High-Performance, Highly Secure Networking for Industrial and IoT Applications



Similar documents
M-Shield mobile security technology

QorIQ T1 and T2 Families of Communications Processors. Built for speed, designed to connect. freescale.com

AppliedMicro Trusted Management Module

SABRE Lite Development Kit

P1010 and P1014 low-power communications processors

DesignWare IP for IoT SoC Designs

ZigBee Technology Overview

Network connectivity controllers

ARM Cortex -A8 SBC with MIPI CSI Camera and Spartan -6 FPGA SBC1654

Pre-tested System-on-Chip Design. Accelerates PLD Development

System-on-a-Chip with Security Modules for Network Home Electric Appliances

WIND RIVER INTELLIGENT DEVICE PLATFORM XT

7a. System-on-chip design and prototyping platforms

QorIQ T4 Family of Processors. Our highest performance processor family. freescale.com

Smarter Infrastructure for a Smarter World

i.mx USB loader A white paper by Tristan Lelong

SBC8600B Single Board Computer

STM32 F-2 series High-performance Cortex-M3 MCUs

Providing Security for Smart Energy Systems: An Industrial White Paper. Meera Balakrishnan Freescale Semiconductor. freescale.com

All Programmable Logic. Hans-Joachim Gelke Institute of Embedded Systems. Zürcher Fachhochschule

The Freescale Embedded Hypervisor

Hardware Virtualization on. ARM Cortex-A Low-Cost Building automation

Cut Network Security Cost in Half Using the Intel EP80579 Integrated Processor for entry-to mid-level VPN

THE RTOS AS THE ENGINE POWERING THE INTERNET OF THINGS

CycurHSM An Automotive-qualified Software Stack for Hardware Security Modules

Notes and terms of conditions. Vendor shall note the following terms and conditions/ information before they submit their quote.

Standardization with ARM on COM Qseven. Zeljko Loncaric, Marketing engineer congatec

Wireless Microcontrollers for Environment Management, Asset Tracking and Consumer. October 2009

Digitale Signalverarbeitung mit FPGA (DSF) Soft Core Prozessor NIOS II Stand Mai Jens Onno Krah

Embedded Java & Secure Element for high security in IoT systems

BEAGLEBONE BLACK ARCHITECTURE MADELEINE DAIGNEAU MICHELLE ADVENA

OPART: Towards an Open Platform for Abstraction of Real-Time Communication in Cross-Domain Applications

ARM Processors and the Internet of Things. Joseph Yiu Senior Embedded Technology Specialist, ARM

Eureka Technology. Understanding SD, SDIO and MMC Interface. by Eureka Technology Inc. May 26th, Copyright (C) All Rights Reserved

760 Veterans Circle, Warminster, PA Technical Proposal. Submitted by: ACT/Technico 760 Veterans Circle Warminster, PA

Atmel SMART ARM Core-based Embedded Microprocessors

Architekturen und Einsatz von FPGAs mit integrierten Prozessor Kernen. Hans-Joachim Gelke Institute of Embedded Systems Professur für Mikroelektronik

Software Datapath Acceleration for Stateless Packet Processing

Going Linux on Massive Multicore

Networking Services Trusted at every level and every phase

Developing an Application on Core8051s IP-Based Embedded Processor System Using Firmware Catalog Drivers. User s Guide

Special FEATURE. By Heinrich Munz

How To Improve Performance On A P4080 Processor

Java Embedded Applications

SHE Secure Hardware Extension

MPX28. o UART, SD-CARD, I2C, PWM, Serial Audio, SPI Power management optimized for long battery life 3.3V I/O

How to Run the MQX RTOS on Various RAM Memories for i.mx 6SoloX

Von der Hardware zur Software in FPGAs mit Embedded Prozessoren. Alexander Hahn Senior Field Application Engineer Lattice Semiconductor

White Paper. Freescale s Embedded Hypervisor for QorIQ P4 Series Communications Platform

Freescale Security Backgrounder Page 1

Software engineering for real-time systems

UG103.8 APPLICATION DEVELOPMENT FUNDAMENTALS: TOOLS

Intel Processors in Industrial Control and Automation Applications Top-to-bottom processing solutions from the enterprise to the factory floor

CONNECT PROTECT SECURE. Communication, Networking and Security Solutions for Defense

Video/Cameras, High Bandwidth Data Handling on imx6 Cortex-A9 Single Board Computer

