Lattice Blog

Share:

[Blog] FPGAs Make Embedded Device Security Real

Lattice-Bob-O-Embedded-Security-blog
Posted 08/22/2024 by Bob O’Donnell, president and chief analyst of TECHnalysis Research

Posted in

When it comes to embedded devices, security has always been a big topic of interest. Unfortunately, up until now, much of the attention has been for the wrong reasons. Insecure edge computing and IoT devices have become notorious examples of how the weakest (and often overlooked) link in the chain can lead to big security breaches.

Thankfully, there are now important new options for ensuring that critical features such as hardware root-of-trust, integrated cryptography, firmware resiliency and more can now be baked into the designs of a huge range of connected devices.

The secret ingredient? FPGAs.

Specifically, new low power FPGA solutions such as the Lattice MachXO5D™-NX family of chips, in conjunction with the company’s Lattice Propel™ and Lattice Sentry™ software solutions, allow device and system designers the ability to integrate these capabilities into their products in a cost-effective, low power, and straightforward manner.

One of the many benefits of leveraging these low power FPGA devices is that they can provide a layer of protection over an existing design. As important as security is, the simple truth is that not every device designer or engineer is a security expert. As a result, many types of devices are built in such a way that potential security holes are created without a conscious recognition of that possibility. The functionality and capabilities of the device can be excellent and nicely match both the market and customer requirements, but these potential security flaws can prove to be a serious detriment to the success of a given product and add large unseen costs for support, additional development and much more.

Many vendors have, of course, dramatically increased their focus on security-related concerns for these and many other reasons. Nevertheless, it’s still often challenging to block all the different potential security holes for a given device as both the number and complexity of these challenges continues to increase.

As a result, many device designers are eager to find solutions that can help them abate many different types of potential security issues – now and in the future. Products like the Lattice MachXO5D-NX and the accompanying Lattice software tools have been specifically designed to address many of these challenges by focusing on several potentially critical vulnerabilities.

To start with, the MachXO5D-NX features a hardware root of trust that can be used to ensure that no changes have been made to a device’s firmware. In conjunction with the chips’ onboard embedded flash memory, this ensures a safe and speedy boot process and helps prevent malicious attacks on the FPGA bitstream. Specifically, there is up to 57 Mb of configurable user flash memory (UFM) integrated into the MachXO5D-NX that can be used for data storage and management.

In addition, the programming interface to the chip supports SPI (Serial Peripheral Interface) and JTAG (Joint Test Action Group), allowing full configurability and provides locking controls to prevent advanced external attacks and enable post-manufacturing tests. The combination of these capabilities, along with support for UDS (Unique Device Secret), allows for fail-safe firmware updates.

The devices also support on-chip multi-boot with bitstream encryption and authentication which strengthen security and reliability when updating the bitstream and firmware in the field. To further enhance reliability, there’s also an option for anti-rollback protection and revokable root keys to help protect against even the most advanced types of firmware-focused security threats.

Speaking of encryption, these new chips also include support for many of the most advanced cryptographic algorithms, including AES-256, ECDSA-384/521, SHA2-256,384/512, and RSA 3072/4096. This allows device designers to integrate the most advanced security technologies recommended by the National Security Agency’s (NSA) Commercial National Security Algorithm (CNSA) suite simply by putting the chip into their device designs. Plus, because FPGAs are inherently programmable, as new cryptographic algorithms get developed, they can be added via a software update at a later date, ensuring the device keeps up with the latest security standards.

Given the increasing sophistication (and multitude) of AI or ML-powered security threats along with the growing number of essential societal services (i.e., infrastructure) powered by digital computing devices, the need for products like these new Lattice offerings has never been more apparent. With organizations like nation-state actors starting to get involved in the creation and distribution of new malware-driven threats, the timing has also never been more critical. As a result, companies who are building embedded computing devices and organizations who are deploying them need to be as vigilant as possible about decreasing the risk factors associated with these devices. Ensuring they incorporate robust, upgradeable hardware security solutions, like Lattice’s MachO5D-NX, is an important step in that direction.

Bob O’Donnell is the president and chief analyst of TECHnalysis Research, LLC a market research firm that provides strategic consulting and market research services to the technology industry and professional financial community. You can rel="noopener noreferrer" follow him on Twitter @bobodtech.

Share: