Skip to main content
Blog

Real-Time, Zero-Trust Cybersecurity for the PolarFire® SoC and IoT

By November 6, 2024No Comments

DOME Cybersecurity provides a flexible Software Development Kit (SDK) for connecting the PolarFire FPGA to the IoT 

By: Harry Ostaffe Vice President, Marketing @ Veridify Security – Securing the Internet of Things®

Overview

The Internet of Things (IoT) has revolutionized the way we live and work, connecting billions of devices to the Internet and enabling unprecedented levels of convenience and efficiency. However, this interconnection also brings significant security challenges. Many IoT devices, ranging from smart home appliances to environmental sensors and industrial controls, are engineered to optimize their processor and have limited capacity to run the security controls that PCs, tablets and smartphones typically use. As a result, these IoT edge devices are often vulnerable to cyberattacks due to their limited computing power and lack of built-in security features.

Compromised IoT devices can be used to launch attacks that can disrupt critical services and infrastructure, steal personal or confidential information or be used as an attack vector to access corporate IT systems. Weaknesses in even a small percentage of devices can be exploited to launch widespread attacks, highlighting the need for robust security measures. Adding to the challenge, devices in industrial and building automation networks do not always have a common operating system and often use protocols that are not secure. This scenario increases the attack surface for the organization as the insecure devices on these networks have increased exposure.

Zero Trust Cybersecurity Framework

One additional consideration is supporting a zero-trust framework. NIST’s Zero Trust model assumes that no one or no device is trustworthy by default. It includes several policies and methods for securing devices, applications and users. By continuously enforcing this framework, if an untrusted device attempts to communicate, the communication attempt will be denied and terminated by the authentic/secure device. The source of this unauthorized intrusion could be a PC operated by an employee, a vendor, an outsider or even a control device that was hijacked. A solution that supports a Zero Trust framework is critical to ensure targeted devices are not hacked.

DOME™ IoT Cybersecurity Solution and PolarFire® SoC

Veridify Security has created DOME to provide security for connecting a broad range of IoT devices while relying on a minimum amount of processing and memory resources. DOME is a series of software libraries that are easily embedded in a Field-Programmable Gate Array (FPGA) like the PolarFire, and is coupled with SaaS monitoring that uses a NIST-compliant Zero Trust framework to validate ownership, authenticate devices for communication and provide real-time protection that stops a cyberattack before it can happen. In addition, DOME authenticates and encrypts each data packet shared between authenticated devices.

The PolarFire SoC provides several component-level security functions to protect onboard firmware and the operating environment. DOME complements this capability with communication security for connecting products in a multi-vendor environment that may have a range of processors or FPGAs, including the PolarFire SoC. DOME libraries run on the processor inside the PolarFire SoC supported by the DOME Client and DOME S-Link SDKs.

Key functions of these SDKs include:

DOME Client

Firmware library that provides security management functions including:

  • Root of Trust / Device Credentialing 
  • Device Deployment Provisioning 
  • Device Security (Credential) Management 
  • Device authentication 
  • Secure firmware delivery 
  • Data logging 
  • Alert messages
DOME S-Link

Firmware library that provides communication security functions including: 

  • Creates secure tunnels between DOME-enabled devices 
  • Encrypts messages between DOME-enabled devices 
  • Authenticates and decrypts received messages 
  • Communication endpoint authorization controls

 

DOME features include a root-of-trust, creating a blockchain pedigree for each device. Additionally, it provides secure authentication, key/firmware delivery, data collection and optional proof-of-possession functions. DOME enables automation for large-scale certificate management and renewal, eliminating a potential labor-intensive process and reducing the need for highly skilled IT/cyber staff to implement IoT security.

DOME also supports crypto-agility, the ability to change the underlying cryptography algorithms from today’s accepted legacy methods to future quantum-resistant or post-quantum (PQ) encryption. This ability is especially important for devices that have long lifecycles, such as automation controls.

With DOME, a device does not need to connect to the Internet, which reduces the attack surface. The device only needs to connect to its owner on a local network, and the owner only needs to connect to the cloud to enable the ownership transfer function, log aggregation, auditing, alerting and notifications. For secure applications, such as government and military, an on-prem solution with no cloud connection can be implemented.

DOME’s provisioning enables secure device onboarding, even for those with no user interface, and allows the owner to securely authenticate to the device and prove ownership before the device allows any configuration. Once a device is “owned,” the owner can set any necessary provisioning data, including providing new owner credentials or other owner-based identity information.

Conclusion

DOME is uniquely suited for a broad range of markets, including industrial IoT, smart grid, automotive, medical devices and others, where trusted ownership, identity, mutual authentication and data protection at the edge of the IoT are a must. Supported IP protocols include BACnet, Modbus, SNMP, DNP3, Ethernet/IP, OPC UA, HART-IP and other standard or proprietary protocols implemented with TCP/IP.

To learn more about DOME and how to include it in your next PolarFire SOC product, contact Veridify Security at https://www.veridify.com.