Improved Security in IoT Systems | EBV Elektronik

Display portlet menu

Improved Security in IoT Systems | EBV Elektronik

Display portlet menu

Improved Security in IoT Systems

Christian Krieber Photo
The rapid growth of the Internet of Things (IoT) is making increasing demands on microcontrollers (MCUs) for both performance and connectivity

Improved Security in IoT Systems

The rapid growth of the Internet of Things (IoT) is making increasing demands on microcontrollers (MCUs) for both performance and connectivity. Local processing is needed at the edge to perform ever more complex processing of data from a range of sensors, often using machine-learning techniques. Many systems consist of networks of IoT nodes. Data is also sent to the cloud for monitoring, storage and more detailed analysis. These systems require a high level of security to protect them from attacks and malware.

Security is essential to authenticate IoT nodes, protect data confidentiality and system functionality. It is also important in safety-critical systems, such as advanced driver assistance systems and autonomous vehicles, to ensure that safety functions are not compromised.

Security requirements in IoT

There are regular news stories of cyber-attacks, by criminals or governments, on industrial and commercial systems. The attacks are becoming more sophisticated and targeting larger numbers of devices.

In 2010 the Stuxnet worm is thought to have caused significant damage to Iran’s nuclear processing plants. This may have been a deliberate attack by another state. The Heartbleed bug in the OpenSSL security software (used by many websites) was discovered in 2014. It was used to steal information from several systems including the Canada Revenue Service and a large US health service provider. The 2016 Mirai malware turned large numbers of online consumer devices, such as surveillance cameras and routers, into “bots”. These botnets have been used to launch very disruptive distributed denial of service (DDoS) attacks on many systems.

Researchers regularly find new vulnerabilities. These can be software bugs, such as Heartbleed, or hardware problems, like the Meltdown flaw found in various microprocessors including some Arm cores.

Malicious access to a single IoT node is damaging enough by itself. But the larger risk is that, by spoofing the identity of communications, an unlimited number of devices could be compromised thus enabling the rapid proliferation of malicious software.

There are several features that can improve the security of a system: providing every device with a unique identity for authentication that cannot be faked; implementing secure authentication and sharing of credentials between a node and the network; assuring the functionality of a device by validating the installed software and updates; and using cryptography for all network communication and to protect information stored in memory.

To achieve the required level of security, the design of the MCU must take input from multiple domains: software, security, systems analysis, etc. This is no longer just a silicon design problem; designers also need to consider human factors and interactions with the outside world.

However, IoT is a price-constrained market and so the extra security must be achieved without significant increases in complexity or cost.

Hardware security features

There are several hardware functions that can be used to increase the security of a system. These can be provided by an external security element or, in some instances, integrated in the MCU.

Secure boot is an essential feature to ensure that the firmware being executed by the processor is genuine and has not been tampered with. The MCU starts by executing a bootloader from ROM that verifies the signature of the code in flash before running it. The code may be further protected by enabling flash encryption.

A physical unclonable function (PUF) utilises the random variations in semiconductor devices to create a hardware structure that acts as a unique identifier, in the same way that random variations in the lines on your skin give you a unique fingerprint.

A PUF and associated logic can be used for secure key generation and management. PUF enables secure device authentication, flexible key provisioning and asset management. It protects the root of trust and the end-to-end security required for communication. It ensures that data encrypted by a specific device can only be decrypted by the same device, so that data is secure even if it is copied to another system.

The Arm processor core implements a hardware security system called TrustZoneÒ. This can be used for runtime protection of assets, such as private data and passwords, by ensuring they are only ever handled in a secure environment.
 

Image of LPC55S6x Block Diagram


TrustZone implements two hardware “worlds”: secure and non-secure. The non-secure world provides a flexible execution environment with no access to security-critical registers and data. Non-secure code can only access secured resources via specific interfaces exposed by the secure world. The operating system and applications typically run in the non- secure world, while a smaller subset of trusted code runs in the secure world. This reduces the amount of code that needs to be carefully written and audited to ensure security.

A true random number generator (TRNG) is necessary to provide high entropy and ensure that handshake procedures are not vulnerable to replay attack.

Other possible features include tamper detection to protect against device physical access, a memory protection unit (MPU) for task isolation, hardware accelerators for various crypto functions and a shielding layer over sensitive parts of the chip.

The choice of the functions implemented in any given system will be a balance between the level of security required and the extra cost of the hardware.

An example

As an example, the recently released LPC55S6x MCU from NXP integrates many of the hardware security features described above, making it unique in the MCU market. It has dual Arm® Cortex®-M33 cores with one CPU supporting TrustZone-M, and several coprocessors.

While the chipset provides a secure boot with anti-rollback protection, the hardware also supports real-time execution of encrypted images from flash memory. The flash content is only decrypted in the execution path of the core. Thus, malicious attempts at reading the flash memory directly would only expose encrypted data. The software intellectual property and associated data is protected.

The LPC55S6x MCU uses a PUF based on a dedicated block of SRAM. Because of variations in each transistor, when the SRAM is turned on each memory cell comes up as either a 1 or a 0. This is consistent every time the SRAM powers up, so these start-up values create a random and repeatable pattern that is unique to each chip. This silicon fingerprint is turned into a secret key that can be used to uniquely identify the device and provides a hardware root of trust for the other security functions.

There are several hardware accelerators for real-time encryption / decryption of data and acceleration of various symmetric and asymmetric cryptographic algorithms.

It also has tamper detection, secure GPIO and DMA and a secure debug system that requires authentication in order to be enabled.

LPC55S6x is the first MCU to combine all these in a complete security package. It provides a high level of security for many IoT and embedded applications, at minimal cost.

