Security is a major concern throughout today’s electronics industry. The predicted mass-adoption of Internet of Things (IoT) technologies, with the possibility of 50 billion items, all connected to the Internet, and all vulnerable to external attack, is a big part of this.
But the potential problems go further: the infrastructure that makes up the Internet itself – composed of equipment like routers, modems and mobile base stations – is also vulnerable. Just as importantly, many industrial and enterprise systems require “security of operation” – protection against malfunctions, perhaps caused by memory corruption.
Many of these risks are well understood: they can be combatted, if not eliminated, by techniques such as encryption, password protection, protection of keys and keying material, and mutual authentication. But even these measures are not foolproof: and they are inappropriate for ‘lightweight’ IoT products such as a sensors and light bulbs.
These trends have increased interest in the implementation of security measures at the hardware level. The chips (systems on chip or SoCs) that are at the heart of all of these products can already be equipped with a variety of protection, typically including secure e-fuses, cryptography and software. Even so, there is a need to do more. The Bare Metal Security concept from UltraSoC creates a silicon-efficient system that is completely independent of the hardware, operating system and application software on-chip, and hence provides an extra layer of protection over and above conventional security measures.
Bare Metal Security provides a toolbox of silicon IP that the designer can use to create a security system. The UltraSoC IP is used to monitor system behavior and report or take action when “unexpected” events occur. For example, an unusually high level of processor activity might indicate the possibility of a denial-of-service attack; an unauthorized process accessing sensitive areas of memory might reveal a virus or Trojan.
Such a strategy, if well implemented, offers extremely robust protection. The hardware paradigm – working “under the radar” of the main system software – is intrinsically more difficult to tamper with or subvert than a software-based solution. It is also suitable for the kinds of lightweight IoT applications already mentioned; it does not require large amounts of computing-style processing or OS resources.
The system can be crafted to have visibility of the entire system, making it harder to camouflage or hide an attack. Moreover, it can also protect against inadvertent system compromise as well as malicious activity, because it can spot unexpected system states or operation modes, and trigger a failsafe routine – again, potentially working entirely separately from the main system.
Of course, the designer still needs to ensure good Internet housekeeping and implement standard SoC security measures. The role of Bare Metal Security features will most commonly be to provide an additional layer of protection to supplement and enhance these measures. Hardware based security measures like Bare Metal Security promise to have a substantial impact on the market in coming years because security is seen as one of the thorny issues that is currently holding back uptake of IoT applications – not only in domestic situations, but also in the industrial and enterprise arenas, where security of operation and resistance to attack go hand-in-hand.
Emerging trends such as the growth of mobile payments will ensure that this focus remains for the foreseeable future: up to 70 percent of people who choose not to use mobile payment systems make that choice because of concerns about fraud, identity theft and data privacy. It’s also a key issue in the automotive sphere. There are already 26 million “connected cars” on the road, all of which need security protection to prevent car-jacking. Even non-connected vehicles are not immune: witness the recent spate of car thefts in which the perpetrators hacked keyless entry devices.
For too long security has been seen as a “bolt-on” feature. The new trend towards hardware-based implementations shows that it is now acknowledged as a requirement that needs to be “baked-in” from the very start of a product’s conception and design. Solutions like Bare Metal Security go a long way towards achieving the goal of ensuring that robust security becomes the rule, rather than the exception.
Rupert Baines is CEO of UltraSoC. He is a 30-year veteran of the global semiconductor and communications industries, and has previously held senior roles in both start-ups and prominent trans-national companies. Before joining UltraSoC he was VP of Strategic Marketing at Mindspeed following that company’s acquisition of Picochip (now part of Intel), where he had served as VP of Marketing. He previously worked at Arthur D Little and Analog Devices, where he played a key role in the development and mass-market adoption of digital subscriber line (DSL), the most common broadband access technology in use around the world today. He is a Fellow of the Institute of Engineering and Technology (FIET) and Fellow of the Royal Society of Arts, Commerce & Manufacture (FRSA).