Addressing IoT chip security with manufacturing test services
The recent Meltdown and Spectre problems have highlighted the vulnerability of computer chips to hacking that can, at least, be addressed through software patches. However, another area that is increasingly a target for hackers is IoT where each node in an IoT network can provide an entry point to a company's corporate systems, in a similar manner to the way that home security cameras, robot vacuum cleaners, have been hacked.
Presto Engineering is offering a comprehensive manufacturing and test service that is tailored to ensure IoT chips are made to high standards of security.
"According to analysts, there are already billions of IoT chips in use," said Martin Kingdon, Presto's VP of Sales.
"This figure is predicted to grow exponentially, driven by the ability of IoT to monitor and provide hard data on which actions can be taken, such as scheduling pre-emptive maintenance before a failure can happen. But the rush to design and make IoT chips has often meant that security has been overlooked, or not included, in the drive to a lower price. This is false economy as these chips can be vulnerable to hacking giving access to confidential data streams."
IoT devices connection to the Internet provides a potentially vulnerable route for hackers. The chip should have two levels of security built into the design of the ASIC itself to stop unauthorised access. The first is Cryptography to protect communication and maintain the confidentiality and integrity of data as it moves across the network. The second is Authentication to verify that only authorised computers or people have access.
Turning the design into a chip requires a highly secure manufacturing supply chain. Presto can manage the entire chip manufacturing and testing process to make chips with levels of security right up to that needed for banking standards, including the secure provisioning of the cryptographic keys.
The latter ensures that processors will only execute code and updates identified with the correct secret keys. Handling these securely in the manufacturing supply chain is vital to an effective security strategy and is covered by the Common Criteria for Information Technology Security Evaluation standards. These range from the basic Evaluation Assurance Level 1 to Level 7 for government and military, with Level 5 being typical for banks, payment systems, and other highly demanding commercial application.
Presto already has considerable experience in mass-producing highly secure chips that are used in chip-and-pin banking cards. Its facility at Meyreuil, France, near Aix-en-Provence, and its facilities in Asia produce over 70 million chips a year. As an experienced, certified provider of secure chips, Presto is able to provide cost effective solutions from small volumes in Europe to very large production runs in its own secure facilities in Taiwan and Thailand.
This combines with Presto's IoT device expertise in mixed signal, package design, low power techniques, test and qualification to ensure right-first-time chips that reduce time to market, costs and risks.
Presto Engineering will be discussing this and its many other manufacturing and testing services on stand 603 in Hall 3A at the Embedded World show in Nuremberg, Germany from 27th February to 1st March, 2018.