The second Arm core and the DSP coprocessor can be used for executing complex application software. For example, machine-learning and inference systems can be implemented using the Arm CMSIS-NN library. This is a collection of high-performance, memory-efficient neural-network kernels optimized for the Cortex-M processor core. This can be used with industry-standard frameworks such as Caffe to implement applications based on image classification, speech recognition and natural language processing for improved human interfaces.

This is the same technology that enables applications such as a car that recognises the driver and automatically adjusts the seats and driving settings. Robots that can recognise objects and people in their environment can work more safely in close collaboration with human workers. A vending machine could recognise customers and ask if they want their usual choice of hot drink. The signal processing capability could be used, along with facial recognition, to implement beam-forming using multiple microphones to isolate voices in a noisy environment and identify the current speaker.

Conclusion

The increasing need for security in IoT systems is being met by the addition of hardware to support security functions in modern microcontrollers. This simplifies embedded security with a hardware root of trust for secure authentication, communication and data storage. This needs to meet the cost constraints of embedded systems. The LPC55S6x MCU shows how higher levels of integration, made possible by using a high-density semiconductor process, enable more security functions to be included in an MCU without sacrificing either cost or performance.

EBV is a technical distributor with a good understanding of IoT requirements because of our expertise in both the relevant vertical markets, such as industrial and automotive, and the technologies such as security, wireless communication etc. We can provide comprehensive technical support at all stages of the design process.

*Authors: Christian Krieber, Director Segment Security & Identification, EBV Elektronik and Thibault Richard, Connectivity Specialized FAE, EBV Elektronik

About Author

Christian Krieber Photo
Christian Krieber

Christian has more than 15 years of experience in the semiconductor industry. In his current positio...

Improved Security in IoT Systems | EBV Elektronik

Display portlet menu

Improved Security in IoT Systems | EBV Elektronik

Display portlet menu
Related Articles
The role of security in the new era of IoT innovations
The role of security in the new era of IoT innovations
By Christian Krieber   -   October 31, 2019
The IoT is one of the fastest growing technological revolutions the world has ever seen
Was nach reiner ­Science Fiction klingt, ist dank der Quanten­physik heute tatsächlich schon Realität.
Ist Teleportation möglich?
February 25, 2019
In den Star-Trek-Filmen werden Menschen einfach per Knopfdruck von einem Ort zum anderen gebeamt. Was nach reiner ­Science Fiction klingt, ist dank der Quanten­physik heute tatsächlich schon Realität.
Das Internet der ­Dinge wird ­zunehmend zur Realität, immer mehr ­Maschinen, Geräte, Gegenstände und letztlich auch Menschen ver­netzen sich.
The Future of the Wireless Technology
February 22, 2019
Das Internet der ­Dinge wird ­zunehmend zur Realität, immer mehr ­Maschinen, Geräte, Gegenstände und letztlich auch Menschen ver­netzen sich.
Teleport information from a ground-control station to a satellite in space
Is teleportation possible?
February 22, 2019
In Star Trek, people are simply beamed from one place to another at the push of a button. What sounds like pure science fiction is actually already reality today thanks to quantum physics …
Smart Cities leben von einer Vielzahl an Informationen, die von Menschen, Geräten und ­Sensoren übertragen werden.
Smart City Projekte und Technologien
February 21, 2019
Smart Cities leben von einer Vielzahl an Informationen, die von Menschen, Geräten und ­Sensoren übertragen werden.
rückt die ­Energieeffizienz der Wireless-Technologie zunehmend in den Fokus
Höhere Vernetzung, Geringerer Stromverbrauch
February 21, 2019
Mit der explodierenden Zahl an vernetzten Geräten und dem rasant steigenden Datenvolumen rückt die ­Energieeffizienz der Wireless-Technologie zunehmend in den Fokus.
Smart cities subsist on a large amount of information which is transmitted by people, ­devices and sensors
Smart networks for smarter cities
February 20, 2019
Smart cities subsist on a large amount of information which is transmitted by people, ­devices and sensors. A wide range of wireless technologies is used for this purpose, depending on the application in question.
Energy efficiency is becoming increasingly important when it comes to wireless technologies
Higher networking, lower power consumption
February 20, 2019
Due to the explosion in the number of networked devices and the rapidly increasing data volumes, energy efficiency is becoming increasingly important when it comes to wireless technologies.
A vast range of wireless technologies is used to transmit this volume of data securely
The Future of the Wireless Technology
February 14, 2019
The Internet of Thing is increasingly becoming reality. Ever more machines, devices, objects and - last but not least - people are becomig interlinked.
The role of security in the new era of IoT innovations
Crossover Embedded Processors
By Ulrich Schmidt   -   December 17, 2018
At the heart of thousands of smart, connected IoT products are embedded processors

Improved Security in IoT Systems | EBV Elektronik

Display portlet menu
Related Events
Tech Trends Turkey 01/2020
Date: January 14, 2020
Location: Tukey, tbd.
Tech Trends Seminar Dietikon 11/2019
Date: November 7, 2019
Location: Switzerland, Dietikon, sfb Bildungszentrum, Bernstr. 392, 8953 Dietikon
Secure your Hardware & Application Seminar with NXP
Date:
Location: Germany, Kaarst, EBV Elektronik GmbH & Co KG - Office Kaarst, An der Gümpgesbrücke 7, 41564 Kaarst
EBV @ Embedded World 2020 in Nuremberg
Date: February 25, 2020
Location: Germany, Messe Nuremberg, Hall 3A, Booth 221
The newest Cortex-M33 LPC55xx Seminar and Workshop
Date: November 5, 2019
Location: Russia, St. Petersburg; Hotel Holiday Inn