Memory & Storage
Memories, whether volatile (RAM) or non-volatile (Flash, OTP, ROM, etc.) are an essential part in any electronic system. They can be used for software storage, data storage, for temporary storage and buffering during data processing, including such critical operations as data encryption.
Flash memory chips are also at the core of storage devices such as SSDs, used in large quantities in data centers, the heart of Cloud infrastructure. Data storage is an essential part of Cloud-based applications in which seamless access to data, state-of-the art protection of sensitive data and the assurance that data has not been tampered with, are strong requirements. Data compliance regulations also require that privacy is ensured, as in Europe’s General Data Protection Regulation (GDPR).
The specific security challenges for Memory & Storage
- Protecting data by:
- Ensuring the confidentiality, integrity and authenticity of data
- Protecting the firmware throughout its lifecycle
Memory & Storage Security Solutions
Secure-IC has developed specific IPs in order to protect data in the memory itself, such as an on-the-fly data scrambling engine that seamlessly protects the data stored in volatile memory.
To protect the stored data in a strong way, encryption based on standards such as AES in XTS mode can be used, that allows sensitive data to be stored securely. The use of cryptographic signature algorithms can be used to ensure the integrity and authenticity of trusted data.
Finally, to ensure data is not exposed more than is strictly necessary, in-computing solutions can also be implemented.
Ensuring the confidentiality, authenticity and integrity of firmware is also a strong requirement in the connected world. For example, the firmware needed to operate the CPU embedded in a SSD controller should also be protected and authenticated. Such solutions can be used in the self-encrypted disks (SEDs) defined in the Trusted Computing Group’s Opal 2.0 standard.
To effectively protect firmware and data in embedded applications, Secure-IC’s integrated Secure Element (iSE) is a state-of-the art Root-of-Trust solution, in which a dedicated CPU manages the various hardware and software IPs developed by Secure-IC in a secure enclave, which can be integrated in the System-on-Chip of various components found in Cloud-based data centers, starting with SSDs. It enables secure management and execution of all the stage of a storage product lifecycle, from first programming, to secure boot, secure firmware updates, to decommissioning, as well as all the necessary cryptographic services along the product’s lifetime.
In addition to cryptographic solutions, various protections are included in Secure-IC’s portfolio; digital sensors that detect fault injections in the supply voltage, clock and temperature domains as well as electromagnetic and laser pulses, and an active shield, which is a physical layer to detect physical tampering and deter optical observation, can be also implemented.
Standards & Certification to consider in Memory and Storage
Several standards have been developed and are applicable to the Memory & Storage Industry as well general certifications like FIPS 140-3, OSCCA or Common Criteria.
As a security expert, Secure-IC supports companies and governments wishing to acquire and strengthen these certifications; whether through collaborative projects, tutorials, trainings or operational consulting.
Memory and Storage Specific Standards
- TCG Opal
- TCG Enterprise
- GP SESIP