Five Things To Know About Security In Silicon

April 27, 2007
1. Know your risks Find out what risks are realistic for your system and decide upfront what you care about protecting. For example, if you’re putting virtual private network (VPN) acceleration hardware into your communications processor, you ne

1. Know your risks
Find out what risks are realistic for your system and decide upfront what you care about protecting. For example, if you’re putting virtual private network (VPN) acceleration hardware into your communications processor, you need to think about where the crypto keys are stored when they’re at rest. If the keys are sitting on the system disk unencrypted, is it possible for attackers to get their hands on them? This is a realistic risk you should consider protecting against. On the other hand, are you worrying about organized crime funding massive advances in advanced quantum cryptanalysis technology? If so, you need to put down that triple espresso, take a deep breath, and relax. There’s a tiny possibility of quantum crypto doing practical work someday, but we’re a long way from thinking about it as a risk.

2. Don’t underdesign.
Your brand new, cutting-edge, super-fast, streamlined system-on-a-chip (SoC) is going to be in production for at least five years. Unfortunately, that means it’s going to get old. Don’t let the security feature be the first critical organ to fail and put your product out of commission. When you’re deciding what security features to put in your next chip, you must look at what security systems are doing one level up in your food chain today. Your customers are going to look to you to provide those same features in silicon next. If you look at what’s in your competitors’ chips, you’re already looking at history.

3. Don’t overdesign.
Conversely, you still have a gatecount to consider, and cryptography algorithms are notoriously heavy users of gates. It’s the nature of crypto to perform a huge number of mathematical operations very quickly to lock your data for transit from Toledo to Tokyo. Security seems to be a dark art, so there’s a tendency to believe when people tell you they need a certain performance point. Check deeper. Look at the use cases and ask about software support, CPU load, buffer sizes, overhead, network bandwidth, and so on before determining how fast you really need to go in the security core.

4. Think system, not feature.
The most common mistake in security system implementations comes from forgetting to think like the bad guys. This is one area where the security IP vendors have significant value to offer their customers. The bad guys are smart. They don’t bother attacking crypto algorithms head-on. Instead, the bad guys look for ways around the security, cracks in the armor that the system designers didn’t think about or maybe knew about but considered to be someone else’s implementation problem. For example, security systems always rely on a good source of randomness. What’s your system’s source? Is it possible to force it to a known state by a reset or fault condition? If it’s possible, the bad guys will probably do it.

5. Protect those keys.
You and your customers will sleep a lot better at night if you design a secure key storage mechanism into your architecture from the beginning for handling those critical secrets. You and your team are spending time and money to put security into your next silicon products, and the security is only as good as the secrecy of the keys. Think about the lifecycle of your chip. How is it is created and initialized? How does it handle keys throughout their life? Finally, how does it destroy them when they’re no longer needed? Although it seems simple, the security lifecycle is the most important consideration for a successful security system, and it’s one area where it pays to have expert advice.

Sponsored Recommendations

TTI Transportation Resource Center

April 8, 2024
From sensors to vehicle electrification, from design to production, on-board and off-board a TTI Transportation Specialist will help you keep moving into the future. TTI has been...

Cornell Dubilier: Push EV Charging to Higher Productivity and Lower Recharge Times

April 8, 2024
Optimized for high efficiency power inverter/converter level 3 EV charging systems, CDE capacitors offer high capacitance values, low inductance (< 5 nH), high ripple current ...

TTI Hybrid & Electric Vehicles Line Card

April 8, 2024
Components for Infrastructure, Connectivity and On-board Systems TTI stocks the premier electrical components that hybrid and electric vehicle manufacturers and suppliers need...

Bourns: Automotive-Grade Components for the Rough Road Ahead

April 8, 2024
The electronics needed for transportation today is getting increasingly more demanding and sophisticated, requiring not only high quality components but those that interface well...

Comments

To join the conversation, and become an exclusive member of Electronic Design, create an account today!