Lattice Blog

Share:

[Blog] The Role of FPGAs in the Evolving Cybersecurity Landscape

[Blog] The Role of FPGAs in the Evolving Cybersecurity Landscape
Posted 07/16/2024 by Lattice Semiconductor

Posted in

The cyberthreat landscape is reaching unprecedented levels, underscoring the need for resilient security strategies across all sectors. Forbes has reported a shocking 72% increase in data breaches year-over-year since 2021. With the average data breach inflicting a staggering $4.45 million loss on an organization, it’s clear that cyber resilience is not just important but essential for the survival and health of any enterprise in today’s digital age.

However, building that resiliency is no easy task. The cybersecurity landscape is rapidly evolving from the impact of more advanced threats, shifting technology needs, and new industry regulations. This makes it challenging for system developers and security professionals to implement effective strategies that safeguard their organizations from malicious attacks.

In the latest Lattice Security Seminar, Lattice security experts sat down with partners from Secure-IC to discuss the evolving cybersecurity landscape and the role of Field Programmable Gate Array (FPGA) technology in building cyber resiliency.

[Blog] The Role of FPGAs in the Evolving Cybersecurity Landscape - Discussion

The Demand for Stronger Security Solutions

In an era defined by heightened cyberthreats, the necessity of cybersecurity strategies has never been more important. FPGA-based systems provide multifaceted support among connected devices for trusted data processing and enabling quantum-resistant security, making them an essential component of modern cybersecurity strategies. Leveraging FPGAs will remain critical to combating current cyber threats and navigating evolving conditions and regulations in the future.

Securing Connected Devices

Ensuring device security has become essential amid the distributed computing growth of interconnected systems powered by artificial intelligence (AI). Security is now imperative for every connected device, particularly when delivering value-added capabilities such as location-based services and mobile finance features via the telecommunications industry.

Lattice FPGAs, with their reconfigurable nature, offer robust security from power-on to product end of life. This is accomplished using strong purpose-built Hardware Root of Trust (HRoT) technology that enables systems to implement Zero Trust Architecture. Zero Trust, a shift from traditional security models, assumes no user or device is trustworthy, requiring continuous vigilance and authentication. This approach enhances threat prevention, detection, and response, safeguarding data regardless of its location. HRoT functionality in FPGAs provides secure boot with tamper-resistant security, making them ideal for diverse industries seeking security solutions. Lattice MachXO3D™, Lattice MachXO5D™-NX, and Lattice Mach™-NX exemplify this, offering a strong HRoT foundation with secure, immutable unique IDs for self-authentication, fast secure boot times, and a full suite of verified security services native to the devices. This ensures system integrity and mitigates unauthorized access risks. Also, with their dual-boot integrated lockable flash capability, they are resilient to “Denial-of-Service” attacks, ensuring a continuous trust foundation is always present in the system. These FPGAs, like all Lattice FPGAs, are also compact and power efficient, making them suitable for various system designs.

FPGAs enhance security by verifying user and device identities prior to data exchanges. They can also protect firmware at rest and in motion through Platform Firmware Resilience (PFR). This feature allows organizations to combat real-time attacks by monitoring firmware for malware or denial of service attacks. If malware is detected, the FPGA works to stop the malware and seamlessly restore the firmware to a known trusted state. This helps minimize in-system firmware attack vulnerabilities by providing real-time, dynamic protection, detection, and recovery capabilities. Lattice FPGAs using the Lattice Sentry™ solution stack can also employ PFR mechanisms to ensure the integrity and authenticity of firmware throughout the system's operation. This makes it very easy for customers to quickly develop cyber resilience for their system using Lattice HRoT devices and Lattice Sentry.

Data Provenance

Establishing data provenance is key to enhancing trust and fidelity in AI/ML and digital twin models. However, most of today’s AI/ML and digital twin models lack effective data provenance. In fact, very few have the necessary requirements, enforcement procedures, or generally approved standards to follow. This leaves today’s technologies open to data poisoning, malicious training, and data drift susceptibilities.

Developers can increase the trust and reliability in these technologies by adopting standardized practices like signing and authenticating data, leveraging immutable data options, and implementing robust compliance frameworks. These steps help make outcomes more predictable, especially when dealing with safety and security issues. Embedding FPGAs within data processing streams enables organizations to achieve superior speed, adaptability, and security. This integration creates a platform for developing trustworthy and dependable AI-based solutions with unbroken trusted data provenance.

