Imagination increases security on MIPS processors

Imagination Technologies has teamed up with Eindhoven chip security firm Intrinsic-ID to add a ‘physically un-cloneable function’ (PUF) to MIPS cores – initially the M5150 CPU – for authentication and anti-cloning.

“With growing connectivity across nearly every product category from consumer to automotive to industrial and beyond, security is an ever increasing challenge, and the massive amount of smart devices makes it harder to keep track of every single device,” said Imagination. “The industry needs a more secure and scalable approach towards device authentication, registration and life-cycle management.”

Intrinsic-ID’s PUF technology, called ‘hardware intrinsic security’ (HIS), creates security keys and unique identifiers from the physical characteristics of semiconductor structures in each individual chip – a kind of per-die silicon fingerprint. It can extract a unique fingerprint from existing on-die SRAM for user, device or data authentication, or to derive a cryptographic root key.

“With HIS, no keys need to be programmed or stored in the system and no keys are present when the device is off, which provides a high level of protection against hardware attacks,” said Imagination.

Imagination has already built hardware virtualisation into its latest cores, which allows different programmes to run on the same silicon at the same time while preventing one programme from hacking another, or accidentally crashing another. It brands the whole multi-domain security technology ‘OmniShield’.

“A system with multiple domains enabled by OmniShield-ready MIPS CPUs allows for the HIS key extraction and management functions to be implemented securely in software,” said Imagination.

“The multi-domain environment created by OmniShield combined with our PUF technology provides a security platform addressing challenges from key provisioning and authentication to root-of-trust and supply chain protection,” said Intrinsic CEO Pim Tuyls.

One application of this kind of technology is over-network firmware updates, where on-die created keys are never available off-die, dramatically cutting the chance of eves-dropping or malicious code modification.

According to Imagination, while OmniShield enabled MIPS CPUs are available from it, the PUF intellectual property has to be obtained from Intrinsic-ID.

M5150 CPUs have DSP and floating-point engines and support Linux-class operating systems and, simultaneously, real-time operating systems (RTOSs). They are intended for embedded markets including M2M, IoT and control.