How Security for SoC Interfaces Enhances Data Protection

Dana Neustadter, Hezi Saar, Michael Posner

Oct 04, 2022 / 7 min read

Due to today’s connected world, a high volume of valuable data, susceptible to tampering and physical attacks, is processed, stored, and moved between devices, cars, and data centers. And the number of connections continues to grow. Even with supply chain disruptions and the overarching effects of the COVID-19 pandemic on chip manufacturing, the number of global IoT connections grew by 8% in 2021 to 12.2 billion active endpoints, according to IoT Analytics Spring 2022 report. With each connected device comes more data to process, store, connect, and ultimately secure through various interfaces and systems all the way to the cloud.

The required solutions must not only support new innovations in high-speed interfaces, such as PCI Express, CXL, and Ethernet, for acceleration and new compute architectures, but also provide the necessary high-grade security mechanisms without compromising throughput and latencies. By 2025, Statista projects that 79 zettabytes of data will be generated globally per year (for reference, one zettabyte alone can hold 30 billion movies!). This overwhelming amount of data that can be corrupted, replaced, modified, or stolen, contains everything from entertainment, confidential and sensitive consumer information, to operational information that is critical to a business’s success and our general infrastructure. All of this directly correlates to increased threat risk and is pushing the industry to look at security as an integral part of design architecture, not an afterthought. The addition of laws, regulations, and various privacy policies are also driving companies to bring SoC security to the forefront.

Today, we are thrilled to announce that Synopsys is launching the industry’s broadest secure interfaces built specifically for high-performance computing (HPC), mobile, automotive, and IoT systems-on-a-chip (SoCs). The secure interfaces offer pre-verified solutions integrated with controllers for performance, latency, and area, that are standards-compliant for the most widely used protocols. Ultimately, these solutions allow SoC designers to quickly address and implement security with low risk and quick time-to-market.

Read on to learn about the fundamentals of securing interfaces and how Synopsys’ Secure Interfaces will help design teams achieve the highest levels of security for maximum data protection.

SoC Security Interfaces | Synopsys

SoC Design is Critical for Device Security

It is important for design teams to get a comprehensive understanding of their threat environment to accurately protect data, infrastructure, and devices. From cloud API vulnerabilities and account hijacking to ransomware and man-in-the-middle attacks, a preemptive approach to SoC design is critical to ensure security and protect against all kinds of threats. As shown in the figure below, there are many interfaces in the SoC that need to be secured from physical attacks and tampering. Securing interfaces (e.g., DDR, PCIe, CXL, Ethernet, MIPI, USB, UFS, eMMC, HDMI, and DisplayPort) and the data that moves across them starting in the design phase can prevent data from being accessed, deleted, or otherwise manipulated by bad actors.

SoCs have many interfaces that require security.

SoCs have many interfaces that require security.

Securing interfaces at a hardware level and implementing zero-knowledge architecture so that the data is encrypted and can’t be used maliciously even if it’s accessed can make a world of difference.

The Foundation of Secure Interfaces

There are two main components necessary for secure interfaces. The first is the authentication and key management component that is typically tied to the control plane, and the second addresses the bulk integrity and data encryption between two endpoints that is tied to the data plane. The latter component is related to keeping up with bandwidth requirements, ensuring low latency, etc. How and where these are addressed in an SoC depends on the specific interface. For example, PCIe and CXL interfaces have similar security schemes that house the authentication and key management and need to be run in a secure environment, and Integrity and Data Encryption (IDE) for the data plane.

Beyond this, SoC designers need to account for an added level of complexity when making many types of interfaces secure. There are a variety of standard bodies that are constantly changing requirements, even as we write this blog post! These standards need to be added at different levels, meaning that the protocols can be implemented at the system level, within the controller, within the PHY, or within the PHY and controller.

Security is now taking center stage in the semiconductor industry, and all interfaces and data that move across them need to be secure; after all, an SoC is only as secure as its weakest entry point. Even if all the base-level protocols and standards are met, designers need to be sure that the entire system is protected. Security goes beyond encryption and decryption; if important configuration registers or keys are compromised, the security of the entire system is also compromised.

Synopsys Secure Interfaces

The beauty of the Synopsys secure interfaces is that they cover the entire spectrum of interfaces that designers need to consider for a variety of different applications such as HPC, mobile, IoT and automotive. Synopsys’ broad secure interface IP products include silicon-proven Synopsys Controllers for the most widely used protocols integrated with security features, offering low-risk solutions for optimal security, latency, performance, and area.