Lattice FPGAs also facilitate safe and secure data management, enabling secure identification and tracking throughout the AI system development lifecycle. Organizations can strengthen data security by leveraging FPGAs’ built-in security features, including encryption and authentication mechanisms, to safeguard and securely tag data during processing.

Because of their high customizability, FPGAs can be programmed or reprogrammed over time to execute specific tasks. This flexibility optimizes data processing pipelines, ensuring efficient capture and management of provenance information. Additionally, it enables organizations to tailor provenance mechanisms to their unique environments and requirements, thereby enhancing the accuracy and relevance of provenance records.

Post-Quantum Cryptography

Another emerging trend within cybersecurity is the rising importance of shifting to post-quantum cryptography (PQC) for building resilience against future quantum computing attacks. Expected to be online by 2030, quantum computers will be capable of breaking the public key infrastructure (PKI) algorithms that most modern security controls rely on today. However, even though quantum technology is still on the horizon, organizations can still be susceptible to ‘steal now, decrypt later’ attacks where threat actors harvest confidential data for when quantum technology is eventually available. This strategy puts sensitive information stored in cloud environments at significant short and long-term risk, further intensifying the need for PQC migration.

Although quantum computers are not expected to be online until 2030, quantum computing technology will pose a significant threat to asymmetric cryptography (aka public key cryptography) that most systems operate on today. As technology improves, asymmetric cryptography will soon become increasingly vulnerable to quantum attacks, further intensifying the need for PQC migration. Regulators are taking note of this threat and coming up with stringent requirements for making firmware and systems resilient to quantum attacks.

Lattice FPGAs are ideal for expediting the implementation of future PQC algorithms due to their “crypto-agile” capabilities, which are driven by innate flexibility and reprogrammability. FPGA-powered systems, with their innovative crypto agility capability, can be updated securely in the field, which will be especially critical when the National Institute of Standards and Technology’s (NIST) new PQC algorithms are rolled out in the coming years.

These trends display a growing emphasis for developers to prioritize proactive security measures and leverage FPGA-based architectures to more easily transition into the mandated PQC algorithms.

Navigating Evolving Security Regulations

As security threats evolve, so do the regulations that are implemented to defend against them. Various regulatory guidelines have been, or soon will be, introduced to help ensure cyber resiliency and security. These regulations include the upcoming Commercial National Security Algorithm Suite 2.0 (CNSA 2.0), the European Union Cyber Resiliency Act (CRA), and the European Union Digital Operational Resilience Act (DORA). Organizations must be positioned to align with these evolving regulations to meet compliance.

CNSA 2.0

CSNA 2.0, slated to be released by the National Security Agency, will require all national security system owners, operators, and vendors to transition to PQC algorithms for all new software by 2025. All currently deployed software must be transitioned by 2030.

Developers can leverage FPGAs to make these updates, ensuring software already deployed in the field can adhere to the mandatory changes within the regulation’s deadline.

CRA

The EU CRA introduced cybersecurity mandates for manufacturers. These mandates emphasize secure product development lifecycles, reduced cyberattack vulnerability, and fast incident reporting.

The regulations aim to ensure that organizations introducing products into the European market emphasize security throughout the product’s entire lifecycle and take real responsibility in addressing any security vulnerabilities.

FPGAs’ ability to facilitate over-the-air firmware updates is a strategic way for developers to comply with the CRA’s emphasis on secure development lifecycles. With FPGAs, security updates can be implemented without requiring new tape-outs and device switch-outs, giving systems lifetime longevity.

DORA

DORA, which is expected to come into effect in January 2025, focuses on the cyber resiliency of major infrastructure providers in industries including energy, finance, transportation, and waste management. This act requires these sectors to identify and report cyber threats, organize risk management plans, and conduct scheduled incident response tests.

FPGAs’ PFR feature enables constant attack monitoring, allowing organizations to comply with DORA and ensure that critical infrastructure remains secure.

FPGAs and the Future of Cybersecurity

As the regulatory landscape evolves, FPGA-based solutions will be in high demand due to their flexibility, adaptability, and built-in security features. They can be continuously reprogrammed to comply with updated security standards and allow developers to release updates swiftly, mitigating security threats without requiring a complete system redesign.

Escalating cyber risks coupled with evolving regulations underscores the urgent need for robust cybersecurity strategies. With substantial financial impacts at stake, organizations must prioritize cyber resiliency and security in the years to come. The shifting landscape only furthers the need for FPGA technology.

For navigating future conditions, FPGA-based solutions emerge as a pivotal tool in the defense against cyberattacks. To learn more about FPGAs and their role in cybersecurity, contact the Lattice team today.

Share: