Cloud native EDA tools & pre-optimized hardware platforms
With the rise of the Internet of Things (IoT) and “Industry 4.0,” factories and critical national infrastructures are becoming connected networks. Processes are remotely monitored through sensing and connectivity solutions, allowing for greater control, powering predictive analytics, and optimizing throughput, leading to a higher return on investment. But strong security becomes indispensable when processes rely on the integrity of connected sensors and their data. Sensitive data is transported on connected networks, which must be kept safe from eavesdropping and alteration. Herein we discuss how data should be protected from IoT devices to cloud services.
In all Industrial IoT networks, sensors are the genesis of the journey for IoT data streams. These sensors create the data on which decisions are based, and action is taken. Imagine what happens when attackers manipulate sensor data, which can bring entire production lines to a halt or endanger the well-being of people in and around a factory or infrastructure. It is highly important that sensor data is transported accurately from its source to where decisions are made — at an on-premises control server or in the cloud.
Keeping sensor data safe is not trivial since it requires end-to-end security. A secure channel needs to be established to get data safely from IoT devices into the cloud. The secure channel ensures data cannot be eavesdropped upon or altered in transit. The device and the cloud service must exchange keys and certificates to establish this channel. Many methods exist for this, such as “zero-touch provisioning.”
The biggest challenge when applying these methods is to get the required keys and certificates on the IoT device. The traditional method for provisioning keys and certificates uses an additional chip in the device, such as a secure element (SE). However, this comes with significant downsides:
Synopsys' secure sensor-to-cloud solution resolves these problems. Using Synopsys’ patented SRAM PUF technology, the IP creates a unique and unclonable identity for every IoT device, which is never stored in memory and cannot be copied from device to device. The identity is immutable and invisible to adversaries, creating an unequaled anchor of trust for every device. Keys derived from the SRAM PUF are used to create a secure channel.
Semiconductor manufacturers may license Synopsys solutions as IP. Module and IoT device manufacturers can procure chips with Synopsys PUF IP included or can license a software version of the IP directly. This is the only software solution that can create a strong root of trust in hardware.
Since no additional hardware components (such as secure elements) are required, the solution can be flexibly integrated and comes at an IoT-scale-friendly price point. Deployed devices can even be upgraded with an over-the-air update without the need for an expensive redesign of the system.