Rambus

At Rambus, we create cutting-edge semiconductor and IP products, providing industry-leading chips and silicon IP to make data faster and safer.

Home > You searched for FaaS

Search Results for: FaaS

Will Feature As A Service (FaaS) Become Important? Rambus Thinks So

Mitigating the effects of a declining Moore’s Law will no doubt take many forms. We’re all wondering what the next disruptive technology will be to make the worries moot. In the meantime, one approach to dealing with a stalled Moore’s Law is floated in a recent Rambus Blog, ‘Moore’s Law in the FaaS Lane’ – that’s right feature as a service. Certainly it’s not an entirely new idea.

Moore’s Law in the FaaS lane

Recode’s Arik Hesseldahl recently noted that chip industry is running up against some “truly fundamental” limits.

“At the five-nanometer juncture — due maybe in 2021, give or take — the outlook [of Moore’s Law] has tended to get incomprehensibly fuzzy. At that size, elements on the chip would be about twice the size of a strand of DNA,” he explained. “Smaller than that, the design features on a chip become no bigger than 10 individual atoms. At that scale, electrons start to behave unreliably: The laws of classical physics give way to the infamously uncertain rules of the quantum scale.”

computercircuitboard

According to Hesseldahl, questioning the cadence of Moore’s Law beyond the 5nm horizon prompts a “much more complex view” of future chip technology. To illustrate his point, the Recode journalist cites Daniel Reed of the University of Iowa who was recently quoted in a Nature journal article about Moore’s Law. As Reed points out, Boeing’s 787 doesn’t actually fly all that much faster than a 707 did in the 1970s. Nevertheless, a slew of industry advances has led to improved fuel efficiency, lighter airframes and more advanced electronic navigation systems.

“The road ahead will diverge from one into many with different destinations and different milestones along the way,” Hesseldah added. “Some indeed may lead nowhere, but others will lead into unexpected territory that we haven’t foreseen.”

Perhaps not surprisingly, the semiconductor industry is already navigating uncharted waters as the potential slowing of Moore’s Law looms in the distance. To be sure, the industry has entered a period of rising development costs, lower margins and rapid consolidation. As Dr. Martin Scott, senior VP and GM of the Rambus Cryptography Research division puts it, the semiconductor industry is currently experiencing significant change. Consequently, fresh models of enablement will be needed to help reignite innovation across the market.

One potential new paradigm for an evolving chip industry could revolve around in-field features and service provisioning, or Features as a Service (FaaS), which is now supported by Rambus CryptoManager, alongside SoC management and device personalization capabilities.

cmchiptocloud

Put simply, the expanded CryptoManager platform allows device and service providers to securely enable or disable features in-field, unlocking the full value of SoCs and delivering Features as a Service. FaaS is expected to open up a wide range of new usage models for semiconductor companies, including the generation of additional revenue streams in multiple diverse markets, such as mobile banking, entertainment and IoT device security.

Interested in learning more about Rambus CryptoManager? You can check out our official product page here and article archive on the subject here.

Moore’s Law in the FaaS lane

Recode’s Arik Hesseldahl recently noted that chip industry is running up against some “truly fundamental” limits. “At the five-nanometer juncture — due maybe in 2021, give or take — the outlook [of Moore’s Law] has tended to get incomprehensibly fuzzy. At that size, elements on the chip would be about twice the size of a strand of DNA,” he explained. “Smaller than that, the design features on a chip become no bigger than 10 individual atoms. At that scale, electrons start to behave unreliably: The laws of classical physics give way to the infamously uncertain rules of the quantum scale.”

CryptoManager enables FaaS with in-field provisioning

Rambus has announced that its CryptoManager security platform now supports in-field feature and service provisioning, alongside SoC management and device personalization capabilities.

“In-field feature and service provisioning enables complete silicon-to-cloud functionality to support the growing requirements of trusted applications,” said Dr. Martin Scott, senior VP and GM of the Rambus Cryptography Research division. “These include secure mobile banking, identity and entertainment, along with IoT device security.”

cmchiptocloud

As Scott notes, the semiconductor industry is currently experiencing significant change. Consequently, new models of enablement will be needed to help reignite innovation across the market.

“With the growing demand for flexibly at any point in the chip lifecycle, the expanded CryptoManager platform allows device and service providers to securely enable or disable features in-field, unlocking the full value of SoCs and delivering Features as a Service (FaaS),” he explained.

