Secure Interfaces with Low Latency Encryption | Synopsys

Introduction

The tremendous data and bandwidth growth in the era of supercomputing is driving technological advances across markets and is reshaping system-on-chip (SoC) designs supporting new compute architectures, more acceleration, and more storage. As high bandwidth interfaces including DDR, PCIe, CXL, Ethernet, HDMI and DisplayPort are proliferating and evolving from one generation to another, so does the security of the data and the systems involved. With more sensitive and private information collected and moved between devices and the cloud, it is critical to ensure a strong level of protection and alignment with the latest standards and regulations.

Whether protecting data-in-transit or data-at-rest in HPC, mobile, IoT and automotive SoCs, the security implementations need to be optimal, preserving the performance of the interfaces, while reducing the impact on latency and area.

Security is now taking center stage in the semiconductor industry, and all interfaces and data that move across them need to be secured. After all, an SoC is only as secure as its weakest entry point. This article describes some of the key secure interfaces that designers can leverage to protect SoCs in today’s connected world.

SoCs Have Many Interfaces That Require Security

As seen in Figure1, there are many interfaces in an SoC requiring security to protect against reading/modification/reordering/deleting of data, man-in-the-middle and other attacks conducted via malicious actors.

Figure 1: High Level SoC Diagram

For chip-to-chip and device-to-device connectivity, PCIe and CXL have added security such as Integrity and Data Encryption (IDE) which enables data confidentiality, integrity, and replay protection with AES-GCM cryptography. Memory interfaces such as DDR, and LPDDDR, rely on AES-XTS cryptography for data encryption to ensure confidentiality. Ethernet for wired network connectivity which is now expanding to cars relies on Media Access Control Security (MACsec) for confidentiality, integrity, origin authentication, and replay protection. HDMI, DisplayPort and USB Type-C interfaces used for various displays require the latest version of the High-Bandwidth Digital Content Protection (HDCP v2.3) for high level protection of premium audio/video content which in addition to strong cryptography, also requires more stringent security mechanisms including hardware root of trust, hardened execution environment, and runtime integrity checking. Off-chip flash storage like eMMC is leveraging AES-XTS for data confidentiality. In addition, there are new security standards for protocols such as MIPI and UCIe that the industry is defining. 

Typically interface security involves two main components. One component for authentication and key management applies to the control plane and as the name implies it handles functions like authentication, creating and distributing keys, and access control. These functions need to run in a secure environment. The other component addresses the bulk integrity and data encryption between the endpoints. This is related to the data plane, where the solutions are required to support the specific interface bandwidths, but with optimal latency, area, and power.

The sections below describe some of the key interfaces with integrated security features.  

Secure DDR Controllers with Inline Memory Encryption (IME)

Memory and storage security protects storage resources and the data stored on them, both on-premises and in external data centers and the cloud. As the need for higher capacity, faster access, and accelerated processing is increasing, designers are turning to high-performance, low-latency memory encryption solutions to preserve performance while protecting data over the latest generations of DDR, LPDDR, GDDR, and HBM memory interfaces. 

AES-XTS, or sometimes referred to as XTS-AES, is the de-facto cryptographic algorithm for protecting the confidentiality of memory data. It is a standards-based symmetric algorithm defined by NIST SP800-38E and IEEE Std 1619-2018 specifications, that by its nature allows for pipelined architectures that can scale in performance to Terabits per second (Tbps) bandwidth. The Ciphertext stealing (CTS) mode provides support for data units with size that is not divisible by the 16-byte block size of the underlying AES cipher.

The most optimal security solution for memory interfaces is inline and tightly integrated with the associated DDR controller, sitting close to the PHY interface and operating on DRAM bursts. The solution needs to efficiently handle encryption and decryption for all key sizes, manage tweaks and keys, and overlap tasks with the memory controller as much as possible to further reduce the overall latency. 

Synopsys’ Secure DDR/LPDDR Controllers with integrated IME Security (Figure 2) provide data confidentiality with standards-compliant independent cryptographic support for read/write channels, per region encryption/decryption and are highly optimized for area, performance, and latency. The encryption/decryption latency overhead for the Synopsys Secure DDR/LPDDR Controllers is as low as 2 clock cycles.

By integrating Synopsys’ Secure DDR/LPDDR Controllers, SoC designers take advantage of:

  • High performance, low latency secure memory interfaces with efficient support for varied data traffic
  • Independent protection for read and write channels
  • Encryption/decryption based on standards compliant AES-XTS cryptographic algorithm
  • Support for 256-bit and 512-bit AES-XTS key sizes
  • Ultra-low latency (as low as 2 cycles)
  • Per region encryption/decryption
  • One tweak per cycle precomputation
  • Efficient key setup and refresh
  • Key readback protection/zeroization 
  • FIPS 140-3 certification ready
  • Bypass mode

Figure 2: Synopsys Secure DDR5 Controller (DDRC) Block Diagram

Secure PCIe and CXL Controllers with Integrity and Data Encryption (IDE)

IDE provides confidentiality, integrity, and replay protection for Transaction Layer Packets (TLPs) and Flow Control UnITs (FLITs), ensuring that data on the wire is secure from observation, tampering, deletion, insertion, and replay of packets. IDE is based on the AES-GCM cryptographic algorithm as defined by the NIST SP800-30D standard, with 256-bit keys and 96-bit MAC tags.

