Protecting IoT Embedded Designs with Security ICs
In this article, we discuss some key security threats to be aware of when designing for the IoT, important security functions, and how protecting these designs is becoming easier with advances in security ICs.
You’re working hard to develop the next generation of your smart, connected device. It improves on the capabilities of its predecessor while adding a few new features. Then you catch the latest headline about an IoT device that has been hacked. Is it too late to protect your design?
It’s never too late to design in security—and it’s also more important than ever. The IoT brings great convenience to the way that we live, work, and play. But left unprotected, smart devices can provide an entry point into larger networks and sensitive data.
From Copycats to Customer Harm
Some IoT design breaches are more attention-grabbing than others. Counterfeiting and cloning are common threats, resulting in lost revenue for the OEM and, often, a quality hit that impacts customers. Having authentic, or genuine, parts provides assurance that the parts will work as intended and also helps to ensure that viruses won’t get introduced into the environment. In an automated factory or a utility plant, for instance, equipment that has been tampered with can trigger a malfunction that leads to costly downtime, damage, or even customer harm.
Then there are the attacks that could potentially be life-harming. For example, consider a WiFi-enabled pacemaker. Last year, the U.S. Department of Homeland Security issued an advisory warning that hackers could easily gain access to a brand of implanted cardiac defibrillators. According to the department, an attacker with short-range access to the product in question could, when the product’s radio is turned on, inject, replay, modify, and/or intercept data within the telemetry communication.
Another concern for medical devices is product refurbishing. While allowed by the U.S. Food and Drug Administration, refurbishing a medical device can create problems. The biggest threat is to limited-use peripherals. While the refurbishing process could restore the peripheral so that it is like new, it may also negate its limited-use properties.
Security ICs with advanced cryptographic features can protect IoT sensor nodes in power plants and similar applications from security threats.
Figure 1. Security ICs with advanced cryptographic features can protect IoT sensor nodes in power plants and similar applications from security threats.
Cryptography Without Being an Expert
Keeping IoT designs safe from threats requires:
- Secure communication and authenticity of endpoints
- Strong key management to protect and encrypt sensitive data
- Secure boot to validate firmware and defend against malware attacks
- Feature control so you can securely enable and disable various factory-based options
Security ICs continue to provide advanced levels of protection for existing as well as new embedded designs. And one of the advantages of designing with these devices is, you can take advantage of robust cryptography functions without having to be a cryptography expert. A software-based approach would require much more development effort while introducing vulnerabilities that hackers can exploit. Let’s take a closer look at key features in a security IC that you’ll want to have in order to keep your IoT designs safe.
Physically Unclonable Function (PUF) Technology
If you want strong protection against invasive and reverse-engineering attacks, PUF technology is here to help. A PUF circuit relies on the naturally occurring random analog characteristics of fundamental MOSFET devices to produce cryptographic keys. Because the key is generated only when needed and isn’t stored anywhere on the chip, an attacker has nothing to steal. If an attacker attempts to probe or observe the PUF operation, this activity modifies the underlying circuit characteristics, preventing the attacker from discovering the secret key.2
PUF is like a unique fingerprint, making it invaluable for the implementation of secret and private keys as utilized by the security IC. For example, a PUF-derived secret key is used to encrypt all information stored in the security IC’s EEPROM memory. A security attack that retrieves the contents of the EEPROM is definitively thwarted as the contents are encrypted and the PUF key required for decryption cannot be extracted.
Asymmetric and Symmetric Algorithms
Cryptographic algorithms lock or unlock cryptographic functions such as authentication, authorization, and encryption. There are two types of algorithms: symmetric and asymmetric. Symmetric algorithms involve keys that are private between the sender and the receiver. Their shared keys are securely stored and never shared with anyone else.
The sender and receiver authenticate data using this shared key, which provides both with the assurance that the information source can be trusted. An asymmetric algorithm uses one key that’s stored privately and a second that is public. Data signed with a private key can only be verified by its associated public key.
Advanced Encryption Standard (AES)
The AES algorithm is a fixed-width symmetric algorithm ideal for bulk encryption. It scrambles and substitutes input data based on the value of an input key in a reversible way, resulting in ciphertext (encrypted or encoded information). The input message is padded first to ensure that it will fit in “n” number of 128-bit blocks. Each 128-bit block is fed into the encryption algorithm along with an encryption key.
The algorithm then performs a certain number of rounds of obscuring the input block bits based on the number of bits in the encryption key. The obscuring consists of shuffling data bits, where portions of the data are substituted with values from a look-up table and XOR operations are performed to flip bits from 0 to 1 based on bit values in a set of round keys generated from the input encryption key. To unscramble the original input block data, the AES decryption function performs the reverse of the operations in the encryption function using the same encryption key.
A standard element in cryptography, digital signatures provide recipients with a reason to trust that the message was created by a known sender and that it wasn’t altered while in transit. In other words, the ability to sign data verifies that the device and the data are genuine. Both symmetric and asymmetric algorithms are used to generate digital signatures.
Utilizing SHA and ECDSA for Secure Boot
The Secure Hash Algorithm (e.g., SHA-2 or SHA-3) utilizes hashing, which takes data of variable sizes and condenses it into fixed-size bit-string outputs. For example, with SHA-256, the hash output is 256 bits long. The Elliptic Curve Digital Signature Algorithm (ECDSA) enables trusted communication by generating a digital signature for an input message based on a private key. A public key is mathematically related to the private key and is provided and used by others to verify the communicator’s authenticity.
Together, SHA-256 and ECDSA provide features that enable secure boot of a host processor as follows. Within the OEM development environment, an SHA-256 hash is computed over the firmware file that is ultimately executed by a microcontroller. This hash value is then ECDSA-signed with a private key that resides and is safeguarded within the confines of the development environment.
The firmware and ECDSA signature are then stored in the end application, for example in flash memory. Also, in the end application, the microcontroller stores the ECDSA public key to verify that the firmware is authentic and unmodified before execution, i.e., a secure boot process. To perform this verification the microcontroller would compute the SHA-256 hash over the stored firmware and then use this hash value and the stored public key to perform a verification operation on the ECDSA signature. If the verification passes, the micro can trust and execute the firmware.
Advanced security ICs are now designed with these security features built-in. A power-efficient cryptographic coprocessor provides a good option for existing as well as new embedded designs. One of the benefits is that the coprocessor can offload the host (non-secure) microprocessor from managing complex cryptography and secure key storage. By consuming little power, these devices work well for battery-powered IoT designs.
An example of such a cryptographic coprocessor is the low-power DS28S60, which features PUF technology, a high-speed 20MHz SPI interface for fast throughput of security operations, SHA-256 based digital signature and ECDSA-P256 signature and verification for secure boot, and built-in key exchange for end-to-end encryption.
Figure 2. DS28S60 simplified block diagram
As embedded designs, including battery-powered IoT sensor nodes, become more pervasive in our everyday lives, it’s essential to ensure that they’re protected against security threats. Today’s security ICs are integrated with an array of cryptographic functions that make it easier to protect these designs without having to be a cryptography expert.
Industry Articles are a form of content that allows industry partners to share useful news, messages, and technology with All About Circuits readers in a way editorial content is not well suited to. All Industry Articles are subject to strict editorial guidelines with the intention of offering readers useful news, technical expertise, or stories. The viewpoints and opinions expressed in Industry Articles are those of the partner and not necessarily those of All About Circuits or its writers.