1 |www.insidesecure.com

D&R IP SOC Day

September 14, 2017

Security Solutions for IoT, Storage and Networking

Presented By:

Stephen Wu,

Senior Security IP and Software FAE

2 |

This presentation and the information it contains are not intended to constitute, and should not be construed as an offer to sell or a solicitation to buy orsubscribe to any INSIDE Secure securities, in any jurisdiction. Any public offering of INSIDE Secure securities would be made by means of a prospectuspreviously approved by the AMF that contains detailed information about INSIDE Secure. The disclosure, distribution and publication of this presentation maybe restricted by law in certain jurisdictions and persons into whose possession any document or other information referred to herein comes should informthemselves about and comply with any such restrictions. INSIDE Secure takes no responsibility for any violation of any restrictions by any person.This presentation contains certain forward-looking statements relating to the business of INSIDE Secure, which shall not be considered per se as historical facts,including the ability to manufacture, market, commercialize and achieve market acceptance for specific projects developed by INSIDE Secure, estimates forfuture performance and estimates regarding anticipated operating losses, future revenues, capital requirements, needs for additional financing. In addition,even if the actual results or development of INSIDE Secure are consistent with the forward-looking statements contained in this press release, those results ordevelopments of INSIDE Secure may not be indicative of their in the future. In some cases, you can identify forward-looking statements by words such as"could," "should," "may," "expects," "anticipates," "believes," "intends," "estimates," "aims," "targets," or similar words. Although the management of INSIDESecure believes that these forward-looking statements are reasonably made, they are based largely on the current expectations of INSIDE Secure as of the dateof this communication and are subject to a number of known and unknown risks and uncertainties and other factors that may cause actual results,performance or achievements to be materially different from any future results, performance or achievement expressed or implied by these forward-lookingstatements. In particular, the expectations of INSIDE Secure could be affected by, among other things, uncertainties involved in unexpected regulatory actionsor delays related notably to building and operating permits and renewable support policies, competition in general or any other risk and uncertaintiesdeveloped or identified in any public documents filed by INSIDE Secure with the AMF, included those listed in chapter 4 “Risk factors” of the 2014 “documentde reference” approved by the French financial market authority (the Autorité des marchés financiers – the “AMF”) on April 30, 2015 under number R.15-030.In light of these risks and uncertainties, there can be no assurance that the forward-looking statements made in this communication will in fact be realized.Notwithstanding the compliance with article 223-1 of the General Regulation of the AMF (the information disclosed must be “accurate, precise and fairlypresented“), INSIDE Secure is providing the information in these materials as of this communication, and disclaims any intention or obligation to publiclyupdate or revise any forward-looking statements, whether as a result of new information, future events, or otherwise.

©Inside Secure 2017. All Rights Reserved. Inside Secure,® Inside Secure logo and combinations thereof, and others are registered ® trademarks or tradenamesof Inside Secure or its subsidiaries. Other terms, logos and product names may be trademarks of others.

Disclaimer

3 |

Secure communication toolkits & cryptographic

modules certified with high interoperability and

portability

Widely used in security gateways, cloud

deployments, smartphones, printers and other IoT

devices

The largest silicon-proven security IP portfolio for SOC and ASIC designs

For high-speed networking, IoT, datacenters and content protection

Studios-approved, market leading solution

Allows secure distribution of premium content on all

OTT devices

Supports all major DRM schemes, advanced

playback functionalities, analytics

Comprehensive package of software protection

tools

Greatly simplifies integration of security for

mobile apps such as payment HCE, financial,

banking, retail, healthcare, and IoT

Inside Secure at a Glance

4 |

TRUSTED BY THE WORLD’S TOP COMPANIES

Banks and payment system

Content distributor

Top IT companies

Major semi conductor companies

We protect the solutions of the broadest range of customers: service providers, content distributors, security system integrators, device vendors, semiconductor manufacturers

5 |

A complete “Secure Architecture”

How do I ensure only authorized devices are

connected to the network?

Protect accessto the data

How do I prevent intrusions and spying of my communication?

Protect the data in transit

How can I make sure the device functions as intended?

Protect the software

How do I ensure critical assets in the device are not

compromised?

Protect the data at rest

INSIDE SecurePacket Engine IP or

Guard SW

INSIDE SecureVaultIP and

Secure Boot SW

INSIDE SecureVaultIP & Device

Authentication SW

INSIDE SecureVaultIP & Secure

Storage SW

6 |

Control plane secure tunnel establishment & key management: Key refresh and tunnel setup rates matching 100Gbps and beyond Efficient , area optimized Public Key Accelerators & True Random Number Generators needed

Platform security Secure Boot and Secure Debug Trusted Execution Environment, Trust Anchor, Key Vault

Mass adoption of standards based security protocols SSL/TLS (Device/Server), IPsec (Client/Server), MACsec (Device) Wireless – Zigbee, WPA, CAPWAP, LTE/3G Baseband, Platform – Data Storage, Asset Protection

Data plane performance continues to increase: Not only client to cloud traffic increases but also inter cloud traffic, specifically server to data center and data

center to data center bandwidth increase quickly. L2: MACsec, many ports 400G Ethernet, 600Gbps FAT pipe & FlexE, multiport 100G, 1G, 10, 25G, 40G, 50G line

speeds L3: IPsec, 100Gbps and higher, L4: SSL/TLS/DTLS, 40Gbps and higher

Security Requirements for Connected SystemsFrom Core to Cloud

7 |

Security Anchor into your SoC

OS

Vault-IP

Vault-IPDriver

HSM without TEE

OTP

Mailbox

CPU

SW

HW

External RAM (data) Secure DMA CryptosArray

Secure FLASH (keys)RAM / ROM

Asset Store

TRNGµC

Vault-IP

CPUsCPUs

TEE SWVault-IPDriver

HSM with TEE and multiple CPUs

OTP

OS

Vault-IPDriver

OS

Vault-IPDriver

OS

Vault-IPDriver

MailboxmboxmboxMailbox

TEE CPUCPUs

External RAM (data) Secure DMA CryptosArray

Secure FLASH (keys)RAM / ROM

Asset Store

TRNGµC

SW

HW

8 |

Vault-IP Integration

Vault-IP

Crypto data plane

Master i/fSlave i/f

Secure DMA

AES

SHA

…

ECC

Secure Mailbox

µC

Prog. Memory

Data RAM

TCM i/f

NVM-OTP(fuse/anti-fuse)

TRNG

System Bus (AXI, AHB, APB)

Timers

IRQ

CPUCPUCPUCPU

Debug/Test controller

HDMIHDCP

GPI

OC

o-Pr

oc I/

F

Crypto FarmCrypto Farm

DiskEncryption

Crypto FarmPacket Engine

Packet Engine

RAM

FLASH

FIPS-140-2 level 2 certified Side Channel Protection Anti Tampering HW Protection for keys Even if Kernel breached Anti Cloning

Scalable Crypto Accelerators Internal and External

TLS Device Authentication Secure debug enablement PKCS#11 API – Simplified Easy to integrate

Built-in provisioning Life-cycle management

9 |www.insidesecure.com

NETWORKSECURITY

10 |

Security Challenges in the NetworkSolution: Strong encryption, authentication, and platform integrity

2-WayCommunication

2-WayCommunication

Server

Data Management

Take control of the Device or Application

Insert Non-Authorized Devices

Man in The Middle: (Are we talking to the expected endpoint?)• Spy the line• Hijack network• Broadcast private information

Take Control of the Routers/Servers

Gateways / Router

Rogue or Personal Devices

11 |

Security Protocols: Which security protocol will each application use?

Examples: IPsec (gateway/gateway), SSL/TLS (client/server), DTLS (client/server) for SSL VPNs, VoIP, and CAPWAP for Wireless AP Provisioning, MACsec (Ethernet)

Performance: What is the network bandwidth of the device? Do you require line rate security performance?

CPU Utilization: How compute intensive is the protocol implementation?

What is your power budget? (Battery, AC powered?)How many CPU cycles are available for security?

(Is this a forwarding device or is data initiated/terminated by apps on the local CPUs)

Application Concurrency Will multiple applications in the system all require security services? Is there a requirement to isolate crypto keys & operations from other applications running in the system? Is there a trusted execution environment present such as ARM TrustZone?

The solution to all these questions is a dedicated HW resource to accelerate all crypto functions

System considerations when selecting a security architecture

12 |

Architectural choices of implementing Security Protocols (IPSEC,SSL/TLS)

CPUARMv7

memory interface

System Bus

1. Security & CryptoGeneric SW Only

memory interface

System Bus

NetworkInterface

3. Standalone AES & SHA cores

HashCrypto

memory interface

System Bus

NetworkInterface

4. Protocol aware Look AsideSecurity Packet Engine

CryptoPacketEngine

NetworkInterface

CPU CPU memory interface

System Bus

NetworkInterface

CPU

5. Protocol aware Look AsideSecurity Packet Engine with Classifiers

In line Crypto Engine With Classifiers

memory interface

System Bus

2. Security & Crypto SWARMv8 AES & SHA Crypto Extensions

NetworkInterface

Security Protocol Control PlaneSecurity Protocol Data PlaneData Plane Crypto OperationsCPU

ARMv8

Legend

Security Protocol Control PlaneSecurity Protocol Data Plane

---

Data Plane Crypto OperationsSecurity Protocol Control Plane

---

Security Protocol Data PlaneData Plane Crypto Operations

Most Efficient and Scalable Architecture

13 |

System tradeoffs for each architecture (IPSEC, SSL/TLS)

HW Crypto Accelerator

Security Data planeStacks

Packet EngineSecurity Data planeStacks

Security Data planeStacks

Security Control plane

Security Control plane

Security Control plane

Packet Engine & Classifier

Security Data planeStacks (incl SW crypto)

Security Control plane#1 & #2SW only Security

Protocol

SW complexityPerformance

Host utilization

low high

Power dissipation

SW complexityPerformance

Host utilization

low high

Power dissipation

SW complexityPerformance

Host utilization

low high

Power dissipation

SW complexityPerformance

Host utilization

low high

Power dissipation

#4 Using a HWCrypto Packet

Engine

#3 Using HWAES & HASH

cores

#5 HW SecurityPacket Engine /w

classifier

More Energy &

Performance EfficiencyMost Efficient and Scalable

Architecture

14 |

Manufacturers are liable when hacks succeed

Power efficiency lowers cost

High speed network systems continue to drive best profits

Why choose inside secure

INSIDE Secure has a complete suite of Silicon IP for all your design points, with the available protocol source code for a complete system implementation

Protocols

Performance

Power

Risk

SSL/TLS, DTLS, IPSec, MacSec, VPN’s, HDCP, DTCP

Hardware acceleration enables the fastest systems

Hardware acceleration decreases power

Effective security keeps your company out of the news

Security already pervasive and required

15 |

THANK YOU!

Stephen Wu Senior Security Silicon IP and Software FAE

swu@insidesecure.com