OpenSPARC T1 Processor

SBC6245 Single Board Computer

Hardware Security Modules for Protecting Embedded Systems

Embedded Linux Platform Developer

KeyStone Architecture Security Accelerator (SA) User Guide

INDUSTRIAL CONTROL TECHNOLOGY. A Handbook for Engineers and Researchers. Peng Zhang. Beijing Normal University, People's Republic of China

ADM5120 HOME GATEWAY CONTROLLER. Product Notes

System Design Issues in Embedded Processing

A Design of Video Acquisition and Transmission Based on ARM. Ziqiang Hao a, Hongzuo Li b

applicomio Profibus-DP

Freescale Semiconductor, Inc. Product Brief Integrated Portable System Processor DragonBall ΤΜ

Use of the ZENA MiWi and P2P Packet Sniffer

Internet of things (IOT) applications covering industrial domain. Dev Bhattacharya

White Paper Increase Flexibility in Layer 2 Switches by Integrating Ethernet ASSP Functions Into FPGAs

FOR IMMEDIATE RELEASE

Chapter 3: Operating-System Structures. Common System Components

Quick Start Guide. USB Packet Sniffer/Dongle for Kinetis MKW22D and MKW24D Wireless MCUs USB-KW24D512

GE Intelligent Platforms. PACSystems High Availability Solutions

M-Shield Mobile Security Technology: making wireless secure

Zynq SATA Storage Extension (Zynq SSE) - NAS. Technical Brief from Missing Link Electronics:

WISE-4000 Series. WISE IoT Wireless I/O Modules

Pen Drive to Pen Drive and Mobile Data Transfer Using ARM

MPSoC Designs: Driving Memory and Storage Management IP to Critical Importance

Building Blocks for PRU Development

Product Brief. R7A-200 Processor Card. Rev 1.0

Patterns for Secure Boot and Secure Storage in Computer Systems

Hardware and Software Assists in Virtualization

SSL ACCELERATION DEPLOYMENT STRATEGIES FOR ENTERPRISE SECURITY

Ways to Use USB in Embedded Systems

APx4 Wireless System-on-Module 5/8/2013 1

Intel Ethernet Switch Load Balancing System Design Using Advanced Features in Intel Ethernet Switch Family

Broadcom Ethernet Network Controller Enhanced Virtualization Functionality

Security Technical. Overview. BlackBerry Enterprise Service 10. BlackBerry Device Service Solution Version: 10.2

Concept Engineering Adds JavaScript-based Web Capabilities to Nlview at DAC 2016

M2M For industrial and automotive

Designing Low Cost IP Telephony Platforms

FIPS Security Policy 3Com Embedded Firewall PCI Cards

Internet of Things. Opportunities for device differentiation

Bootloader with AES Encryption

IoT Security Platform

CGI-based applications for distributed embedded systems for monitoring temperature and humidity

Securing IP Networks with Implementation of IPv6

Hardware RAID vs. Software RAID: Which Implementation is Best for my Application?

10/100/1000Mbps Ethernet MAC with Protocol Acceleration MAC-NET Core with Avalon Interface

Accelerate Cloud Computing with the Xilinx Zynq SoC

Transcription:

High-Performance, Highly Secure Networking for Industrial and IoT Applications Table of Contents 2 Introduction 2 Communication Accelerators 3 Enterprise Network Lineage Features 5 Example applications Abstract The networking, industrial control, Machine-to-Machine (M2M) and emerging Internet of Things (IoT) markets all share a similar basic requirement: the ability to safely and securely connect a variety of end points and support centralized control across the network. The widespread adoption of the Internet Protocol (IP) standard now commonly used in enterprise networks by the industrial automation, M2M and IoT markets is allowing them to leverage common networking building blocks across these emerging application spaces. This paper will discuss the additional requirements for ensuring industrial, M2M and IoT networks incorporate support for trust, security, high reliability and efficient performance.

