Industry Article

Simplifying Hardware Security Implementation for IoT Nodes

October 09, 2018 by Ramanuja Konreddy, Microchip

This article provides an overview of what an IoT node needs for a faster and simpler implementation of robust security.

This article provides an overview of what an IoT node needs for a faster and simpler implementation of robust security.

The ultra-low-power computing plus connectivity summed up in the Internet of Things (IoT) amalgam is at crossroads. On the one hand, IoT nodes are promising to transform designs in automotive, industrial, smart home, medical, and more.

On the other hand, a continuous stream of news about security breaches ranging from malware injections to distributed denial-of-service (DDoS) to battery-drain attacks has the potential of jeopardizing the whole promise of the IoT. Not surprisingly, therefore, vulnerabilities associated with these security breaches of edge devices have become a major concern for IoT developers.

How hackers are increasingly targeting the unprotected IoT nodes is apparent from the recent incident in which hackers were able to exploit the vulnerabilities in the connected thermometer of a fish tank in a casino, and subsequently, they were able to access the high-roller database of gamblers.

That also shows how the whole premise of home and building automation is threatened amid the vulnerability of thermostats, refrigeration and HVAC systems. Or how banks and commercial outfits are vulnerable due to the poor-security CCTV cameras connected across data networks.

 

A view of physical and remote security threats to an IoT node and their respective Counter Measures, which are built into embedded systems to protect against the attacks.

Figure 1. A view of physical and remote security threats to an IoT node and their respective Counter Measures, which are built into embedded systems to protect against the attacks. 

 

Here, it's worth mentioning that while conventional security practices are implemented at the server and gateway levels, power consumption and small footprint of edge devices are limiting factors for adding robust security in IoT node designs. Moreover, security application development can add significant overhead in terms of design time and cost.

This article will explain how IoT developers can counter various security vulnerabilities while maintaining low power consumption. It will also present a security framework that they can implement early in the design cycle. Finally, the article will present how low-cost microcontrollers (MCUs) featuring hardware security features can be leveraged with the framework to simplify the implementation of security.

Facets of IoT Node Security

A robust IoT node design needs to provide security against communication attacks, malware, and physical attacks. To prevent communication attacks or man-in-the-middle attacks, a common practice is to use a crypto module that carries out encryption, decryption, and authentication. 

Arm TrustZone technology restricts access to specific memory, peripheral and I/O components. It partitions the MCU into trusted and non-trusted zones and isolates sensitive data from the non-critical data. Secure boot ensures that the MCU starts up in a known good state, and when implemented with Arm TrustZone, can provide an environment that can help counteract malware.

Physical security of an IoT node can be enhanced with anti-tampering pins to offer board-level tamper protection. When the board or an enclosure is tampered with, the anti-tampering pins can be programmed to provide multiple responses, including erasing secrets. It is also important to have tamper resistance that extends further down to the chip-level. This will enable protection against cloning and intellectual property (IP) theft.

In addition to these three aspects, it is essential to establish a hardware root of trust, which can be accomplished with a secure boot and enhanced by a secure key provisioning mechanism.

IoT node designers have to strike a balance between low power usage and security. Today’s applications require low power and yet a highly-secure design, without compromising on performance and without adding time and overhead cost. For IoT edge devices running on batteries, power usage is crucial. That, in turn, demands MCUs that can drastically reduce power consumption while adding robust security.

Last but not least, low-cost IoT node designs require a simple mechanism for the implementation of security. A mechanism that abstracts away low-level security details to avoid complexity, steep learning curves, and a substantial overhead cost.

Simplifying Embedded Security

An example of an MCU that simplifies the implementation of these security features is the SAM L11 microcontroller, which was created with security deeply embedded during the silicon design phase. It runs at 32 MHz with memory configuration of up to 64 KB Flash and 16 KB SRAM. To illustrate what developers should look for to introduce security early in the design cycle in MCUs, we’ll take a closer look at four key security elements included in the SAM L11. 

 

Immutable Secure Boot

The SAM L11 includes a Boot ROM design to facilitate an immutable secure boot. It has an onboard Crypto Accelerator (CRYA) that accelerates AES, SHA and GCM algorithms computation for encryption, decryption and authentication and NIST-compliant TRNG for random number generation.

 

Trusted Execution Environment

Arm TrustZone technology allows the creation of a secure zone within the SAM L11. This, when combined with immutable secure boot, creates a Trusted Execution Environment (TEE) to counteract malware effectively. The TEE enables the IoT nodes to take remedial action whenever they encounter malware. It avoids the downtime of critical functions and will significantly improve the reliability of IoT nodes.

 

Secure Key Storage

In addition to tamper pins for protecting against board-level tampering, the SAM L11 has active shield on 256 Bytes of RAM that can resist chip-level microprobing and data remanence issues to provide secure storage for volatile keys. It also has a dedicated 2KB of Flash that can be scrambled to store non-volatile keys, certificates and other sensitive data. The secure key storage on the device protects systems from software and communication attacks and provides developers with an option to erase the sensitive data up on detection of a tamper event. 

 

Comprehensive Security Solution Framework

The SAM L11 is supported by a Comprehensive Security Solution Framework that provides end-to-end security spanning from key provisioning at a secure facility during the silicon manufacturing phase to implementation of security modules during application development to remote firmware upgrades anytime during the lifecycle of the device. The framework includes Trustonic’s Kinibi-M security software that abstracts the lower level details of the device’s security features and will provide a modular GUI-based interface for designers to choose the relevant security module for their application. Take for instance, the bootloader used for securing the firmware upgrades. Here, embedded designers don't have to sift through hundreds of pages of a datasheet to find out how to create a secure bootloader.

The security framework is thoroughly defined and provides a module for developers to quickly implement secure bootloader in their application. And that eliminates the need for training on embedded security and reduces the development time and cost significantly.

The hardware security features deeply embedded within the SAM L11 microcontrollers helps embedded designers carry out key provisioning at Microchip’s secure facility using Trustonic's Root of Trust (RoT) flow.

The figure below shows the various modules provided by the framework to simplify the implementation of security.

 

end-to-end security solution

Figure 2. End-to-end security solution
 

A Comprehensive Security Solution Framework helps embedded developers who are new to security avoid steep learning curves and overhead costs. Within no time, they can easily implement robust security in various application use cases as depicted in the figures below.

Security in IoT nodes

Figure 3. Security in IoT nodes

 

Security in remote keypads

Figure 4. Security in remote keypads

 

Security in accessory authentication

Figure 5. Security in accessory authentication

 

Security in medical devices

Figure 6. Security in medical devices

 

The device features picoPower technology, which ensures low-power consumption in active and sleep modes, with industry-leading ULPMark scores certified by EEMBC. It also offers various power saving modes and low power techniques to provide flexibility, so designers can conveniently implement security without taking a hit on power consumption.

Edge Node Security is Important for IoT Edge Devices

The rate at which IoT edge devices are being connected has been outpacing the rate at which these devices are securely deployed. One of the reasons for this is security has been an afterthought in embedded application space, and the other contributing factor for this trend is there are not many MCUs available in the market today that incorporates robust security in the footprints of 64 KB Flash or below to meet the price point of constrained IoT nodes.

However, while embedded security vulnerabilities are opening new attack vectors for hackers, a new crop of microcontrollers is making it easy for IoT node developers to configure and deploy security features quickly and efficiently.

The article has shown how these security MCUs can simplify security implementation while reducing the steep learning curve and overhead costs at the same time.
 

Resources

Industry Articles are a form of content that allows industry partners to share useful news, messages, and technology with All About Circuits readers in a way editorial content is not well suited to. All Industry Articles are subject to strict editorial guidelines with the intention of offering readers useful news, technical expertise, or stories. The viewpoints and opinions expressed in Industry Articles are those of the partner and not necessarily those of All About Circuits or its writers.

2 Comments
  • Dave Mercer October 09, 2018

    Good write up. An overlooked aspect was how one provisions verified (nothing is “secure”) boot keys on the SOC. Typically several are fuse blown into the SOC on the manufacturing floor so as to support key revocation. That said one must be very careful that a manufacturer, perhaps under orders from a government agency, doesn’t slip a malicious one in.

    Also, quantum computers are going to make pretty much all current forms of verified boot (ie ECC and RSA signatures on the boot loader) open to attack in the next 6-10 years. Given that IoT devices can have a very long shelf life this has to be thought about now.

    See google/quark on GitHub for some work my group is doing to counter this coming threat.

    Like. Reply
    • ramanujakonreddy October 31, 2018
      SAM L11 is built from the ground up to facilitate secure key provisioning. It is supported by Trustonic’s RoT(Root of Trust) provisioning flow and Secure Thingz key provisioning mechanism. Microchip is continuing to explore advanced security solutions. Quantum computing is an exciting field with mixed views on how fast these can be deployed. Post-quantum cryptography is beyond the scope of this article as the focus is on simplifying security implementation.
      Like. Reply