Anti-tamper sensors are an essential tool among several defenses used to protect against these security threats. By continuously monitoring for abnormal environmental or electrical conditions, anti-tamper sensors help ensure that when a device is touched, opened, glitched, or zapped, your security stack knows and reacts to protect your system.

The Modern Tamper Landscape

Today’s adversaries use voltage glitching to skip instructions, clock manipulation to desynchronize logic, and electromagnetic fault injection (EMFI) to flip bits at precise moments. They may also use strong magnets or environmental shifts to blind sensors or disrupt measurements, especially in metering and industrial systems.

Why does this matter? Because hardware secrets (keys, certificates) underpin secure boot, encrypted communications, and software trust. Physical compromise of just one device can open a backdoor to a much larger network if unique per device protections and real-time tamper responses aren’t in place.

The Top Customer Pain Points

From conversations with SoC designers, several recurring challenges emerge:

1. Evolving attack techniques
   Digital-only countermeasures often miss analog domain faults like voltage, clock, and EMFI attacks. Teams need diverse, low latency sensors that can spot subtle, nanosecond scale anomalies before damage is done.
2. Integration across process nodes and foundries
   Analog IP is traditionally process specific, making portability painful when supply constraints or costs push a design to another process node or foundry. Reengineering slows releases and consumes scarce analog engineering talent.
3. Tuning and false positives and negatives
   Tamper sensors must be sensitive without being noisy. Poor thresholding or inadequate environmental compensation can trigger needless shutdowns, or worse, miss an actual attack. Getting that balance right demands robust IP and good system architecture
4. Compliance pressure
   Regulations and certifications (e.g., FIPS 140-3 Level 3 and 4, Common Criteria High Assurance Levels, SESIP L3, ISO 21434) add requirements for key protection,  tamper responses, and secure boot. Meeting them while hitting power, area, and schedule targets is hard.

What a “Good” system Looks Like: Principles of Anti-tamper by Design

A resilient anti-tamper strategy embraces sensor diversity, secure event handling, and automated responses:

• Multi‑modal sensing (voltage, clock, temperature, magnetic/EMFI) to detect a broad spectrum of physical attacks.
• Secure response paths anchored in a hardware Root of Trust (RoT)—so detected events can trigger policy-driven actions like key zeroization, boot lockdown, or secure telemetry, even if an application code is compromised.
• Per device uniqueness (unique keys, secure provisioning) to contain the blast radius if one unit falls into the wrong hands.

This is where Agile Analog and Rambus complement each other.

Agile Analog: Deep Tamper Detection + Prevention in the Analog Domain

Agile Analog’s agileSecure portfolio brings a comprehensive, customizable set of tamper detection IP to protect SoCs on advanced process nodes:

• agileVGLITCH – Voltage Glitch Detector: Detects nanosecond scale supply anomalies used in instruction skipping and bypass attacks.
• agileCAM – Clock Attack Monitor: Catches clock frequency shifts, holds, and glitches with programmable thresholds.
• agileTSENSE_D – Digital Temperature Sensor: Monitors abnormal thermal profiles indicative of physical interference or environmental manipulation.
• agileEMSensor – EMFI Detector: Detects electromagnetic fault injection, one of the hardest physical attack vectors to counter with digital logic alone.

Beyond tamper detection, Agile Analog’s agileSecure also offers tamper prevention IP—internally biased LDOs, bandgap references, oscillators, power-on reset and power-OK blocks—to isolate and harden critical circuits against external manipulation.

Why customers choose Agile Analog

• Process portability and time-to-market: Their digitally wrapped, process agnostic, fully verified approach helps teams seamlessly integrate analog IP blocks like digital IP, reducing re-spins across nodes/foundries and speeding SoC schedules.
• Standards alignment: Deployments are increasingly aligned with FIPS 140‑3 and Common Criteria requirements—critical for regulated markets.
• Proven on advanced process nodes: Recent deliveries include TSMC N4P engagements with a tier1 U.S. customer, underscoring maturity on cutting-edge processes.

Rambus: Hardware Root of Trust, Anti-tamper, and QuantumSafe Security

While Agile Analog monitors and hardens the physical attack surface, Rambus provides the secure control plane that decides what to do when tampering is detected.

The CryptoManager Security IP family spans Root of Trust (RoT), Hub, and Core offerings, delivering progressively higher levels of functionality and integration:

• Hardware RoT with secure boot, secure storage, and policy driven tamper responses—available from compact state machines to programmable secure coprocessors.
• Quantum‑Safe boot flow and crypto accelerators to protect against future quantum compute threats while meeting today’s performance needs.
• DPA/FIA countermeasures to resist power analysis and fault injection at the cryptographic core, complementing analog tamper detection located next to critical circuitry.
• Inline memory encryption and protocol engines (MACsec/IPsec/TLS) to protect data in use and in motion, completing a holistic data‑centric security posture.

With support for FIPS, SESIP, PSA Certified, and ISO 21434, CryptoManager solutions help teams accelerate certification and ship faster into regulated markets like automotive and data centers.

Mapping Pain Points to the Joint Solution

Implementation Checklist: Getting It Right the First Time

1. Threat model by device class. Map likely physical attacks (serviceable vs. sealed units, field vs. factory) and decide which sensors you need (voltage, clock, temp, EMFI) for layered coverage.
2. Place sensors near assets. Position voltage and clock monitors on relevant domains and route signals securely to the RoT—short paths, shielded where practical.
3. Calibrate and test. Use built-in programmability to tune thresholds across PVT corners. Run fault injection tests (voltage glitches, clock glitches, EMFI) pre and post silicon to validate coverage and false positive rates.
4. Provision uniquely, attest continuously. Unique keys and attestation to prevent a single device compromise from scaling to a fleet.
5. Plan for updates. As attacks evolve, update RoT policies and, where applicable, firmware to refine responses without re-spinning silicon.

