Company: Lattice Semiconductor
Category: Internet of Things Product of the Year
5G, Edge computing, and IoT are accelerating the pace at which devices are becoming connected and security concerns are on the rise among high-tech OEMs serving every market. Developers need to know their hardware platforms are secured against cyberattack and IP theft. The entire production ecosystem needs security solutions that support comprehensive protection throughout a product’s entire operating life in the field, which means the solution must be able to dynamically adapt to an evolving threat landscape.
In August 2020, Lattice Semiconductor introduced the Sentry solutions stack for its industry-leading FPGA product lines and its associated “SupplyGuard” service to ensure end-to-end protection throughout the supply chain for finished products – from chip to board to integration into finished systems at the OEM, shipping, activation at a customer site and throughout a product’s lifetime. No other current product offers this type of comprehensive protection.
The Sentry Stack delivers a NIST-compliant, real-time, dynamic PFR software solution that reduces time-to-market from months to weeks. The SupplyGuard Service preserves trust throughout unprotected supply chains by protecting against counterfeiting, overbuilding and Trojan insertion.
The Sentry stack is a robust combination of customizable embedded software, reference designs, IP, and development tools to accelerate the implementation of secure systems compliant with NIST Platform Firmware Resiliency (PFR) Guidelines (NIST SP-800-193). The Lattice SupplyGuard service extends the system protection provided by the Sentry stack throughout today’s challenging and rapidly changing supply chain by delivering factory-locked devices to protect them from attacks like cloning and malware insertion, and enables secure device ownership transfer. These hardware security solutions are increasingly important to a range of applications and markets, including communications, datacentre, industrial, automotive, aerospace, and client computing.
Lattice has also introduced the novel concept of “dynamic trust,” which enables end users to download necessary protections within nanoseconds as threats develop. Such protection is vital as the security paradigm is changing and firmware is an increasingly popular attack vector. The US National Vulnerability Database reported that between 2016 and 2019 the number of firmware vulnerabilities grew over 700 percent. Protecting systems against unauthorized firmware access requires dynamic, persistent, real-time hardware platform security for all connected devices.
This includes securing component firmware from unauthorized access and enabling the system to automatically protect, detect, and recover from an attack in an instant. TPM and MCU-based hardware security solutions use serial processing and cannot deliver the real-time performance that parallel processing solutions like Lattice FPGAs can. The Lattice solutions stack roadmap and strategy provides customers with easy-to-use, system-level solutions for key focus applications. The Lattice Sentry solutions stack makes it easier for customers to implement a hardware Root-of-Trust (RoT)-based PFR solution with the latest NIST guidelines. Further, Lattice can help speed product introduction and increase ROI as Sentry’s validated IPs, pre-verified reference designs and hardware demos enable developers to quickly customize the PFR solution by modifying the C code provided with the RISC-V and Propel design environment. This capability effectively reduces time-to-market from ten months to just six weeks.
Customers also benefit as Sentry complies with the latest NIST SP-800-193 standard and CAVP certifications, as the stack enables implementation of a hardware RoT through its support for the cryptographically-sound Lattice MachXO3D™ family of FPGAs. “Drag and drop” capability is another innovative feature, which enables developers without any prior FPGA experience to click on and move Sentry’s validated IPs into the included RISC-V C reference code in the design environment. Sentry also offers a flexible, platform-agnostic solution for firmware and programmable peripherals.
Sentry is enhanced by the SupplyGuard supply chain protection service, a subscription-based model that provides peace of mind to OEMs and ODMs by tracking locked Lattice FPGAs through their entire lifecycle, from the point of manufacture, through transport through the global supply chain, system integration and assembly, initial configuration, and deployment. Only authorized manufacturers can build an OEM’s design, regardless of their location. OEMs enjoy a secure key infrastructure to prevent the activation of their IP on unauthorized components, preventing product cloning and overbuilding. Devices are secured against the download and installation of Trojans, malware, or other unauthorized software to protect against equipment hijacking or other cyber attacks. Lastly, SupplyGuard is highly customizable across multiple industries, which lowers the operating costs associated with implementing a secure manufacturing ecosystem.
In summary, Lattice FPGAs are used in network infrastructure ranging from data center servers to 5G edge computing devices, making hardware security capabilities extremely important. The Sentry solutions stack provides a pre-verified NIST-compliant PFR implementation that enforces strict, real-time access controls to all system firmware during and after system boot. If corrupt firmware is detected, Sentry can automatically rollback to a previously known good state version.