A collaboration between Intel and SecureRF enables users of Intel’s DE10-Nano kit to also take advantage of SecureRF’s market-ready DE10-Nano Security Toolkit to protect their next IoT application. Intel’s DE10-Nano kit is based on a Cyclone V system-on-chip (SoC) field programmable gate array (FPGA).
FPGAs like Intel’s Cyclone V require security functions, such as a secure boot or remote device authentication and identification. The problem is legacy security methods such as ECC are computationally expensive and won’t work on the low-resource devices (e.g., 8-bit sensors) with which the FPGA gateway may need to communicate. SecureRF’s asymmetric authentication and data protection tools provide DE10-Nano users with easy-to-implement security.
SecureRF’s Ironwood Key Agreement Protocol and Walnut Digital Signature Algorithm (WalnutDSA) deliver fast, ultra-low-energy security that will protect IoT devices even when quantum computers become available and render currently used methods obsolete. Based on Group Theoretic Cryptography methods, SecureRF’s cryptosystems are up to 60 times more efficient than ECC, and consume up to 140 times less energy.
To start working with the DE10-Nano and SecureRF solutions, developers can download SecureRF’s DE10-Nano SD card image, which is available on the Security Toolkit webpage. The image includes SecureRF’s WalnutDSA Digital Signature Verification Algorithm and Ironwood Key Agreement Protocol. The latter enables two endpoints to generate a shared secret over an open channel. WalnutDSA enables one device to generate a document that is verified by another. Both are implemented partially in software on the Intel Cyclone V’s ARM Cortex-A9 and partially in FPGA fabric. The FPGA image is configured to run WalnutDSA together with Ironwood as a demo.
The SD card comes with three separate demos to help demonstrate the operation of the signature algorithm and the key agreement protocol. The first demo showcases the basic operation of both the WalnutDSA engine and the Ironwood KAP from within your computer’s terminal.
The second demo shows Ironwood KAP’s speed in both hardware and software. The demo compares the speed of shared secret calculations running in the Cyclone V’s FPGA fabric versus on the ARM Cortex-A9 HPS. The results show cryptographic calculations running faster in hardware.
The final demo reproduces a real-world application that involves authenticating a remote IoT device via a TCP socket. The DE10-Nano serves as an IoT base station or gateway, while a Java application on the PC emulates low-resource remote device, such as a sensor or actuator.
Adapting the Demo Code for Specific Designs
The SD card image contains the source code for the DE10-Nano side of the third demo, meaning engineers can adapt it for use in their designs. Moreover, on the remote device side, there is the SecureRF IoT Embedded SDK, which implements the same approaches, but in software. There are code libraries for a variety of 8-, 16- and 32-bit microcontrollers. By incorporating this SDK into a remote device, it can both authenticate and be authenticated by a DE10-Nano board.