Locking Down The Chip

First of two parts: Crypto processors are gaining more attention as a way of embedding platform-independent security in an SoC.


The crypto processor is poised to break into the mainstream SoC world. Lower costs for manufacturing, coupled with rising security concerns from increased connectivity and growing complexity have cracked open the door on this approach to locking down a chip.

Crypto processors aren’t a new concept, but they generally have been reserved for high-end applications. Until recently, they have just been expensive and the market for them was small. Moreover, there was little impetus to port them to commercial or unilateral applications. But as recent events are heightining a concern for security, this unique processor is getting a second look. Technological advancements, along with the large-scale integration of ubiquitous IP into silicon, have positioned the crypto processors as a viable, next-generation security platform for objects of the Internet of Things/Everything (IoT/IoE).

Tight profit margins, especially in mass produced consumer goods, puts pressure on manufactures to optimize the development and production cycles and use off-the-shelf components, and generic Intellectual Property whenever possible. So integrating third-party IP is a very cost-effective approach. Therefore, being able to detect and disable any trojans that may, inadvertently or deliberately, be buried in third-party IP is of tremendous value to manufacturers. And one can see how this can be especially applicable to IoT/E objects.

The concept of having a dedicated microprocessor, with embedded IP to handle the security function at the hardware level is becoming more and more appealing because many, if not most, of future generation IoT/E objects will function autonomously. Having one chip that integrates the job of both, security guard and controller, could be just the ticket.

Expensive crypto processor for high-value targets such as vehicles won’t be much of a problem. However, the trick is to get them to be small, cheap, and multifunctional enough to put in a toaster, and progress is being made on that front.

Crypto processors – peeling back the layers
Crypto processors are specialized processors that execute cryptographic algorithms within hardware. Functions include such things as accelerating encryption algorithms, enhanced tamper, and intrusion detection, enhanced data, key protection and security enhanced memory access and I/O.

Crypto processors aren’t new. First used in military applications, they came into commercial applications in the mid-1980s when IBM’s 3480 was outfitted with them, and they have been used in ATM and banking applications to secure transactions. In the last 10 or so years, scaled-down versions have been showing up in consumer devices such as smart cards, SIM cards, cellular radios, set-top boxes, automobiles, game consoles, etc.

A crypto processor offers several distinct advantages. First, it can offer strong protection of IP. Second, it offers better protection of key data than simple storage encryption. Third, it offers protection against vulnerability exploits. This is accomplished by integrating the typical security functions, which are in software layers on top of standard processors, into the hardware layers.
They can be integrated into SoCs or FPGAs, depending upon the desired function. They also can be integrated using a hybrid approach, whereby a standard processor is used and dedicated IP other crypto algorithm blocks are implemented in the hardware. And there is a trusted platform module, as well.

For example, there is a type of crypto processor referred to as a double encryption device. This rendition offers the ability to protect both the running programs and the data by encrypting both the data and address locations. It places a security blanket of encryptors and decryptors between the processing elements, data storage, and I/O subsystems. All information is decrypted within the secure blocks of the processor and then encrypted before it is stored in memory or sent to an I/O operation. It has the ability to hardwire the keys. This means they can be “zero-ized” and become virtually invisible to the outside world.

It also contains both secure and unsecure I/O channels. The unsecure channels are used for routine I/O operations and maintenance while the secure channels are used for transaction and sensitive data routing.

Processor packages and attributes
Crypto processors implemented in FPGAs offer the fastest cryptographic processing. Because they use standard FPGA fabric, they can be updated via typical software methods, or methods the FPGA fab uses. They allow complex mathematical operations to run quickly and efficiently — something that typical microcontrollers struggle with. IP blocks can be modified if desired, and they are field programmable as the acronym implies. FPGA-based crypto processors are used in ATMs, automotive, servers and robotics, among other things.

There are also ASIC-based crypto processors. Their claim to fame is speed, footprint, and power utilization. These devices are ICs that are designed for a specific application and are unalterable once produced. They are also cheaper to produce, use less power, and have a significantly smaller footprint than FPGAs. ASICs are typically found in low-end applications such as RFID, network routers, cameras, cell phones, etc.

The trusted platform module (TPM) is a special case where a crypto processor is integrated with a software microkernel. The kernel generates and stores encryption keys, passwords, and digital certificates. It is a rather specialized concept in that the idea is for one TPM to certify another via a “chain of trust” by insuring the integrity of a platform. A typical application might be in digital rights management (DRM), to ensure that the video or audio file that is being assessed is the original and not a copy, for example.

Another good example of a specialized crypto processor is what is called a hardware security module (HSM). HSMs contain one or more secure crypto processor chips to prevent tampering and bus probing. The module is a physical computing device that safeguards and manages digital keys for strong authentication and provides crypto processing. HSM modules traditionally come in the form of a plug-in card or an external device that attaches directly to a computer of some sort.

HSMs come in a variety of configurations. Depending upon security desired, it can contain controls that provide tamper evidence such as logging and alerting and tamper resistance such as deleting keys upon tamper detection.

Additionally, HSM systems have provisions to securely backup the keys they handle in a wrapped form. These backups are stored either on the computer to which the module is attached, NAS, cloud servers or external security tokens.

Bullet-proofing methodologies
Crypto processors are the most bulletproof when it comes to vulnerabilities and attacks. The best crypto processors are very tamper-resistant. Countermeasures include such things as physical penetration sensors, UV blocks and electrical probing sensors. One of its strongest defenses is its ability to “zero-ize” keys in the event of a breach. Zero-izing simply means that if the chip detects a violation, it writes zeroes in the key code locations. It also can be programmed to do a memory wipe if desired. And in extreme cases where data is highly secretive, such as trade secrets or military technology, the chip can be made to self-destruct.

However, this high level of security comes at a price. IP and API designers and coders must write bulletproof code. A well-worn adage is true here as in so many other instances – the chip is only as strong as the weakest code link (remember heartbleed?). Designing such advanced-level chips is both expensive and time-consuming, so these types of super-secure chips are found only in very sophisticated applications.

One of the key issues that crypto processors address is trust. Most IP and the initial program loader (IPL) are acquired from third parties. That is true even with crypto processors, because much of the IP is the same as standard microcontroller.

One example is how to ensure the purchased/licensed IP is trustworthy. According to Ramesh Karri, professor in the Department of Electrical and Computer Engineering at Polytechnic Institute of New York University, and this year’s chair of the security track at DAC, “The first level is guarantees among the recipient, who provide IP, that it will not be misused. And, guarantees from the provider that the IP does not contain malicious code or hack-able access.” This is usually a legal agreement between the parties.

Another trust issue involves preventing IP back doors in acquired IP. This is a critical issue, especially in crypto processors where code is secured at the hardware layers. Says Karri: “In 32-bit OP code processors, there are 232 OP codes. However, no processor has that many valid OP codes so most of them are what is called “dark” OPs. These are used for debug, test, and various other functions.”

However, such dark OPS are a fertile breeding ground for hiding malicious code that can expose the processor to unauthorized access. “Ensuring that acquired third party IP is clean, and nothing, deliberately, or inadvertently, is hidden in dark Ops, is a real challenge,” Karri says.

Another issue that is somewhat obscure in security is interconnect fabric. While there is a lot of interest in IP, interconnect pipes, especially in crypto processors have to be just as secure as the data they funnel around. As SoCs grow in complexity, so does the interconnect within the chip. As this interconnect grows, at some point, it affects the signals roaming around the chip. Problems like heat buildup, power consumption, and timing issue become a real design issue and can affect the data integrity and, subsequently, IP security.