Real‑World Momentum

Agile Analog has announced deliveries of its agileSecure anti-tamper suite—including EMFI sensing—to tier1 customers on TSMC N4P, reflecting demand for robust analog security IP on advanced process nodes. As well as tamper detection IP, the portfolio also includes tamper prevention IP (LDOs, bandgaps, POR/POK) to harden critical circuits against manipulation. In parallel, Rambus introduced its nextgen CryptoManager Security IP with a three-tier architecture, QuantumSafe boot, and a broad certification roadmap—aimed squarely at data center, AI, automotive, and high assurance SoCs.

The Bottom Line

Anti-tamper sensors are non-negotiable in a world where physical attacks are mainstream. But sensors alone aren’t enough. You need a secure control plane that can decide and act, anchored in hardware, with the independent analysis that certifications bring and countermeasures to withstand both today’s and tomorrow’s threats.

• Agile Analog delivers highly configurable analog tamper detection and tamper prevention IP — portable across processes, tuned for advanced nodes, and designed to spot the faults attackers rely on.
• Rambus provides the Root of Trust and cryptographic backbone—with anti-tamper hardening, QuantumSafe readiness, and a proven path to compliance.

Together, they offer a defense in depth blueprint that addresses customer pain points comprehensively: better detection, simpler integration, fewer false positives, and smoother certification. If your roadmap includes secure SoCs for AI, automotive, industrial, or payments, pairing  Agile Analog’s agileSecure with Rambus CryptoManager is a pragmatic way to raise the bar.

As Ethernet scales to Terabit speeds, the need for robust, low-latency, and power-efficient security solutions becomes paramount. Traditional security architectures based on acceleration struggle to keep pace with these performance demands, creating a critical need for MACsec/IPsec solutions that can be integrated into Ethernet ports and operate at full line-rate across multiport and multi-rate environments.

Introducing the Rambus MACsec-IP-364 (+363) Engine

The Rambus Multi-Channel Engine MACsec-IP-364 (+363) is purpose-built to meet the demands of next-generation Ethernet. It delivers full line-rate MACsec and optional IPsec support for 1.6T and 3.2T Ethernet ports, offering a highly scalable and configurable solution for securing high-speed data traffic.

Key Capabilities

• Full Line-Rate Throughput: Supports 1.6T in 3nm and 3.2T in 3/2nm technologies, with low-power 800G operation in 5nm.
• Segmented Data Bus Architecture: Enables multiple packet processing per clock cycle, achieving breakthrough throughput.
• Flexible Integration: Supports channelized and port-based data paths, with options for buffering, flow control, and IEEE 1588 timestamping.
• High-speed Cryptography: FIPS-ready cryptographic engine supporting AES-ECB, AES-CTR, AES-GCM/GMAC transformations.
• MACsec and IPsec Support: Fully compliant with IEEE 802.1AE-2018, with optional IPsec ESP transport/tunnel modes.

Designed for Versatility

The MACsec-IP-364 (+363) engine is ideal for a wide range of applications, including:

• Optical PHYs
• Switch/router ASICs
• NPUs and Smart NICs
• 5G SoCs
• AI infrastructure with network-attached capabilities

Its multi-channel architecture supports up to 64 ports, with pooled classification and transformation resources that optimize multiport designs. The companion MACsec-IP-363 classifier enables autonomous MACsec processing or can be paired with external classifiers for customized deployments.

Seamless Integration and Support

Rambus provides a comprehensive integration package, including:

• Silicon IP and Driver Development Kit
• Hardware and programming manuals
• IP-XACT register descriptions
• UVM verification test bench and test vectors
• Setup, simulation, and synthesis scripts

This ensures a smooth path from evaluation to deployment, backed by world-class support from Rambus MACsec experts.

Securing Tomorrow’s Data Center

As Ethernet continues its march toward Terabit speeds, security must evolve in lockstep. The Rambus MACsec-IP-364 (+363) engine delivers the performance, flexibility, and scalability needed to secure the next generation of data center infrastructure—without compromising on latency, power, or throughput.

Learn more here.

Join us for the webinar, “Network Security at Terabit-per-second Rates with MACsec, IPsec and UEC“ on September 17, 2025 at 9:00am PT.

Quantum computers will eventually become powerful enough to break public key-based cryptography, also known as asymmetric cryptography. Public key-based cryptography is used to protect everything from your online communications to your financial transactions.

Quantum computing represents a major security threat and action is needed now to secure applications and infrastructure using Post-Quantum/Quantum Safe Cryptography.

This blog explains everything you need to know about the new algorithms designed to protect against quantum computer attacks.

Table of Contents

• What is quantum computing?
• Why are quantum computers a security threat?
• What is Post-Quantum Cryptography (PQC)?
• Is Quantum Safe Cryptography the same as Post-Quantum Cryptography (PQC)?
• Why do we need to act now if quantum computers are still a way off?
• What progress has been made to develop new PQC algorithms?
• What recommendations does CNSA 2.0 make for transitioning to PQC algorithms?
• How can companies get ready for the Quantum Computing Era?
• What Quantum Safe IP solutions are available from Rambus?

What is quantum computing?

Quantum computing utilizes quantum mechanics to solve certain classes of complex problems faster than is possible on classic computers. Problems that currently take the most powerful supercomputer several years could potentially be solved in days.

Source: Quantum Could Solve Countless Problems —And Create New Ones | Time, February 2023

As such, quantum computers have the potential to deliver the computational power that could take applications like AI to a whole new level. Powerful quantum computers will become a reality in the not-so-distant future, and while they offer many benefits, they also present a major security threat.

Why are quantum computers a security threat?

Once sufficiently powerful quantum computers exist, traditional asymmetric cryptographic methods for key exchange and digital signatures will be broken. Leveraging Shor’s algorithm, quantum computers will be capable of reducing the security of discrete logarithm-based schemes like Elliptic Curve Cryptography (ECC) and factorization-based schemes like RSA (Rivest-Shamir-Adleman) so much that no reasonable key size would suffice to keep data secure. ECC and RSA are the algorithms used to protect everything from our bank accounts to our medical records.

Governments, researchers, and tech leaders the world over have recognized this quantum threat and the difficulty in securing critical infrastructure against attacks from quantum computers.

“A quantum computer of sufficient size and sophistication — also known as a cryptanalytically relevant quantum computer (CRQC) — will be capable of breaking much of the public-key cryptography used on digital systems across the United States and around the world.

When it becomes available, a CRQC could jeopardize civilian and military communications, undermine supervisory and control systems for critical infrastructure, and defeat security protocols for most Internet-based financial transactions.”

National Security Memorandum on Promoting United States Leadership in Quantum Computing While Mitigating Risks to Vulnerable Cryptographic Systems, May 2022

What is Post-Quantum Cryptography (PQC)?

New digital signatures and key encapsulation mechanisms (KEMs) are needed to protect data and hardware from quantum attacks. Many initiatives have been launched throughout the world to develop and deploy new cryptographic algorithms that can replace RSA and ECC while being highly resistant to both classic and quantum attacks. Post-Quantum Cryptography (PQC) refers to these cryptographic algorithms designed to withstand attacks by quantum computers.

Is Quantum Safe Cryptography the same as Post-Quantum Cryptography (PQC)?

Yes, Quantum Safe Cryptography is another term for Post-Quantum Cryptography. Both refer to cryptographic algorithms designed to withstand attacks by quantum computers. Other terms that you may come across include Quantum Proof Cryptography or Quantum Resistant Cryptography.

Why do we need to act now if quantum computers are still a way off?

While quantum computers powerful enough to break public key encryption may still be a way off, data harvesting is happening now. Malicious actors are already said to be collecting encrypted data and storing it for the time when future quantum computers will be capable of breaking our current encryption methods. This is known as a “harvest now, decrypt later” strategy.

Further because the shelf life of confidential or private information can span years or decades, there is a rapidly growing need to protect such data today to future proof it from quantum attack. Additionally, for many devices such as chips, the development cycle is a long one. Given that it can take years for security testing, certification and then deployment into the existing infrastructure, the earlier the transition to Quantum Safe Cryptography begins, the better.

What progress has been made to develop new PQC algorithms?

The biggest public initiative to develop and standardize new PQC algorithms was launched by The U.S. Department of Commerce’s National Institute of Standards and Technology (NIST). International teams of cryptographers submitted algorithm proposals, reviewed the proposals, broke some, and gained confidence in the security of others.

After multiple rounds of evaluations, on July 5th, 2022, NIST announced the first PQC algorithms selected for standardization. CRYSTALS-Kyber was selected as a Key Encapsulation Mechanism (KEM) and CRYSTALS-Dilithium, FALCON, and SPHINCS+ were selected as digital signature algorithms.

On August 24th, 2023, NIST announced the first three draft standards for general-purpose Quantum Safe Cryptography.

These are draft standards are:

• FIPS 203 ML-KEM: Module-Lattice-Based Key Encapsulation Mechanism Standard, which is based on the previously selected CRYSTALS-Kyber mechanism
• FIPS 204 ML-DSA: Module-Lattice-Based Digital Signature Standard, which is based on the previously selected CRYSTALS-Dilithium signature scheme
• FIPS 205 SLH-DSA: Stateless Hash-Based Digital Signature Standard, which is based on the previously selected SPHINCS+ signature scheme

What recommendations does CNSA 2.0 make for transitioning to PQC algorithms?

The National Security Agency (NSA) published an update to its Commercial National Security Algorithm Suite (CNSA) in September 2022, CNSA 2.0.

National Security Systems (NSS) will need to fully transition to PQC algorithms by 2033 and some use cases will be required to complete the transition as early as 2030. CNSA 2.0 specifies that CRYSTALS-Kyber and CRYSTALS-Dilithium should be used as quantum-resistant algorithms, along with stateful hash-based signature schemes XMSS (eXtended Merkle Signature Scheme) and LMS (Leighton-Micali Signatures).

CNSA 2.0 sets out an ambitious timeline for PQC algorithm adoption – other organizations across the globe are set to follow suit with their own guidelines.

Source: NSA Commercial National Security Algorithm Suite 2.0, September 2022

How can companies get ready for the Quantum Computing Era?

• Understand where vulnerable cryptography like RSA or ECC is deployed in your products.
• Investigate what performance impact a PQC transition will have on your products and what makes sense for your product roadmap.
• Establish what transition timelines your products must observe.
• Speak with your customers and suppliers to ensure that expectations and plans align.
• Understand where vulnerable cryptography like RSA or ECC is deployed in your business infrastructure and business processes.
• Talk to security experts like Rambus to understand how you can begin to transition to Quantum Safe Cryptography

What Quantum Safe IP solutions are available from Rambus?

Rambus Quantum Safe IP solutions offer a hardware-level security solution to protect data and hardware against quantum computer attacks using NIST and CNSA selected algorithms.

Rambus Quantum Safe IP products are compliant with FIPS 203 ML-KEM and FIPS 204 ML-DSA draft standards. Products are firmware programmable to allow for updates with evolving quantum-resistant standards.

The products can be deployed in ASIC, SoC and FPGA implementations for a wide range of applications including data center, AI/ML, defense and other highly secure applications.

Keep Reading:
– Bringing IPsec into the Quantum Safe Era
– Rambus Expands Quantum Safe Solutions with Quantum Safe Engine IP
– Rambus CryptoManager Root of Trust Solutions Tailor Security Capabilities to Specific Customer Needs with New Three-Tier Architecture

Summary

Quantum computing is being pursued across industry, government and academia with tremendous energy and is set to become a reality in the not-so-distant future. For many years, Rambus has been a leading voice in the PQC movement and now offers a portfolio of Quantum Safe IP solutions designed to offer hardware-level security using NIST and CNSA selected algorithms.

Explore more resources:
– Hardware Root of Trust: Everything you need to know
– Protecting Data and Devices Now and in the Quantum Computing Era
– Quantum Safe Cryptography: Protecting Devices and Data in the Quantum Era

In this article:

• • What is hardware root of trust?
  • What are the types of a silicon-based hardware root of trust?
  • What are the benefits of a programmable hardware root of trust?
  • What features should a programmable hardware root of trust offer?
  • What is the Rambus Root of Trust?
  • How is the Rambus Root of Trust architected for security?
  • What’s new in the latest generation of Rambus Root of Trust IP?
  • What is Quantum Safe Cryptography?
  • Is there a Root of Trust configured for my application?
  • What should I keep in mind when selecting a Root of Trust IP?

What is hardware root of trust?

A hardware root of trust is the foundation on which all secure operations of a computing system depend. It contains the keys used for cryptographic functions and enables a secure boot process. It is inherently trusted and therefore must be secure by design. The most secure implementation of a root of trust is in hardware making it immune from malware attacks. As such, it can be a stand-alone security module or implemented as security module within a processor or system on chip (SoC).

What are the types of a silicon-based hardware root of trust?

A silicon-based hardware root of trust falls into two categories: fixed function and programmable. Essentially, a fixed-function root of trust is firmware controlled. These are typically compact and designed to perform a specific set of functions like data encryption, certificate validation and key management. These compact, firmware-controlled root of trust solutions are particularly well suited for Internet of Things (IoT) devices.

In contrast, a hardware-based programmable root of trust is built around a CPU. Performing all the functions of a firmware-controlled solution, a programmable root of trust can also execute a more complex set of security functions. A programmable root of trust is versatile and upgradable, enabling it to run entirely new cryptographic algorithms and secure applications to meet evolving attack vectors.

What are the benefits of a programmable hardware root of trust?

The cybersecurity threat landscape is dynamic and rapidly evolving. Indeed, attackers are constantly finding new ways to exploit critical vulnerabilities across a wide range of applications and devices. Fortunately, a programmable hardware-based root of trust can be continuously updated to contend with an ever-increasing range of threats.

A programmable hardware-based root of trust is a key component to protect against a number of security threats, including:

• Host processor compromise
• Non-volatile memory (NVM) key extraction
• Tearing and other attacks against NVM writes
• Corruption of non-volatile memory or fuses
• Test and debug interface attacks
• Side-channel and perturbation attacks including Simple Power Analysis (SPA), Differential Power Analysis (DPA) and Fault Injection Attacks (FIA)
• Manufacturing/personalization facility compromise (insider attack)
• Man-in-the-middle and replay attacks
• Probing of external buses

What features should a programmable hardware root of trust offer?

A programmable hardware root of trust should be purpose-built; specifically designed from the ground up to provide a robust level of security. Since the root of trust is a logical target for an attacker, it should be made as secure as possible to safeguard it from compromise. Capabilities should include:

• • Siloed Execution:

    Ensures that sensitive security functions are only performed within a dedicated security domain that is physically separated from the general-purpose processor. This paradigm allows the primary CPU to be optimized for architectural complexity and performance – with security functionality safely isolated in a physically separated root of trust.

  • Comprehensive Anti-Tamper and Side-Channel Resistance:

    Protects against multiple fault injection and side-channel attacks.

  • Layered Security:

    Provides multiple layers of robust defense to avoid a single point of failure. Access to cryptographic hardware modules and other sensitive security resources are enforced in hardware, while critical keys are only available to hardware. Software security can be layered on top of a hardware-based root of trust, thereby providing additional flexibility and security.

  • Multiple Root of Trust Instances:

    Ensures isolation of resources, keys and security assets. In real-world terms, this means each entity – such as a chip vendor, OEM or service provider – has access to its own ‘virtual’ security core and performs secure functions without having to ‘trust’ other entities. This allows individual entities to possess unique root and derived keys, as well as access only to specified features and resources such as OTP, debug and control bits. Moreover, support for multiple root of trust instances enables the security core to assign or delegate permissions to other entities at any point in the device life cycle, while isolating (in hardware) unique signed apps that are siloed away from other programs.

What is the Rambus Root of Trust?

Rambus offers a catalog of robust Root of Trust solutions, ranging from richly featured military-grade co-processors to highly compact firmware-controlled. With a breadth of solutions applicable from the data center to IoT devices, Rambus has a Root of Trust solution for almost every application.

Rambus’ Parvez Shaik explains the importance of addressing supply chain vulnerabilities, the advantages of a hardware root of trust, and the new features of the third-generation CryptoManager Root of Trust products in this episode of Ask the Experts.

Jump to: Root of Trust solutions »

How is the Rambus Root of Trust architected for security?

The CryptoManager RT-6xx Root of Trust family from Rambus is the latest generation of fully programmable FIPS 140-3 compliant hardware security cores offering Quantum Safe security by design for data center and other highly secure applications. The CryptoManager RT-6xx family protects against a wide range of hardware and software attacks through state-of-the-art side channel attack countermeasures and anti-tamper and security techniques.

