Synopsys has announced ultra-low power ARC security processors for use in SoCs that need IP blocks which can act as both a main system microcontroller and separate security core.
The DesignWare ARC SEM110 and SEM120D security processor IP uses SecureShield technology, which protects critical processor registers such as the stack and instruction pointer as well as securing bus accesses. They also have a secure memory protection unit that can support up to 16 memory regions, with options for per-region scrambling and encryption. SecureShield can also be used to separate secure and non-secure functions as part of a Trusted Execution Environment (TEE), an isolated area of the processor that offers code and data protection yet can share system resources.
“At the network level, the chip level and the IP level we all need to be focused on security because people are finding new ways to hack,” said Angela Raucher, product line manager, ARC EM processors, Synopsys. “Any SoC designed now needs to be focused on security.”
The cores have a tamper-resistant pipeline with in-line instruction/data encryption and address scrambling, plus data-integrity checks to protect against system attacks and IP theft. There is also a watchdog timer to detect system failures and tampering. Protection against side-channel attacks is provided by uniform instruction timing, and timing/power randomization features that obfuscate the core’s operation. These can be turned on and off as necessary to save energy on non-secure tasks.
Figure 1 ARC SEM processor core IP (Source: Synopsys)
Cryptographic functions are handled in software, rather than dedicated hardware, to save cost. The cores also have a tightly coupled interface for connecting to a true random number generator core, so that the random numbers generated do not cross the general-purpose AHB interface.
The SEM cores use the 32bit ARCv2 instruction set and are optimized for area and power efficiency. The ARC SEM110 processor can be implemented in an SoC as a standalone secure core or as one core handling both secure and non-secure functions. The ARC SEM120D adds DSP features and a unified MUL/MAC, for applications such as sensor processing and voice identification.
The SEM cores also support the instruction-set extension features of the ARC architecture. This means users can define secure hardware extensions and instructions, and protect their use by assigning them to a privilege level that means they are only accessible in secure operating modes.
Raucher said some early IoT device implementations have already been hacked by manipulating privilege levels.
“It is important that privilege levels can only be changed at the chip level,” she said, “and that developers get the privileges right to start with.”
The cores can use real-time trace for debug, but Synopsys cautions against this because it introduces a security vulnerability. Similarly, the use of JTAG isn’t recommended, but if customers choose to implement it, a challenge/response mechanism has been added to improve its security.
“We wanted to give people a level of confidence that they could use it in their development process but not enable it for the world to see,” said Angela Raucher,
Synopsys’ embARC Open Software Platform offers free and open-source software, including security transport protocols. It includes the SecureShield runtime library, which runs in the background and manages the partitioning and isolation of containers within a TEE.
Other support includes a MetaWare development toolkit, ARC nSIM fast instruction-set simulator, and the ARC xCAM cycle-accurate simulation for software optimization and system verification.
The IP can be used in designs that are being prototyped using Synopsys’ HAPS physical prototyping system to enable early software development, hardware/software integration and system validation.
Further information
ARC SecureShield technology
DesignWare security IP
Company info
Synopsys Corporate Headquarters
690 East Middlefield Road
Mountain View, CA 94043
(650) 584-5000
(800) 541-7737
www.synopsys.com
Sign up for more
If this was useful to you, why not make sure you're getting our regular digests of Tech Design Forum's technical content? Register and receive our newsletter free.