Alif Semiconductor’s Novel Architecture Sets the Bar for Security to New Heights in Deployed Edge Products

Alif Semiconductor, supplier of the most power efficient Edge AI-enabled secure MCUs and fusion processors in the market, today announced its advanced on-chip security solution.

Alif Semiconductor, supplier of the most power efficient Edge AI-enabled secure MCUs and fusion processors in the market, today announced its advanced on-chip security solution. Alif Semiconductor’s unique security architecture brings together a combination of technologies which include an integrated Secure Enclave with its own resources and a highly configurable secure firewall structure, multiple general purpose and neural processing cores with secure communication between them, and in-factory creation of unique device key pairs within every device. Alif leverages all these elements to secure the next wave of deployed Edge devices that are powered by advanced processing including Artificial Intelligence and Machine Learning (AI/ML).

Bullet-Proof Security Baseline in Ensemble Devices

The Secure Enclave, standard in every device of the Ensemble family, is a dedicated isolated subsystem for management of vital security functions like secure key management and storage, secure boot with an immutable Root-of-Trust, attestation at run-time using certificates, hardware cryptographic services, secure debugging, read-out protection, secure firmware updates, power management, and complete lifecycle management.

A solid foundation of trust is essential to make security functions effective. During manufacturing, the Secure Enclave on every Ensemble device establishes the required trust foundation by creating and storing unique device key pairs internally which can be used to identify and authenticate each device, eliminating the need for external equipment such as a Hardware Security Module (HSM) to inject the keys. The result – every device and every customer can establish a chain of trust from the network to the device, by design, without introducing any complex, risky, or costly third-party dependencies to inject secrets, even after end-products are deployed in the field.

Going Beyond the Baseline

The Alif Ensemble family scales from single core to a new class of multi-core devices, that combine up to two Cortex-M55 MCU cores, up to two Cortex-A32 microprocessor cores capable of running high-level operating systems, and up to two Ethos-U55 microNPUs for AI/ML acceleration.

For each CPU core, developers may allocate any portion of memory, or any individual peripheral, either shared or separated, using the Secure Enclave because of its unique firewall mechanism. Not only does this grant great flexibility to the developer but also infuses a high level of system security with durable separation of resources between multiple processing subsystems as well as secure and non-secure operations. This extends security well beyond the capabilities of traditional Arm TrustZone that is optimized for single-core operation.

The Secure Enclave itself will always boot from a known good ROM image, allowing it to validate that no other parts of the system have been maliciously interfered with before allowing code to begin executing on any of the application cores.

What this Means for Alif’s Customers

Affordable solid security. Ensemble devices bring robust and sophisticated security measures inside the chip while at the same time removing external costs such as a separate secure MCU on the circuit board, or the use of a third-party HSM service when the end-product is manufactured or in the field.

Life cycle management. The Secure Enclave ensures one-way progress through the life cycle of the chip and the end-product from manufacture, to development, to deployment, to maintenance, to retirement. This blocks cloning, rollbacks, malware, and IP theft.

Security standards. Alif Semiconductor has taken an ambitious and proactive stand on forward-looking security requirements to provide you with a coherent security posture for the applications, deployments, and life cycle management of tomorrow, painting the ambitions of IEC 62443, IEC/ISO 27001, ISA/SAE 21434 and OWASP for renewable security and defense in-depth.

Exit mobile version