Imagination Unveils Security Platform for SoCs

Imagination's OmniShield offers scalable security and multiple domains for newly connected devices, such as those that make up the Internet of things.

SoC security

Imagination Technologies is introducing a technology designed to bring greater security to SoCs that will power not only smartphones, but also in-car systems, gateway routers and devices for the growing Internet of things.

The company, which makes its own MIPS-based systems-on-a-chip (SoCs) as well as GPUs and other processors, is unveiling OmniShield, a technology that offers multiple security domains to ensure that each application and operating system on the SoC can run independently from each other without impacting performance or power efficiency.

The multiple domains—up to eight separate hardware zones can be created for various applications and operating systems—enable such secure processes as digital rights management (DRM) and payment systems that can securely run side-by-side with non-secure tasks such as gaming and Web browsing. This capability will become increasingly important as Internet of things (IoT) devices become more commonplace.

Security is a key issue in the IoT, given the rapid growth in the number of connected devices. Cisco Systems officials estimate that by 2020, there will be more than 50 billion connected devices globally, quickly growing the attack surface for cyber-criminals. Imagination is looking to challenge Intel and ARM with its low-power MIPS architecture in everything from automotive technology and the IoT to smarpthones and tablets.

ARM offers its own mobile hardware security in its TrustZone technology, which separates a secure zone from a non-secure environment.

OmniShield addresses not only the CPU in an SoC, but also the GPU and other processors, all of which share application data and resources in heterogeneous environments, Imagination officials said. The GPU and other SoC components increasingly face the same exposure as the CPU, which means they will need the same protections, according to Imagination officials.

The technology, which covers both hardware and software, also makes life easier for developers, who will be able to develop code in virtualized environments, the company said.

"There is revolution driving the world of semiconductors right now," Alexandru Voica, senior technology marketing specialist at Imagination, said in a post on the company blog. "From wearables to smart cars and homes, it seems connectivity is replacing orange as the new black of worldwide innovation. However, when connecting billions of users to the internet and to each other, companies must ensure that devices implement future-proof security. The easiest way to address this is by relying on a powerful of hardware and software—and this is where OmniShield from Imagination steps in."

Current security offerings—which Imagination officials said tend to be CPU-centric and binary, with one secure zone and one non-secure zone—are good enough for products on the market now, Voica wrote. However, the multiple security domains and the ability to scale is what differentiates OmniShield and makes it a better fit for the next generation of connected products that need to support a growing array of applications and services. For example, set-top boxes now must not only protect broadcast content, but also over-the-top (OTT) streaming video and third-party applications. In addition, communications in cars is being tied tightly to smartphones and their host of third-party applications.

He compared OmniShield and its multiple domains to a house that not only has locks on the outside doors and windows, but also locks on every door within the house and on storage boxes within those rooms.

The ability to create such multiple security domains is a feature on Imaginations MIPS Warrior CPUs, but also on its PowerVR Series7 GPUS—and select PowerVR Series6XT GPUs—and Ensigma network processors, according to Voica. All of the processors in an SoC are protected, officials said.

A security working group within the Prpl Foundation—an industry group Imagination launched last year to accelerate the adoption of its low-power MIPS architecture—is working to create an overall security framework, open APIs and reference platforms, according to company officials. Among the members of the working group are Qualcomm, Broadcom and Intel's Lantiq business.

Imagination and others in the Prpl Foundation also are working on a range of OmniShield-ready IP technologies, such as trusted boot and other security features, as well as trusted hypervisors and secure OS. The first of these will become available this year through the foundation.