Securing the IoT with SAILOR – Investment Policy

Author: Denis Avetisyan

A new RISC-V core family balances performance, energy efficiency, and robust security features for resource-constrained devices.

SAILOR is a scalable and ultra-lightweight processor optimized for IoT security through area optimization, low-power design, and cryptographic serialization techniques.

Balancing energy efficiency, area compactness, and robust security remains a significant challenge in the design of resource-constrained IoT devices. This paper introduces ‘SAILOR: A Scalable and Energy-Efficient Ultra-Lightweight RISC-V for IoT Security’, a novel core family optimized for cryptographic applications through serialized datapaths and modular design. Our results demonstrate that SAILOR achieves up to 13x improvement in performance and 59% reduction in area compared to state-of-the-art solutions, all while integrating essential cryptographic features. Can this approach pave the way for truly secure and sustainable IoT deployments without compromising performance or resource utilization?

Unveiling the IoT Security Paradox

The exponential growth in Internet of Things (IoT) devices – from smart home appliances and wearable sensors to industrial control systems and connected vehicles – has dramatically expanded the potential attack surface for malicious actors. Each connected device represents a potential entry point into networks, and the sheer volume of these devices creates a complex and challenging security landscape. Unlike traditional computing environments where security perimeters could be clearly defined, IoT deployments often involve numerous, geographically dispersed devices with limited processing power and varying levels of inherent security. This necessitates a shift towards proactive, scalable security solutions capable of addressing vulnerabilities across a vast and heterogeneous network of interconnected devices, moving beyond reactive measures to anticipate and mitigate potential threats before they can be exploited.

Many established cybersecurity measures, effective on servers and personal computers, prove impractical for the Internet of Things. These traditional approaches often demand significant processing power, memory, and energy-resources that are severely limited in most IoT devices. This discrepancy creates a critical security gap, leaving billions of connected sensors, actuators, and appliances vulnerable to attack. The constrained nature of these devices-often battery-powered and lacking robust hardware-necessitates a fundamental rethinking of security protocols, shifting the focus toward lightweight cryptography, efficient authentication methods, and optimized communication strategies. Addressing this challenge is paramount to realizing the full potential of IoT and ensuring the safety and privacy of connected systems.

Designing secure Internet of Things systems presents a unique paradox: the need for robust cryptographic protections often clashes with the limited processing power, memory, and energy available on many devices. Traditional security protocols, while effective on servers and personal computers, can prove too resource-intensive for constrained IoT endpoints, leading to performance bottlenecks or even rendering devices unusable. Consequently, researchers and engineers are actively exploring lightweight cryptographic algorithms, efficient key management schemes, and hardware-accelerated security solutions. The challenge lies not simply in implementing security, but in doing so in a way that minimizes overhead and ensures scalability-a critical balancing act for realizing the full potential of interconnected devices while safeguarding against evolving cyber threats. This necessitates a fundamental shift towards security-by-design principles, integrating protective measures directly into the architecture and operation of IoT systems from the earliest stages of development.

The establishment of trustworthy Internet of Things (IoT) systems hinges significantly on adherence to evolving security standards, particularly those articulated by the National Institute of Standards and Technology (NIST). These standards provide a foundational framework for developers and manufacturers, addressing vulnerabilities across the entire IoT lifecycle-from device design and development to deployment and ongoing maintenance. NIST guidelines encompass critical areas such as secure boot processes, robust authentication mechanisms, data encryption, and vulnerability management. Implementing these recommendations isn’t merely about checking boxes for compliance; it’s about proactively mitigating risks, fostering interoperability, and building user confidence in a rapidly expanding ecosystem where connected devices increasingly permeate daily life. Consequently, organizations prioritizing NIST standards demonstrate a commitment to security best practices, facilitating broader adoption and ensuring the long-term viability of IoT technologies.

SAILOR: A Core Designed for Constraint

SAILOR is a family of reduced instruction set computer (RISC-V) cores developed to meet the specific security demands of Internet of Things (IoT) devices. Unlike general-purpose processors, SAILOR prioritizes features crucial for constrained environments, including robust isolation mechanisms, memory protection, and cryptographic acceleration. The core family is designed to provide a balance between security functionality, low power consumption, and minimized silicon area, enabling implementation in resource-limited IoT endpoints. This targeted approach addresses vulnerabilities common in IoT devices, such as firmware tampering, data breaches, and denial-of-service attacks, by providing a foundational security layer at the hardware level.

