FAQs

Q. Why is Core Semiconductor's solution secure when others have failed?

A. Core Semiconductor focuses on providing technology and products for provably and inherently secure devices and systems. We assert that making the designs, both hardware and software, fully open source is the key.  Open, and provably secure designs are the differentiator that sets Core Semiconductor apart from everyone else.

Q. How does Core Semiconductor's solution provide inherent security?

A. Core Semiconductor focuses on providing technology and products for provably and inherently secure devices and systems.  One of the main problems that Core Semiconductor addresses is the lack of a minimum level of guaranteed security in IoT devices today.  Core Semiconductor’s solution provides to all devices that use its technology, the following minimum set of security capabilities: a hardware root-of-trust (which is the basis for providing secure identity, authentication & communication), secure storage, secure boot, secure debug, secure upgrade, encrypted code & data, and trusted execution (code/data integrity measurement, remote attestation, enforced entry & exit, and isolation).  As such, Core Semiconductor’s solution aims to be “a rising tide [that] lifts all boats”. 

Q. I don't have any smart home devices.  Why should I care about IoT security?

A. We are reminded of the security vulnerabilities of smart, connected devices by the nearly constant parade of hacks and breaches of organizations reported in the media.  948 million people in 20 countries were affected by cybercrime in 2017.  In the Equifax breach alone, the personal information of 145 million US + 15 million UK consumers was compromised. The global cost of cybercrime is approximately $600B/yr, or 0.6-0.8% of world GDP, effectively a tax on all of us. The budgets of the NSA & other security agencies, costs of enterprise security systems, anti-malware software, ad fraud, and even fake news, waste our valuable time with ads and added security checks, not to mention the continuous invasion of privacy from corporate & blanket government surveillance, are all part of the real cost that we pay. Our data is often resold to other companies who may use it for nefarious purposes. It can be turned over forcefully to the government, for suspected terrorist surveillance without probable cause or due process.

Q. Why is open source necessary for provably secure devices and consumer trust?

A, Trust can be earned gradually through a good track record, but it is a very inefficient way to gain it, and the level of customer apprehension can remain high.  Opening up a design from the start can be a much quicker way to gain trust.  A system may be secure, but if it has not been independently verified, it cannot be trusted.  For example, the German government strongly advised against the use of Windows 8 (and higher) for any security-sensitive applications including critical infrastructure due to suspected potential backdoors and flaws in the operating system that give ultimate control over computers to Microsoft but may also give access to the the NSA.  Microsoft was unable to refute these claims.  German governments have been ditching Windows for Linux.  Russia has been reportedly doing the same.  The US government similarly warned companies against using Chinese ZTE and Huawei telecom equipment back in 2012 due to espionage concerns and also banned them from use by government and government contractors.  Open-source designs, once trusted can therefore be used in critical infrastructure and security-sensitive applications, even by foreign countries that don’t like or trust you. Open-source is what differentiates Core Semiconductor’s platform from all others, to create provably secure devices and systems. 

Q. Why is a "security first" stance required?

A. Security must be part of system architecture, designed from the beginning, not added as an afterthought or a patch.  One analogy may be to think of security as road safety.   When it comes to guaranteeing road safety, no amount of warning signs, traffic laws, policing, and fines added afterward can guarantee road safety compared to let’s say a vehicle that continuously and automatically communicates with traffic infrastructure and enforces speed limits, minimum following distances, right of way, etc., if such an architecture were possible. 

Q. What are the key applications of Core Semiconductor's technology?

A. Core Semiconductor focuses on providing technology and products for provably and inherently secure devices and systems.  The Internet of Things (IoT), and therefore smart, connected devices touch every aspect of our lives from energy to transportation, computing, communication, home & building automation, healthcare, manufacturing, retail, finance, and more.