality where security isn’t [at] the forefront or required. The problem is that one keeps seeing different ways of combining data elements and metadata together that takes two or three really immaterial pieces of data, but, put together, suddenly gives it great value. This is what we see happening in data analytics and all the deep data that is going on where they are capturing not five, 10, or 20 but literally hundreds of data points based on your browsing, your online activity, and your mobile usage. No one data point may be critical, but put together, they show behavior or aptitude that benefit the vendor that is collecting them.

We are typically not trying to convince somebody they need security, but to show you how obscure security can get, somebody has done some research on Fitbit and been able to finely, finely monitor data from axes or movement and track where the user’s hand has been. The example that they gave is of a Fitbit wearer standing at a bank machine typing in the pin and if they are in proximity and can capture the movements, they can discern the pin.[1]

Embedded Intel Solutions:  It looks like we may need a “part two” of this conversation because we have not yet talked about how the announced collaboration with Intel will enable engineers to create quantum-resistant authentication and data protection solutions. But can you address that briefly here?

Parks, SecureRF: The idea of quantum resistance methods has been an intellectually interesting idea for some time. However, with the arrival of elementary working quantum computers in the last year to year and a half, the clock is now ticking to address this issue. There are a couple of solutions—we are one—that do address known quantum attacks today. There may be other attacks coming. We uniquely address the problem because our security solutions still fit on the smallest chips. Some of the other methods that are quantum-resistant will work well on server farms or for very large systems, but they won’t address a lot of the very small devices we are talking about today.

So, if you are developing a product that is going to be in the field for the next couple of years, you can just keep reading articles about quantum resistance and not worry about it. But if you are developing a product that, once deployed, is going to be in the field for many years—such as smart grid, automotive, aerospace, and medical devices—you need to think about future proofing your product.

Resources

SecureRF security toolkits and the Intel DE10-Nano board: https://www.securerf.com/developers/intel-de10-nano/

SecureRF’s technical article on authenticating remote devices: https://software.intel.com/en-us/articles/how-to-authenticate-remote-devices-with-the-de10-nano-kit

[1] https://phys.org/news/2016-07-smartwatch-atm-pin.html

Share and Enjoy:
  • Digg
  • Sphinn
  • del.icio.us
  • Facebook
  • Mixx
  • Google
  • TwitThis