Download Brochure
Contact Us
Contact Us
Contact Us
Contact Sales
  • Company
  • About Us
  • Investor Relations
  • Community
  • Newsroom
  • Resources
  • Careers & Culture
Contact Us
All Synopsys
+ Silicon Design & Verification + Silicon IP + Software Integrity + About Us
Support
SolvNetPlus Software Integrity Customer Community
Global Sites
日本語 简体中文 繁體中文 Русский

Balancing Security Requirements with Power and Area Constraints for IoT Edge Devices

By Angela Raucher, Product Line Manager, ARC EM Processors

Today’s Internet of Things (IoT) edge devices require the ability to protect data being transmitted and stored throughout the network as well as prevent the connected device and network from evolving threats. Designers must now determine how to implement the required security functions into the system-on-chip (SoC) without comprising the power and size constraints of the overall design. This article discusses how designers can incorporate common security functions required in IoT edge devices while reducing area and energy consumption. It will also provide techniques that prevent system tampering and IP theft.

Cryptographic Functions

Cryptographic functions are critical to securing data at rest and in motion for connected devices. Popular standards for encryption and hashing, such as AES and SHA-2 are computationally intensive, creating a challenge for designers targeting IoT edge devices. There are three main options for implementing cryptographic functions and each has tradeoffs that should be considered when architecting an IoT system.

  • Use software algorithms running on the main system processor. This offers the smallest area and most flexibility because it does not require dedicated hardware and enables modifications to the algorithms and standards supported. The downsides of this approach include reduction in data throughput, increased latencies and increased energy consumption to perform these operations.
  • Use dedicated hardware for the cryptographic functions. This option will substantially improve performance but comes at a significant cost in area and reduction in flexibility.
  • Use processor hardware extensions to accelerate cryptographic functions, which is available in Synopsys’ DesignWare® ARC® CryptoPack option for ARC EM processors or through customer defined instructions that can be integrated using ARC APEX technology. This option maintains the flexibility of changing algorithms, while delivering significant performance improvement (up to 7X or more with the ARC CryptoPack option). At 5-10% increase in processor gate count for algorithms such as AES and SHA, it is still an order of magnitude smaller in area than a full hardware approach. While this approach does not deliver the maximum throughput, it is sufficient for many applications in the IoT market.

It is important to note that it is not required to use only one implementation in a system. A combination of one or more of the options can be used seamlessly on an ARC EM processor-based platform. As an example, using a dedicated AES engine with ARC CryptoPack acceleration for SHA-2 and proprietary Elliptic Curve Cryptography (ECC) software algorithms may be the most optimized solution for the IoT device.

Using the SHA-256 algorithm as an example, Figure 1 represents the performance and size trade-offs of the three options discussed in this section.

Figure 1: Relative performance for a common hash algorithm based on different implementation options  

Implementing Platform Security

Beyond using cryptography functions to secure data transmitted and stored in IoT edge devices, there are other requirements to protect the device or platform itself. The protection ranges from detecting physical tampering and enabling countermeasures to sandboxing non-trusted applications to protect software from malware. Platform security typically starts with hardware and software Roots of Trust components that are inherently trusted. Building on that trusted starting point, a processor can securely boot and then load and verify application software before starting to execute it.

One way to create a Root of Trust is to add a dedicated security processor with complete separation of memory to perform these functions. However, this is not always feasible due to SoC area and power constraints. This method also requires a form of communication between processors that ensures security such as an additional shared isolated memory or a dedicated interface between CPUs.

Another option is to create a trusted execution environment on a single, ultra-low power core. This option reduces system cost and energy consumption by sharing the same processor and memory for performing both security functions and other system tasks. This option requires that the processor support multiple privilege levels of access control, a bus state signal denoting whether the processor is in a secure mode, and a memory protection unit that can allocate and protect memory regions based on the privilege level. An example of a trusted execution environment on an ultra-low power core is Synopsys SecureShield™ technology for ARC processors.

Although protecting the platform from attacks that can take down the IoT edge device and network is very important, there is also concern about protecting proprietary software from IP theft. It is important to consider these factors when choosing a processor solution for the SoC. Synopsys’ Enhanced Security Package for ARC EM processors with integrated SecureShield technology also incorporates tamper detection features and provides ability to encrypt and decrypt instructions in a way that they are never accessible to a potential IP thief. Additionally, the secure MPU that is part of SecureShield technology is enhanced with a per region memory encryption feature. Figure 2 provides examples of how the ARC EM processor with Enhanced Security Package protects against attacks and IP theft. Since the ARC EM processor is ideally suited for IoT edge applications, the security functionality can be added with less than 10% additional gate count and minimal impact to energy consumption.

Figure 2: Potential attacks on an IoT processor and prevention methods 

Conclusion

When creating a chip for IoT applications, designers and architects must address the growing security requirements with minimal impact on area and power consumption. It is important to select a processor solution that can scale with evolving requirements and address common security concerns.

The ARC EM family of processors offers scalability and options that can future-proof devices for IoT markets and help create a secure, tamper-resistant environment with an ultra-low power core.


Contact Us
Analog IP Selector Foundation IP Selector NVM IP Selector

Synopsys & TSMC Drive Chip Innovation with Broadest IP Portfolio on TSMC N4P Process

Accelerate Multi-Die Designs with Industry’s First Complete HBM3 IP and Verification Solutions

New ARC DSP IP Solutions for Low Power Embedded SoCs

PCIe 6.0 From IP to Interconnect in High-Performance Computing

Defending the Cloud: PCIe and CXL Data Security for High-Performance Computing

Role of MIPI IP in New Automotive SoC Architectures

Intel Innovation: October 27-28

ARC Processor Summit 2021

Semi Engineering: 1.6 Tb/s Ethernet Challenges

Synopsys & Samtec PCIe 6.0 Interoperability

Moving Natural Language Processing (NLP) to the Edge with ARC VPX Processor IP

Co-Packaged Optics and the Evolution of Switch/Optical Interconnects in Data Centers

Infineon & Synopsys: Meet Requirements for Safety-Critical Automotive Designs

Scaling Processor Performance and Safety to Meet Requirements for Next-Generation Safety-Critical Automotive Designs

Achronix Achieves First-Pass Silicon Success for High-Performance Computing FPGAs

Arbe Achieves First Silicon Success for 4D Imaging Radar SoC with DesignWare IP

Kyocera Achieves First-Silicon Success with ARC EV Processors

Implementing New Zonal Architecture in Advanced Automotive SOCs with IP

SemiEngineering: Protecting Automotive SoCs Starts With Secure IP

SemiEngineering: New Power, Performance Options At The Edge

Latest IP Info on ADAS, Sensor Fusion, High-Performance Computing SoCs & more

More IP Resources