Synopsys Secure PCIe 6.0 and 5.0 Controllers with integrated Integrity and Data Encryption (IDE) Modules help designers protect data transfer in their SoCs against tampering and physical attacks. The standards-compliant IDE Security Modules are designed and validated with Synopsys Controllers to accelerate SoC integration, offering confidentiality, integrity, and replay protection. The IDE Security Modules for PCIe offer seamless integration with the Synopsys Controllers, support scalable data bus widths and lanes configurations, multiple streams, and are optimized for area, performance and latency. Synopsys PCIe Controllers with IDE enable designers to build full TDISP support in their hyperscale SoCs and mitigate against data and system attacks to address the challenges of the modern virtualized cloud security landscape.
Synopsys Secure CXL 3.0 and 2.0 Controllers, integrated with configurable, standards-compliant Integrity and Data Encryption (IDE) Security Modules for CXL, help designers protect data transfer in their SoCs against tampering and physical attacks. The IDE Security Modules provide confidentiality, integrity, and replay protection for FLITs in the case of CXL.cache and CXL.mem protocols for containment and skid modes, and for Transaction Layer Packets (TLP)/FLITs in the case of CXL.io. They match the data interfaces bus widths and lanes configurations of the controllers and are optimized for area, performance and latency (as low as zero cycles for CXL .cache/.mem skid mode).
Synopsys Secure DDR and LPDDR Controllers with integrated Inline and Memory Encryption (IME) Security Module, support data confidentiality with standards-compliant independent cryptographic support for read/write channels, per region encryption/decryption and are highly optimized for area, performance and latency. The encryption/decryption latency overhead for the Synopsys secure memory controllers is as low as 2 clock cycles.
Synopsys secure HDMI and DisplayPort Controllers integrated with highly efficient High-Definition Content Protection (HDCP) 2.3 Embedded Security Modules (ESM) are designed to protect premium audio-visual content against unauthorized copying, interception, and tampering while meeting stringent security specification requirements. The certified ESMs pre-integrated with Synopsys controllers, enforce the protection of sensitive information to ensure that it is stored, processed, and accessed only by authorized applications. The ESMs are compact, energy efficient, and can be configured to accommodate different high-resolution, uncompressed content streams, such as HD and Ultra HD, as well as can support 1, 2, or 4 ports and multiple protocols.
To protect against data attacks, UFS and eMMC standards include complete security features such as inline encryption (IE) and advanced replay protection memory block (RPMB). To meet the demand for encryption of data stored on the smartphone’s local storage, Synopsys supports inline encryption/decryption in UFS and eMMC IP solutions. In addition to inline encryption/decryption, Synopsys’ UFS Controller supports RPMB, which protects memory blocks through authentication to prevent replay attacks. The highly efficient AES-XTS encryption/decryption with 128 and 256-bit keys ensure transparency. The internally stored keys are writeable only through secure transfers and cannot be read by software for maximum security.
USB authentication and encryption are implemented at the system level. Authentication requires a combination of trusted domains for executing secure software, secure storage for keys and certificates, and security accelerators for user-friendly response time. With authentication, the host can authenticate a trusted peripheral such as a keyboard, mass storage device, power supply, allowing pipe setup, providing certain power levels and voltages, enabling security options, and more. Synopsys offers a complete USB IP solution for all generations of USB and users can leverage Synopsys security IP for encryption/decryption and authentication.
Synopsys MACsec Security Modules secure ethernet traffic against denial-of-service (DoS) attacks, eavesdropping, and man-in-the-middle attacks by supporting confidentiality, integrity, origin authentication, and replay protection in switch, router, and bridge SoCs for cloud computing, 5G, mobile and automotive applications. The standards-compliant full-duplex solutions integrate seamlessly with Synopsys Ethernet MAC & PCS IP, supporting scalable data rates with optimal latency, network prioritization, and diversity for a range of secure Ethernet connections.
The MIPI Alliance is applying several security components to the MIPI Automotive SerDes Solutions (MASS) including image, control, and debug data protection. Image data protection allows sensor image integrity and confidentiality. Control data protection allows integrity and confidentiality for all sensors. Debug data protection allows integrity for read/write debug registers and confidentiality protection for proprietary data. As an active member of the MIPI camera and display working groups and as a member of the Board of Directors, Synopsys is closely monitoring the development of the MIPI security specification and will support all required features.
Security requirements for die-to-die connectivity and multi-die system authentication are challenges that multi-die system designers must overcome. The data traveling from a single die to multiple dies integrated in a single package must be protected. The industry is collaborating to define the security standard for protocols such as UCIe. The goal is to only allow encrypted data to interface between dies and for the main core to authenticate the system as well as the generation and exchange of security keys. Synopsys, along with other semiconductor industry leaders, is helping to define and develop a standards-compliant security protocol for multi-die systems.