A new architecture for the provision of secure storage offers higher capacity at lower cost
ByNir Tasher, Director of Technology, Winbond Technology Ltd. 03.12.2020
The steady progression of semiconductor fabrication processes as predicted by Moore’s Law has been beneficial for embedded systems developers in almost all respects.
But it has given rise to one particular difficulty for users of applications processors who require a high level of security protection for their device and for the data that it transmits and receives. That’s because of the growing mismatch between the CMOS fabrication process in which an applications processor is made and the technology for fabricating the non-volatile on-chip NOR Flash in which boot code, application code and sensitive user data are stored. While leading-edge applications processors today are being fabricated in a sub-10 nm process, the NOR Flash process has lagged behind for several generations because of basic physical limitations of the technology. Today, floating-gate Flash circuitry is only embedded in devices fabricated at 40nm or earlier nodes.
This means that Flash is not embedded in the most advanced, highest-performance processors. For secure code and data storage, designers therefore have to specify an external device which contains secure memory capacity.
Growth of secure data payloads
The requirement for secure storage has grown in recent years as more embedded systems have migrated to the Internet of Things (IoT), opening previously closed systems to the threat of network-borne hacking attacks and malware.
The world’s leading microcontroller manufacturers spied a lucrative opportunity in this new requirement to protect embedded processor-based systems: sustained marketing campaigns have positioned the microcontroller-based Secure Element in the minds of many embedded developers as the most secure and convenient way to provide the security functionality that their system designs require.
In fact, there is another way which offers higher code storage capacity at lower cost, and provides the same security functionality and equally strong protection against external threats.
Low cost of cryptography
An external Secure Element performs various security functions including cryptography, key storage, anti-tamper protection, a unique ID, protection against replay attack, and generic functions such as a random number generator.
In an applications processor, these functions may be implemented in a tiny area of silicon – the effective cost of this circuitry might be as little as 1 cent. So why is the cost of a typical Secure Element much higher than this?
What embedded developers are really buying when they specify a Secure Element is secure storage capacity: the value is in the memory, since security processing functionality is so cheap if implemented on the processor. And security data payloads are continually on the rise as device manufacturers implement an increasing range of data-heavy functions such as biometric authentication and more complex forms of encryption which are harder for hackers to crack.
So if secure memory capacity is the embedded developer’s real requirement, where is the sense in trying to bolt a necessarily limited and expensive storage provision on to a secure microcontroller architecture – the approach taken by manufacturers of Secure Elements?
Why not instead start with a native NOR Flash memory architecture – which offers inherently unconstrained storage capacity at a much lower cost – and bolt security functionality on to it?
This is how Winbond has created its unique TrustME® family of Secure Flash memory products. Winbond is the world’s largest manufacturer of Serial NOR Flash memory by units and value, and its Secure Flash products are based on the same Serial NOR Flash architecture and are fabricated in the same Winbond factory as its standard Serial NOR Flash products.
But the Secure Flash devices also feature certified and proven Winbond security circuitry such as cryptography, authentication, key storage, anti-tamper functions and protection against replay attacks. Winbond’s W75F Secure Flash product offers the Common Criteria EAL5+ with VAN.5 security grade, as required for systems used in payments applications.
Yet because the W75F is based on a standard Serial NOR Flash memory architecture, it provides ample and scalable storage capacity at low cost-per-bit: W75F parts are available in capacities up to 4MB, while the largest memory capacity available in any Secure Element on the market today is 2MB. And the 4MB storage provision of the W75F series is more cost-effective than the equivalent capacity in a stand-alone Secure Element.
The W75F’s Flash memory performance also matches the storage-system performance of the equivalent, more expensive Secure Element.
In addition, the cryptography function implemented in the W75F creates a payload the same size as the unencrypted original. The W75F can provide secure XIP (eXecute In Place) functionality for boot code when using a certified high-speed interface supplied by Winbond. The W75F also supports the Serial Peripheral Interface (SPI) for host communication.
High security, large storage capacity, low cost
A Secure Element provides comprehensive security functionality, but only limited storage capacity and performance. By adopting an architecture in which security functions are migrated to the applications processor while storing code and data securely on an external Flash device, embedded developers create a way to achieve much higher performance, with much larger secure memory capacity, at a much lower cost.
Developers of security-conscious applications now have a new way to implement encryption and other essential functions while benefiting from memory provision sufficient for today’s systems and for future application developments.