Synopsys Secure Interfaces | Synopsys

Synopsys Secure Interfaces for the Most Widely Used Protocols

  • Secure PCIe/CXL Interfaces with Integrity and Data Encryption (IDE): These high-bandwidth interconnect interfaces are meant to connect high-speed components used in cloud computing, networking, AI, storage, automotive, and mobile applications. The standards have adopted IDE security starting with PCIe 5.0 and CXL 2.0 at the end of 2020, continuing with the latest generations PCIe 6.0 and CXL 3.0. Synopsys offers silicon-proven IP solutions for PCIe and CXL with high-throughput, low-latency (as low as 0 cycles for CXL), and power efficiency consisting of controllers with IDE security, PHYs, and verification IP.
  • Secure DDR/LPDDR Interfaces with Inline Memory Encryption (IME): Synopsys offers highly efficient secure DDR and LPDDR controllers that have IME to provide data confidentiality with the lowest latency (as low as two cycles) and support for per region encryption/decryption.
  • Secure Ethernet Interfaces with Media Access Control Security (MACsec): MACsec is an IEEE standard protocol that provides security of data between Ethernet-connected devices and is used in switch, router, and interconnect SoCs for cloud computing, 5G, and mobile applications (currently extending to automotive). The standards-compliant full-duplex solution integrates with Synopsys Ethernet MAC & PCS IP, supporting scalable data rates with optimal latency, network prioritization and diversity for a range of secure Ethernet connections.
  • Secure HDMI and DisplayPort Interfaces with High-Definition Content Protection (HDCP v2.3): Our silicon-proven HDMI and DisplayPort Transmitter and Receiver IP solutions provide the necessary logic to implement and verify designs for various consumer electronic applications, such as HDTVs, mobile devices, set-top-boxes, gaming consoles, PCs, infotainment systems, and many more. The premium audio/video content is protected against unauthorized copying, interception, and tampering with standards-compliant single- or multi-port HDCP 2.3 security modules certified to meet strict robustness rules.
  • Secure USB Interface with Encryption and Authentication: USB provides connections between a variety of different devices. Authentication and encryption are implemented on top of the USB standard. The USB controller and PHY IP implement the USB communication “pipe,” and security protocols are implemented at the system level. Synopsys offers a complete USB IP solution for all generations of USB and security IP to augment the security of USB-based systems.
  • Secure Multi-Die System with Die-to-Die Interface Encryption: As multi-die systems become more popular, industry leaders (including Synopsys’ own experts) are collaborating to standardize specific protocols such as UCIe that will allow authenticated and encrypted data to interface between dies. Today, our solution includes die-to-die controller, PHY, and verification IP for UCIe and 112G XSR protocols.
  • Secure MIPI Interfaces with Secured End-to-End Transport: Often used in cameras supporting advanced driver assistance systems (ADAS), MIPI camera and display interfaces need to be very secure for the safety of everyone on the road. The MIPI Automotive SerDes Solutions (MASS) allows for sensor image integrity and confidentiality as well as integrity for read/write debug registers and confidentiality protection for proprietary data. As MIPI standards continue to develop, Synopsys will support the required security in our IP.
  • Secure UFS and eMMC Interfaces with Inline Encryption and Advanced Replay Protected Memory Block (RPMB): In mobile storage, the JEDEC UFS standard is typically used in high-performance devices such as smartphones, laptops, and automotive, while SD/eMMC is used in lighter weight wearable devices. Both standards feature inline encryption and UFS also offers advanced replay protection memory block to protect against cyberattacks. Synopsys offers complete and secured mobile storage IP solutions including controllers and PHYs for UFS and SD/eMMC.

The Demand for Secure Interface Solutions Will Only Grow

Security will continue to be top of mind both for SoC designers and standards bodies. When security was added to the PCIe and CXL standards in 2020, the demand for security IP was very aggressive, specifically for high-performance computing applications. Autonomous vehicles and the electrification of these vehicles introduce security risks that are being addressed by today’s specifications used in cars for networking, ADAS camera/sensor connectivity, and displays.

The security field is dynamic; as technology evolves, so do the threats and ways to attack systems, requiring increasingly reliable, resilient security solutions across the board that will be required around the world (whether it be region-specific or truly global). Additionally, as emerging technologies such as quantum computing become available, they will have the ability to break all the public key infrastructure algorithms that are used today. This means that standards will need to adapt to include quantum-safe algorithms for new standards over the coming 5 to 10 years and beyond.

In conclusion, baking security into SoCs is mandatory and continues to be influenced by the evolution of our connected world, laws, regulations, and standards. Security is being adopted more aggressively across all interfaces, including new initiatives for MIPI, VESA, and UCIe. Synopsys has its own experts who are participating in the top standards working groups to ensure that our entire secure interface products is at the forefront of compliance, making security simple for customers across industries. You can find more information on Synopsys’ secure interface IP products here.

Continue Reading