Steven Woo, VP of solutions marketing and distinguished inventor at Rambus, recently sat down with Anne Fisher of Embedded Systems Engineering to discuss the burgeoning security requirements of a rapidly growing Internet of Things (IoT).
Search Results for: IoT security
Securing silicon with a hardware-based root of trust
Steven Woo, VP of solutions marketing and distinguished inventor at Rambus, recently sat down with Anne Fisher of Embedded Systems Engineering to discuss the burgeoning security requirements of a rapidly growing Internet of Things (IoT).
According to Woo, the semiconductor industry now realizes security is a critical goal that needs to be treated as a first class design parameter.
“Some [companies] choose to do everything in software because it’s relatively easy to deploy and layer on top of existing systems,” Woo told the publication.
“The problem is software-only protection can be hacked, and we’ve seen numerous cases of that in the past year alone. This goes back to the point about treating security as a first-class design parameter—legacy systems often weren’t designed with software security in mind, so the system doesn’t enable software to do the best job possible for securing the system.”
In contrast, says Woo, a silicon-based hardware root of trust provides a range of robust security options.
“From the moment power is applied to [a] system or device, the first thing that comes up is the hardware, and at this point the chip or system can be attacked. Solutions exist that use hardware as a basis for security, but having hardware integrated into the silicon increases the security of [both] the silicon and system,” he explained.
“[Yes], there are tradeoffs to be made, and in some cases people will be willing to live with lower levels of security provided by software-only solutions. But as you begin to interconnect more and more devices, some are inevitably going to want higher levels of security, so providing hardware security and a hardware root of trust is going to be very important going forward.”
As Woo points out, that is precisely why Rambus CryptoManager offers chip manufacturers an integrated hardware-based root of trust.
“On the surface, it provides some very interesting capabilities, but when you dig a little deeper and you look at how devices are used you begin to realize the elements contained within CryptoManager actually offer a very powerful tool kit that allows you do to things beyond what you might [have thought] about initially,” he continued.
“[For example], CryptoManager has a hardware root of trust that provides a secure foundation for connected communication. This core allows you to very securely enable and disable features and functionality in the chip that core sits in, and secures the chip throughout the lifecycle from manufacturing through deployment and end of life.”
Essentially, says Woo, the secure core acts like a vault door, barring access to all unauthorized entrants, save those with the correct combination. Meaning, a semiconductor device is secured throughout its lifecycle, with managed keys effectively locking and unlocking functionality.
“One thing that CryptoManager enables is that as the silicon travels from facility to facility—for example, from fab to wafer cutting to die packaging to testing packaged die to fabrication to integration into a device like a phone—is to ensure that the semiconductor device itself has manufacturer-specific keys put in there that no one else can get to or manufacturer-specific capabilities enabled or disabled,” he explained.
“A great example is managing access to the JTAG port of a chip. During device test, you need access to the JTAG port. The problem with JTAG and other debug ports is that it is almost like having the master keys to the house. [Via debug ports] you can get deep access to many areas of a chip, and once the device is in the field you may not want people to get access to some or all of these areas.”
In addition, manufacturers can choose to activate the debug port only when the device is being debugged. The port can then be de-activated once it leaves the factory.
“[Meaning], once the device leaves, say, the phone manufacturing facility and gets deployed into the field, you can actually enable and disable features in the silicon itself, so that you can now think about new kinds of business models where carriers can enable and disable features on the phone,” Woo added.
“Or you could enable or disable certain kinds of content to be played on that phone so you get this interesting way of looking at new revenue models and usage models—and it all relies on the same CryptoManager platform and toolkit that manages keys to enable and disable functionality.”
Keep reading: Hardware Root of Trust: Everything you need to know »
Semiconductor Engineering goes 1:1 with Steven Woo
Ernest Worthman of Semiconductor Engineering recently interviewed Steven Woo, a VP and distinguished inventor at Rambus. The two discussed the numerous challenges facing the rapidly evolving Internet of Things (IoT), including security and low power sipping requirements. As Woo points out, security and privacy are critical topics, with a significant amount of concern being expressed over potential vulnerabilities in connected cars, homes and appliances.
Semiconductor Engineering goes 1:1 with Steven Woo
Ernest Worthman of Semiconductor Engineering recently interviewed Steven Woo, a VP and distinguished inventor at Rambus. The two discussed the numerous challenges facing the rapidly evolving Internet of Things (IoT), including security and low power sipping requirements.
As Woo points out, security and privacy are critical topics, with a significant amount of concern being expressed over potential vulnerabilities in connected cars, homes and appliances.
“There is concern that, with all the different sensors and connectivity points, each one is a potential vulnerability that has to be able to be individually locked and unlocked to outside access,” he explained.
“There is a general consensus of agreement that security is difficult and it needs to be architected in from the ground up. The infrastructure needs to be able to define and limit access to such I/O ports. Today, many products still haven’t done that.”
Essentially, says Woo, the industry is retrofitting security on top of what currently exists.
