At RSA Conference 2018, Rambus announced the availability of the CryptoManager Root of Trust (CMRT), a fully programmable hardware security core built with a custom RISC-V CPU.
The secure processing core creates a siloed architecture that isolates and secures the execution of sensitive code, processes and algorithms from the primary processor. This mitigates the risk of critical vulnerabilities like the recent Meltdown and Spectre security flaws and allows designers to optimize the primary processor for high performance, low power, or other characteristics while optimizing security in the siloed core.
CMRT is an embedded security core designed for applications from networking to automotive to IoT. It embeds features that enable semiconductor manufacturers and device OEMs to insert hardware keys, and enables IoT service providers to manage IoT endpoints throughout their lifecycle in the field.
“The semiconductor industry faced some of its biggest security issues this year with recent vulnerabilities, and the potential to encounter additional security flaws will not go away any time soon as more IoT devices enter the market. To address existing and new threats, establishing trust at the hardware level will be critical, and a secure siloed core can help ensure that this new generation of devices can be protected from security flaws,” noted Abhi Dugar, IDC research director for IoT Security.
Programmable hardware-based root of trust core enables end-to-end security
By establishing the trust chain early in the silicon manufacturing process, a security core can enable trusted provisioning and robust auditing of security-related activity throughout all phases of the chip lifecycle.
The CryptoManager Root of Trust offers the primary processor a full array of security services, such as secure boot and runtime integrity checking, remote authentication and attestation, and hardware acceleration for symmetric and asymmetric cryptographic algorithms.
Access to cryptographic accelerators, keys, memory ranges and I/O pins is restricted and enforced on a hardware level. Similarly, critical operations, such as key derivation and key unwrap, are performed by – and in – hardware.
The CryptoManager Root of Trust creates a secure foundation for Rambus’ CryptoManager suite of solutions, which also includes the CryptoManager Provisioning Infrastructure and CryptoManager IoT Security Service.
Additional key benefits of the CryptoManager Root of Trust include:
- Design Freedom: The open RISC-V instruction set architecture (ISA) allowed Rambus to design a custom processor without microarchitecture constraints, enabling a security first design. The CMRT is purpose-built to be safe and independent from general processing, offering a smaller and simpler approach without sacrificing security. This provides customers the opportunity to better design and better validate their products.
- Siloed: It is a fully user-programmable processor specifically designed for security use and physically separated from the primary processor with dedicated secure memory. Siloing allows the hardware Root of Trust to function in a known secure state, without allowing unintended access to secure functions through software backdoors.
- Layered Security: The root of trust is designed with multiple security layers. A small, ultra-secure nucleus builds outwards to less secure sections. The less secure sections can only access higher levels of security with hardware-based permissions. Itsupports multiple roots of trust and gives the ability for various parties to use the core without exposing keys.
- The CMRT core utilizes anti-tamper techniques to provide the highest level of security and protection against a wide range of attacks (fault injection, test and debug interface attacks, host processor compromise, etc.)