No Security, No Safety – Semiconductor Digest

In a new webinar, Winbond’s Hung-Wei Chen provided an overview of today’s top cybersecurity threats and regulations, and detailed the company’s TrustME solutions for flash memory.

In what he described as paradigm shift in cybersecurity, today’s three major economic regions – the U.S., Europe and China – have security regulations in place, defined by organization such as the ENISA and NIST. This has resulted in certifications such as Common Criteria, SESIP, Arm PSA, FIPS and China ISCCC. “Security is already mandated by governments,” he said. Violation of security regulations could result in liability issues.

Chen said that non-volatile memory is of special concern since it holds platform secrets, such as keys and user data, and also holds platform code including firmware and software, IP, AI algorithms and machine learning training data. “Those items are confidential and the credentials for the system,” he said.

The use of external flash memory is a potential security threat. In the sub-10nm regime, no embedded flash is available, and for IoT applications, the trends is toward a “flashless” MCU and SoC approach due to performance and cost reasons.

“Non-volatile memory security must be considered,” Chen said. “The non-volatile memory security level must be matched or exceeded than SoC security level to make sure the non-volatile memory is not the weak point and vulnerable to attack.”

The problem is particularly severe in IoT devices, where security was not originally considered a priority.  In 2019, there was a 300% surge of IoT cyberattack, Chen said. In 2020, there will be 5.8 billion IoT edge devices. “There will be more security concerns when we deploy so many IoT edge devices,” Chen said. After the COVID-19 outbreak, experts have seen that security threat increase and added IoT security challenges.

Security in automotive applications is another concern. In the connected vehicle era, “no security, no safety” Chen said. Security and safety are needed in ADAS, V2X, gateway, infotainment and the powertrain.

Chen went on to describe Winbond’s Secure Flash which offers certification of trusted and proven solutions. They also offer flexibility for existing and new designs. With the high-level security certifications, Winbond’s TrustME W75F, for example, can secure the memory subsystems in SoC. W77Q, on the other hand, has capabilities for protection, detection and recovery. With W77Q, the platform firmware can be recovered to a state of integrity in the event if firmware or data have been corrupted or hacked.

Register for the Winbond webinar at this link.