An architecture that delivers progressively higher levels of functional integration and security can meet a variety of unique requirements.
The cybersecurity threat landscape is dynamic and rapidly evolving. Indeed, attackers are constantly finding new ways to exploit critical vulnerabilities across a wide range of applications and devices. Protecting data and devices requires secure processes running on systems and networks.
A Root of Trust is the foundation on which all secure operations of a computing system depend. It contains the keys used for cryptographic functions and enables a system-wide secure boot process. It is inherently trusted and therefore must be secure by design. The most secure implementation of a root of trust is in hardware safeguarding it from malware and non-invasive or invasive tamper attacks. As such, it can be a standalone security module or implemented as a security module within a processor or system-on-chip (SoC).
Chipmakers have varying levels of security expertise and desire for integration. For some customers, a fully turnkey hardware Root of Trust would be ideal. Others wish to build their own Root of Trust but would still like to take advantage of the latest state-of-the-art cryptographic accelerators.
To address these varying customer needs, an architecture that delivered progressively higher levels of functional integration and security would be ideal. Such an architecture would enable customers to choose the level of security features and capabilities best suited to their unique requirements.
At the highest tier of the architecture would be a fully programmable, turnkey Root of Trust. Ideally, it would offer Quantum Safe security and offer OCP compliant Caliptra Root of Trust for Measurement with secure boot flow. The Root of Trust would protect against a wide range of hardware and software attacks through state-of-the-art side channel attack countermeasures and anti-tamper and security techniques. Its Quantum Safe cryptographic accelerators would provide future-proof hardware security to protect the boot flow and data assets today and into the quantum era.
The second tier of the architecture would be a flexible, configurable and efficient bundle of cryptographic accelerator cores. It would contain a public key infrastructure comprising of a true random number generator, classic and, optionally, Quantum Safe cryptographic accelerators, and dedicated secure memories. It would offer a variety of classic asymmetric cryptographic accelerators including RSA, ECC, SM2, TRNG, KDF (Key Derive), KAS (Key Agreement), as well as Quantum Safe accelerators like ML-DSA, ML-KEM and SLH-DSA. In addition, it would offer all the symmetric accelerators listed in the lowest tier described next.
Finally, at the lowest tier of the architecture would be a core that bundles symmetric crypto accelerators for AES, SM4, ChaCha20, SHA-2, SHA-3, SHAKE, SM3 and Poly1305 behind a multi-channel DMA interface. This standalone core would be ideal for power and space-sensitive applications like secure MCU, IoT server, gateway and edge devices.
With the CryptoManager family of products, Rambus offers such a three-tiered architecture that can be tailored to meet the needs of broad spectrum of customers. The fully programmable CryptoManager Root of Trust is the highest level of the architecture, the CryptoManager Hub is the middle tier, offering a flexible bundle of cryptographic accelerators including the symmetric accelerators of the lowest tier CryptoManager Core. There are versions of each of these products available for data center, government, automotive and other markets. As an example, for automotive customers Rambus provides all the functionality for fully programmable ISO 26262 ASIL-D process, ASIL-B or ASIL-D safety mechanisms, and ISO 21434 compliant hardware security modules. Given the flexibility of the three-tiered CryptoManager architecture, it’s never been easier to get the perfect combination of features and integration tailored to the security needs of your application.
Leave a Reply