CryptoManager RT-6xx Series Root of Trust Block Diagram

The diagram above illustrates the basic architecture of the Rambus RT-600 series Root of Trust, including:

The CryptoManager RT-6xx Root of Trust is a siloed hardware security IP core for integration into semiconductors, offering secure execution of authenticated user applications, tamper detection and protection, secure storage and handling of keys and security assets, and optional resistance to side-channel attacks. The Root of Trust is easily integrated with industry-standard interfaces and system architectures and includes standard hardware cryptographic cores. Access to crypto modules, keys, memory ranges, I/O, and other resources is enforced in hardware. Critical operations, including key derivation and storage, are performed in hardware with no access by software. The Root of Trust is based on a custom 32-bit processor designed specifically to provide a trusted foundation for secure processing on chip and in the system.

The Root of Trust supports all common host processor architectures including ARM, RISC-V, x86 and others. The multi-threaded secure processor runs customer developed signed code either as a monolithic supervisor or as loadable security applications which include permissions and security-related metadata. It can implement standard security functionality provided by Rambus, or complete customer-specific security applications, including key and data provisioning, security protocols, biometric applications, secure boot, secure firmware update, and many more.

Keep on reading:
Rambus CryptoManager Root of Trust Solutions Tailor Security Capabilities to Specific Customer Needs with New Three-Tier Architecture

What is Quantum Safe Cryptography?

The CryptoManager RT-6xx Root of Trust series is at the forefront of a new category of programmable hardware-based security cores with its new Quantum Safe Cryptography features.

Once sufficiently powerful quantum computers exist, traditional asymmetric cryptographic methods for key exchange and digital signatures will be easily broken. New cryptographic algorithms known as quantum safe cryptography (QSC) or post-quantum cryptography (PQC) are needed to protect against quantum computer attacks.

The latest generation of Rambus Root of Trust IP offers a state-of-the-art programmable security solution to protect hardware and data with NIST and CNSA quantum-resistant algorithms. The Quantum Safe Engine operates with the CRYSTALS-Kyber and CRYSTALS-Dilithium algorithms, as well as the stateful hash-based signature schemes XMSS (eXtended Merkle Signature Scheme) or LMS (Leighton-Micali Signatures).

Learn more about Quantum Safe Cryptography:
– Post-quantum Cryptography (PQC): New Algorithms for a New Era
– Rambus Expands Quantum Safe Solutions with Quantum Safe Engine IP

Is there a Rambus Root of Trust configured for my application?

There are Rambus Root of Trust solutions tailored to address the specific security requirements and certification standards of nearly every application:

• • The RT-1xx series of Root of Trust solutions are designed for use in power and space-constrained applications as in IoT devices. Featuring a firmware-controlled architecture with dedicated secure memories, the RT-1xx hardware Root of Trust cores provide a variety of cryptographic accelerators including AES, SHA-2, RSA and ECC. There are versions which include SM2, SM3 and SM4 accelerators for the China market.
  • The CryptoManager RT-6xx is a fully programmable, FIPS 140-3 compliant, hardware security core offering security-by-design for data center cloud, AI/ML, as well as general purpose semiconductor applications. It protects against a wide range of hardware and software attacks through state-of-the-art anti-tamper and security techniques.
  • The CryptoManager RT-7xx is tailored for the automotive market offering ISO 26262 and ISO 21434 compliant hardware security. It supports vehicle-to-vehicle and vehicle-to-infrastructure (V2X), advanced driver-assistance systems (ADAS) and infotainment uses.
  • CryptoCell Root of Trust solutions are programmable, FIPS 140-3 certifiable hardware security modules. They are designed to be integrated into Arm TrustZone-based SoCs or FPGAs where power and space are a consideration.

Find out more: See all Rambus Root of Trust IP Solutions »

What should I keep in mind when selecting a Root of Trust IP?

Root of Trust product designs vary greatly in architecture and capabilities. When selecting a Root of Trust solution, it’s important to ask the right questions to ensure the best level of protection for your specific security needs.

Some questions to consider include:

• What is the end use of the chip?
• Who and what are you protecting against?
• What is the risk of a compromised device?
• What certifications are required?

It’s also worth noting that Root of Trust products can be tailored to match an application’s security threat model, use case, industry segment, lifetime, cost, and geography. Some examples of the different criteria that can be selected include the crypto algorithms, security/anti-tamper mechanisms, and provisioning methods used.

Next steps?

If you have any questions about how to select a Root of Trust for your next project, contact us here.

Explore more resources:
– The Ultimate Guide to Secure Silicon: Root of Trust
– Ask the Experts: PUF-based Security
– Implementing State-of-the-Art Digital Protection with Rambus CryptoManager Security IP

Key topics answered in this episode:

• • What is the current threat environment faced by chip and system makers?
  • What is a root of trust and its role in security?
  • What are the advantages of implementing a root of trust in hardware?
  • What’s new in the third-generation CryptoManager Root of Trust?

What is the current threat environment faced by chip and system makers?

Parvez stressed how crucial it is to tackle supply chain vulnerabilities, cybersecurity risks, and regulatory hurdles that manufacturers face. He pointed out that keeping the manufacturing process secure and protecting intellectual property are top priorities. With the security landscape constantly evolving and regulations like the CHIPS and Science Act of 2022 introducing new challenges, manufacturers are dealing with an ever-growing set of threats.

What is a root of trust and its role in security?

Parvez compared Root of Trust to the foundation of a house—it’s the bedrock of security for semiconductor devices. Just like a strong foundation keeps a house standing, a solid Root of Trust ensures secure boot, safeguards cryptographic operations, and protects intellectual property. A hardware Root of Trust acts as a secure vault, storing keys and handling critical cryptographic tasks to keep everything locked down.

What are the advantages of implementing a root of trust in hardware?

Parvez discussed the advantages of implementing root of trust in hardware, including enhanced security, anti-tampering features, and improved performance. He noted that hardware root of trust is embedded into the chip and cannot be tampered with, providing a higher level of security. However, he also mentioned the cost and flexibility limitations of hardware root of trust.

What’s new in the third-generation CryptoManager Root of Trust?

