Winbond Bolsters Flash Security

发布时间:2017-11-03 00:00
作者:Ameya360
来源:Gary Hilson
阅读量:1102

  The proliferation of the Internet of Things (IoT) has spawned numerous security and privacy challenges, prompting the development of more secure memories — particularly flash.

  Winbond Electronics last week announced it was meeting these challenges with the expansion of its TrustME Secure Flash products portfolio based on the Trusted Computing Group (TCG) Device Identifier Composition Engine (DICE) Architecture specification, which defines new security and privacy technologies applicable to systems and components. The goal is to provide new approaches to enhancing security and privacy with minimal silicon requirements.

  The company also announced an expansion of its TrustMETM Secure Flash products portfolio aligned with Platform Security Architecture (PSA) from Arm. Winbond's TrustMETMW75F Secure Flash provides designers with secure memory solution for IoT, mobile, artificial intelligence, and other demanding applications that call for a secure root of trust, privacy, authentication, code and data confidentiality.

  Ilia Stolov, general manager of Winbond Israel and one of the leads on the company's TrustME initiative, said the current generation of secure controllers is based on embedded flash memory architecture. This architecture provides strong security levels for code and data. But there are major constraints, too, he said, including memory scalability, cost and limited performance and foundry capabilities. “Today, the smallest available manufacturing process node for embedded flash is 40nm,” Stolov said.

  Meanwhile, said Stolov, system-on-chip (SoC) devices for advanced applications, such as smart grids, advanced driver-assistance systems (ADAS) and artificial intelligence require high-performance, high-security levels and large memory densities, which could be met on manufacturing process nodes 22nm and smaller where embedded memory is unavailable. He said TrustME W75F Secure Flash was created to address the need for a secure, non-volatile storage that is independent of the SoC process node and foundry capabilities.

  “This storage had to be at least as secure and robust as an embedded flash,” Stolov said.

  Rigorous security was the obvious, primary driver for the TrustME product, said Stolov. “The major challenge was to design a flash device as secure as embedded flash without compromising on cost and performance. The flash memory design flow and flash memory manufacturing process are significantly different compared to digital design methods and techniques,” he said.

  Winbond had challenges at all steps and levels, starting from the device architecture up to challenges on the back-end flow, and design verification, he said. “We adjusted existing methods and invented new ones to meet the main goal: security," he added. "We had to implement all the needed logic inside a flash die using Winbond's in-house process.”

  Another challenge was security certification of the product with Common Criteria EAL5+ level. “At that time nobody knew which protection profile to use for the first secure memory evaluation,” said Stolov. Winbond worked with well-known and most credible partners to define protection profile and to evaluate the secure memory.

  Outside of security, a key goal from a usability standpoint was making the interface transparent the CPU so performance was sacrificed, while supporting ease of coding and existing software techniques, said Stolov. “We have gone to great extent to make our Secure Flash interface IP easy to integrate and test in customers' platforms by offering full verification environment, FPGA version and demo systems," he said.

  Prior to the IoT boom, Winbond targeted mobile wallet, biometric data storage and embedded UICC in smartphones for its secure memory, said Stolov. “In the near future, our smartphones will not just replace credit cards but also carry our biometric passports and identification cards, and allow the usage of several SIM cards — all that will drive to solutions with much bigger secure memories.”

  He said the ARM Platform Secure Architecture (PSA) clearly outlines a requirement for secure boot, root of trust and secure storage for every IoT MCU and SoC, and by providing Common Criteria EAL5+ certification, TrustME can meet those requirements. Stolov said standards are an excellent driving force, but that implementation and deployment move at a faster pace than what standardization bodies can address. “ARM PSA in one attempt in closing this gap, but it is by no means a standard. It is a set of requirements created by one company to address urgent needs of the market," Stolov dsif. We feel the same about TrustME.”

  Stolov said Winbond isn't aware of an alternative to its TrustME technology, other than embedded flash in a secure monolithic chip. “The usage of disruptive memory technologies such as MRAM and RRAM in secure devices is yet unknown,” he added. “These technologies have been in development for many years and thus have not been exposed to rigorous security analysis and evaluation. Flash, on the other hand, is a tried-and-true solution, which passed security certifications on many devices.”

  Memory security started attracting attention in the early 2000s ago due in large part to Spansion, now part of Cypress Semiconductor, said Jim Handy, principal analyst with Objective Analysis. “It's been more important in the automotive market than anywhere else in the last 15 years." An early example would be in the control memory for transmissions, which could be hacked out or tuned by an engineer for performance enhancements that caused the engine “to blow up” during the warranty period, he said.

  The modifications couldn't be detected so the automotive industry asked Spansion for features to inhibit reprogramming. “Zoom ahead 15 years and you have people with malware wanting to reprogram just about anything.” Handy said hackers could potentially send remote firmware updates to a device with an “evil piece of code” and hold a home hostage by manipulating its temperature through a NEST thermostat. “I could picture hackers programming SSDs to find sensitive information,” Handy said.

  Winbond started out as an SRAM company in the 1990s, Handy noted, but has gone into NOR flash in a big way, and is primed to take the business Spansion previously had. “I'm not aware of anyone else that has security hooked into their NOR flash the way Spansion does,” Handy said. “What [Winbond is] doing is positioning themselves to take to take Spansion's business from that market.”

(备注:文章来源于网络,信息仅供参考,不代表本网站观点,如有侵权请联系删除!)

在线留言询价

相关阅读
Winbond Announces New 1.8V Confidential and Replay-Protected Flasay-protected Flash Storage Products
Winbond Electronics Corporation, a leading global supplier of semiconductor memory solutions, today announced the introduction of new SpiFlash Flash storage components with Replay-Protected Monotonic Counter (RPMC) capability to meet Microsoft and Intel requirements for Windows 10 Secure UEFI Boot.The new RPMC Flash parts operate from a supply voltage of 1.8V and are available in densities of 128Mbits and 256Mbits. These new SpiFlash parts add to the existing W25R family of 3V RPMC Flash parts in 64Mbit, 128Mbit and 256Mbit densities.The security capabilities of the SpiFlash W25R Flash memory ICs fully comply with the RPMC specification defined by Intel to support its PC processor chipsets. The use of RPMC Flash protects critical data, preserves the confidentiality and integrity of the PC, and prevents rollback attacks to which standard Flash memory devices are vulnerable. The data which should be stored on RPMC Flash includes:•the BIOS settings•UEFI variables•TPM (Trusted Platform Module) data while stored in external memoryThe Winbond SpiFlash RPMC parts also conform to the Microsoft specifications for UEFI secure boot, which it says will be mandatory from 2020 on all client PCs based on the Windows 10 operating platform.The Winbond W25R parts are pin-compatible with standard Flash memory packages, which means that PC makers can replace an existing W25Q standard Flash part with an RPMC-enabled W25R device without the need to re-design the motherboard. The Winbond W25R has integrated hardware security features including:•SHA-256 cryptographic accelerator for executing Hash-based Message Authentication Code (HMAC). This enables secure authentication of data to be accessed and transferred by an authorized processor chipset.•Patented 32-bit monotonic counter•256-bit shared RootKey which is not accessible by any means once provisioning is completed•256-bit HMAC key stored in volatile memoryWilliam Chen, Deputy Director of the Flash Product Marketing Division at Winbond, said: ‘While the Windows 10 Hardware Compatibility Specification requirements for RPMC Flash do not become mandatory until 2020, it is foreseeable that PC makers will want to start integrating RPMC Flash into new PC designs immediately, to ensure that they deliver the best user experience to those customers who try to apply software updates to a PC purchased before 2020.’The new 1.8V W25R128FW (128Mbits) and W25R256JW (256Mbits) are available in production volumes. The 1.8V W25R128JW (128Mbits) is available for sampling today.All three 1.8V W25R RPMC Flash parts are provided in standard 8mm x 6mm and 6mm x 5mm WSON packages. The W25R128FW and W25R128JW are also available in an SOP8-208 mil package.
2018-10-23 00:00 阅读量:1033
  • 一周热料
  • 紧缺物料秒杀
型号 品牌 询价
CDZVT2R20B ROHM Semiconductor
BD71847AMWV-E2 ROHM Semiconductor
RB751G-40T2R ROHM Semiconductor
TL431ACLPR Texas Instruments
MC33074DR2G onsemi
型号 品牌 抢购
BP3621 ROHM Semiconductor
TPS63050YFFR Texas Instruments
ESR03EZPJ151 ROHM Semiconductor
STM32F429IGT6 STMicroelectronics
IPZ40N04S5L4R8ATMA1 Infineon Technologies
BU33JA2MNVX-CTL ROHM Semiconductor
热门标签
ROHM
Aavid
Averlogic
开发板
SUSUMU
NXP
PCB
传感器
半导体
相关百科
关于我们
AMEYA360微信服务号 AMEYA360微信服务号
AMEYA360商城(www.ameya360.com)上线于2011年,现 有超过3500家优质供应商,收录600万种产品型号数据,100 多万种元器件库存可供选购,产品覆盖MCU+存储器+电源芯 片+IGBT+MOS管+运放+射频蓝牙+传感器+电阻电容电感+ 连接器等多个领域,平台主营业务涵盖电子元器件现货销售、 BOM配单及提供产品配套资料等,为广大客户提供一站式购 销服务。