Israel’s Kameleon partnering with chip giant Xilinx to create first proactive security processor

Kameleon, an Israeli semiconductor startup with an advanced hardware cybersecurity platform for computing systems, announced on Tuesday a collaboration with Xilinx, the chip specialist that was acquired by AMD in a $35 billion all-stock deal two weeks ago.

The collaboration will create the industry’s first proactive Security Processing Unit (ProSPU) to enforce compute system security throughout a system’s lifecycle. The ProSPU is an Open Compute Project (OCP)-compliant cyber protection chip for servers, data centers and cloud computing. By combining secure FPGAs (field-programmable gate array) from Xilinx with Kameleon’s innovative technology, the ProSPU will protect the system at boot, through RoT (Roots of Trust), in adherence with OCP standards, and at runtime.

"We are developing a proactive security processing unit that goes together with the main CPU and protects the system. It protects the system outward when it starts and makes sure that all the code that is loaded to the system is correct and then while the system is running it makes sure no one is changing it and alerts if someone is trying to change it," Jorge Myszne, co-founder and CEO of Kameleon, told CTech. "Our first product partnering with Xilinx is going to market next year. We provide the design and they provide the chip and the salesforce to push the solution to the market."

Kameleon was founded just last year by Myszne, Efi Sasson and Ido Naishtein. Myszne also co-founded semiconductor company Wilocity which was acquired by Qualcomm in 2014 for over $300 million. Myszne is based out of the San Francisco Bay Area where he moved a decade ago to help grow Wilocity. Kameleon currently employs 16 people in total, all of whom except from Myszne are working out of Israel.

Kameleon first approached Xilinx five months ago and a deal was signed despite both parties never actually meeting face-to-face due to the Covid-19 pandemic.

"There are a couple of companies that we know are working on similar solutions so we wanted to accelerate our time to market and that is why we decided to partner with Xilinx and get to market as soon as possible," Myszne explained. "Our first market is the server market and Xilinx is very powerful in that market so I think it is a win-win situation, not only to have the chip but also to have the Xilinx name behind it. This will become a Xilinx product but at the end of the day our customers are the big cloud providers and OEMs. It's kind of difficult for a small startup to get into those platforms and definitely having this partnership with Xilinx helps a lot to gain that trust from those customers."

Kameleon plans to release the source code for supporting peripheral attestation to the open compute community. Both Kameleon and Xilinx have been long-time members of OCP, and Kameleon is an active contributor to the Open Compute Security specifications.

At this week’s OCP Tech Week virtual event, OCP Security Workgroup, an open standards organization developing specifications for data center security, released Version 1.0 specification for Root of Trust (RoT), which includes security documents for Secure Boot, Attestation, and Common Threats Scope.

"There is nothing inherently in the architecture today that provides the defender with an advantage to fight attackers. The attackers are the ones who have an advantage because the computer always behaves the same way so the first thing the attacker does is to understand what the defenses are and find a way around that. What we are doing is taking that defense and putting it on a different chip and connecting that chip to the CPU at the hardware level below the software," explained Myszne. "So now when the attacker goes to that system he doesn't see what the defenses are. He is completely blind and if he tries to deactivate the defenses he needs to jump from one chip to another and that is very difficult. We are isolating the defenders from the attackers and by design providing an advantage. It provides an architectural advantage for security applications.

“The idea at the end of the day is to build a platform so that not only our software is running on that platform but third party security companies will be able to use our hardware and free the CPU, which is a very expensive chip, from those tasks and do it on a cheaper chip in a more effective way."

Myszne said Kameleon's initial plan was to enter the market with their own chip in 2022, but that they ultimately decided to accelerate that by a year by going into the partnership with Xilinx.

"We started to see others, for example, Intel, who acquired Altera a few years ago for $16.7 billion, and they announced a solution for this Root of Trust based on FPGAs. We identified Xilinx as the No. 1 FPGA company in the world with a very big footprint specifically in data centers and that they didn't have this kind of solution. They are moving from just selling an FPGA and the client doing their own design to either partnering or developing internally a full solution. So when we reached out to them they told us that they were looking for a solution like this," said Myszne.

Kameleon still intends to launch its own chip in 2022, most likely in the second half of the year and Myszne is confident his company has a solution that will appeal to much of the market.

"Right now the main companies that we see in the market are huge corporations, currently Intel, AMD and Nvidia. The market is very fragmented and these corporations start to build their own ecosystems. Customers want solutions that are almost open source and work with everyone. We are completely agnostic and we can work with any processor and customers like that. Usually most of the OEMs have all the different solutions so that means that they need a different design for each one of them. So having a single spec compliment solution really simplifies things and makes the return on investment with our solution very positive," said Myszne.

Nir Adler, General Partner at SOMV, which was the main investor in Kameleon's seed round together with J-Ventures, added: "I’m very pleased to see Kameleon and Xilinx partnering on the way to a more secured compute infrastructure and protected data. Hardware is a powerful distribution channel to sell software, and Xilinx’s technology demonstrates this allowing Kameleon’s smart algorithms to be deployed in data centers as early as next year. The partnership with Xilinx, the dominant player in the OCP security group, and with more design partners they gather, will allow Kameleon to break away and become a market leader in hardware security."