With the evolution of the Internet of Things comes the prospect of indiscriminate connectivity. This, in turn, has pushed security to the fore as it has grown in importance; it now touches every step of the data and control paths, making it integral to all applications. Nowhere is this more evident than in devices that will sit on the ‘edge’ of the network, the nodes that will form the ‘Things’ in the IoT.
If left unsecured, each one of these ‘Things’ represents easy access to an otherwise private network, raising concerns within every vertical sector with hopes of making productive use of the IoT. As a result, Integrated Device Manufacturers (IDMs) are now going to increasingly greater lengths to add advanced security features to all of their latest products.
Just like the diversity of the nature of the threats present, security features come in many shapes and sizes, and vary between those devices intended to provide raw processing performance at the core and those that will introduce intelligence into the network from the edge. Those MCUs intended to empower edge devices, such as smart sensors and remotely accessible actuators, will require more advanced security features in smaller, lower power devices; a challenge facing every IDM looking to exploit the potential of the IoT.
A level of trust
The specific requirements of a node on the IoT will be dependent on how it is deployed; a device connected to a wired supply, such as a thermostat, may be less concerned with ultra-low power consumption than, say, a remote sensor. An actuator on a piece of manufacturing equipment would have access to all the power it needs, while a wearable device may need to harvest the energy it uses from its surroundings. What they do have in common, however, is a need to carry out their prime objective securely.
Fortunately, the need for security in a microcontroller has not just been ‘forced’ upon the industry; there have always been applications that value security, it’s just that the volume of devices expected to contribute to the IoT in the next decade or so will drive demand for these devices much higher than it has been in the past.
That does not make established solutions redundant, however. In fact it may make them more desirable, as they have a proven track record in secure applications. An example of such a device is the 8051-based DS5002FP secure microprocessor from Maxim Integrated; a legacy product developed by Dallas Semiconductor. A block diagram of the device is shown in Figure 1. This is actually an improved version of a previous device, the DS500FP, but like its predecessor it loads and executes application software in an encrypted form, which can be stored in a battery-backed non-volatile storage. The encryption algorithm uses an internally stored and protected key, and any attempt to view or retrieve the key results in its erasure.
Figure 1: The second-generation of the DS500 Secure Microprocessor from Maxim Integrated features an embedded encryption algorithm with internal key protection.
Based on a 64-bit keyword, the algorithm incorporates elements of DES encryption, while the key can only be loaded from an on-chip true random number generator. This means the true key value is never known; not even by the developer. Further security is provided by the Self Destruct Input, which if asserted (even when power is removed) will result in immediate erasure of the keyword and the 48-byte vector RAM area.
In part, standards are developed and adopted in order to build trust, so it’s not surprising that some OEMs could value independent endorsements of security solutions implemented by IDMs. One example of this is the AT97SC3204 from Atmel: a fully integrated security module compliant to the Trusted Computing Group (TCG) Trusted Platform Module (TPM) version 1.2 specification. It’s based on the AVR 8-bit RISC core and integrates Atmel’s cryptographic accelerator engine (Figure 2), capable of calculating a 2048-bit RSA signature in 200 ms, and a 1024-bit RSA signature in 40 ms. A FIPS-approved Pseudo random number generator is used for key generation and TCG protocol functions, which is also accessible to developers. Atmel offers the platform to OEMs/ODMs as a turnkey solution, including the firmware integrated on-chip, along with device drivers for leading operating systems.
Figure 2: The cryptographic engine helps make Atmel’s AT97SC3204 fully compliant with the Trusted Computing Group’s Trusted Platform Module specification (V1.2).
Solutions are also now appearing for applications that require more performance in a low-power package, such as the Kinetis K family from Freescale. This wide ranging family offers scalability in terms of physical format and code compatibility; and as part of that scalability comes optional features for, among other things, security. What these solutions also have in common is the ARM Cortex-M4 core, while the amount of security and integrity features varies.
For example, the entry-level K11 family offers parts with a Cyclic Redundancy Check block, while the K21 family offers optional Random Number Generator, Cryptographic Acceleration, and Hardware Tamper Detection units. At the higher end, the K71 family offers these units as standard features (Figure 3).
Figure 3: Freescale’s Kinetis families offer a range of Security and Integrity units.
The Hardware Encryption coprocessor (Figure 4) works with the Cryptographic Acceleration Unit to improve the throughput of software-based security encryption/decryption procedure and message digest functions, supporting DES, 3DES, AES, MD5, SHA-1 and SHA-256 algorithms. It is also able to implement higher level functions in software by using standard processor instructions. The Tamper Detection module provides secure key storage with internal/external tamper detect for non-secure Flash, coupled with temperature, clock, supply voltage and physical attack detection. As well as having its own power supply and power-on reset circuits, it features a register to record the time of any detected tamper attempts.
Figure 4: Freescale’s Hardware Encryption coprocessor and Cryptographic Acceleration Unit improve the throughput of software-based security encryption/decryption.
As well as standard technologies such as random number generators and tamper detection, some manufacturers are using the fundamental features of the process used to provide improved security, such as Texas Instruments’ MSP430 MCUs, fabricated using its non-volatile Ferroelectric RAM (FRAM), which it cites as being more robust against attacks such as voltage manipulation than either EEPROM or conventional Flash.
As with other devices, the MSP430FR5xx and MSP430FR6xx devices employ cryptography such as 3DES, AES, RSA and ECC, which, as explained earlier, require key storage. TI believes that a FRAM-based MCU offers benefits over other MCUs when generating and storing a key, for a number of reasons. Firstly, the low power nature of FRAM makes it more viable to store a new key for every session, even in a battery-powered application. Secondly, the process of storing the key is less likely to be detected by an attacker. The reason for both these benefits is because FRAM writes do not require pre-erase or charge pumps, making it energy efficient while not incurring any energy spikes caused by a Flash charge pump — such surges can be detected and become a signal of a key being generated. Furthermore, the near-infinite endurance of FRAM means key locations can be overwritten multiple times during the product’s operating lifetime. But perhaps most compelling, FRAM write operations are guaranteed to complete even if power is removed during the cycle, thanks to an on-chip capacitor. This contrasts with the need to use redundant memory blocks to mirror data during the read-write-erase sequence of EEPROM or Flash memory, to overcome the risk of losing data if power is removed during the process.
Ever since the Internet entered our lives, users have been subjected to security attacks and the various defense mechanisms used to divert them, such as antivirus software on a PC, or treating any email from an unknown sender as suspicious. However, these attacks are normally launched remotely, transported innocuously via the infrastructure and detected on our behalf. Oftentimes users aren’t even aware that an attack has been detected.
With the IoT and, in particular, the many nodes that will form its intelligent perimeter, the threat becomes more tangible. Instead of the attack being launched remotely, it could quite conceivably be physical; would-be hackers could gain direct, hands-on access to the switch, sensor or actuator that is now part of the IoT. Combating such attacks using secure light MCUs will require not only greater vigilance on the user’s behalf, but greater effort from the IDM. Fortunately, the continued lure of the IoT is ensuring that effort is present.