The SAILOR core family utilizes a 32-bit data path as a primary architectural choice to optimize for resource-constrained IoT devices. This width represents a balance between performance and efficiency; a 32-bit path requires fewer transistors than wider designs like 64-bit cores, directly reducing silicon area and static power consumption. While narrower data paths can sometimes limit throughput, SAILOR’s implementation incorporates techniques to mitigate performance loss, ensuring that the core can effectively execute typical IoT workloads without significant overhead. This approach is crucial for applications where minimizing power draw and device cost are paramount, such as battery-powered sensors and embedded systems.

SAILOR employs a serialized data path to minimize area overhead traditionally associated with parallel data access. This approach processes data elements sequentially through a shared set of functional units, rather than replicating those units for parallel operation on multiple data elements. While this introduces a degree of temporal multiplexing, throughput is maintained by optimizing data flow and leveraging efficient instruction scheduling. This serialization significantly reduces the required silicon area by eliminating redundant hardware, resulting in a lower power consumption profile suitable for resource-constrained IoT devices, without substantially impacting performance metrics.

SAILOR’s foundation in the open-standard RISC-V instruction set architecture (ISA) enables significant benefits for developers and the broader IoT security ecosystem. Utilizing RISC-V allows for custom instruction extensions tailored to cryptographic operations and security protocols, improving performance and energy efficiency. The open nature of the ISA eliminates proprietary lock-in, encouraging collaboration, code reuse, and independent verification of the core’s security features. This fosters a more transparent and trustworthy platform, and allows for easier integration with existing RISC-V toolchains and software libraries, accelerating development cycles and reducing costs.

Accelerating Security: Hardware-Level Cryptography

SAILOR leverages the RISC-V Cryptography Extensions to provide hardware acceleration for widely used symmetric-key and hash algorithms. Specifically, the implementation supports Advanced Encryption Standard (AES) in both Cipher Block Chaining (CBC) and Counter (CTR) modes, as well as the SHA-2 family of hash functions, including SHA-256 and SHA-512. These extensions consist of dedicated hardware units integrated into the RISC-V instruction set architecture, allowing these cryptographic primitives to be executed with significantly reduced latency and power consumption compared to purely software-based implementations. This hardware acceleration is critical for performance-constrained environments, such as IoT devices, where efficient cryptographic processing is essential for secure communication and data protection.

Zkn-Zkt Extensions build upon the foundation of RISC-V Cryptography Extensions by introducing support for zero-knowledge proofs and zero-knowledge succinct non-interactive arguments of knowledge (zk-SNARKs). These extensions facilitate the implementation of advanced cryptographic protocols beyond traditional symmetric and hash-based algorithms. Specifically, they enable the efficient execution of proof systems required for privacy-preserving applications, secure multi-party computation, and verifiable computation. The architecture supports both the generation and verification of these proofs directly in hardware, reducing reliance on software-based implementations and improving performance for computationally intensive cryptographic tasks.

SAILOR’s security architecture places a strong emphasis on constant-time execution to defend against side-channel attacks. These attacks exploit variations in execution time, power consumption, or electromagnetic radiation to deduce secret keys or other sensitive information. By ensuring that cryptographic operations take a predictable and consistent amount of time regardless of input data, SAILOR minimizes the information leakage that side-channel attacks rely on. This is particularly critical in Internet of Things (IoT) deployments where devices are often physically exposed and vulnerable to sophisticated monitoring. Constant-time implementations add complexity to the design, but significantly increase the resilience of cryptographic primitives against a wide range of attack vectors.

The integration of RISC-V Cryptography Extensions and Zkn-Zkt Extensions within SAILOR results in a demonstrable performance increase for security-critical operations. This acceleration enables real-time encryption and authentication processes, crucial for applications demanding immediate data protection and validation. Specifically, the hardware acceleration reduces the computational burden associated with algorithms like AES and SHA-2, allowing for faster key generation, data encryption/decryption, and digital signature verification. This improved performance is particularly impactful in resource-constrained environments, such as IoT devices, where processing power is limited, and timely security measures are essential.

