RISC-V-based research processor delivers low-power root of trust for edge applications - Embedded.com

RISC-V-based research processor delivers low-power root of trust for edge applications

Researchers have designed an SoC architecture designed to provide security based on the hardware root of trust in an energy-efficient edge system to ensure authorized applications are executed.

Advertisement

The Fourth Industrial Revolution, or Industry 4.0, has sustainability and increased efficiency as its foundational tenets, and their existence is the result of the latest advancements in technology. One such advancement is the emergence of edge computing — computing that happens directly at the point of data collection, or at the “edge” of a network, as opposed to cloud computing, wherein the data is sent to a centralized server and then processed per the requirements.

Edge computing emerged as an answer to the growing demand for bandwidth created by data generated from internet-of-things devices. Moving the computing process to the edge allows service delivery to the end user with minimal latency compared with that of centralized processing, and it can help bring services and solutions to areas that lack sufficient network or grid connectivity. When integrated with other technologies that are characteristic of Industry 4.0, such as the IoT, edge computing can help deliver services and processes much faster and more efficiently.

Developments in SoC technology in tandem with hardware acceleration have enabled specialized processes to be performed remotely with increased efficiency of the SoC as a whole. The latest developments in chip manufacturing technologies have also made possible the realization of devices that consume power in the order of nanowatts. These devices, by the virtue of their very design, are used in applications in which they are most likely to be left unattended, giving potential intruders unsupervised and uninterrupted access to them. And because the computing happens where the data is collected, any breach in security can cause sensitive data to be jeopardized. Hence, developing relevant safety systems for edge computing becomes a critical factor in the industry of tomorrow.

When data collected from various devices connected to a network is sent to the central server for processing, security becomes a question of securing the physical server against breaches. It involves securing the data delivery channel and ensuring that the servers that store and process the data are free from intrusions. Besides the encryption of said data, security is realized by physically securing the data centers throughout their life cycle, i.e., from their construction to their operation.

However, as pointed out earlier, an edge device built based on SoC technology is left vulnerable to direct access by intruders. This necessitates security solutions that are integrated into the manufacturing process of the edge device. The hardware root of trust holds the key to such solutions.

The hardware root of trust has become the foundation for securing operations in edge computing systems and, as the security system, contains keys for cryptographic functions to enable a secure boot process. The secure implementation of the SoC design with a root of trust is aimed at protecting the hardware from malware attacks and can act as a standalone security module within the SoC. There are several types of hardware root of trust: One is silicon-based, which falls under both the fixed-function and programmable categories.


Record SoC architecture1

For a fixed-function root of trust, the security module consists of a state machine designed to perform a specific function, such as data encryption, validation, and key management. This type of security module is commonly used in IoT devices. On the other hand, the programmable root of trust is built around a CPU that performs all tasks as a state machine and can also execute a more complex set of security functions.

Researchers from Arizona State University and MIT Lincoln Laboratory have designed an SoC architecture named Record1 (short for Reconfigurable Edge Computing for Optimum Resource Distribution), a low-power, self-reconfigurable processor with built-in security and trust for identification. The SoC aims to provide security based on the hardware root of trust in an energy-efficient edge system to ensure authorized applications are executed.

While developing the Record SoC, the team analyzed the wide range of attacks possible to gain physical access or proximity to the device. “The Record SoC creates a hardware root of trust with configurable hardware modules that monitor the state of application execution and enforce user-defined security policies,” the researchers note. “The key modules that form the hardware root of trust include a programmable finite state machine (pFSM), hardware-enforced bus access policies, eFused configuration memory, and a RISC-V microcontroller.”

The pFSM supports user-defined transitions between active security policies, while the access control attached to each bus master in the SoC module takes care of the unauthorized bus accesses at the hardware level. The eFused configuration memory enables users to co-design and test different FSMs and access control policies with their specific edge application before making them permanent and deploying them on the edge device. The RISC-V microcontroller helps boot the eFused nonvolatile memory to ensure only trusted code is executed at the bootup during deployment. All of these modules are collectively known as the root of trust unit for the Record SoC design.

The programs loaded onto the SoC must carry a digital signature that ensures only trusted sources can alter the application program. The FSM also ensures that critical security data does not leak into the application code, meaning the FSM allows for the application code to pause execution and cleans up a shared resource after the security code is executed before resuming the execution of the application code. The chip by design can help prevent attackers from successfully executing multiple types of attacks.

As Industry 4.0 develops and penetrates even more aspects of technology, edge devices will only increase in prominence because of their advantages. Focusing on enforcing security at the edge enables the decentralization of security protocols, along with the ability to deploy these protocols in a wide array of applications. This can help decrease the cost of security in general.

Reference

1Ehret et al. “Reconfigurable Hardware Root-of-Trust for Secure Edge Processing.” 2021 IEEE High Performance Extreme Computing Conference (HPEC), pp. 1–7, doi: 10.1109/HPEC49654.2021.9622830.

—Saumitra Jagdale is the founder of Open Cloudware and a contributing writer to AspenCore.

>> This article was originally published on our sister site, EE Times Europe.


Related Contents:

For more Embedded, subscribe to Embedded’s weekly email newsletter.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.