[Blog] Layering Multi-level Security from Hardware to Software
Posted 06/26/2024 by Lattice Semiconductor
In the ever-evolving landscape of cybersecurity, this year’s Global Cybersecurity Outlook from the World Economic Forum provides crucial insights into the multifaceted challenges facing leaders across the globe. Geopolitical instability, rapidly advancing technologies, and an increasing gap in organizational cyber capabilities reinforce the need to build resilience and enable systemic global collaboration.
As threats like sophisticated ransomware, firmware attacks, and the expanded use of AI and ML continue to rise, there is a surge in new regulations and standards – like Commercial National Security Algorithm (CNSA) Suite by the National Security Agency – to help organizations address critical vulnerabilities and build resilience while remaining accountable for data breaches. However, keeping pace with the evolving regulatory environment is a challenging undertaking for developers with complex design processes and legacy infrastructure. Adopting a multi-layered security approach that spans from hardware to software leveraging Field Programmable Gate Array (FPGA) technology will be key for companies across the Computing, Communications, and Industrial markets to effectively protect systems from sophisticated attacks and stay compliant with new requirements.
Lattice recently announced two new solutions to address customer challenges around increasing threats to system security that offer industry-standard compliant, crypto-agile, customizable, and class-leading Hardware Root of Trust (HRoT) features: the Lattice MachXO5D™-NX family of advanced secure control FPGAs and the latest version of the Lattice Sentry™ solution stack.
These new additions are supported by the 2024.1 releases of Lattice Propel™ and Lattice Radiant™ design software, further strengthening Lattice’s security leadership by offering advanced cryptographic algorithms, hardware root of trust features with integrated flash, and fail-safe remote field updates for reliable and secure product lifecycle management, and customizable, crypto-agile FPGA-based platform firmware resiliency (PFR) solutions.
Reliable and Secure Product Lifecycle with Advanced HRoT features
Based on the Lattice Nexus™ FPGA platform, the new low power MachXO5D-NX FPGAs offer:
- Advanced Cryptographic Agility
- FPGAs are programmable hardware platforms to address the evolving cryptographic regulatory landscape
- Security algorithms specified by the CNSA Suite for bitstream and user data protection, including AES-256, ECDSA-384/521, SHA2-256,384/512, and RSA 3072/4096
- Hardware Root of Trust
- Immutable boot ROM, enabling secure-dual boot with on-chip integrated flash for fail-safe updates
- Unique Device Secret (UDS) protecting device identity
- Side channel attack (SCA) resiliency
- Integrated non-volatile configuration memory and up to 57 Mb of configurable user flash memory (UFM) for user data storage and management
- Fully configurable programming interface (SPI, JTAG) locking control, preventing advanced external attacks
- Reliable and Secure Product Lifecycle
- Secure on-chip multi-boot with bitstream encryption and authentication, enabling reliable remote field updates
- Anti-rollback version protection and revocable root keys, protecting against malicious bitstream attacks and ensuring design integrity
- DICE and Lattice SupplyGuard™ capability for secure product lifecycle and supply chain management
Drive Resiliency with Real-time Protect, Detect, and Recover Capabilities
Lattice Sentry empowers customers to minimize in-system firmware attack vulnerabilities by providing real-time protection, detection, and recovery capabilities.
- Detection: Cryptographically detect corrupted platform firmware and data at power-on and after in-system updates.
- Protection: Protect platform firmware and critical data from corruption and ensure authenticity/integrity of firmware updates.
- Recovery: Restore corrupted firmware and data to its previous value and initiate trusted recovery processes.
Enabling NIST SP 800-193 compliant PFR solution development for Communications, Computing, Industrial, and Automotive applications, the latest Lattice Sentry (v 4.0) solution stack now includes:
- Multiple QSPI/SPI monitoring with I2C peripheral attack protection demonstration
- SPDM and MCTP support for efficient platform management and secure and seamless server operations
- A new design workspace template reference design that enables PFR 4.0 solutions with I3C support, newer crypto algorithms (ECC384/512), and full DC-SCM compatibility
- Expanded plug-and-play design tools and reference designs with workspace template, and policy, provisioning, and manifest generator
Lattice Sentry provides a simplified way for customers to configure and customize a PFR solution that is tailored to the unique intricacies of their security environment. In many instances, a fully functioning system-level PFR solution can be developed by modifying the included RISC-V® C source code.
Fostering a Secure and Resilient Digital Ecosystem
The rapidly evolving cybersecurity landscape necessitates a robust, multi-layered security approach. Lattice’s innovative solutions, including the new Lattice MachXO5D-NX FPGAs and the latest Lattice Sentry solution stack, provide a comprehensive security framework that is not only industry-standard compliant, but also customizable to meet unique security needs from foundational hardware to software.
By offering advanced cryptographic agility, hardware root of trust features, and real-time protection, detection, and recovery capabilities, Lattice continues to empower organizations to stay ahead of threats and ensure system integrity. As we navigate the future of cybersecurity, these advancements will be instrumental in fostering a secure and resilient digital ecosystem.
To learn more about how Lattice FPGAs and solution stacks can help you bolster and maintain cybersecurity, reach out to our team today.