Efficiency Realized: Area, Power, and Performance Gains

SAILOR’s architecture prioritizes a minimized Area-Time Product (ATP), effectively balancing circuit area with operational speed. This design philosophy results in a remarkably compact and swift processor core, demonstrably outperforming the PicoRV32 – even when the latter incorporates cryptographic extensions. Specifically, SAILOR achieves up to a 10.51x improvement in ATP, signifying a substantial reduction in both the silicon footprint and the time required to complete computations. This optimization is crucial for applications demanding high performance within strict size constraints, showcasing SAILOR’s potential to deliver significant efficiency gains in embedded systems and beyond.

SAILOR demonstrates a significant advancement in energy efficiency, as evidenced by its minimized Energy-Delay Product (EDP). This metric, which considers both power consumption and operational speed, reveals a substantial improvement over conventional designs; with cryptographic extensions enabled, SAILOR achieves up to a 153x reduction in EDP. This heightened efficiency stems from carefully optimized architectural choices, allowing the processor to perform computations using considerably less energy over a given timeframe. Consequently, SAILOR is particularly well-suited for applications where power is limited, such as battery-powered Internet of Things (IoT) devices, enabling prolonged operational life and sustainable performance in resource-constrained environments.

SAILOR’s design prioritizes efficiency, making it particularly well-suited for the demands of resource-constrained Internet of Things (IoT) devices. Through meticulous optimization, the system achieves a substantial reduction in area – up to 59% less than current state-of-the-art solutions – without compromising security. This minimized footprint translates directly into lower manufacturing costs and the ability to integrate complex cryptographic functions into even the smallest of devices. Beyond cost savings, the reduced area contributes to a more sustainable operational profile by decreasing power consumption and extending battery life, critical factors for widespread IoT deployment and long-term functionality in remote or difficult-to-access locations.

SAILOR presents a compelling advancement for the rapidly expanding landscape of Internet of Things (IoT) deployments. The architecture’s unique focus on both operational efficiency and robust security unlocks substantial gains for resource-constrained devices, delivering performance improvements of up to 13x when contrasted with currently available solutions. This combination is critical, as it allows for more complex cryptographic operations to be performed with significantly reduced power consumption and silicon area. Consequently, SAILOR enables secure and sustainable operation in diverse applications-from environmental sensors and wearable health monitors to smart home devices and industrial automation-where prolonged battery life and data protection are paramount.

The design of SAILOR, as detailed in the article, embodies a pragmatic approach to system understanding. It doesn’t merely accept the constraints of IoT security; it actively deconstructs them to find efficient solutions within tight power and area budgets. This methodical breakdown, coupled with the innovative use of serialization, mirrors a core tenet of true comprehension. As John von Neumann observed, “If people do not believe that mathematics is simple, it is only because they do not realize how elegantly nature operates.” SAILOR’s architecture, prioritizing cryptographic acceleration through targeted optimization, illustrates this elegance – a simplification achieved through rigorous analysis and a willingness to challenge conventional design boundaries, ultimately demonstrating that understanding a system often necessitates a process of intelligent disassembly and reconstruction.

What’s Next?

The presentation of SAILOR, a RISC-V core family seemingly tailored for IoT security, prompts a predictable question: how much security is enough? The core’s serialization techniques, aimed at balancing area, performance, and cryptographic integration, represent a pragmatic compromise. However, compromise implies accepting residual risk. A thorough adversarial analysis, pushing SAILOR to its absolute limits – intentionally breaking it, if one will – remains conspicuously absent. The true measure of this architecture will not be its efficiency, but its resilience when subjected to determined attack.

Furthermore, the focus on cryptographic acceleration, while logical, skirts a more fundamental issue. Hardware security is often conflated with cryptography. A secure core should not merely implement defenses; it should inherently resist tampering. Future work must explore architectural features that complicate reverse engineering and side-channel attacks, moving beyond simply speeding up existing algorithms. The field needs more designs that actively obstruct analysis, not just passively withstand it.

Ultimately, SAILOR is a step toward a more secure IoT landscape, but it’s a step predicated on assumptions. The core’s scalability is promising, but true validation requires demonstrating that increased complexity doesn’t inadvertently introduce new vulnerabilities. The next iteration shouldn’t focus on adding features, but on rigorously dismantling existing ones to reveal hidden weaknesses. Only then can one claim genuine understanding.

Original article: https://arxiv.org/pdf/2602.24166.pdf

Contact the author: https://www.linkedin.com/in/avetisyan/

Unveiling the IoT Security Paradox

SAILOR: A Core Designed for Constraint

Accelerating Security: Hardware-Level Cryptography

Efficiency Realized: Area, Power, and Performance Gains

What’s Next?

See also: