Topic: Programmable Security For Low-power Industry 4.0 Applications
Programmable Security For Low-power Industry 4.0 Applications
Programmable hardware-based security has become a complete and robust solution for low-power industrial IoT and edge applications.
Security is a major concern in the medical, industrial, automotive, and communications segments. Industries are adopting intelligent networks of machines and processes to optimize processes and flow, built on intelligent connected machines and systems. These systems are susceptible to malicious attacks, unknown software bugs, and remoteness. They can even cause physical security issues and must be protected against unauthorized access or illicit control.
The latest chapter in industrial development, commonly known as the Fourth Industrial Revolution (or Industry 4.0), ushers in a new era of innovation and development, but not without its own set of dangers and challenges. It defines communications and interconnectivity between systems, networks, machines, and humans, including the Internet of Things, weaving together new levels of complexity. While the benefits of connectivity include improved efficiencies, real-time defect identification and rectification, predictive maintenance, and improved collaboration between various functions, it can also significantly increase security vulnerabilities in a smart factory or automated manufacturing site.
Cybersecurity is no longer limited to a specific operation or system, but has spread to every device on the factory floor or in an industrial network. There has been a global increase in security threats to control systems in smart factories, including PLCs, sensors, embedded systems, and industrial IoT devices. Remote management from the cloud also presents risks of physical attacks such as tampering, injection of malicious content, etc.
This article describes how FPGAs can advance the defense-in-depth approach to developing secure applications required by the demands of burgeoning growth in IoT and edge computing, driven by the Fourth Industrial Revolution (Figure 1). Describes the role of security in hardware, design, and data, while allowing applications to be built on the three pillars of security: confidentiality, integrity, and authenticity.
An infallible security system must necessarily offer three basic components:
- Trust: Ensure that your data source is trusted, authorized, and authenticated.
- Tamper Protection: Confirm that your device has not been tampered with in any way.
- Information guarantee: the data in its systems is used, processed and transmitted securely.
Hardware-based Security with FPGA
Employing a single software-based security approach is insufficient to achieve adequate security levels within the current Industry 4.0 landscape due to lack of longevity, programmability, efficient power consumption, form factor, etc. Defense-in-depth security mechanisms must be adopted, hardening hardware with layers of security.
Today, most security frameworks are software implementations with cryptographic libraries compiled to run on general-purpose controllers or processors. These software implementations expose a larger vulnerable space for attacks with numerous potential points of attack, such as operating systems, drivers, software stacks, memories, and programmable keys.
Also, software implementations may not be optimized for performance over power and can cause design challenges. Long-term maintenance of these systems with frequent updates of stacks, libraries, etc., throughout the life of an industrial system can also be burdensome and costly. Primarily, the underlying hardware must integrate security into its fabric to prevent static and dynamic reverse engineering, tampering, and spoofing attacks.
Consequently, programmable hardware-based security has become a complete and robust solution for low-power industrial IoT and edge applications, especially with FPGAs. In addition to improving the security performance of a system, FPGAs also improve the security level of an application. An FPGA must integrate key security components in hardware, design, and data to deliver a truly robust solution, which is discussed in the following sections.
Secure FPGA Hardware
Hardware could be attacked prior to deployment or preprogramming at the manufacturing site or during transit through the supply chain. A secure production system must be built, allowing an FPGA to be encrypted and provisioned in a less-trusted manufacturing environment, control the number of programmed devices, and audit the manufacturing process in a cryptographically controlled manner to prevent clones, rogue, and rogue FPGAs parts.
Secure FPGA Design
Design security relies on a secure hardware platform to provide confidentiality and authenticity to a design while monitoring the environment for physical attacks. A side channel attack (SCA) can pose a serious threat to FPGAs that integrate cryptographic systems by corrupting the bit streams programmed into the device. An SCA attempts to extract secrets from a chip or system by measuring or analyzing various physical parameters, such as supply current, runtime, and electromagnetic emission. The process for programming or “loading” FPGAs must be side-channel resistant, regardless of whether they are nonvolatile FPGAs or SRAMs.
Active monitoring of the device environment is another technique to protect the FPGA design from invasive and semi-invasive attacks. Fluctuations in voltage, temperature, and clock frequency may suggest a tampering attempt. A tamper-resistant FPGA provides customizable responses to counter the attack, including completely wiping the device and rendering it useless to the attacker.
Secure FPGA Data
Ultimately, FPGAs must provide techniques to protect application data in addition to secure hardware and design, comprising a combination of different methodologies. These include the following:
- A true random number generator creates secure protocols that comply with the NIST standard and provide a source of randomness to generate secret keys for cryptographic operations.
- A root key is generated from a physically unclonable function (PUF). PUFs use submicron variations that occur naturally during semiconductor production and give each transistor marginally random electrical properties and unique identity. They are analogous to human fingerprints, no two are alike.
- Secure memory is protected by a secret key.
- A crypto function is capable of performing industry-standard asymmetric, symmetric, and hashtag functions.
Conclusion
Industry 4.0 is a revolution in progress, and its widespread adoption is based on strong end-to-end security solutions. Implementations of software-based cryptographic and security functions are prone to malicious exploits and weaknesses.
In contrast, today’s hardware-based security solutions leverage FPGAs with advanced secure programmable features that are embedded along with layers of security in hardware, design, and data. This offers hardware designed to protect customer intellectual property from theft or overbuilding.
Examples of these data security features include DPA protection to counter SCA, which is generally a proprietary and licensed capability. Also important is a secure PUF-based key management solution and a software-programmable side-channel resistant cryptoprocessor that supports industry-standard asymmetric, symmetric, and hashtag functions.
Hardware-based solutions pave the way for truly flexible and secure systems. Hardware-based security using FPGAs is emerging as the choice for vital security needs, primarily due to the programmability, performance, and significant power advantages it offers. FPGAs that integrate side-channel resistant cryptographic accelerators include anti-tampering/countermeasures to protect customers’ intellectual property and offer reliable supply chain management to build secure systems.
You may also like: AI’s Growing Role In Industrial Manufacturing
