Securing ultra-low-power devices
This entry was posted on Wednesday, August 12th, 2015.
Ernest Worthman of Semiconductor Engineering recently noted that future ultra-low-power (ULP) IoT devices require a new paradigm for handling cryptography.
“To optimize the power in a ULP device, cryptography and otherwise, there are two approaches that can be uses; steady-state low-power over time and pulsed operation over time,” he explained. “[However], the main issue surrounding cryptography in ULP devices is the relationship between functionality and power utilization.”
As Worthman points out, traditional cryptographic algorithms are power- and clock-cycle hungry. Essentially, they are the exact opposite of the IoE devices: computationally intensive.
“That is their job – to check everything that can be compromised and that takes power,” he continued. “ULP devices, being computationally constrained, need to make every clock cycle and micro amp count. The two are not mutually compatible.”
According to Worthman, there are a number of approaches to maximizing the limited resources in ULP devices, without foregoing adequate cryptography functionality. For example, the industry could develop smarter decision-making circuitry capable of deciding what needs to run under a cryptographic envelope. Another option would be the coding of lighter weight algorithms and ciphers.
However, as NXP product marketing manager Gordon Cooper told Semiconductor Engineering, the industry cannot simply go to lower power and architecture.
“You have to maintain performance,” he emphasized. “As we go down in process architecture you have that performance for less power, but now you have leakage issues.”
Simon Blake-Wilson, VP of products and marketing at Rambus‘ Cryptography Research Division, points out that leakage often goes along with integration issues. Indeed, at the most advanced nodes, be it security, processor or I/O block with security built in, all need to fit into the surrounding components of a device.
“If you make something that is trivial to integrate with, it will make a huge difference,” said Blake-Wilson. “It’s a good tradeoff of achievable targets, trying to address ease of use for the designers, for the managers of the devices.”
According to Steven Woo, VP of enterprise solutions technology at Rambus, power-related semiconductor security concerns may prompt a general reassessment of how future chips and electronics are designed.
“Security requires power to operate, but the flip side is that power is noisy. When you activate circuits you can monitor that noise,” he told Semiconductor Engineering back in July. “There’s a growing problem with differential power analysis. What it really comes down to is that you’re trying to give confidence for some period of time, so now you have to determine what is a useful lifetime and how long you’re going to guard it.”
As we’ve previously discussed on Rambus Press, physical electronic systems routinely leak information about the internal process of computing. In practical terms, this means attackers can exploit various side-channel techniques to gather data and extract secret cryptographic keys.
As such, the Rambus Cryptography Research division has designed a range of DPA countermeasures that offer a combination of software, hardware and protocol techniques specifically designed to protect tamper-resistant devices from side-channel attacks. These include leak reduction, incorporating randomness, generating amplitude and temporal noise, as well as executing protocol-level countermeasures.
Interested in learning more about how Rambus is helping to secure SoCs, devices and content? You can read more about our DPA countermeasures here, CryptoFireWall Cores here and CryptoManager platform here.