Good Security shouldn’t be at the expense of HW or SW

Blog

It seems like not a day goes by without another article on poor security of IoT and consumer devices. As IoT becomes more pervasive, ever more devices will connect together, and security will make or break not only a product, but whole companies.

How did we get to this point? Is it that people don’t care about security?

Of course people care, it’s just that in many cases implementing security can feel like a choice between two bad options. On one hand, you can use SW based security, which is relatively easy, and does not overly complicate your product. It feels like a good solution, allows people to claim they have security, but I’ll leave it to people more knowledgeable than myself to point out the flaw with this approach.

“To do it right, it [security] has to be done at the hardware level—after that its too late.”

Damon Kachur, Symantec

“Silicon security is better than OS security. Then every operating system that runs on that silicon inherits that security.”

Larry Ellison, Oracle

The issue with SW is that it’s too easy to break, and can be a beast when it comes to performance and power on an embedded device.

So what about HW based security?

The traditional approach to HW based security, while more secure, is not without its problems. Using purpose-built security accelerators in an SoC is definitely more secure than software, but it can significantly complicate both the HW and SW design. Worse still, if a weakness is found, or a standard changes, there is no way to update an algorithm that is in silicon.

So is there a better option?

At the recent RISC-V workshop (riscv.org), SecureRF and Codasip demonstrated a solution based on a standard RISC-V processor core with customized cryptography functions added to the ISA. These instructions were native thanks to the extensible nature of the RISC-V ISA, and could be automatically used by the SW, so while it looked and acted like SW, it was a HW implementation – by defining the correct HW instructions to get the benefit of HW security with the ease of implementation of SW.

A video of the presentation can be found below where our great partners SecureRF discuss the advantages of their Quantum Resistant WalnutDSA and how they went about implementing it in Codasip’s Codix-Bk (RISC-V) processor. You will get all the jucy details in the video, so I’ll just finish this post with my favorite quote from their CTO;

“The Codasip team required only days to implement WalnutDSA, a project that previously would have required as many as three calendar months [while improving performance].”

So there you have it, thanks to the extensible ISA of RISC-V, and the Codix-Bk IP you can get the exact processor you need for your design, better performance, easier design, lower power and lower cost.