By Paul Karazuba, Senior Director of Product Marketing, Cryptography
Security, as always, was a hot topic at the recent Global Semiconductor Alliance (GSA) Silicon Summit in Santa Clara, CA. As the recognized leader in semiconductor and device security, Rambus played a large part in the summit. As part of our participation, Neeraj Paliwal, VP of Products at Rambus Cryptography, delivered a speech titled “Securing the Infrastructure” during the Smart Connected Industries and Infrastructure portion of the summit.
During the talk, Neeraj explained that for any smart connected device, security must start at the silicon level. Further, it’s not just making sure your chip has some amount of security, but rather that chip and device OEMs need to make sure their chips are designed, manufactured, and deployed in-field with security in mind for the Infrastructure to truly be secure.
Neeraj started with detailing securing silicon at the design phase and that the race for processor speed coupled with the economics of Moore’s Law has led to a situation where modern processors may not meet the security requirements demanded by consumers. The myriad of processor security breaches of late supports this. Rambus advocates a siloed hardware root of trust co-processor approach to chip security. This approach allows the main CPU to do what it does best – run extremely fast and efficiently – while allowing the root of trust to form a trust anchor for secure apps and processes within a system.
However, as Neeraj pointed out, you need to do more than this. In order for a chip to be truly secure, that chip needs to be manufactured with security in mind. To Rambus, this involves the inclusion of robust device provisioning systems into chip manufacturing, regardless of whether that manufacturing is done in captive (trusted) or 3rd party (untrusted) facilities. Automated systems allow each chip to be given a unique and immutable identity that is cryptographically bound to the chip, stored in the root of trust. Without provisioning, it is extremely difficult, if not impossible, to guarantee the identity and provenance of the chip.
Finally, Neeraj spoke of the importance of trusted, in-field cloud services. As he put simply, “If you can’t trust data coming from a device, you can’t trust the device itself.” He explained that by using the information provisioned into the device during manufacturing, the device itself can be authenticated and attested. Having this capability allows the device OEM a whole host of product security features, including functions like secure boot, secure FOTA (firmware over the air updates), and others.
Rambus believes that the most holistic and effective approach to securing our connected devices starts with securing the silicon inside, and building outwards from that trust anchor.