 The IDE reference standards are:

  • PCI-SIG: PCIe 5.0 & 6.0 IDE ECNs

PCIe 6.0 IDE in addition to higher bandwidth, adds new capabilities such as partial header encryption and FLIT mode support. The recently released TEE Device Interface Security Protocol (TDISP) ECN that defines the architecture requirements for trusted I/O virtualization in a system brings additional requirements for the PCIe controller + IDE solutions, including support for T-bit checks and sideband signal handling, additional packet per packet checks, interrupts, error conditions and others.

  • CXL 2.0 & 3.0: IDE for CXL.cache/mem protocols. CXL.io protocol refers to PCIe 5.0 & 6.0 IDE ECNs.

CXL 3.0 IDE leverages the latest PCIe 6.0 IDE capabilities for the CXL.io protocol and it adds support for more FLIT modes for CXL.cache/.mem protocols among others.

As in the case of secure memory controllers, when looking for PCIe and CXL solutions with security, it is important to consider optimized solutions that offer the highest performance, lowest latency and optimal area, and support the appropriate use cases (root port/end point/switch port, number of lanes, data bus widths, number of IDE streams, number of supported prefixes, etc.). 

With plug-and-play Synopsys PCIe & CXL IDE Security Modules integrated with controllers, designers can take advantage of:

  • Compliance with the latest standards (PCIe 5.0/6.0.1, CXL 2.0/3.0) that continue to go through updates
  • Maximum throughput full-duplex for receiver and transmitter directions
  • High configurability to tune solutions for specific use cases
  • Efficient encryption, decryption, and authentication for TLPs and FLITs, based on the AES-GCM cryptographic algorithm with 256-bit key size
  • Configurable widths for cipher and hash algorithms for area and latency optimized solutions
  • Ultra-low latency (as low as 0 cycles for CXL.cache/mem protocols)
  • Efficient inflight key refresh for seamless changes of keys in the system
  • Low latency in-order bypass mode for non-protected traffic

For more information about PCIe & CXL security components and solutions refer to the Protecting Data over PCIe & CXL in Cloud Computing article.

Subscribe to the Synopsys IP Technical Bulletin

Includes in-depth technical articles, white papers, videos, upcoming webinars, product announcements and more.

Secure HDMI and Display Port Controllers with HDCP 2.3 Content Protection

HDCP is a widely adopted link security specification developed by Intel and licensed by Digital Content Protection LLC (DCP) that is intended to protect digitally copyrighted audio and video content as it travels across connections between source devices including set-top-boxes, or dongles, to sync devices, such as DTVs, or other display devices. The latest HDCP specification revision for HDMI and DisplayPort interfaces is v2.3. In July 2021, an errata was released to change the locality check protocol that requires updates in particular for transmitter-related applications. 

The Synopsys HDCP 2.3 Embedded Security Modules (ESMs) are complete security solutions that provide designers with a robust, standards-compliant implementation of the HDCP content-protection technology on HDMI 2.0/2.1, DisplayPort 1.4/2.0  and USB Type-C interfaces. 

The HDCP ESMs include an authentication engine and a content encryption/decryption engine. The robust security architecture provides hardware Root-of-Trust, secure boot, and runtime tamper protection for the HDCP ESM firmware, DCP key management, and system renewability. 

The HDCP ESMs support encryption and decryption of high-resolution content streams, such as HD and Ultra HD for a broad range of use cases. The product family includes single, 2-port, and 4-port solutions. Each port type can be configured individually, as Receiver (Rx), Transmitter (Tx), DisplayPort 1.4 or 2.0 single/multi-stream (SST/MST), HDMI 2.0 or 2.1. The multi-port ESMs also support repeater use cases. For example, a 2-port ESM can be configured to support 1-to-1 repeater, DisplayPort in to DisplayPort out, HDMI in to HDMI out, or combinations HDMI in to DisplayPort out, DisplayPort in to HDMI out. 

Figure 3: Synopsys HDCP 2.3 Embedded Security Modules Integrated with Controllers

When configured for multi-port use cases, the HDCP ESMs include a single Authentication Engine which services multiple ports in the Content Encryption / Decryption Engine for the most optimal area. The crypto cores are independently instantiated per content port to support the maximum transmission rates of HDMI 2.0, HDMI 2.1, DisplayPort 1.4 and DisplayPort 2.0 interfaces.

Conclusion

The era of supercomputing is undergoing significant changes bringing new applications and capabilities that require continuing technological advances. Security is at the forefront as the exponential growth and communication of sensitive data require high-grade protection mandated by laws, regulations, and evolving standards. 

High bandwidth secure interfaces are proliferating across markets including HPC, data centers, automotive, IoT, and mobile. The interfaces speeds continue to increase for faster data movement from generation to generation. Security solutions need to be highly optimal, supporting the performance of the associated interfaces, but with lowest impact on latency, area, and power. 

Synopsys offers complete standards-compliant Secure Interface Solutions for the most widely used protocols, including DDR/LPDDR, PCIe, CXL, HDMI, DisplayPort, USB Type-C, Ethernet. The solutions address the most challenging demands and enable designers to quickly implement the required security in their SoCs with low risk and fast time to market. In addition, Synopsys is an active member of standards-organizations such as UCIe and MIPI, helping to develop the required security standards to integrate in our controllers. 

In addition to the secure interfaces solutions, Synopsys’ highly configurable security IP portfolio includes hardware secure modules with Root of Trust, Cryptographic Cores, True Random Number Generators and Security Protocol Accelerators for integration into SoCs. Such integrated solutions enable the heart of many security standards, supporting confidentiality, data integrity, user/system authentication, non-repudiation, and positive authorization. Synopsys’ Security IP solutions help prevent a wide range of evolving threats in connected devices such as theft, tampering, side channels attacks, malware, and data breaches.

Continue Reading