As we’ve previously discussed on Rambus Press, the CryptoManager platform includes a Security Engine; a flexible root-of-trust implemented as an embedded hardware core, or as a software agent for the secure provisioning, configuration, and authentication of keys and features in SoCs throughout the lifecycle of a device.

Meanwhile, the Security Infrastructure offers a complete suite; including a root server, management server with unified user interface, in-factory hardware appliance cluster and ATE client lib for the secure delivery, programing and management of secure keys throughout the SoC supply chain and downstream ecosystem.

In addition, CryptoManager provides Trusted Provisioning Services for local and cloud-based trusted key creation, delivery and authentication. This includes optional hosting, operation and maintenance of the CryptoManager Infrastructure for secure SoC and device manufacturers, as well as application developers and service providers, to enable in-field provisioning of device features and functionality.

Essentially, the expanded CryptoManager platform provides a secure foundation for downstream device configuration – offering chipmakers the flexibility needed for post-manufacturing inventory management and the creation of a trusted path from service providers to consumers for feature enablement.

CryptoManager enables FaaS with in-field provisioning

Rambus has announced that its CryptoManager security platform now supports in-field feature and service provisioning, alongside SoC management and device personalization capabilities. “In-field feature and service provisioning enables complete silicon-to-cloud functionality to support the growing requirements of trusted applications,” said Dr. Martin Scott, senior VP and GM of the Rambus Cryptography Research division. “These include secure mobile banking, identity and entertainment, along with IoT device security.”

What is OTA in automotive? Over the air updates explained.

Over-the-air (OTA) programming refers to the ability to download applications, services, and configurations over a mobile or cellular network. Over-the-air (OTA) programming is used to automatically update firmware, software, and even encryption keys. Specific OTA categories include: 

  • Software over-the-air (SOTA) 
  • Firmware-over-the-air (FOTA) 
  • Over-the-air service provisioning (OTASP) 
  • Over-the-air provisioning (OTAP) 
  • Over-the-air parameter administration (OTAPA) 

Here are some other subtopics we will cover in this article:

How do OTA updates work? 

over the air updates explained (ota updates)

 

A device management system operated by the manufacturer issues a new software or firmware update. The update is uploaded to the cloud where it is queued, downloaded, and verified by the target device over a cellular or mobile connection. Once verified, the device typically triggers an alert that prompts the owner to approve or decline the update. After confirming approval—whether manually or automatically—the system installs the update and sends back diagnostic information to the manufacturer.

Software over-the-air updates are now quite common in the automotive market, with major vehicle manufacturers routinely rolling out SOTA upgrades for infotainment and navigation systems. SOTA can also update software controlling a vehicle’s physical components or electronic signal processing systems. In contrast to SOTA, firmware-over-the-air upgrades have only been implemented at scale by a small number of automotive manufacturers, including Tesla and NIO. This is because FOTA updates typically demand more computing power, faster mobile connections, and higher levels of security. 

Most automakers are already designing vehicle hardware to support software updates. This enables manufacturers to shift to a revenue model that is based on services—rather than a one-time sale of a car or truck. According to Gartner analysts, half of the top 10 global automakers will offer unlocks and capability upgrades via software updates by 2023. It should be noted that Tesla began monetizing OTA upgrades in 2019 when it offered Model 3 owners an acceleration boost—from 4.6s to 4.1s—for $3,000. 

How do connected cars get updates? 

Most cars with infotainment systems can receive software updates. Some automotive operating systems, such as BMW’s OS 7/8, Mercedes MBUX, and Tesla, continuously scan for OTA updates in the cloud. Once identified, the update is downloaded, verified, and run by the telematics control unit (TCU) of a connected vehicle. 

TCUs wirelessly connect cars and trucks to cloud services and other vehicles with V2X standards over a cellular network (4G/5G). The TCU also collects essential vehicle telemetry data, including geographical position, speed, vector, engine information, and connectivity strength. 

Why would my car need a software OTA update? 

OTA updates—which improve the driving experience and create safer roads—are delivered remotely and do not require a trip to a dealership or mechanic. These updates can be grouped into two primary categories: infotainment and drive control.

Infotainment updates refresh map information, upgrade audio capabilities, and optimize user interfaces, streaming services, and apps. Although infotainment updates significantly improve the in-car experience, they are not mission-critical. 

In contrast, drive control OTA updates directly affect the ability of a vehicle to operate safely and efficiently. These updates typically include system enhancements or fixes for powertrain systems, chassis systems, brakes, and advanced driver assistance systems (ADAS). Drive control OTA updates—which may also improve range and charging for electric vehicles (EVs)—are generally considered critical or required. 

Most automakers have already updated new vehicle hardware to support software updates. For example, Tesla pre-designs hardware and software to accommodate future function expansion requirements. New functions, along with full lifecycle updates, are introduced at a steady cadence via software upgrades. 

How to address over-the-air automotive security challenges? 

Unsecured automotive over-the-air updates are susceptible to multiple threats and attacks such as spoofing, tampering, repudiation, escalation of privileges, and information leakage. These threats can be mitigated by encrypting software updates; using a signed certificate containing the public key of the entity requesting the update; digitally signing updates after encryption; securing all network transactions with TLS public key authentication (signed by a trusted Certificate Authority); and (clients) performing hostname verification to ensure they are connecting a verified server. 

Additional mitigation techniques include only delivering updates to authorized devices; the tamper-proof logging of all important events; the initialization of SOTA/FOTA updates with a secure boot mechanism; software update systems that are designed to “fail gracefully” in the case of a denial-of-service (DoS) attack; the utilization of anti-malware protection such as whitelists and in-memory protection; and ensuring that compliant SOTA/FOTA software update systems clear all shared resources of sensitive data and keys that were temporarily stored during software updates. 

 

In addition to the above guidelines, the National Highway Traffic Safety Administration (NHTSA) has published official OTA update recommendations in its “Cybersecurity Best Practices for the Safety of Modern Vehicles” report. According to the NHTSA, vehicle manufacturers should: 

  • Maintain the integrity of OTA updates, update servers, the transmission mechanisms, and the updating process in general. 
  • Take into account, when designing security measures, the risks associated with compromised servers, insider threats, men-in-the-middle attacks, and protocol vulnerabilities. 

What company makes the security technology for OTA updates? 

Rambus automotive embedded hardware security modules (HSMs) can help manufacturers adhere to the NHTSA’s recommendations. In addition to securing SOTA/FOTA upgrades, these HSMs provide secure boot, secure debug capabilities, and work with other security functions such as MACsec, IPsec, and TLS embedded protocol engines to protect network traffic in cars. To operate properly, components such as electronic control units (ECUs) and other systems must run the manufacturer intended firmware—without tampering. A root of trust ensures firmware is valid and can be securely updated when needed. 

Rambus offers embedded HSM (root of trust) variants for both ASIL-B (RT-640) and ASIL-D (RT-645) that are specifically designed for the functional safety requirements of ISO 26262, an international automotive electronics system standard. The Rambus RT-640 Embedded HSM recently received Automotive Safety Integrity Level B (ASIL-B) ISO 26262 certification. Certified ASIL-B compliance is a critical requirement for automotive manufacturers and their suppliers to ensure vehicle systems meet necessary safety levels. Integrated into an automotive SoC, the ASIL-B certified RT-640 silicon IP design provides powerful cryptographic functions, state-of-the-art safety mechanisms, and anti-tamper technologies to protect critical automotive electronics and data. 

From a holistic perspective, Rambus end-to-end security solutions comprise a tightly integrated ecosystem that enables simple, rapid, and secure integration into automotive supply chains. Chips and devices can be securely provisioned at the time of manufacture with CryptoManager Provisioning and securely managed through cloud-based services over the entire lifetime of a vehicle. The cloud-based Rambus CryptoManager Device Key Management platform also enables automakers and partners to deliver Feature-as-a-Service (FaaS) by leveraging provisioned cryptographic keys and identities. 

Additional Resources:

– Other blogs around Over-The-Air updates (OTA):
1. Securing connected vehicles with Rambus CryptoManager
2. Securing intelligent transportation systems
3. How not to get pwned @ automotive cyber-security
4. Securing chips for the IoT
5. Mitigating DDoS attacks with secure IoT endpoints
6. The challenge of securing smart homes
7. Hack the planet: Security concerns about the IoT

– White Paper: Navigating the Intersection of Safety and Security 

– Market page: Automotive Solutions 

– Products for Automotive Applications: 

 

Rambus logo