This interview is part of an ongoing series VDC conducts with leading IoT and embedded technology providers to share views on their company, products, and state of the market.
Majid Bemanian, Director of Segment Marketing, Imagination Technologies
Majid Bemanian is Director of Segment Marketing for Imagination Technologies, responsible for driving the company’s strategic security initiatives and leading its market strategy for the networking and storage segments. He also co-chairs the prpl Foundation’s security working group, focused on developing open standards and APIs around next-generation embedded security solutions. He has more than 30 years of high-tech industry experience.
In part one of this blog, Majid touched on the evolving IoT threat landscape and how open source communities are crucial to securing embedded platforms.
VDC: Why is hardware-based security important? Are there drastic penalties to embedded computing resources in implementing such technologies?
MB: Hardware by definition can be designed to be immutable. This characteristic can be the foundation of establishing security on a platform. Software that is not protected by hardware based security is more vulnerable to attacks.
There is always some overhead associated with implementing security in hardware. However, the level of security is clearly a function of the attack profile. As a result, embedded security should be looked at holistically. In some cases, a hierarchical approach to securing an embedded application may result in reduced overall overhead. For example, a connected home will have dozens of IoT nodes where each IoT node could have full security built in a silo, but it might make more sense for these nodes to be protected within classified groups.
VDC: Imagination Technologies obviously provides a lot of different embedded processor IP spanning MIPS processing, PowerVR multimedia, Ensigma communications, and more. How does supporting several processor stack elements benefit Imagination’s security-based offerings and solutions?
MB: Security by Separation must be the first step in protecting an IoT device, in order to isolate the critical assets from potential hazards. This should be implemented across all of the processors (CPU, GPU, NPU, etc.) in a system. By adopting a similar approach across processors to enforce isolation policies, a common methodology can be adopted by ecosystem developers.
Through Imagination’s OmniShield, Imagination’s IP families, including MIPS CPUs and PowerVR GPUs, are designed with support for hardware virtualization that can enforce separation among different software contexts. Such separation can provide support for a trusted execution environment where trusted applications can reside. We uniquely provide this technology in all levels of our CPUs including our MCU-class CPUs since with the IoT, security needs to be addressed at every layer.
Importantly, the traditional binary approach to SoC security – with one secure zone and one non-secure zone, will not provide the level of security needed for the IoT. With Omnishield, multiple secure zones can be created so that applications, operating systems and future services can be isolated and protected from the other elements of the system.
Once the critical assets are isolated from potential vulnerabilities, a Root of Trust (RoT) forged in hardware can enforce trust to assure both authentication and privacy, and establish a chain of trust for all subsystems. And a Trusted Element can support the secure operation of an IoT device from power-up throughout its operating life.
VDC: Do you have any last words for our readers today?
MB: Security for IoT devices must be engineered from the ground up. The possible consequences of poor security practices can be far reaching: if IoT devices are not future-proofed users can lose their personal and financial data; hackers can remotely takeover of devices and governments and enterprises can be crippled. Each stakeholder in the IoT and connected device supply chain will benefit from playing a role in ensuring that these devices are designed with longevity and an open security approach in mind.
View the 2017 IoT & Embedded Technology Research Outline to learn more about VDC’s embedded processor and security market coverage.