Improved Security in IoT Systems
Improved Security in IoT Systems
The rapid growth of the Internet of Things (IoT) is making increasing demands on microcontrollers (MCUs) for both performance and connectivity. Local processing is needed at the edge to perform ever more complex processing of data from a range of sensors, often using machine-learning techniques. Many systems consist of networks of IoT nodes. Data is also sent to the cloud for monitoring, storage and more detailed analysis. These systems require a high level of security to protect them from attacks and malware.
Security is essential to authenticate IoT nodes, protect data confidentiality and system functionality. It is also important in safety-critical systems, such as advanced driver assistance systems and autonomous vehicles, to ensure that safety functions are not compromised.
Security requirements in IoT
There are regular news stories of cyber-attacks, by criminals or governments, on industrial and commercial systems. The attacks are becoming more sophisticated and targeting larger numbers of devices.
In 2010 the Stuxnet worm is thought to have caused significant damage to Iran’s nuclear processing plants. This may have been a deliberate attack by another state. The Heartbleed bug in the OpenSSL security software (used by many websites) was discovered in 2014. It was used to steal information from several systems including the Canada Revenue Service and a large US health service provider. The 2016 Mirai malware turned large numbers of online consumer devices, such as surveillance cameras and routers, into “bots”. These botnets have been used to launch very disruptive distributed denial of service (DDoS) attacks on many systems.
Researchers regularly find new vulnerabilities. These can be software bugs, such as Heartbleed, or hardware problems, like the Meltdown flaw found in various microprocessors including some Arm cores.
Malicious access to a single IoT node is damaging enough by itself. But the larger risk is that, by spoofing the identity of communications, an unlimited number of devices could be compromised thus enabling the rapid proliferation of malicious software.
There are several features that can improve the security of a system: providing every device with a unique identity for authentication that cannot be faked; implementing secure authentication and sharing of credentials between a node and the network; assuring the functionality of a device by validating the installed software and updates; and using cryptography for all network communication and to protect information stored in memory.
To achieve the required level of security, the design of the MCU must take input from multiple domains: software, security, systems analysis, etc. This is no longer just a silicon design problem; designers also need to consider human factors and interactions with the outside world.
However, IoT is a price-constrained market and so the extra security must be achieved without significant increases in complexity or cost.
Hardware security features
There are several hardware functions that can be used to increase the security of a system. These can be provided by an external security element or, in some instances, integrated in the MCU.
Secure boot is an essential feature to ensure that the firmware being executed by the processor is genuine and has not been tampered with. The MCU starts by executing a bootloader from ROM that verifies the signature of the code in flash before running it. The code may be further protected by enabling flash encryption.
A physical unclonable function (PUF) utilises the random variations in semiconductor devices to create a hardware structure that acts as a unique identifier, in the same way that random variations in the lines on your skin give you a unique fingerprint.
A PUF and associated logic can be used for secure key generation and management. PUF enables secure device authentication, flexible key provisioning and asset management. It protects the root of trust and the end-to-end security required for communication. It ensures that data encrypted by a specific device can only be decrypted by the same device, so that data is secure even if it is copied to another system.
The Arm processor core implements a hardware security system called TrustZoneÒ. This can be used for runtime protection of assets, such as private data and passwords, by ensuring they are only ever handled in a secure environment.
TrustZone implements two hardware “worlds”: secure and non-secure. The non-secure world provides a flexible execution environment with no access to security-critical registers and data. Non-secure code can only access secured resources via specific interfaces exposed by the secure world. The operating system and applications typically run in the non- secure world, while a smaller subset of trusted code runs in the secure world. This reduces the amount of code that needs to be carefully written and audited to ensure security.
A true random number generator (TRNG) is necessary to provide high entropy and ensure that handshake procedures are not vulnerable to replay attack.
Other possible features include tamper detection to protect against device physical access, a memory protection unit (MPU) for task isolation, hardware accelerators for various crypto functions and a shielding layer over sensitive parts of the chip.
The choice of the functions implemented in any given system will be a balance between the level of security required and the extra cost of the hardware.
As an example, the recently released LPC55S6x MCU from NXP integrates many of the hardware security features described above, making it unique in the MCU market. It has dual Arm® Cortex®-M33 cores with one CPU supporting TrustZone-M, and several coprocessors.
While the chipset provides a secure boot with anti-rollback protection, the hardware also supports real-time execution of encrypted images from flash memory. The flash content is only decrypted in the execution path of the core. Thus, malicious attempts at reading the flash memory directly would only expose encrypted data. The software intellectual property and associated data is protected.
The LPC55S6x MCU uses a PUF based on a dedicated block of SRAM. Because of variations in each transistor, when the SRAM is turned on each memory cell comes up as either a 1 or a 0. This is consistent every time the SRAM powers up, so these start-up values create a random and repeatable pattern that is unique to each chip. This silicon fingerprint is turned into a secret key that can be used to uniquely identify the device and provides a hardware root of trust for the other security functions.
There are several hardware accelerators for real-time encryption / decryption of data and acceleration of various symmetric and asymmetric cryptographic algorithms.
It also has tamper detection, secure GPIO and DMA and a secure debug system that requires authentication in order to be enabled.
LPC55S6x is the first MCU to combine all these in a complete security package. It provides a high level of security for many IoT and embedded applications, at minimal cost.
The second Arm core and the DSP coprocessor can be used for executing complex application software. For example, machine-learning and inference systems can be implemented using the Arm CMSIS-NN library. This is a collection of high-performance, memory-efficient neural-network kernels optimized for the Cortex-M processor core. This can be used with industry-standard frameworks such as Caffe to implement applications based on image classification, speech recognition and natural language processing for improved human interfaces.
This is the same technology that enables applications such as a car that recognises the driver and automatically adjusts the seats and driving settings. Robots that can recognise objects and people in their environment can work more safely in close collaboration with human workers. A vending machine could recognise customers and ask if they want their usual choice of hot drink. The signal processing capability could be used, along with facial recognition, to implement beam-forming using multiple microphones to isolate voices in a noisy environment and identify the current speaker.
The increasing need for security in IoT systems is being met by the addition of hardware to support security functions in modern microcontrollers. This simplifies embedded security with a hardware root of trust for secure authentication, communication and data storage. This needs to meet the cost constraints of embedded systems. The LPC55S6x MCU shows how higher levels of integration, made possible by using a high-density semiconductor process, enable more security functions to be included in an MCU without sacrificing either cost or performance.
EBV is a technical distributor with a good understanding of IoT requirements because of our expertise in both the relevant vertical markets, such as industrial and automotive, and the technologies such as security, wireless communication etc. We can provide comprehensive technical support at all stages of the design process.
*Authors: Christian Krieber, Director Segment Security & Identification, EBV Elektronik and Thibault Richard, Connectivity Specialized FAE, EBV Elektronik