Securing Embedded Processors on RISC-V - LEKULE

Breaking

5 Nov 2018

Securing Embedded Processors on RISC-V

This article explores the equal importance of software and hardware security for IoT devices and provides actionable steps for securing embedded processors on RISC-V.

Technology vendors of all shapes and sizes love to tout the security of their products. But the reality is that today’s technology is overwhelmingly insecure. Headlines detailing the latest attacks and their victims seem to propagate at an ever-increasing rate, and the problem seems to be growing with time.

Even the makers of IoT devices, despite corporate marketing rhetoric, seem anxious about the current state of security. In a recent survey by the Eclipse Foundation, 46% of the IoT developers surveyed said that security was their top concern when designing IoT solutions. Similarly, in a 2014 BI Intelligence survey, 39% of respondents said concerns about privacy and security were the top barriers for companies thinking about investing in IoT. Both of these studies show that technology insecurity is negatively affecting the spread and adoption of IoT.

Top IoT concerns from Eclipse Foundation survey
Figure 1. Top IoT concerns for IoT developers. Graph from a recent Eclipse Foundation survey.

Concerns about privacy and security as top barriers for investing in IoT from Business Insider survey.
Figure 2. Concerns about privacy and security ranked as top barriers to investing. Graph from Business Insider 2014 BI Intelligence Survey.

This concern is only exacerbated by the daily onslaught of cyberattacks in the news—a seemingly never-ending stream of headlines emphasizing the disastrous consequences of the lack of security in our connected devices. From the cyberattack on a Las Vegas casino where attackers were able to successfully gain access to their secure network via the wireless thermometer in a lobby aquarium, to the recall of over 800,000 Abbott pacemakers that were determined to be potentially deadly to their users, to the reality that airplanes can be taken over while in-flight by an attacker on the ground. Attackers have never had more options, and our so-called defenses simply aren’t working.

Why the Lack of IoT Security?

IoT is a hardware-anchored space, yet many IoT hardware design groups will argue that security is the responsibility of software development teams. However, there is one simple explanation why the hardware group must own security: the majority of cyberattacks exploit bugs in software. So, adding more software to protect your hardware clearly cannot be the answer. All complex software has bugs, and only hardware can solve this problem by eliminating the attacker’s ability to exploit software vulnerabilities in the first place.

Securing Embedded Processors on RISC-V

A complete security ecosystem is available to the RISC-V community, and there are a few easy steps that any hardware designer can take to ensure the security of their IoT solution.

Step 1: Create a Threat Model and Include it in Your SoC or ASIC Design Specification

Threat modeling is the process by which product security is optimized via identification and prioritization of assets and vulnerabilities. Threat models define countermeasures to prevent or mitigate threats to the system. They are most often applied to software applications but can be used for hardware systems with equal effectiveness. Security consultants like I/O Active or BishopFox can provide advisory services and security assessments of your design.

Step 2: Implement a Design-for-Security Process in Your SoC or ASIC Design Flow

A vulnerability in hardware is a problem you can’t patch. Such a vulnerability, rooted in a system’s underlying hardware, has the potential to permanently open the door for attackers. It is important to realize that overlooked hardware security vulnerabilities are beyond the reach of reactive software updates. Thus, make sure that you’ve included a design-for-security mindset in your design flow. Done properly, this has the potential to flip the script: a hardware design without vulnerability can enforce all of the necessary security for a given IoT device. Firms like Tortuga Logic can assist with the implementation.

Step 3: Research Security IP Providers and Decide Which Offering(s) Best Meet the Requirements Set Forth in Your Security Threat Model

Roots of trust, encryption, authentication, trusted execution environments, secure boot processes: all of these solutions and more may need to be a part of your end product. Make sure that you have conducted a proper survey of IP solutions relevant to your threat model, and compare their merits and costs versus your needs and resources. There are several vendors within the RISC-V community that offer security IP solutions, including Microsemi, Intrinsix, Silex, Inside Secure, and Rambus.

Step 4: Integrate a Sentry Co-Processor to Act as a Bodyguard for the Host Processor

Sentry co-processors protect against the exploitation of software vulnerabilities. Solutions like Dover’s CoreGuard silicon IP integrate with existing RISC-V processors to monitor every instruction the host processor executes to ensure it complies with a set of security, safety, and privacy rules. If an instruction violates an existing rule, the sentry processor stops it from executing before any damage can be done.

Step 5: Integrate Your Security IP Solutions and Verify with the Rest of Your SoC or ASIC

Implementation is where the rubber hits the road. Work your design magic, but remember that a system lives and dies by its verification efforts. Smart hardware security is only as good as its verification process. Tip: Let your customers understand your verification process—don’t just ask them to trust you, show them that they can trust you.

Security Should Exist in Hardware and Software

Software-only protection of application and operating system code is a thing of the past. Don’t waste any time getting out in front of attackers and vulnerabilities with a powerful, hardware-based IoT processor solution.

No comments: