News

What Does It Mean for an SoC to Be Secure? A Closer Look at the Wireless Gecko Series 2

July 24, 2019 by Mark Hughes

What makes a secure SoC actually... secure? Check out this overview of hardware-based security features in a real-world example IC.

What makes a secure SoC actually... secure? Check out this overview of hardware-based security features in a real-world example IC.

Security is an important consideration for engineers when they're developing new devices, particularly for IoT applications. Choosing secure components can go a long way in this process—but what does it mean for a device to be secure, anyway?

In this article, we'll take a closer look at the Silicon Labs Wireless Gecko Series 2 EFR32xG21 wireless SoC. This IC has a security core and radio implemented on the silicon alongside the Arm-M33 processor. It is designed for use with Zigbee, Thread, and Bluetooth protocols.

 

Image from Silicon Labs

 

According to Silicon Labs, the Series 2 SoC differs from its predecessor with an increased focus on providing functionality for smart homes, smart cities, and industrial IoT applications.

Link Budget

The EFR32 Blue Gecko SoC is available in either 10 dBm or 20 dBm output, and depending on the radio configuration, has a sensitivity of up to -104.5 dBm. This provides a link budget of up to 124.5 dB (915 MHz 2GFSK, 0.6 kbps). See the Silicon Labs document UG147 for additional configurations, ranges, and link budget documentation.

 

Security Inside the EFR32

Embedded in the silicon die of the EFR32, along with the ARM Cortex-M33 processor, is a hardware security core that contains a True Random Number Generator (TRNG) and a hardware cryptography accelerator. The core has silicon gates configured and optimized for specific cryptographic tasks, including:

  • Advanced encryption standard (AES)
  • Elliptic curve cryptography (ECC)
  • Secure hash algorithm (SHA)
  • A 32-bit cyclic redundancy check (CRC32)

 

Secure Boot, Secure Debug, and Secure Debug Unlock

Usually, when a bad actor has physical access to your microcontroller, they can do all types of malicious actions, from reading memory to uploading new firmware, to figuring out your private security keys. Silicon Labs eliminates many attack vectors with their Secure Boot with Root of Trust and Secure Loader (RTSL) and Secure Debug feature.  Secure Boot prevents malware injections by executing only correctly signed code.

Secure Boot ensures that only correctly signed firmware will run on the Wireless Gecko Series 2. Whether a hacker is attempting an Over The Air (OTA) update, or is physically connected to the JTAG pins, the worst they could do is to “brick” the device.  

Secure Debug ensures that all data that comes off of the device is fully encrypted. This security feature ensures that only the original programmers of the device can unlock and interpret the debug data. Usually, this also means that the manufacturer of the device cannot help with failure analysis, so Silicon Labs incorporated a Secure Debug Unlock feature that allows Silicon Labs to still work on the device. Customers provide the misbehaving device, along with a security key to Silicon Labs, and the data on the device can then be decrypted.

 

True Random Number Generator

A key component of any security system is a random-number generator. This bit of hardware works to continuously create a patternless and unpredictable string of 1s and 0s. The EFR32xG21 uses a ring oscillator to generate random numbers. Ring oscillators are made of an odd number of inverter stages.

 

Schematic a three-stage ring oscillator. Image used courtesy of Guerberj

 

Ring oscillators used as random number generators take advantage of the fact that there is a slightly variable gate transition delay from one stage of the oscillator to the next (Jitter). When the output of the first stage transitions from logic low to logic high, the second stage does not instantly change state. A small amount of capacitance at the input of the next stage slows the voltage change. Once the threshold voltage is reached, the second stage changes state, and the process continues around the ring until the last stage triggers the first stage and the entire cycle repeats. The result is a square wave that propagates around the ring in a cyclic fashion. If a single stage of the oscillator is sampled asynchronously at a fraction of the frequency of oscillation, the output is unpredictable and random.

And just in case some bad actor finds a way to manipulate the ring oscillator, or it begins to malfunction in some way, the output is constantly monitored with a series of 64-bit and 4096-bit integrity tests that satisfy NITS-800-90 and AIS 31.

Whitening Filter

Anyone who has studied random numbers for any length of time will tell you that with a true random number generator, 0B0000000000000000 is as likely as 0B1011010010110110, which is as likely as 0B0000000011111111 and 0B1111111111111111. But of those four choices, only one can be used to encrypt data. So the output of the ring oscillator is fed into a data-whitening filter. Data whitening uses a multitap linear-feedback shift-register to prevent long strings of 1s and 0s.

 

A data-whitening shift register

 

Advanced Encryption Standard (AES)

Advanced Encryption Standard is a NIST established block cipher. This symmetric key cipher is used to encode and decode data using something called the Rijndael algorithm (after the last name of one of the Belgian cryptographers who came up with it). Data is encrypted/decrypted in 128-bit blocks using keys of 128, 192, or 256 bits.

 

Elliptic Curve Cryptography

Elliptic Curve Cryptography was independently created by Neal Koblitz and Victor Miller. It allows two parties who have never met to generate a shared secret in full view of an eavesdropper. The shared secret is combined with the data to be encrypted/decrypted to encode/decode secret messages.

This animation shows how Alice and Bob can generate a shared secret. 

 

A visualization of elliptic-curve cryptography by Mark Hughes

 

Alice and Bob agree on a point and add the point to itself a randomly selected number of times (here Alice chooses α=7, and Bob chooses ß=5) to find points A & B. Alice and Bob then exchange their secret point value and multiply by their numbers again to arrive at a shared secret S. (Alice does 2α=14 and Bob does 2ß=10 total operations.)  

Read my article about elliptic curve cryptography to learn more.

Secure Hash Algorithm (SHA)

The secure hash algorithm takes an input of any length and generates a fixed-length output. This is useful to verify the integrity of data since any changes to the input will affect the output. Firmware updates can then be delivered along with their hash values to a target microcontroller. If the microcontroller calculates a different value for the hash, it knows that there is something wrong with the firmware files and will not write them to memory.

 

32-bit Cyclic Redundancy Check (CRC32)

Cyclic Redundancy Checks are used to ensure data integrity during transmission, storage, and retrieval. CRC values are computed with the original data and computed again with transmitted or retrieved data. If the two CRC values do not match, the data is corrupt.

 

A 24-bit CRC animation is shown above since 32-bit is too small to read.

About the Single Mesh Dev Kit

This kit is intended to allow developers to implement secure wireless communication in two-node and multi-node applications across a variety of protocols, including Bluetooth mesh, Zigbee, and Thread

The Wireless Gecko EFR32 comes on a daughterboard that plugs into a development motherboard. After programming, the Wireless Gecko Radio Board can be separated from the motherboard and powered via an external battery pack.

 

Silicon Labs Wireless Gecko development board. Image used courtesy of Silicon Labs

 

This dev kit is a bit different from others that Silicon Labs offers in that it provides an Ethernet-based program/debug channel in addition to a USB debugger. This allows users to connect devices far away from the programming computer and stay connected to them with the building’s existing IT infrastructure.  

This feature makes the kits suitable for working with wireless interfaces since multiple devices can be connected wirelessly at the limits of their radio range and still communicate all necessary debug information with the programming computer.  Silicon Labs has a network of 500 ethernet-linked wireless nodes at its Boston office offices to allow them to test customer code in real-world conditions. They can flash the devices remotely in a matter of minutes, rather than the hours/days it would take if they had to physically touch each device.

The motherboard has multiple power input options, including a mini-USB that allows connection to a computer, portable battery pack, or 5V wall charger. The mainboard also has a display, two user input buttons, two LEDs, two momentary buttons, and a temperature/humidity sensor.

 

Silicon Labs Wireless Gecko development kit block diagram. Image from the Silicon Labs Getting Started Guide. Click to enlarge.

 

In essence, the motherboard allows users to program the EFR32xG21 wireless SoC.


 

There are countless reasons why you should implement proper security on your wireless projects. Manufacturers are increasingly making it easier for engineers to take the proper precautions to keep bad actors out of their microprocessors. 

This allows engineers to protect their source-code and intellectual property, verify OTA (over-the-air) updates before installation, ensure untampered data transmissions, and securely communicate with internet-based computers.