Part of the  

Chip Design Magazine


About  |  Contact

Posts Tagged ‘authentication’

Blog Review – Monday, July 25, 2016

Monday, July 25th, 2016

This week, the blogsphere is chasing Pokemon, applying virtual reality as a medical treatment, cooking up a treat with multi-core processors, revisiting Hybrid Memory Cube, analysing convergence in the automotive market – and then there was the ARM acquisition

Have you bumped into anyone, head down as they hunt for Pickachu in Pokémon GO? Eamonn Ahearne, ON Semiconductor vents some frustration but also celebrates the milestone in virtual reality that is sweeping the nation(s).

Virtual reality is also occupying Samantha Zee, Nvidia, who relates an interesting, and moving, case study about pain management using virtual reality

The role of the car is changing, and Andrew Macleod, Mentor Graphics, identifies that convergence is a driving force, boosting mobility with an increase in the vehicle’s electronics content, presenting new challenges for system engineers.

You are always going to grab my attention with a blog that mentions food, or a place where food can be made. Taylor K, Intel, compares multi-core processors to a kitchen, albeit an industrial one. Food for thought.

Virtualization is revitalizing embedded computing, according to Alex Voica, Imagination Technologies. The blog has copious mentions of the company’s involvement in the technology, but also some design ideas for IoT, device authentication, anti-cloning and robotics.

What will the SoftBank acquisition of ARM mean for the IoT industry, ponders Gabe Moretti, Chip Design Magazine. Is SoftBank underestimating other players in the market?

Still with ARM, which recently bought UK imaging company, Apical, Freddi Jeffries, ARM, has a vision – how computing will use images, deep learning and neural networks. Exciting times, not just for the company, but for the industry.

Micron’s Hybrid Memory Cube (HMC) architecture is five years old, so Priya Balasubramanian, Cadence Design Systems, delves into the memory technology which is having a mini resurgence, and the support options available.

Caroline Hayes, Senior Editor

Hardware vs Software in IOT Security

Sunday, July 30th, 2017
YouTube Preview Image

Conversation About System Security With Imagination Technologies

Thursday, November 24th, 2016

Gabe Moretti, Senior Editor

I had a conversation with Majid Bemanian, Director of Segment Marketing at Imagination Technologies about system security.  His general view is that for any system to operate as it was intended by the manufacturer (OEM) or operator, a mechanism of unalterable checks-and-balances needs to be engraved or burned into the system.  Such a mechanism acts as a trusted agent that can start the system, validate its operation, provide trusted services, and if necessary shut down the system in the event of compromise.

CD: you mentioned the term “Root of Trust”.  How do you define it?

MB: One technique to have such checks and balances is implementation of Root-of-Trust (RoT). RoT anchors crypto keys and trusted code into the system in such a way that it cannot be altered. Therefore, the rationale would be – If the keys and code code that are burned into the system cannot be changed and come from a source that I trust, then by definition, the system operating under its supervision can be trusted; extension to the trusted code and keys that are validated by a trusted entity (RoT) can also be trusted. Together, this forms a Chain-of-Trust.

Once the user has confirmed that the system is in its intended trusted operational state, it can then be assumed to be original (not cloned).

CD: How can we choose a protection level?

MB: To determine the level of protection required, we first need to determine what specifically we are protecting.

To protect stored content such as passwords, photos, code, sensory information (e.g. from a heart monitor), etc., encryption can provide a level of privacy. One must also protect the encryption key(s) which are used to enforce protection.  To protect software, authentication and encryption are essential.

Authentication assures the software running on the system is original and from the intended OEM and starts its operation in the intended state defined by the OEM/operator. An authentication procedure can be implemented leveraging an asymmetric cryptography process where there are key-pairs to assure robust authentication. Key pairs include a private key to sign and public key to validate the authenticity of the software.

Encryption is often used alongside authentication to ensure that the software remains private, with encryption keys to make software inaccessible.

CD: How do we choose an protection strategy?

MB: Once we know what we are protecting and how to protect it, we must ask what attack vector(s) we are protecting the system. If the system is at rest, it is possible for a physical attack to penetrate the system. If the system is in-motion, a cyber/network or side-channel attack in addition to a physical attack can compromise the system.

If we look at a connected lightbulb versus a heart monitor or pacemaker, we can see that not only will they need different levels of protection given their criticality, but also that the likelihood of certain attacks would be different in each case. Each comes at a different cost – a system design consideration.

In physical attacks, we need to determine the potential access methods to the system and implement the correct defensive measures. Removing the JTAG connector and traces connected to the device may be sufficient for a connected lightbulb. However protection against a side channel attack such as Differential Power Analysis (DPA) may be needed for a heart monitor or M2M payment system.

CD: How do we respond to a security attack?

MB: A Runtime Integrity Check can offer a mechanism to determine if a system had been compromised post standard operation; hence, runtime. One can implement Runtime Integrity Check in the background to periodically check for vulnerabilities/signs of system compromise. Then corrective steps can be taken. If a system has been authenticated and is operating as intended but an attack is still successful in gaining access, one can shut down the system, reboot or simply flag and notify an authorized agent.

Another area to consider is response to malfunctioning. There are many mechanisms to detect tampering and provide a response. Tamper-evident markings provide a visual indication and are the simplest form of protection.  This common method is intended to detect interference with the system and the content residing on it.  Of course in most cases, the technique is not acceptable to provide a trusted and secure system.  As part of RoT functionally, tamper monitoring is needed. This can monitor changes in a device’s physical properties such as temperature, and various tamper responses can be implemented if tampering is detected. Many different techniques that can be implemented to respond to a tamper, e.g. a simple alarm/notification to self-destruct secret keys and data.

CD: What you say requires architectural planning and careful implementation which in turn translate in development cost.

MB: For many connected devices, compliance and conformance to certain industry rules pose a significant time and cost investment which designers must consider.  But an insecure system is not competitive, in fact it may be dangerous and result in far greater losses to customers and consumers.

CD: Thank you.

Extension Media websites place cookies on your device to give you the best user experience. By using our websites, you agree to placement of these cookies and to our Privacy Policy. Please click here to accept.