High-Performance, Highly Secure Networking for Industrial and IoT Applications

Similar documents
Early Software Development Through Emulation for a Complex SoC

ARM Security Solutions and Numonyx Authenticated Flash

TWR-LS1021A Getting Started

QorIQ and QorIQ Qonverge Multicore SoCs and PowerQUICC Processors

TWR-LS1021A Getting Started

Market Trends and Challenges in Vehicle Security

Copyright 2016 Xilinx

RAD55xx Platform SoC. Dean Saridakis, Richard Berger, Joseph Marshall *** *** *** *** *** *** *** photo courtesy of NASA

Zatara Series ARM ASSP High-Performance 32-bit Solution for Secure Transactions

Application Brief. QorIQ P2040/P2041, P3 and P5 Series. High-performance multicore processors. freescale.com/qoriq

MIL-STD-1553 (T4240/T4160/T4080) 12/8/4 2 PMC/XMC 2.0 WWDT, ETR, RTC, 4 GB DDR3

MIL-STD-1553 (T4240/T4160/T4080) 12/8/4 2 PMC/XMC 2.0 WWDT, ETR, RTC, 4 GB DDR3

SABRE for Automotive Infotainment Quick Start Guide. Smart Application Blueprint for Rapid Engineering Based on the i.mx 6 Series

Introduction to Sitara AM437x Processors

Maximizing heterogeneous system performance with ARM interconnect and CCIX

On-Chip Debugging of Multicore Systems

The Next Steps in the Evolution of Embedded Processors

When Reliability, Safety and Security Matter, Trust Power Architecture Technology. freescale.com

Quick Start Guide. TWR-VF65GS10 For Vybrid Controller Solutions Based on ARM Cortex -A5 and Cortex-M4 Processors with the DS-5 Toolchain TOWER SYSTEM

Microsemi Secured Connectivity FPGAs

Freescale, the Freescale logo, AltiVec, C-5, CodeTEST, CodeWarrior, ColdFire, ColdFire+, C- Ware, the Energy Efficient Solutions logo, Kinetis,

Zynq-7000 All Programmable SoC Product Overview

EDGE COMPUTING & IOT MAKING IT SECURE AND MANAGEABLE FRANCK ROUX MARKETING MANAGER, NXP JUNE PUBLIC

Welcome to the Future of Industrial Communication. Introducing the netx Family of Controllers by Hilscher

QorIQ T4 Family of Processors. Our highest performance processor family. freescale.com

NEXCOM IoT Controller Solution Brings Intelligence to Manufacturing

Securing Intelligent Industrial and Networking Devices

Intelop. *As new IP blocks become available, please contact the factory for the latest updated info.

An Intelligent NIC Design Xin Song

AT-501 Cortex-A5 System On Module Product Brief

Designing Security & Trust into Connected Devices

PC Touchpad Appliance

OK335x Products Guide. Contents

Design Choices for FPGA-based SoCs When Adding a SATA Storage }

Microsemi IP Cores Accelerate the Development Cycle and Lower Development Costs

The S6000 Family of Processors

MYD-C437X-PRU Development Board

Freescale i.mx6 Architecture

10 Steps to Virtualization

SAM A5 ARM Cortex - A5 MPUs

Cypress PSoC 6 Microcontrollers

C912 Freescale QorIQ T4 3U VPX SBC

OK335xS Users Manual Part I - Introduction

Kinetis SDK Release Notes for the TWR-K24F120M Tower System Module

Designing, developing, debugging ARM Cortex-A and Cortex-M heterogeneous multi-processor systems

TRENDS IN SECURE MULTICORE EMBEDDED SYSTEMS

CCIX: a new coherent multichip interconnect for accelerated use cases

Renesas Synergy MCUs Build a Foundation for Groundbreaking Integrated Embedded Platform Development

C900 PowerPC G4+ Rugged 3U CompactPCI SBC

Quick Start Guide. SABRE Platform for Smart Devices Based on the i.mx 6 Series

«Real Time Embedded systems» Cyclone V SOC - FPGA

Product Series SoC Solutions Product Series 2016

DesignWare IP for IoT SoC Designs

MAC57D5xx Start-Up Sequence

Wai Chee Wong Sr.Member of Technical Staff Freescale Semiconductor. Raghu Binnamangalam Sr.Technical Marketing Engineer Cadence Design Systems

THE RTOS AS THE ENGINE POWERING THE INTERNET OF THINGS

Resilient IoT Security: The end of flat security models

Trustzone Security IP for IoT

MC34708TRN Rev /1/2011

PowerQUICC Processors Simplify Deterministic Industrial Networks

COMPUTING COMX-T2081 / COMX-T1042. COM Express Modules. Data Sheet

User Guide. for TAHOE 8622

Designing with ALTERA SoC Hardware

Hugo Cunha. Senior Firmware Developer Globaltronics

Implementing Industrial Ethernet Field Device Functionality by Using FPGAs

Automotive Challenges Addressed by Standard and Non-Standard Based IP D&R April 2018 Meredith Lucky VP of Sales, CAST, Inc.

SoC Platforms and CPU Cores

Simplify System Complexity

Freescale i.mx Applications Processors based on ARM Technology Connected Multimedia

Simplifying Multiprotocol Industrial Ethernet Communication. Sandeep Kumar December 2016

Kinetis KE1xF512 MCUs

How to protect Automotive systems with ARM Security Architecture

Your Strategic Partner for Renesas RZ/G1x Products & Solutions

Security in NVMe Enterprise SSDs

Quick Start Guide for i.mx28 EVK. i.mx28 EVK Multimedia and connectivity

New System Solutions for Laser Printer Applications by Oreste Emanuele Zagano STMicroelectronics

QorIQ P4080 Software Development Kit

Designing Security & Trust into Connected Devices

Freescale s definition:

How to add Industrial Ethernet to Computer Numeric Control (CNC) Router Machine

Exploring System Coherency and Maximizing Performance of Mobile Memory Systems

SmartFusion2 SoC FPGA Demo: Code Shadowing from SPI Flash to SDR Memory User s Guide

Introducing the AM57x Sitara Processors from Texas Instruments

Secure Boot in the Zynq-7000 All Programmable SoC

FA3 - i.mx51 Implementation + LTIB

. Micro SD Card Socket. SMARC 2.0 Compliant

Building secure devices on the intelligent edge with Azure Sphere. Paul Foster, Microsoft Dr Hassan Harb, E.On

Beyond TrustZone Security Enclaves Reed Hinkel Senior Manager Embedded Security Market Develop

Getting Started with FreeRTOS BSP for i.mx 7Dual

Freescale Kinetis Software Development Kit Release Notes

Differences Between P4080 Rev. 2 and P4080 Rev. 3

Enabling the Migration to an All-IP Network

Freescale, the Freescale logo, AltiVec, C-5, CodeTEST, CodeWarrior, ColdFire, C-Ware, the Energy Efficient Solutions logo, mobilegt, PowerQUICC,

Bringing Intelligence to Enterprise Storage Drives

What s In Your e-wallet? Using ARM IP to Enable Security in Mobile Phones. Richard Phelan Media Processing Division TrustZone Security Technology

CM10 Rugged COM Express with TI Sitara ARM Cortex-A15

FPGA Adaptive Software Debug and Performance Analysis

Quick Start Guide TRK-KEA. Kinetis EA Series MCUs for Automotive Electronics Applications. StarterTRAK

Quick Start Guide. TWR-P1025 QorIQ Processor with Networking and Industrial Connectivity and Protocol Offload Engine TOWER SYSTEM

Azure Sphere Transformation. Patrick Ward, Principal Solutions Specialist

Transcription:

High-Performance, Highly Secure Networking for Industrial and IoT Applications Table of Contents 2 Introduction 2 Communication Accelerators 3 Enterprise Network Lineage Features 5 Example applications Abstract The networking, industrial control, Machine-to-Machine (M2M) and emerging Internet of Things (IoT) markets all share a similar basic requirement: the ability to safely and securely connect a variety of end points and support centralized control across the network. The widespread adoption of the Internet Protocol (IP) standard now commonly used in enterprise networks by the industrial automation, M2M and IoT markets is allowing them to leverage common networking building blocks across these emerging application spaces. This paper will discuss the additional requirements for ensuring industrial, M2M and IoT networks incorporate support for trust, security, high reliability and efficient performance.

Introduction The networking, industrial control, machine-to-machine (M2M) and emerging Internet of Things (IoT) markets all share a similar basic requirement: the ability to connect a variety of end points together and support centralized control of the network. The widespread adoption of the Internet Protocol (IP) standard enables industrial automation, M2M and IoT applications to leverage common network connectivity building blocks. The adoption of to enable connectivity between machines on the factory floor has been growing steadily as manufacturers seek greater visibility to data, improved productivity and the ability to remotely manage their industrial operations. Enhancing the visibility and management of networked factory devices, which enables streamlining of their associated functions, depends on the ability to ensure the data carried across the factory network remains secure. Freescale continues to lead the industry in this trend as one of the top suppliers of networking processors used in control and data plane applications for more than 20 years. Whether the design involves networking infrastructure, industrial control networks (gateways or PLCs) or factory floor equipment, some essential requirements must be satisfied: deliver exceptional reliability, data security, efficient packet processing and enhanced connectivity support. Freescale first established itself as the industry leader for networking solutions by supporting these requirements with its communication processors based on Power Architecture technology. Building on this expertise and record of innovation achieved over the past twenty years, Freescale announced the first QorIQ networking processor family based on the ISA. The innovative QorIQ LS1021A processor is equipped with dual high-efficiency ARM cores with ECC-protected L1 and L2 caches to ensure maximum reliability and support operating speeds up to 1 GHz. The dual ARM cores are complimented by the highest level of integration ever offered in a sub-3 W microprocessor. High-performance networking interfaces include Gigabit, PCI Express 2.0, and 3.0. The LS1021A processor also features support for legacy serial interfaces, including HDLC, UART,, SPI, and PWM/Quadric decoding. In addition to the wide variety of communication interfaces, the processor offers support for SDHC,, and an integrated LCD controller. Communication Accelerators In process automation and manufacturing control applications, the network must be always available, highly reliable and secure. At the same time, network processors need to provide intelligent features that allow companies to take advantage of the flow of information available today within their networks. To deliver maximum reliability and bullet-proof security, Freescale network processors integrate industry-leading network acceleration and protection technologies. Among these technologies is the programmable micro QUICC Engine that supports Field Bus and RS485 protocols such as PROFIBUS (both master and slave), as well as legacy HDLC and TDM communication protocols. Supporting connectivity, each of the virtualized, enhanced triple speed controllers (VeTSEC) support IEEE 1588 time stamping on both ingress and egress, along with timer and pulse implementation in hardware. The hardware also supports software 2

managed queues, which when combined with the ingress parsing up to ISO layer 4 and hardware prioritization on egress, allows for simple effective queuing to be implemented. These proven controllers are common to other Freescale processors used in industrial applications and are supported by a wide variety of mature software drivers, including software stacks for Industrial (EtherCAT Master), PROFINET (RT), EtherNet/IP and PRP. QorIQ LS1021A Processor Block Diagram System Control Internal Boot ROM Fuses Monitor Power Management DMA System Interfaces IFC Flash QuadSPI Flash 1x SD/MMC 2x DUART, 6x LP UART 3x, 2x SPI, GPIO Audio Subsystem: 4x, ASRC, SPDF 4x,, PWM 1x 3.0 w/ 2.0 LCD 4-Lane 6 GHz SerDes Complex Basic Peripherals and Interconnect Accelerators and Control Networking Elements Enterprise Network Lineage Features The QorIQ LS1021A processor was designed from the ground up to meet the needs of demanding and rugged networked applications. This is achieved by incorporating error detection and correction (ECC) technology on all memories, including Layer 1 and 2 caches, as well as and external DDR memory for maximum reliability, as well as watchdog timers. Complimenting the reliability enabled by ECC-protected memories is a high-performance security engine that supports a full array of data protection mechanisms, including secure boot, trust architecture, ARM TrustZone and manufacturing protection, which together enable the maximum in trusted node capability. These features are essential in IoT applications where many edge of network devices and sensors will be capturing and transmitting user-specific data between nodes. Since this data can be directly related or linked to an individual user, it is essential that the data be encrypted. This is increasingly being regulated and monitored by legislation which extends to the specification of encryption standards and protocols to be used. The inevitable result will be a requirement that communication processors used in M2M or IoT applications must have the capability of performing cryptographic operations, such as hashing, signing and encrypting data, as well as a secure key storage unit in order to meet regulatory requirements. 3

Industrial communication links must also be secure, not just from data snooping but also from unauthorized control which could result in such costly events as taking down a production line. However, even if the data transmitted between the network communication links is encrypted, the physical device may still be vulnerable to attack via an unauthorized modification of the program software. Therefore, a device must not only provide secure communication, but be able to operate as a trusted node. A trusted node is a device that the user can fully rely on to not only protect data, but to ensure it only executes authentic software created for it by the user. In the real world trust is typically conferred, and this concept extends in similar fashion to the digital world. If you get information (data or a command) from a trusted source, you can assume that it is reliable, valid information. Booting up a trusted device requires a root of trust, which can be an external (typically expensive) device, such as an FPGA or ASIC, or it can be integrated in the SoC (system-on-chip) itself, as it is in the QorIQ LS1 product family. In the case of the LS1021A processor, authentication is performed within a preboot loader that is contained completely in internal ROM. This implementation provides a one-time user programmable authentication KEY to be used with the preboot loader, creating the trust needed to prevent unauthorized code/users from manipulating the system. The trusted node feature is enabled by writing the authentication KEYs and an enable bit, which are one-time user programmable fuses. Once the Trust mode is enabled, external boot code image(s) (e.g., boot loader, OS kernels or even bare metal code) will only be executed after it has been decrypted and authenticated by the preboot loader KEYs. This code then becomes the next source of trust. Included in the decrypted/authenticated code can be data-like KEYs that can be used in the trusted communication links. Support for a primary and alternate (secondary) signed code images to provide additional reliability. The external code image is encrypted using the same KEY(s) blown into KEY area on the QorIQ LS1021A processor by the user s development team with the tool chain provided to program the device. Hence, the code image is known to be secure when it leaves the development group. Once the code image is authenticated by the device, the device operates in the secure state. To maintain the secure operation state, additional security features are available to detect and prevent unauthorized tampering or manipulation of the code/data in external memory. The secure debug controller manages access to the system through the JTAG interface, which can be closed down unconditionally or be opened in various access modes upon passing a challenge/response sequence. The Run-Time integrity checker supports periodic checks of predefined memory regions for modification (by harmful or defective code) by continuously calculating and comparing hashes of these memory regions. An external tamper detection pin can be used to detect physical attacks to the device. Finally, ARM TrustZone supports the division of the system into secure and nonsecure zones and controls access privileges between those zones. 4

All security failures are collected and their severity evaluated by the security monitor that is part of the secure nonvolatile storage unit, which then executes the respective actions. This could be the automatic deletion of sensitive information, such as KEYs, and to notify the operating system of such a violation. The second block related to security is the cryptographic engine block, which covers acceleration of the security and encryption algorithms to be implemented. Note, this is used by the preboot loader to accelerate the decryption/authentication boot process. This block provides hardware acceleration for the algorithms associated with IPSec, SSL/TLS, WiMAX and various other standards; many of them with single-pass processing involved whenever data in the IoT has to be exchanged and transported out of the device. It is a modular and scalable security core that is optimized to process all it can, and even perform multi-algorithmic operations (e.g., 3DESHMAC-SHA-1) in a single pass of data. Some of the algorithms implemented in hardware are XOR, DES, AES and a NIST-certified random number generator. Summary To enable high performance, highly secure network connectivity for industrial control, M2M and IoT applications, some essential requirements must be satisfied: exceptional reliability, ensure data is secure, deliver efficient packet processing, and enhanced connectivity support. The QorIQ LS1021A processor has been engineered to meet these requirements, delivering exceptional performance efficiency together with an optimized mix of connectivity and security features. Example applications Following are a collection of example use cases for industrial and IoT applications that can be supported based on the feature set of the QorIQ S1021A processor. Programmable Logic (PLC): QorIQ LS1021A Processor open PROFINET EtherNet/IP ETHERNET Powerlink Modbus TCP/IP EhterCAT Master 4-Lane 6 GHz SerDes LCD 2.0 SDHC RS485 RS485 RS485 RS485 RS485 RS485 SD Card PROFIBUS Modbus DeviceNet open J1939 Harddrive 3.0 3.0 Quad SPI NOR NAND IFC SPI UART Console DDR FLASH 5

Wireless Gateway (Trusted Node): QorIQ LS1021A Processor 4-Lane 6 GHz SerDes LCD PCIe 2.0 SDHC SD Card PCIe 3.0 Quad SPI NOR NAND IFC SPI UART Console DDR FLASH Network Attached Encrypted Storage: QorIQ LS1021A Processor 4-Lane 6 GHz SerDes LCD PCIe 2.0 SDHC SD Card Harddrive 3.0 3.0 Quad SPI NOR NAND IFC SPI UART Console DDR FLASH 6

For more information, please visit /QorIQ Freescale, the Freescale logo and QorIQ are trademarks of Freescale Semiconductor, Inc., Reg. U.S. Pat. & Tm. Off. QUICC Engine is a trademark of Freescale Semiconductor, Inc. All other product or service names are the property of their respective owners. ARM, Cortex and TrustZone are registered trademarks of ARM Limited (or its subsidiaries) in the EU and/or elsewhere. All rights reserved. The Power Architecture and Power.org word marks and the Power and Power.org logos and related marks are trademarks and service marks licensed by Power.org. 2014 Freescale Semiconductor, Inc. Document Number: QORIQINDIOTWP REV 0 August 2014

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback