Network Security Technology

In todays interconnected and globalized world, almost every electronic product and application is at risk to some kind of loss due to theft of information. The impact of this loss can take one or more of the following forms:

  • Financial – loss of revenue, funds or brand equity
  • Safety – endangering lives
  • Operational – reduced availability of services or equipment
  • Privacy – loss or theft of personal information

In the Internet of tomorrow, more and more devices will be connected to each other, bringing great utility to our daily lives, but also offering a myriad of opportunities for security breaches. As a long time investor in security technology, NXP® offers a broad portfolio of security solutions, from microcontrollers to high-performance multi-core communication processors. We are a leading provider of security technology for multiple applications from connected cars to data centers, healthcare to industrial control. Our expertise in security, built through decades of regular and deep investment in security, makes us a valuable partner when you are deciding the security requirements for your project.

Trusted Systems Technology

NXP products use a combination of hardware and trusted firmware which OEMs use as a root of trust to create trusted systems. Trusted systems do what their stakeholders (OEMs, Service Providers, and Users) expect them to do and help prevent attacks such as:

  • Unauthorized access to stakeholder private data
  • Unauthorized system usage, including zombification

Features for trusted systems include:

  • Secure Boot
  • Device secret keys and persistent secrets for secure storage
  • Tamper detection with hardware response
  • Secure Debug

All embedded systems should implement trusted computing to provide a basic level of data and services security and integrity for their stakeholders. Intermediate and advanced trust architecture features are available to increase the complexity for the attacker and support application and market specific needs.

Pattern Detection

Systems will often look for patterns within network data to identify protocols or users so that appropriate security or QoS policies can be applied, or to identify attempted security breaches and attacks. For this purpose we use our own Pattern Matching Engine (PME), a type of regex hardware acceleration engine which scans data for patterns based on Regular Expression rules.

Cryptographic Acceleration Technology

Cryptography is the science of encoding and decoding (enciphering/deciphering) data so that attackers cannot decode or undetectably modify the data. Cryptographic algorithms can be symmetric – both parties use a shared secret key to encode and decode data, or asymmetric – different, but mathematically related public and private keys are used to encode and decode.

High-level functions enabled by symmetric cryptography include:

  • Confidentiality; protection of data from eavesdropping during transmission and storage
    • Algorithms include 3DES, AES, Kasumi, Snow, and ZUC
  • Integrity; detection of data manipulation during transmission and storage
    • Algorithms are keyed hashes (HMACs) including MD5, SHA, and integrity modes of AES

High-level functions enabled by asymmetric cryptography include:

  • Negotiation and exchange of symmetric crypto keys
  • User authentication and access control to networks and files
  • Digital signatures, with non-repudiation
    • Algorithms include RSA, Elliptic Curve Cryptography (ECC), and Diffie-Hellman

Cryptography is very computationally intensive. NXP products include crypto accelerators to support system latency and bandwidth requirements.