Synopsys launches ARC core to protect against IoT attacks

Synopsys has developed a variant of its ARC processor core that can hide its activity to protect from side channel attacks, writes EETimes Europe Power Management.

Many chips in the Internet of things (IoT) are vulnerable to techniques such as differential power analysis (DPA) that analyses the power consumption and electromagnetic emissions to determine the instructions and data being handled, especially during encryption operations such as AES or RSA. Many chip makers are now addressing the challenge of security in IoT applications.

• Infineon teams with Mocana for network security...
• Maxim launches reference design for IoT node security...
• Two factor security IP designed into IoT microcontrollers...
• Cybersecurity researchers design a chip that checks itself...
• Industry approaches peak IoT

“We make it hard to pick out an RSA or AES operation vs something else by adding blank instructions – it’s not something that you would see in the development tool,” said Angela Raucher, product line manager for the ARC EM processors. “There is an impact to performance but the benefit is you can use it only when you are doing sensitive operations. Timing and power randomization are similarly turned on and off, inserting random signals to throw off any analysis.”

“Looking at DPA simulations you see the power profile and then the simulation data can tell you how to modify it to be random – you can add instructions randomly and that will also change the power – there’s also a way to look across the chip through simulation and use the two pass compile -in MetaWare to minimize code density.”

“The key thing is that it will vary at the system level depending on when you are doing crypto instructions only on updates or all the time – the penalty will vary a lot but running a normal IoT edge node you will see a 10-15% impact,” she said.

The SEM110 processor IP (left) can be used as either a security core within a system-on-chip design with Trusted Execution Environment (TEE) support or as a standalone security processor. A SecureShield Runtime Library manages the partitioning and isolation of containers within a TEE to ensure data is stored and processed in a safe environment. The SEM120D adds DSP functionality for applications such as sensor processing and voice identification in health care and IoT devices.

“Some customer want to have a trusted application environment with multiple execution units and that capability enables a low cost, lower power solution in applications that can’t afford the penalty of a second processor with the memory. But we also have customers that are doing security all the time perhaps sin a gateways as the main processor is already tasked with other activities – its about the processing horsepower they need overall.”

First silicon from customers will be available in early 2017.

www.synopsys.com