By Helena Handschuh, Security Technologies Fellow at Rambus Inc. and Chair of the RISC-V International Security Standing Committee
Leveraging open source technology delivers great benefits for software and hardware development, but also for security.
In one of this year’s RSA Conference keynotes, it was described how managing open source software is getting more and more complicated because of the difficulty of backtracking to origins when a software bug or a security bug is discovered. In hardware, we are facing similar challenges where bugs and security issues literally cannot be backtracked due to the opacity and lack of transparency of hardware source code from hardware vendors. RISC-V International has decided to step up and take action to make a significant leap toward improving transparency in hardware designs.
First and foremost, RISC-V International is built on the principles of transparency and open access to specifications for all; the RISC-V instruction set architecture (ISA) specifications are public and freely accessible for anyone that wants to build a RISC-V compliant processor. Both the unprivileged base ISA specification and the privileged ISA specification are available now and can be downloaded from RISC-V International’s website; furthermore, RISC-V International encourages a diverse set of companies to join together and contribute to writing extensions to the base ISA.
A number of open source RISC-V based processors have already been published and are available for everyone to experiment with; compliance tools and test suites, as well as formal specifications, are under way and should be available soon. Linked here is a list of available RISC-V cores and SoCs. An entire software ecosystem is starting to grow around RISC-V as well.
On the security side, two working groups are currently discussing security extensions to the base ISA: one of them is the Cryptographic Extensions working group and the other is the Trusted Execution Environment (TEE) working group.
The Cryptographic Extensions working group is discussing and drafting proposals for extensions that will make the execution of popular cryptographic algorithms more efficient. The AES (Advanced Encryption Standard) block cipher and SHA-2 (Secure Hash Algorithm 2) family of hash functions are the first cryptographic primitives to be accelerated. These extensions are based on vector extensions. Up next are scalar extensions which should accelerate individual operations such as rotates, shifts, bit permutations, etc., for any other type of classical block cipher, stream cipher or hash function. At the same time, the working group is taking a fresh look at what additional extensions could possibly accelerate post-quantum cryptographic algorithms such as lattice-based algorithms, code-based algorithms, multi-variate equation-based algorithms and so forth.
On the TEE side, the first draft specification is already undergoing a poll and will be going through public review next. This new standard will define a secure approach to physical memory protection (PMP) and will allow processes to be isolated from one another and make sure security applications keep their memory space private and prevent unintended leaks of information to other applications. Further topics of investigation include control flow integrity and other useful primitives for secure execution.
Overseeing both of these technical working groups, is the RISC-V International Security Standing Committee (SSC), a permanent committee whose task is to discuss hot topics and which new technical working groups to create next. The committee also gets together to discuss how to create a Security Vulnerability Disclosure process to address any potential security issues that would appear in its own specifications in the future. Once a month the committee also gets together to host an invited speaker. Typical topics are around RISC-V and security, and speakers describe their unique approaches to securing RISC-V based systems with their specific ideas and solutions. Finally, the SSC’s mission is also to liaison with other security standard organizations, making sure we can benefit from each other’s work and all advance together in the same direction.
Our ecosystem has seen significant growth over the past few years and consists of more than 531 organizations, individuals and universities from 32 countries and six continents all around the world. Stay tuned for upcoming draft specifications, or even better, join RISC-V International as a member and come discuss the future of security with us.
About the Author
Helena Handschuh is a security technologies fellow at Rambus Inc. Her research and responsibilities include: managing the foundational security technologies teams in charge of research in crypto and post-quantum crypto; research in power analysis and side-channel attacks and countermeasures; building prototypes and showcasing technology to customers, partners, and at shows and conferences; security architecture for new products and services; prototyping of new products and security standardization. She was recently appointed chairwoman of the RISC V International Security Standing Committee. She was formerly a Technical Director at Cryptography Research, Inc., and Chief Technology Officer at Intrinsic-ID. She was also the manager of the Applied Cryptography and Security Group and manager of the Card Application Security team at Gemplus (now Gemalto). She is a volunteer Research Fellow at the KU.Leuven, Belgium. She was a member of the ETSI-SAGE Security Algorithms Group of Experts for 10 years; she served as an elected Officer of the IACR, the International Association for Cryptologic Research for many years and still serves on the IACR Endowment and Audit committees. Helena was appointed program chair of SAC 2004, FSE 2005, CHES 2015 and CT-RSA 2017 and serves on several conference Steering Committees. She has authored more than 50 peer-reviewed papers and holds 18 patents in the areas of security and cryptography.
Dr. Handschuh earned an M.S. in networks and communication engineering from the Ecole Nationale Superieure de Techniques Avancees (ENSTA, Paris), an M.S. in algorithms and cryptography from the Ecole Polytechnique, and a Ph.D. in cryptography from the Ecole Nationale Superieure des Telecommunications (ENST, Paris).