File encryption, file system encryption and full disk encryption (FDE) are methods offered by the industry to allow users to protect their data stored on non-volatile storage devices, such as Solid State Disks (SSD). The main feature of FDE is to protect stored system and user date from unauthorized reading, writing, alteration, moving or rolling back. However, extended security features are key to securing FDE implementation.
In this Frost & Sullivan analysis, the report describes key requirements in the Internet of Things (IoT) security market and presents details of how Rambus addresses these needs through effective, economical and easy-to-deploy IoT security solutions.
Built around a custom RISC-V CPU, the Rambus CryptoManager Root of Trust (CMRT) is at the forefront of a new category of programmable hardware-based security cores. Siloed from the primary processor, it is designed to securely run sensitive code, processes and algorithms. More specifically, the CMRT provides the primary processor with a full suite of security services, such as secure boot and runtime integrity, remote attestation and broad crypto acceleration for symmetric and asymmetric algorithms.
Robust security starts with the design of the SoC and continues with the manufacturing supply chain. Our CryptoManager™ Security Engine is a high-security silicon IP core that is integrated into the SoC of an intelligent device, such as the application processor of a smartphone or a tablet. It includes a hardware root-of-trust, providing the device with a secure endpoint. The Security Engine addresses critical device security needs, including the provisioning and management of cryptographic keys, authorization of debug modes, and programming across manufacturing stages, including wafer test, package test, device assembly, and return authorization.
The CryptoManager Infrastructure is a high performance, secure transaction processing and data reporting system designed to securely manage provisioning, device personalization and high value key management throughout a semiconductor’s life cycle. As a critical part of the manufacturing and communications infrastructure, high availability, performance, and security are emphasized in all components of the CryptoManager Infrastructure. Security throughout the system is provided through the use of Hardware Security Modules (HSMs) in every node of the CryptoManager infrastructure. These FIPS 140-2 level 3 compliant HSMs provide tamper resistant secure storage and a secure computation environment for the necessary cryptographic computation and sensitive operations in the CryptoManager Infrastructure.
Objects, sensors, actuators and controllers that were once designed for stand-alone operation are now increasingly connected by means of intelligent software and networks – forming the basis of the Industrial Internet of Things (IIoT). To be sure, GE defines the IIoT as “a network of a multitude of devices connected by communications technologies that results in systems that can monitor, collect, exchange, analyze, and deliver valuable new insights.”
IIoT infrastructure, as well as the data it generates, must be protected against a wide range of cyber threats. Vulnerable devices can be hijacked and even physically disabled, while unencrypted or unverified data transmissions can be intercepted, leaked or spoofed. A leak or deliberate falsification of sensitive data could cause a halt in factory operations, electrical blackouts or malfunctioning water treatment centers.
Despite the real-world risks, IIoT operators are understandably concerned that implementation of a comprehensive security solution could pose integration challenges and incur additional costs. As such, the most effective security solution is one that does not negatively impact operations, reliability or profitability. Put simply, a practical, simple and secure solution that can be easily and widely adopted by IIoT OEMs and service providers is far more effective than a ‘super solution’ with only limited adoption.
The Rambus CryptoManager IoT Security Service is a turnkey security solution for IIoT OEMs and service providers. As we highlight in our white paper, our one-stop-shop solution provides seamless device-to-cloud secure connectivity, device lifecycle management, and advanced device monitoring capabilities to protect service high-availability and help mitigate a variety of attacks, including distributed denial of service (DDoS).