“There is concern that there still isn’t a very well thought out security architecture that has been developed as a part of the IoT infrastructure. [Nevertheless], the industry has started to intersect some of the stuff we do with the envisioned infrastructure,” he continued.
“We have done a lot of work in memory, interfaces and security. We are also working on making energy sources more efficient, while at the same time chip power requirements will drop. That is kind of where the chip community is heading.”
According to Woo, Rambus has been active in the area of port security, which he described as one of the “driving forces” behind the development of CryptoManager.
“The number of high-profile break-ins that occurred in 2014 seemed to be much higher than in previous years. And one can definitely see the impact of security, or lack thereof, come to the forefront—2015 will see increased momentum in dealing with security,” he added.
In terms of power limitations, Woo notes that future IoT devices will likely function on a single charge for an extended period of time.
“The [trend] is to push the recharge times out for months, or even years, with some of the more remote or passive sensors. The movement is to have ‘watch battery’ form factors, but there is a lot of concern how that is actually going to happen with these IoT devices spewing out so much data,” he continued.
“There [is] a lot of general concern about how one minimizes power and what is the correct type of operating model for these IoT devices to conserve power. For example, if you have a bunch of data, is it better to send it at a very low data rate, with the idea that is will consume low power, or would it be better to burst it quickly at a high data rate, occasionally, where the device is in the off state most of the time?”
Interested in learning more? The full text of “One-On-One: Steven Woo” can be read on Semiconductor Engineering here.
Building smart cities with intelligent sensors
Rambus CMO Jerome Nadel recently participated in 4YFN’s MWC 2015 panel discussion about the Internet of Things (IoT), smart sensors and the evolution of smart cities.
Additional 4YFN panelists included Cisco CTO John Baekelmans, MLOVE Founder and Curator Harald Neidhardt, Intel Human Computer Interaction Expert Mara Balestrini, D4SC Designer-Founder Priya Prakash and Digitel director Amitai Gindel.
Nadel, who attended his first MWC in 2000, kicked off the panel by describing how the mobile industry has evolved over the years.
“Historically, the definition of mobile was limited to devices such as smartphones and tablets. However, there has been a paradigm industry shift, with connected endpoints acting as the new mobile,” Nadel explained.
“Although new mobile offers almost limitless opportunities for innovation, it does pose a significant challenge on the security side. For IoT to become a reality, we need to make sure vulnerable endpoints are safe from hacks by implementing security at the silicon level to provide a reliable root of trust.”
Once the endpoints are secure, says Nadel, the industry can create near ubiquitous intelligent endpoints based on small, inexpensive and low-powered sensors such as Rambus’ lenless smart sensors (LSS).
As Nadel notes, LSS technology will allow sensors to capture information-rich images using a low-cost phase grating. Although the raw ‘snap’ is indecipherable to the naked human eye, the sensor, which is approximately the size of pinhead, is capable of capturing all of the information in the visual world up to a certain resolution.
“Disruptive innovation is contrarian and we need think beyond the mobile status quo to a brave new future four years from now when ubiquitous intelligent sensors positively redefine human interaction with technology and our surroundings,” Nadel concluded. “Let’s work towards creating adaptable smart cities that empower residents by melding the physical world with the digital realm.”
Interested in learning more about Rambus lensless sensor technology (LSS)? You can check out our article archive here.
Jerome Nadel to talk smart cities @ MWC 2015
On March 3rd, Rambus CMO Jerome Nadel will participate in 4YFN’s MWC 2015 panel discussion about the Internet of Things (IoT), smart sensors and the evolution of smart cities.
Additional 4YFN panelists include Cisco CTO John Baekelmans, MLOVE Founder and Curator Harald Neidhardt, Intel Human Computer Interaction Expert Mara Balestrini and D4SC Designer-Founder Priya Prakash.
It should be noted that a growing number of cities across the globe have already allocated a significant amount of funds to track traffic flow, energy use and pollution. For example, Barcelona smart city sensors monitor everything from noise and humidity to pollution and traffic congestion.
“In addition to being used by the city, the data is made available publicly,” writes Fortune’s Shalene Gupta. “Businesses have tapped into that information to build apps that show public transit arrival times and let gardeners check which plants to water and when.”
Unsurprisingly, the number of smart cities worldwide is set to quadruple over the next 12 years, with local governments and the private sector collaborating to address a multitude of challenges confronting urban centers.
As Nadel recently told Rambus Press, smart cities will be built on the new digital infrastructure enabled by ubiquitous connectivity, smart sensors and hardened security.
“These are the basic foundations of the Internet of Things (IoT) and the elements that enable the chain of ‘capture, secure, move,’ from the sensor through the cloud to the end user. Smart sensors, secure transmission, and performant movement of data, coupled with applications and analytics, is what makes cities smart,” Nadel explained. “That is why 4YFN’s MWC 2015 panel will discuss how to ensure secure feature management and provisioning of sensor end-points in the field, as well as new disruptive sensor technologies that are ultra small, extremely low power and super low cost.”
Interested in learning more about smart cities and the Internet of Things? You can check out our IoT story archive here.
