|The NVM Insider, Issue 13|
|Page 2 - Executive Opinion|
|Page 4 - Tech Tidbits|
|Page 5 - Sidense Out and About|
Dear Customers, Partners and Suppliers,
During the past few weeks there has been a lot of confusing information regarding the Kilopass versus Sidense lawsuit. We would like to share our progress by pointing to certain facts that may help you understand the case better. Sidense believes it is winning its dispute with Kilopass, both in the Court and at the USPTO.
We value your business and are looking forward to put these legal issues behind us. If you have any questions, please do not hesitate to contact me.
President and CEO
There isn't a day that goes by where we do not see a report about another mobile phone or other consumer electronics device being successfully hacked for nefarious purposes. The popularity of Apple's iPhone and phones based on Google's Android OS has made these devices an inviting target for credit card thieves, warez purveyors and even corporate spies. Our industry has responded with a layered defense consisting of both hardware and software. But new technology is enabling security schemes to be implemented at the system-on chip (SoC) interconnect level.
At the most base level, security starts when the phone or other electronic device is booted or turned on. One standard booting procedure used in most phones is called a "two stage" boot process. In this boot process, there is a first stage where the device boots by sending boot information from an internal read-only memory (ROM), non-volatile memory (NVM) or one-time programmable (OTP) memory to an internal static RAM (SRAM). This internal RAM is too small to hold all the required boot code, so its job is to cross load a larger set of boot code in a second stage. It is this second stage boot process that starts the device's operating system.
To ensure non-secure code is not loaded into the device during the boot phase, silicon vendors, device vendors and software vendors establish a chain of trust for their various ingredients. This chain of trust is enforced and validated through cryptographic protocols and means such as public key infrastructure (PKI). Because the hardware SoC is the only part of the system that can't be easily modified or reprogrammed, it is the root of trust for the system's cryptographic infrastructure, with individual device keys being stored in OTP or other memory. In the case of mobile phones, device-specific identifiers such as the International Mobile Equipment Identity (IMEI) can be stored in this memory.
At the user level, device and OS vendors respond to security threats by providing updates to operating system and anti-virus software. These updates are made available once a threat to the device has been diagnosed and fixes have been made in the software to stop it. In addition to being reactive, another drawback of this approach is that the software becomes increasingly complex as it is modified to address increasing numbers of threats.
New interconnect IP technology now allows another layer of security to be implemented in hardware at the SoC interconnect level, protecting all traffic on the chip whenever it is running. The core of this technology is based on the concept of a firewall. A firewall permits or denies transmission of on-chip traffic based on a set of rules. In the case of a network on chip interconnect, communications packets traveling from initiators (like CPUs) to targets (like memory) are checked against a set of rules to determine if they should be allowed to pass or marked invalid.
Firewalls are cascaded within the interconnect, allowing the SoC designer to architect a security scheme that will allow some use models but will invalidate others. For example, an interconnect-based security scheme could stop a non-secure Java application from accessing secure communication of credit card information from a trusted RAM.
This is a very simple example. Real-world implementations take into account the phone's existing use case and data traffic profiles before allowing suspect data to pass. Furthermore, if desired, trusted software can be permitted to program these firewalls during runtime to adapt to new restricted or permissible use cases.
Hardware security implemented within an SoC's network-on-chip interconnect allows designers to add another layer of protection that can be made to be nearly impossible to hack or work around. What can be done with this technology is limited only by the imagination of the SoC architect and the schedule time allotted to design the SoC.
Kurt Shuler Bio
Kurt Shuler is the marketing director at Arteris.
He has held senior roles at Intel, Texas Instruments, ARC International and two startups, Virtio and Tenison. Before working in high technology, Kurt flew as an air commando in the U.S. Air Force Special Operations Forces.
Kurt earned a B.S. in Aeronautical Engineering from the U.S. Air Force Academy and an MBA from the MIT Sloan School of Management.