DesignWare Technical Bulletin

Cryptographic Functions

Cryptographic functions are critical to securing data at rest and in motion for connected devices. Popular standards for encryption and hashing, such as AES and SHA-2 are computationally intensive, creating a challenge for designers targeting IoT edge devices. There are three main options for implementing cryptographic functions and each has tradeoffs that should be considered when architecting an IoT system.

• Use software algorithms running on the main system processor. This offers the smallest area and most flexibility because it does not require dedicated hardware and enables modifications to the algorithms and standards supported. The downsides of this approach include reduction in data throughput, increased latencies and increased energy consumption to perform these operations.
• Use dedicated hardware for the cryptographic functions. This option will substantially improve performance but comes at a significant cost in area and reduction in flexibility.
• Use processor hardware extensions to accelerate cryptographic functions, which is available in Synopsys’ DesignWare® ARC® CryptoPack option for ARC EM processors or through customer defined instructions that can be integrated using ARC APEX technology. This option maintains the flexibility of changing algorithms, while delivering significant performance improvement (up to 7X or more with the ARC CryptoPack option). At 5-10% increase in processor gate count for algorithms such as AES and SHA, it is still an order of magnitude smaller in area than a full hardware approach. While this approach does not deliver the maximum throughput, it is sufficient for many applications in the IoT market.

It is important to note that it is not required to use only one implementation in a system. A combination of one or more of the options can be used seamlessly on an ARC EM processor-based platform. As an example, using a dedicated AES engine with ARC CryptoPack acceleration for SHA-2 and proprietary Elliptic Curve Cryptography (ECC) software algorithms may be the most optimized solution for the IoT device.

Using the SHA-256 algorithm as an example, Figure 1 represents the performance and size trade-offs of the three options discussed in this section.

Implementing Platform Security

Beyond using cryptography functions to secure data transmitted and stored in IoT edge devices, there are other requirements to protect the device or platform itself. The protection ranges from detecting physical tampering and enabling countermeasures to sandboxing non-trusted applications to protect software from malware. Platform security typically starts with hardware and software Roots of Trust components that are inherently trusted. Building on that trusted starting point, a processor can securely boot and then load and verify application software before starting to execute it.

One way to create a Root of Trust is to add a dedicated security processor with complete separation of memory to perform these functions. However, this is not always feasible due to SoC area and power constraints. This method also requires a form of communication between processors that ensures security such as an additional shared isolated memory or a dedicated interface between CPUs.

Another option is to create a trusted execution environment on a single, ultra-low power core. This option reduces system cost and energy consumption by sharing the same processor and memory for performing both security functions and other system tasks. This option requires that the processor support multiple privilege levels of access control, a bus state signal denoting whether the processor is in a secure mode, and a memory protection unit that can allocate and protect memory regions based on the privilege level. An example of a trusted execution environment on an ultra-low power core is Synopsys SecureShield™ technology for ARC processors.

Although protecting the platform from attacks that can take down the IoT edge device and network is very important, there is also concern about protecting proprietary software from IP theft. It is important to consider these factors when choosing a processor solution for the SoC. Synopsys’ Enhanced Security Package for ARC EM processors with integrated SecureShield technology also incorporates tamper detection features and provides ability to encrypt and decrypt instructions in a way that they are never accessible to a potential IP thief. Additionally, the secure MPU that is part of SecureShield technology is enhanced with a per region memory encryption feature. Figure 2 provides examples of how the ARC EM processor with Enhanced Security Package protects against attacks and IP theft. Since the ARC EM processor is ideally suited for IoT edge applications, the security functionality can be added with less than 10% additional gate count and minimal impact to energy consumption.

Conclusion

When creating a chip for IoT applications, designers and architects must address the growing security requirements with minimal impact on area and power consumption. It is important to select a processor solution that can scale with evolving requirements and address common security concerns.

The ARC EM family of processors offers scalability and options that can future-proof devices for IoT markets and help create a secure, tamper-resistant environment with an ultra-low power core.