Stay Ahead of Threats and Attacks: Protect Data Across SoC Interfaces
December 05, 2022
We’re more connected than ever. Whether you are accessing your thermostat from across the globe or watching furry friends over the pet cam, all that connection—the data transmitting from cloud to car, from phone to bank, from data center to TV—is susceptible to physical attacks and tampering.
And the complexity of securing all that data is growing as more things are designed with digital capabilities, new users are coming online, and new applications are emerging. The sheer number of connected devices, along with the connections per device and users using them, continues to grow.
There has never been greater complexity in electronic design to drive all this connection, giving new potential points of entry for physical attacks and tampering. To keep our interconnected digital life healthy and functioning as it should, data must be secured, even as it travels at record speeds through electronic interfaces under the hood. That’s why the industry is making great strides to design in security early. And evolving privacy laws, regulations, policies, and standards are helping to safeguard data and systems alike.
SoC interfaces, such as DDR, PCIe, CXL, Ethernet, MIPI, USB, UFS, eMMC, HDMI, and DisplayPort, can be points of data and system tampering. Designing in security from the beginning and bringing it to the hardware level is critical.
Here are four tips to secure your interfaces and data that moves across them:
- Follow the standards: Implement complete solutions that are standards compliant and can demonstrate security conformance via certification.
- Secure the control plane: This includes authentication and key management. If keys or registers at any level are compromised, so is the entire system.
- Secure the data plane: Implement integrity and data encryption between endpoints supporting the high-bandwidth interface requirements while keeping the latency as low as possible.
- Forge strong partnerships: The security of your supply chain can help ensure your system security and ease your development. Choose your partners wisely.
Addressing these areas is essential to ensure security in your SoC and protect against data tampering. While at the high level the main security components are the same, every interface is driven by different standards and requirements, and hence the overall solutions involving controllers and PHYs will have different security characteristics. For instance, PCIe and CXL interfaces use comparable security schemes for Integrity and Data Encryption (IDE) to provide data confidentiality, integrity, and replay protection based on AES-GCM cryptography, while memory interfaces to DDR, LPDDR, and UFS, rely on AES-XTS cryptography for data confidentiality. The authentication and key management in the case of PCIe and CXL interfaces are driven by specific standards such as Security Protocol and Data Module (SPDM) and others, while for DDR/LPDDR there are no dedicated standards and the overall approach for this security component will likely be more varied from system to system.
Security today is much more than encryption and decryption. Even after all base-level protocols and standards are met you must ensure integrity at a system level because an SoC is only as secure as its weakest entry point. Using security interface IP can ease your design journey and your mind.
Synopsys Secure Interface IP is available for a wide scope of interfaces used in many advanced applications, including HPC, automotive, mobile, IoT, and more. The overall solutions include controllers integrated with security features and PHYs, offering low-risk solutions for optimal security, latency, performance, and area.
As SoC design gets more complex and connected, your choice in partners is key in helping you adopt security measures more aggressively across all interfaces, including new security initiatives for MIPI, VESA, and UCIe. Vet your partners for a deep bench of experience and industry knowledge based on real-world silicon. Confirm that partners have experts on staff who are actively participating in the top standards working groups. This helps ensure that the secure interface products you purchase, and the SoC designs you create with them, are at the leading edge of technology and compliance.
Dana Neustadter - [email protected]
Dana Neustadter is a product line senior manager for security IP solutions at Synopsys. Dana has over 20 years of diversified experience in the security, IP, semiconductor, and EDA industries. She holds a master’s and a bachelor’s degree in electrical engineering from Technical University Cluj-Napoca.
Michael Posner - [email protected]
Michael (Mick) Posner is the product line senior group director for high-performance computing IP solutions at Synopsys. His expertise ranges from digital front-end to mixed-signal back-end design and FPGA-based prototyping. He holds a bachelor’s degree in electronic and computer engineering from the University of Brighton, England.
Hezi Saar - [email protected]
Hezi Saar is a product line director for mobile, automotive, and consumer IP at Synopsys with more than 20 years of experience in semiconductors and embedded systems. He holds an MBA from Columbia Southern University and a bachelor’s degree in computer science and economics from Tel Aviv University.