Introduction The networking, industrial control, machine-to-machine (M2M) and emerging Internet of Things (IoT) markets all share a similar basic requirement: the ability to connect a variety of end points together and support centralized control of the network. The widespread adoption of the Internet Protocol (IP) standard enables industrial automation, M2M and IoT applications to leverage common network connectivity building blocks. The adoption of to enable connectivity between machines on the factory floor has been growing steadily as manufacturers seek greater visibility to data, improved productivity and the ability to remotely manage their industrial operations. Enhancing the visibility and management of networked factory devices, which enables streamlining of their associated functions, depends on the ability to ensure the data carried across the factory network remains secure. Freescale continues to lead the industry in this trend as one of the top suppliers of networking processors used in control and data plane applications for more than 20 years. Whether the design involves networking infrastructure, industrial control networks (gateways or PLCs) or factory floor equipment, some essential requirements must be satisfied: deliver exceptional reliability, data security, efficient packet processing and enhanced connectivity support. Freescale first established itself as the industry leader for networking solutions by supporting these requirements with its communication processors based on Power Architecture technology. Building on this expertise and record of innovation achieved over the past twenty years, Freescale announced the first QorIQ networking processor family based on the ISA. The innovative QorIQ LS1021A processor is equipped with dual high-efficiency ARM cores with ECC-protected L1 and L2 caches to ensure maximum reliability and support operating speeds up to 1 GHz. The dual ARM cores are complimented by the highest level of integration ever offered in a sub-3 W microprocessor. High-performance networking interfaces include Gigabit, PCI Express 2.0, and 3.0. The LS1021A processor also features support for legacy serial interfaces, including HDLC, UART,, SPI, and PWM/Quadric decoding. In addition to the wide variety of communication interfaces, the processor offers support for SDHC,, and an integrated LCD controller. Communication Accelerators In process automation and manufacturing control applications, the network must be always available, highly reliable and secure. At the same time, network processors need to provide intelligent features that allow companies to take advantage of the flow of information available today within their networks. To deliver maximum reliability and bullet-proof security, Freescale network processors integrate industry-leading network acceleration and protection technologies. Among these technologies is the programmable micro QUICC Engine that supports Field Bus and RS485 protocols such as PROFIBUS (both master and slave), as well as legacy HDLC and TDM communication protocols. Supporting connectivity, each of the virtualized, enhanced triple speed controllers (VeTSEC) support IEEE 1588 time stamping on both ingress and egress, along with timer and pulse implementation in hardware. The hardware also supports software 2

managed queues, which when combined with the ingress parsing up to ISO layer 4 and hardware prioritization on egress, allows for simple effective queuing to be implemented. These proven controllers are common to other Freescale processors used in industrial applications and are supported by a wide variety of mature software drivers, including software stacks for Industrial (EtherCAT Master), PROFINET (RT), EtherNet/IP and PRP. QorIQ LS1021A Processor Block Block Diagram Diagram System Control Internal Boot ROM Fuses Monitor Power Management DMA System Interfaces IFC Flash QuadSPI Flash 1x SD/MMC 2x DUART, 6x LP UART 3x, 2x SPI, GPIO Audio Subsystem: 4x, ASRC, SPDF 4x,, PWM 1x 3.0 w/ 2.0 LCD 4-Lane 6 GHz SerDes Complex Basic Peripherals and Interconnect Accelerators and Control Networking Elements Enterprise Network Lineage Features The QorIQ LS1021A processor was designed from the ground up to meet the needs of demanding and rugged networked applications. This is achieved by incorporating error detection and correction (ECC) technology on all memories, including Layer 1 and 2 caches, as well as and external DDR memory for maximum reliability, as well as watchdog timers. Complimenting the reliability enabled by ECC-protected memories is a high-performance security engine that supports a full array of data protection mechanisms, including secure boot, trust architecture, ARM TrustZone and manufacturing protection, which together enable the maximum in trusted node capability. These features are essential in IoT applications where many edge of network devices and sensors will be capturing and transmitting user-specific data between nodes. Since this data can be directly related or linked to an individual user, it is essential that the data be encrypted. This is increasingly being regulated and monitored by legislation which extends to the specification of encryption standards and protocols to be used. The inevitable result will be a requirement that communication processors used in M2M or IoT applications must have the capability of performing cryptographic operations, such as hashing, signing and encrypting data, as well as a secure key storage unit in order to meet regulatory requirements. 3

