The Security of Edge Devices is Increasingly Important 

Future systems will encompass billions of interconnected devices. They will form an attractive target for attackers. Edge devices are part of these systems. They process data closer to where it is generated while connecting with remote and cloud-based services. They collect raw data from sensors, analyze and extract relevant information to be delivered to the cloud and present it to local users. In most cases, this information contains sensitive data that needs to be protected. Also, some edge devices have actuators to control utilities and machinery that can be misused; therefore, the commands received from remote services need to be verified as authentic and originating from the proper controlling entities. This makes them interesting targets for the attackers.

At NXP, we believe security is a holistic system process and not an add-on feature. A system is as secure as its weakest component that an attacker can reach. Edge devices, in particular, can be a lucrative attack target, particularly if connected to, and communicating with, many other devices. These edge devices must be protected with robust, easy-to-deploy security technology.

Additional protection and some level of intrusion detection must be implemented for edge devices. At the system-on-chip (SoC) level, integrated hardware capabilities, such as root of trust, tamper detection, secure boot and secure enclaves, combined with software mitigation techniques can all be used to protect devices and thwart intrusions and attacks. This is the heart of the NXP approach to security.

 

Leveraging AI for Attack Detection

Within the EdgeAI project, NXP Germany and the University of Lübeck are working on the development of an AI-based intelligent monitoring module that is integrated in the edge hardware to detect physical attacks. These are non-invasive, semi-invasive and invasive attacks that exploit hardware vulnerabilities to compromise edge systems. The idea is to experiment with different AI algorithms to provide a low-power, low-latency and yet robust attack detection mechanism.

Current approaches use one low-level feature of hardware to detect such attacks. To optimize the detection rate, the planned demonstrator will capture multiple attack-detection-relevant features of edge hardware by many on-chip sensor sources and deploy an AI model to detect physical attacks. The implementation will be integrated in a System on Chip (SoC) and will make use of selected AI accelerators based on the open-hardware RISC-V architecture. A RISC-V core will also be used as the CPU of the SoC.

The goal is to improve the user experience by providing a more flexible physical attack detection, which leads to a reduced number of active security countermeasure events (resets, timeouts, locked devices), and enabling a flexible reaction to new security attacks that is not relying on fixed sensor configurations.

In the scope of the EdgeAI project, this technology will be implemented in a demonstrator in Value Chain 2 “Energy”, addressing stand-alone “micro” level edge processing products like Smart Meters or IoT devices. The successful implementation will show how AI can be utilized to improve the reaction of security features implemented on a micro-edge device.

Blog signed by: NXP team

Share This