Security should be seen as an integral part of design architecture, not an afterthought.
Due to today’s connected world, a high volume of valuable data, susceptible to tampering and physical attacks, is processed, stored, and moved between devices, cars, and data centers. And the number of connections continues to grow. Even with supply chain disruptions and the overarching effects of the COVID-19 pandemic on chip manufacturing, the number of global IoT connections grew by 8% in 2021 to 12.2 billion active endpoints, according to IoT Analytics Spring 2022 report. With each connected device comes more data to process, store, connect, and ultimately secure through various interfaces and systems all the way to the cloud.
The required solutions must not only support new innovations in high-speed interfaces, such as PCI Express, CXL, and Ethernet, for acceleration and new compute architectures, but also provide the necessary high-grade security mechanisms without compromising throughput and latencies. By 2025, Statista projects that 79 zettabytes of data will be generated globally per year (for reference, one zettabyte alone can hold 30 billion movies!). This overwhelming amount of data that can be corrupted, replaced, modified, or stolen contains everything from entertainment, confidential and sensitive consumer information, to operational information that is critical to a business’s success and our general infrastructure. All of this directly correlates to increased threat risk and is pushing the industry to look at security as an integral part of design architecture, not an afterthought. The addition of laws, regulations, and various privacy policies are also driving companies to bring SoC security to the forefront.
Today, we are thrilled to announce that Synopsys is launching the industry’s broadest secure interfaces built specifically for high-performance computing (HPC), mobile, automotive, and IoT systems-on-a-chip (SoCs). The secure interfaces offer pre-verified solutions integrated with controllers for performance, latency, and area, that are standards-compliant for the most widely used protocols. Ultimately, these solutions allow SoC designers to quickly address and implement security with low risk and quick time-to-market.
Read on to learn about the fundamentals of securing interfaces and how Synopsys’ Secure Interfaces will help design teams achieve the highest levels of security for maximum data protection.
It is important for design teams to get a comprehensive understanding of their threat environment to accurately protect data, infrastructure, and devices. From cloud API vulnerabilities and account hijacking to ransomware and man-in-the-middle attacks, a preemptive approach to SoC design is critical to ensure security and protect against all kinds of threats. As shown in the figure below, there are many interfaces in the SoC that need to be secured from physical attacks and tampering. Securing interfaces (e.g., DDR, PCIe, CXL, Ethernet, MIPI, USB, UFS, eMMC, HDMI, and DisplayPort) and the data that moves across them starting in the design phase can prevent data from being accessed, deleted, or otherwise manipulated by bad actors.
SoCs have many interfaces that require security.
Securing interfaces at a hardware level and implementing zero-knowledge architecture so that the data is encrypted and can’t be used maliciously even if it’s accessed can make a world of difference.
There are two main components necessary for secure interfaces. The first is the authentication and key management component that is typically tied to the control plane, and the second addresses the bulk integrity and data encryption between two endpoints that is tied to the data plane. The latter component is related to keeping up with bandwidth requirements, ensuring low latency, etc. How and where these are addressed in an SoC depends on the specific interface. For example, PCIe and CXL interfaces have similar security schemes that house the authentication and key management and need to be run in a secure environment, and Integrity and Data Encryption (IDE) for the data plane.
Beyond this, SoC designers need to account for an added level of complexity when making many types of interfaces secure. There are a variety of standards bodies that are constantly changing requirements, even as we write this blog post. These standards need to be added at different levels, meaning that the protocols can be implemented at the system level, within the controller, within the PHY, or within the PHY and controller.
Security is now taking center stage in the semiconductor industry, and all interfaces and data that move across them need to be secure; after all, an SoC is only as secure as its weakest entry point. Even if all the base-level protocols and standards are met, designers need to be sure that the entire system is protected. Security goes beyond encryption and decryption; if important configuration registers or keys are compromised, the security of the entire system is also compromised.
The beauty of the Synopsys secure interfaces is that they cover the entire spectrum of interfaces that designers need to consider for a variety of different applications such as HPC, mobile, IoT, and automotive. Synopsys’ broad secure interface IP products include silicon-proven Synopsys Controllers for the most widely used protocols integrated with security features, offering low-risk solutions for optimal security, latency, performance, and area.
Synopsys secure interfaces for the most widely used protocols.
Security will continue to be top of mind both for SoC designers and standards bodies. When security was added to the PCIe and CXL standards in 2020, the demand for security IP was very aggressive, specifically for high-performance computing applications. Autonomous vehicles and the electrification of these vehicles introduce security risks that are being addressed by today’s specifications used in cars for networking, ADAS camera/sensor connectivity, and displays.
The security field is dynamic; as technology evolves, so do the threats and ways to attack systems, requiring increasingly reliable, resilient security solutions across the board that will be required around the world (whether it be region-specific or truly global). Additionally, as emerging technologies such as quantum computing become available, they will have the ability to break all the public key infrastructure algorithms that are used today. This means that standards will need to adapt to include quantum-safe algorithms for new standards over the coming 5 to 10 years and beyond.
In conclusion, baking security into SoCs is mandatory and continues to be influenced by the evolution of our connected world, laws, regulations, and standards. Security is being adopted more aggressively across all interfaces, including new initiatives for MIPI, VESA, and UCIe. Synopsys has its own experts who are participating in the top standards working groups to ensure that our entire secure interface products is at the forefront of compliance, making security simple for customers across industries. You can find more information on Synopsys’ secure interface IP products here.
Leave a Reply