In this third-generation CryptoManager Root of Trust, Parvez emphasized its three-tier architecture, modularity, and compliance with various industry standards. The new features aim to provide customer flexibility, faster time to market, and pre-certification for different security requirements. The three-tier architecture includes the CryptoManager Core, CryptoManager Hub, and the overall CryptoManager Root of Trust, each offering unique features and benefits.

Key Quote

“A hardware root of trust is the foundation or the foundational concept of security for any semiconductor device. It is what its name literally says, “root of trust.” It is basically everything that your complete device security is based on.” – Parvez Shaik

The cybersecurity threat landscape is dynamic and rapidly evolving. Indeed, attackers are constantly finding new ways to exploit critical vulnerabilities across a wide range of applications and devices. Protecting data and devices requires secure processes running on systems and networks.

A Root of Trust is the foundation on which all secure operations of a computing system depend. It contains the keys used for cryptographic functions and enables a system-wide secure boot process. It is inherently trusted and therefore must be secure by design. The most secure implementation of a root of trust is in hardware safeguarding it from malware and non-invasive or invasive tamper attacks. As such, it can be a stand-alone security module or implemented as a security module within a processor or system on chip (SoC).

Chip makers have varying levels of security expertise and desire for integration. For some customers, a fully turnkey hardware Root of Trust would be ideal. Others wish to build their own Root of Trust but would still like to take advantage of the latest state-of-the-art cryptographic accelerators.

To address these varying customer needs, Rambus has introduced a new three-tier architecture in its industry-leading, 3^rd generation CryptoManager Root of Trust security IP solutions, namely the CryptoManager Root of Trust, Hub and Core families. The CryptoManager Security IP offerings deliver progressively higher levels of functional integration and security, enabling customers to choose the level of security features and capabilities best suited to their unique requirements.

CryptoManager Simplified Three-Tier Architecture

At the highest tier of the architecture is the programmable CryptoManager Root of Trust. The CryptoManager RT-6xx v3 Root of Trust is the latest generation of fully programmable FIPS 140-3 compliant hardware security cores offering Quantum Safe security by design for data center and other highly secure applications, including OCP compliant Caliptra Root of Trust for Measurement with secure boot flow. The CryptoManager RT-6xx family protects against a wide range of hardware and software attacks through state-of-the-art side channel attack countermeasures and anti-tamper and security techniques. With Quantum Safe Encryption (QSE), it provides a future-proof hardware security solution to protect the boot flow and data assets today and into the quantum era.

The CryptoManager RT-6xx allows customers to develop secure and trusted applications that run securely within a trusted boundary. Secure applications can be assigned unique roots and keys, allowing independent permissions and access levels. The RT-6xx inherits its flexible cryptographic accelerators from the embedded Rambus CryptoManager Hub CH-6xx which we’ll describe in the next paragraphs.

The second tier of the CryptoManager architecture is the CryptoManager Hub CH-6xx, a flexible and configurable, efficient bundle of cryptographic accelerator cores. The CH-6xx family products are intended for embedding in customer or Rambus Root of Trust security modules.

Every CryptoManager Hub embeds a CryptoManager Core (tier 3 of the architecture), a collection of efficient symmetric crypto accelerators with state-of-the-art DMA. The CryptoManager Hub adds firmware-controlled public key infrastructure comprising of a true random number generator, classic and, optionally, Quantum Safe accelerators.

Featuring a controller-based design with dedicated secure memories, the CryptoManager Hub offers a variety of classic asymmetric cryptographic accelerators including RSA, ECC, SM2, TRNG, KDF (Key Derive), KAS (Key Agreement), as well as Quantum Safe accelerators like ML-DSA, ML-KEM and SLH-DSA. CryptoManager Hub is offered in off-the-shelf configurations, allowing a choice tailored to the needs of the customer’s application.

The CryptoManager Core, available as a standalone product leveraging a Host CPU or embedded in the Hub, bundles symmetric crypto accelerators for AES, SM4, ChaCha20, SHA-2, SHA-3, SHAKE, SM3 and Poly1305 behind a multi-channel DMA interface. Ideal for power and space-sensitive applications like secure MCU, IoT server, gateway and edge devices, these accelerators are the most versatile, complete crypto solutions that offer the best balance of size and performance available on the market.

For automotive applications, Rambus offers the same three-tiered CryptoManager architecture tailored to the needs of automotive customers. CryptoManager RT-7xx v3 Root of Trust family provides all the functionality for fully programmable ISO 26262 ASIL-D process, ASIL-B or ASIL-D safety mechanisms and ISO 21434 compliant hardware security modules. Dedicated CH-7xx/CC-7xx configurations offer automotive ISO 21434 compliance and ISO 26262 ASIL-B or ASIL-D safety mechanisms.

Configurations differ by cryptographic accelerators contained, protection mechanisms required, including DPA and FIA, and third-party security standard compliance. Rambus can optionally offer dedicated certification support packages to its CryptoManager Hub licensees that provide related certification documentation, test scripts, and dedicated support to achieve FIPS 140-3, SESIP, PSA RoT Component, ISO 26262 (ASIL-B or ASIL-D), ISO 21434 (Cybersecurity) certification with your product embedding a CryptoManager.

“At Untether AI, we provide energy-centric AI inference acceleration from the edge to the cloud, supporting any type of neural network model. Our at-memory compute architecture solves the data movement bottleneck, resulting in high-performance, low-latency inference acceleration without sacrificing accuracy,” said Renxin Xia, Vice President of Hardware at Untether AI. “Ensuring the security of our solutions for data-at-rest and data-in-motion is essential. To address this, we need advanced protection and future-proof security measures. The Rambus CryptoManager Security IP solutions offer a comprehensive suite of security features that enable products like ours to meet the stringent security needs while ensuring the reliability and safety of our AI solutions.”

With over 30 years of security industry leadership, Rambus offers the broadest range of state-of-the-art security IP solutions available. Given the flexibility of the three-tiered CryptoManager Root of Trust architecture, it’s never been easier to get the perfect combination of features and integration tailored to the security needs of your application.

Over the next five years, all security protocols and public key cryptography will undergo a comprehensive overhaul to ensure quantum safety. This represents the most significant change in these domains since the advent of public key cryptography.

Quantum Safe Cryptography

With rapid advances in quantum computers, which have the potential to break public key cryptography, the scenario of “harvest now, decrypt later” becomes more and more plausible. So, authorities, academics and businesses operating in the security and cryptography field have started to design, test and standardize new cryptographic algorithms which should be resistant to a quantum computer attack.

These new quantum-safe or “post quantum” algorithms are now set to become mandatory by 2030, either completely replacing “classic” algorithms or working alongside them in a “hybrid” mode.

The switch to quantum-safe algorithms requires significant changes to security protocols like IPsec and TLS.
Quantum Safe IPsec Toolkit 1.1 supported standards and RFCs:

Rambus is at the forefront of the transition to quantum-safe security, and we have introduced a new software product: Quantum Safe IPsec Toolkit.  Already at version 1.1 Quantum Safe IPsec Toolkit is the first-to-market IPsec implementation which supports both ML-KEM and ML-DSA, based on latest standards and RFCs.

NIST standards:

• ML-KEM FIPS 203 (based on Kyber)
• ML-DSA FIPS 204 (based on Dilithium)

IPsec/IKEv2 quantum-safe features, RFCs and drafts:

• RFC 9242: Intermediate Exchange in IKEv2
• RFC 9370: Multiple Key Exchanges in IKEv2
• ML-KEM for IKE negotiation based on draft-kampanakis-ml-kem-ikev2
• ML-DSA in certificates based on RFC draft-ietf-lamps-dilithium-certificates
• ML-DSA in IKEv2 signature authentication, based on RFC 7427.
• ML-DSA in IKEv2 raw public key authentication, based on RFC 7670.

Performance Focus

Quantum-safe IPsec is only half the story of the Quantum Safe IPsec Toolkit, the other half is its performance and scalability. We have built upon the extensive experience of IPsec Toolkit and increased our focus on performance making Quantum Safe IPsec Toolkit the fastest IKE implementation available on the market. We have increased overall performance by up to 20% when compared to last IPsec Toolkit release 10.

Quantum safe cryptography brings overall slightly better performance than ‘classic’ algorithms with ML-KEM outperforming ‘classic’ DH groups while ML-DSA is on par with RSA. You can see in the graph below that ML-KEM-768 is faster than the fastest ECP group, DH group 19 (ECP 256), and ML-DSA-65 certificate authentication has similar performance with RSA2048 certificates.

• Test HW environment: Intel Core i7-4790K 4.0 GHz 8 core, direct 10Gbps connection
• Additional test parameters: IKEv2, PSK, Diffie-Hellman group 19 (ECP-256), AES128-GCM (AES-NI) and SHA 256
• Product: Quantum Safe IPsec Toolkit 1.1

The graph above shows the performance of a selection of the new quantum-safe configurations and a few commonly used classic ones, operating both stand-alone and in hybrid mode. The data shows number of SAs per second, negotiated and installed in the Linux kernel data plane. SA stand for Security Association also known as “states” in Linux. The OS for this test is Debian Linux 12 “Bookworm” with current long term kernel versions.

Learn more about Quantum Safe IPsec Toolkit here.

We also continued to meet increased demand for a hardware-based security paradigm across multiple verticals, including the IoT and automotive markets. To help protect IoT devices, Kyocera selected the FIPS 140-2 CMVP-certified Rambus RT-130 Root of Trust and AES-IP-38 AES Accelerator, while NextChip chose the Rambus RT-640 Root of Trust and MACsec-IP-160 Protocol Engine to secure its Apache6 automotive processor. As high-profile security exploits, breaches, and counterfeit silicon multiply in 2022, we will see an increasing emphasis placed on a hardware-based security paradigm in both the IoT and automotive spaces. To be sure, we expect a proliferation of dedicated silicon that is specifically designed to protect sensitive cryptographic functions and data. This model is the most effective way to secure data when at rest (processed or stored in a device) and when in motion (communicated between connected devices). 

Let’s take a more in-depth look at how Rambus continues to make data faster and safer in 2022 and beyond.  

Faster Speeds for Higher Bandwidth

HBM3

In the summer of 2021, we announced our HBM3-ready memory interface subsystem comprising a fully integrated PHY and digital controller. Supporting breakthrough data rates of up to 8.4 Gbps, the solution delivers over a terabyte per second of bandwidth—more than double that of high-end HBM2E memory subsystems. According to Soo Kyoum Kim, associate VP, Memory Semiconductors at IDC, the memory bandwidth requirements of AI/ML training are “insatiable,” with leading-edge training models now surpassing billions of parameters. As Kim emphasizes, the Rambus HBM3-ready memory subsystem “raises the bar” for performance enabling state-of-the-art AI/ML and HPC applications.

According to Joel Hruska of ExtremeTech, early HBM3 hardware should be capable of ~1.4x more bandwidth than current HBM2E. However, as the standard evolves, that figure will rise to ~1.075TB/s of memory bandwidth per stack, with maximum I/O transfer rates of up to 8.4Gbps. 

“These figures are per stack and many GPUs use HBM with 2-4 stacks, so total bandwidth provided by a four-stack HBM3 solution at 665GB/s is ~2.7TB/s,” he adds. It should be noted that Both AMD (Genoa) and Intel (Sapphire Rapids) are expected to begin shipping their respective HBM-equipped server processors in 2022. 

DDR5

In late 2021, we confirmed the sampling of our 5600 MT/s 2nd-generation RCD chip with major DDR5 memory module (RDIMM) suppliers. The new level of performance represents a 17% increase in data rate over the first-generation 4800 MT/s Rambus DDR5 RCD. With DDR5 memory, more intelligence is built into the DIMMs, enabling up to double the data rate and four times the capacity of DDR4 DIMMs, while at the same time reducing power and increasing memory efficiency. 

According to Shane Rau, research vice president, Computing Semiconductors at IDC, advanced workloads are driving the increased demand for greater memory bandwidth. 

“It [is therefore] essential that DDR5 ecosystem players like Rambus continue to raise the bar on performance to meet the rapidly rising needs of data center applications,” says Rau. 

As we noted in our introduction, Rambus memory interface chips will enable next-generation DDR5-based servers to achieve new levels of performance. These new servers are slated to hit data centers in 2022 and beyond, with RDIMMs running at 4800 MT/s. This number represents a 33% increase in data rate over top-end 3200 MT/s DDR4 RDIMMs in current high-performance servers. 

CXL Memory Interconnect Initiative

In the closing months of 2021, we announced our CXL Memory Interconnect Initiative to develop semiconductor solutions for advanced data center architectures that maximize performance, improve efficiency, and reduce system cost. Compute Express Link (CXL) is an open industry standard interconnect delivering high-bandwidth, low-latency connectivity between dedicated compute, memory, I/O and storage elements within the data center to allow the provision of the optimal mix of each for a given workload.  

CXL memory expansion and pooling chips are key components for both traditional and disaggregated architectures. To support the continuing growth and specialization in server workloads, data centers are moving to disaggregated architectures composed from shared and scalable pools of computing and memory resources. CXL is a critical enabler of these next-generation disaggregated server architectures.

According to Matt Jones, general manager of IP cores at Rambus, CXL interconnects are quite versatile due to their high-bandwidth, low-latency characteristics—and can therefore be used to interconnect various hosts and resources in the system. 

“We see the device evolving here into one that supports multiple hosts on the upstream side and being able to share efficiently a pool of memory on the downstream side so that you can assign multiple hosts to efficiently share that memory,” Jones tells The Next Platform. “The key building blocks are here from an IP standpoint that tie back to the acquisitions we made on the PHY and the controller on both sides.”

Securing Silicon to Protect Data 

Kyocera Selects Rambus Root of Trust for IoT Security

In early 2022, Rambus announced that Kyocera Evolution Series MFPs will offer data security meeting Federal Information Processing Standards (FIPS) 140-2 Cryptographic Module Validation Program (CMVP) standards using the Rambus RT-130 Root of Trust and AES-IP-38 AES Accelerator IP. Specifically, the FIPS-certified Kyocera Evolution Series MFPs utilize the Rambus RT-130 Root of Trust and AES-IP-38 AES Accelerator as part of a system security architecture that provides the most robust and up-to-date protection for customers.

According to Neeraj Paliwal, general manager of security IP at Rambus, secure by design is a fundamental property of solutions from industry leaders like Kyocera. By building on Rambus FIPS CMVP-certified IP solutions, chip and system providers can better navigate the certification process and accelerate the development of secure solutions.  

This is increasingly important in 2022 and beyond. Because data centers have transformed into virtual fortresses (both in the physical and digital domains), adversaries have turned their focus to more vulnerable edge and end points. 

NextChip Selects Rambus Security IP to Secure Apache6 Automotive Processor

In January 2022, NextChip selected the Rambus RT-640 Root of Trust and MACsec-IP-160 Protocol Engine to provide hardware-level security for its next-generation Apache6 automotive processor. The Apache6 ADAS SoC combines CPU, GPU, ISP, and NPU processors to enable advanced automotive vision and domain/zone controller applications such as AVP. 

The Rambus RT-640 Root of Trust provides security services and protection of data processed by the Apache6 SoC. The RT-640 is a powerful security co-processor featuring automotive grade embedded security software, high-performance cryptographic accelerators for AES, HMAC, SHA-2, and more. In addition, dedicated safety integrity mechanisms ensure correct operations and extensive error handling and the advanced anti-tamper features of the RT-640 protect chips from side-channel and fault injection (FI) attacks. Meanwhile, the Rambus MACsec-IP-160 encrypts and protects data at speeds up to 100 Gbps over Ethernet in-car networks. 

According to CTO NextChip Hweihn Chung, the company is raising the bar for reliable, compact, and affordable ADAS solutions with the Apache6. 

“With Rambus security IP solutions, Apache6 offers state-of-the-art protection of mission-critical data while meeting full ASIL-B compliance,” he adds. 

Conclusion

Rambus continues to make data faster and safer with the launch of key products, industry initiatives, and strategic partnerships. In 2022 and beyond, we are addressing the insatiable demand for more bandwidth in the data center to support new AI/ML applications with our 8.4 Gbps HBM3-Ready Memory Subsystem, DDR5 5600 MT/s 2nd-generation RCD chip, and CXL Memory Interconnect Initiative. 

On the security side, we continue to meet increased demand for a hardware-based security paradigm across multiple verticals, including the IoT and automotive markets. Recent examples include Kyocera selecting the FIPS 140-2 CMVP-certified Rambus RT-130 Root of Trust and AES-IP-38 AES Accelerator for its IoT silicon, and NextChip choosing the Rambus RT-640 Root of Trust and MACsec-IP-160 Protocol Engine to secure its Apache6 automotive processors. As high-profile security exploits, breaches, and counterfeit silicon multiply in 2022, we will see an increasing emphasis placed on a hardware-based security paradigm in both the IoT and automotive spaces. To be sure, we expect a proliferation of dedicated silicon that is specifically designed to protect sensitive cryptographic functions and data.