Industrial communication links must also be secure, not just from data snooping but also from unauthorized control which could result in such costly events as taking down a production line. However, even if the data transmitted between the network communication links is encrypted, the physical device may still be vulnerable to attack via an unauthorized modification of the program software. Therefore, a device must not only provide secure communication, but be able to operate as a trusted node. A trusted node is a device that the user can fully rely on to not only protect data, but to ensure it only executes authentic software created for it by the user. In the real world trust is typically conferred, and this concept extends in similar fashion to the digital world. If you get information (data or a command) from a trusted source, you can assume that it is reliable, valid information. Booting up a trusted device requires a root of trust, which can be an external (typically expensive) device, such as an FPGA or ASIC, or it can be integrated in the SoC (system-on-chip) itself, as it is in the QorIQ LS1 product family. In the case of the LS1021A processor, authentication is performed within a preboot loader that is contained completely in internal ROM. This implementation provides a one-time user programmable authentication KEY to be used with the preboot loader, creating the trust needed to prevent unauthorized code/users from manipulating the system. The trusted node feature is enabled by writing the authentication KEYs and an enable bit, which are one-time user programmable fuses. Once the Trust mode is enabled, external boot code image(s) (e.g., boot loader, OS kernels or even bare metal code) will only be executed after it has been decrypted and authenticated by the preboot loader KEYs. This code then becomes the next source of trust. Included in the decrypted/authenticated code can be data-like KEYs that can be used in the trusted communication links. Support for a primary and alternate (secondary) signed code images to provide additional reliability. The external code image is encrypted using the same KEY(s) blown into KEY area on the QorIQ LS1021A processor by the user s development team with the tool chain provided to program the device. Hence, the code image is known to be secure when it leaves the development group. Once the code image is authenticated by the device, the device operates in the secure state. To maintain the secure operation state, additional security features are available to detect and prevent unauthorized tampering or manipulation of the code/data in external memory. The secure debug controller manages access to the system through the JTAG interface, which can be closed down unconditionally or be opened in various access modes upon passing a challenge/response sequence. The Run-Time integrity checker supports periodic checks of predefined memory regions for modification (by harmful or defective code) by continuously calculating and comparing hashes of these memory regions. An external tamper detection pin can be used to detect physical attacks to the device. Finally, ARM TrustZone supports the division of the system into secure and nonsecure zones and controls access privileges between those zones. 4

All security failures are collected and their severity evaluated by the security monitor that is part of the secure nonvolatile storage unit, which then executes the respective actions. This could be the automatic deletion of sensitive information, such as KEYs, and to notify the operating system of such a violation. The second block related to security is the cryptographic engine block, which covers acceleration of the security and encryption algorithms to be implemented. Note, this is used by the preboot loader to accelerate the decryption/authentication boot process. This block provides hardware acceleration for the algorithms associated with IPSec, SSL/TLS, WiMAX and various other standards; many of them with single-pass processing involved whenever data in the IoT has to be exchanged and transported out of the device. It is a modular and scalable security core that is optimized to process all it can, and even perform multi-algorithmic operations (e.g., 3DESHMAC-SHA-1) in a single pass of data. Some of the algorithms implemented in hardware are XOR, DES, AES and a NIST-certified random number generator. Summary To enable high performance, highly secure network connectivity for industrial control, M2M and IoT applications, some essential requirements must be satisfied: exceptional reliability, ensure data is secure, deliver efficient packet processing, and enhanced connectivity support. The QorIQ LS1021A processor has been engineered to meet these requirements, delivering exceptional performance efficiency together with an optimized mix of connectivity and security features. Example applications Following are a collection of example use cases for industrial and IoT applications that can be supported based on the feature set of the QorIQ S1021A processor. Programmable Logic (PLC): QorIQ LS1021A Processor LS1021A/LS1020A TCP/IP open PROFINET EtherNet/IP ETHERNET Powerlink Modbus TCP/IP EhterCAT Master 4-Lane 6 GHz SerDes LCD 2.0 SDHC RS485 RS485 RS485 RS485 RS485 RS485 SD Card PROFIBUS Modbus DeviceNet open J1939 J1939 Master Harddrive 3.0 3.0 Quad SPI NOR NAND IFC SPI UART Console DDR FLASH 5

Wireless Gateway (Trusted Node): QorIQ LS1021A Processor LS1021A 4-Lane 6 GHz SerDes LCD PCIe 2.0 SDHC SD Card PCIe 3.0 Quad SPI NOR NAND IFC SPI UART Console DDR FLASH Network Attached Encrypted Storage: QorIQ LS1021A Processor LS1021A 4-Lane 6 GHz SerDes LCD PCIe 2.0 SDHC SD Card Harddrive 3.0 3.0 Quad SPI NOR NAND IFC SPI UART Console DDR FLASH 6

For more information, please visit /QorIQ Freescale, the Freescale logo and QorIQ are trademarks of Freescale Semiconductor, Inc., Reg. U.S. Pat. & Tm. Off. QUICC Engine is a trademark of Freescale Semiconductor, Inc. All other product or service names are the property of their respective owners. ARM, Cortex and TrustZone are registered trademarks of ARM Limited (or its subsidiaries) in the EU and/or elsewhere. All rights reserved. The Power Architecture and Power.org word marks and the Power and Power.org logos and related marks are trademarks and service marks licensed by Power.org. 2014 Freescale Semiconductor, Inc. Document Number: QORIQINDIOTWP REV 0 August 2014

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information