Security for microcontrollers with IP protection and licensing

All products are designed to beat the competition. The effort that went into their development should pay off for as long as possible. This article explains how to shield microcontrollers with a level of protection on a par with larger  systems – without having to dive into the depths of cryptography.


By Marco Blume, Wibu-Systems              Download PDF version of this article


Microcontrollers are all around us: Digital watches at our wrists, smartphones in our pockets, tablets on our desks. Light switches in our smart homes. In the cars in our garage. Not to mention the clever little coffee maker on the countertop. Wherever we turn, we see devices that have long left the era of “on and off” switches behind. This has added so much comfort to our lives. Nowadays, watches can read emails, and air conditioning knows when we are in the room. Satnav systems knows where traffic is heaviest. Our smartphones know where we are heading, because our calendar is synced across all of our devices.

That is one side of the coin: The brave new comfortable world. There is another side we need to remember: the challenge of protecting our data, shielding our networks from attack, and not falling prey to software or hardware pirates. Just like a new home owner would never move in without locks installed on doors and windows, the design of intelligent devices also needs protection from the very start. But the entire package needs to fit – the most modern lock will not keep criminals out if the door itself is a thin sheet of plywood. This example should remind developers that they need to see security holistically in the design process to end up with a completely integrated solution against as many attacks as possible.

The level of protection depends on the quality of the measures taken and later compliance. This is where many developers enter unfamiliar terrain. Most are specialists in their areas and not experts for cryptography or secure software design. Users would ideally not be reminded of any security matters at all, and security must not hike up the costs.

The predictions for IoT applications are mind-bending: The IoT is expected to contribute around $15 trillion to global GDP in the next 20 years (source: General Electric), with 28.1 billion units installed by 2020 (source: IDC). These are not only impressive figures; they are also a wake-up call for the security issues created by the IoT revolution. Wibu-Systems has teamed up with Infineon to develop CodeMeter μEmbedded, an efficient firmware protection for systems using the XMC4000 microcontroller family, especially in the Industrial IoT. This article presents the integration on an XMC microcontroller as an example that can be adapted to nearly any other microcontroller platform. The functional principle stays the same.

The IoT comes in many shapes and sizes: Industrie 4.0 or smart homes and smart cars. What they all need is uncompromising security. Typical use cases include the authentication and licensing of components, monitoring and protection of system integrity, protection of data and communication channels, and the safety of upgrades and updates. This needs integrated solutions based on secure hardware to protect our infrastructure and its many components against attacks, fraud, and manipulation. Since all embedded systems used in the IoT are built around microcontrollers, this is the first line of defense.

Figure 1. The components involved at the developer and in the XMC controller

 

The challenge for secure microcontrollers lies in making the chosen solution simple to integrate and usable even under tough industrial conditions. Wibu-Systems has developed CodeMeter μEmbedded based on its CodeMeter technology. The solution focuses on secure firmware updates and feature upgrades. Code integrity, license monitoring, protection against reverse engineering, and copy protection are key.

Safety (for the user) is not an issue – the laws in this area are legion. Security (for the device) is, however, not guaranteed by similar legislation or universally accepted regulations. The CodeMeter µEmbedded use cases cover the most common security aspects. 1. Integrity protection: The microcontroller must only work with firmware from a defined source that must not be changed without proper authority. 2. IP protection: Users in the field need to be able to load the firmware, so it needs to be protected against reverse engineering. 3. Licensing: There should be an option to activate additional features via licenses upgrade without replacing the firmware in the field. In their mission to give developers an easy-to-use solution, Wibu-Systems and Infineon have pooled their resources in one package: Version 4 of Infineon’s DAVE development tool is available as a free download. The Eclipse-based platform makes software development easy with a vast periphery and application-oriented code repository. The developer can use commercial third party tools to translate the C source code for ARM and load it into the microcontroller. This covers the entire development cycle from first evaluation to the final product, while giving the developer maximum autonomy for fast and efficient platform-driven software and product development.

Figure 2. Firmware is encrypted by the SBSL and remains in the XMC controller.

 

CodeMeter µEmbedded was developed specifically for microcontrollers and Field Programmable Gate Arrays (FPGAs). Larger systems like PLCs or PCs can use two other, fully compatible flavors of the technology: CodeMeter Embedded and CodeMeter Runtime. CodeMeter µEmbedded comes with a minimal footprint of less than 80 kByte, which was achieved by slimming the solution down to the minimum features for its intended use cases. The licenses are bound to the unique ID of the microcontroller and entitled during production. With the right license file, additional features can be activated in the field.

Figure 3. The developer creates a license and upgrades features without changing the firmware.

 

CodeMeter µEmbedded can also be used to store symmetric and asymmetric keys in protected memory. These keys can then only be used on devices with the right ID e.g. to check device licenses, track production volumes, or load encrypted application code onto the devices. The users benefit from the ability to use familiar tools like DAVE and CodeMeter Protection Suite, which handle all cryptographic operations. A new plug-in for DAVE gives the developers a neat interface to configure their XMC4000 microcontrollers and create encrypted firmware updates or license files.

The XMC4000 family of microcontrollers for industrial applications was made with digital power converters, electrical drives, and sensor devices in mind. All XMC4000 microcontrollers work at temperatures up to +125° C. They use ARM Cortex M4 processors with built-in DSP capabilities, Floating Point Unit, Direct Memory Access (DMA), and a Memory Protection Unit (MPU). The extensive periphery includes analog / mixed-signal converters, high-resolution timers / PWM channels, and interfaces for all common industrial communication standards. The XMC4800 series comes with on-chip EtherCAT (Ethernet for Control Automation Technology) for simple and cost-efficient real-time Ethernet communication.

The solution is built on a Secure Bootstrap Loader (SBSL) injected into the XMC controller during production. It accesses a CmActLicense bound to each controller that contains the keys to decrypt the firmware. After the SBSL and license are loaded, the controller switches into read-protected mode. Communication with the firmware only goes via the SBSL launched on start-up. The protection effort begins during the initial development at the OEM. The developers can use their accustomed tools and methods and create a firmware v1.0 in DAVE, which comes with a dedicated plug-in for ExProtector by Wibu-Systems. DAVE also creates a project for the SBSL. The developer only needs to reserve memory on the dongle for the required keys, and the SBSL can be loaded directly into the XMC controller. This is the only time that the firmware developers have to concern themselves with the security solution. Even secure key storage is made easy: the keys are stored right on the dongle.


Related


Module solution for Industrial Ethernet

In this webtalk Renesas introduces a module solution for Industrial Ethernet called intelligent RJ45 (I-RJ45). The Industrial Ethernet module I-RJ45 is available in single and dual port versions i...

Fluffing the Cloud

The synergistic development aspect of electronic design was very apparent these past weeks at the APEC and Embedded World shows, as engineers from around the globe came together in San Antonio, Texas,...

Leading standards in the wireless charging market

Wireless charging is about to become mainstream for many applications. Already today, a lot of wireless charging solutions for smartphones are available - either table chargers or chargers install...

 


Grammatech talks about the importance of software in engineering

In this video Mark Hermeling of Grammatech talks to Alix Paultre after the Embedded World show in Nuremberg about the importance of software verification for security and safety in electronic design. ...


Lattice Semi walks through their booth demos at Embedded World

In this video Lattice Semiconductor walks us through their booth demonstrations at Embedded World 2018. The live demonstrations include an operating IoT remote vehicle, a low-power network used for vi...


Maxim describes their latest security solution at Embedded World 2018

In this video Scott from Maxim Integrated describes their latest security solution at Embedded World 2018. In the live demo he shows the DS28E38 DeepCover Secure ECDSA Authenticator, an ECDSA public k...


Garz & Fricke at Embedded World 2018 - Embedded HMIs and SBCs “Made in Germany”

You are looking for a HMI-system or single components as touches, displays and ARM-based SBCs? Welcome at Garz & Fricke – the Embedded HMI Company! Our offering ranges from typical single co...


ECRIN Systems myOPALE: Remote Embedded Modular Computers

myOPALE™ offers disruptive technology to multiply capabilities of your next Embedded Computers in a smaller foot print thanks to PCI Express® over Cable interconnect, standard 5.25’&rs...


TechNexion rolls out embedded systems, modules, Android Things kits at Embedded World 2018

In this video John Weber of TechNexion talks to Alix Paultre about how the company helps its customers getting products to market faster. By choosing to work with TechNexion, developers can take advan...


Mike Barr talks cybersecurity

In this video Mike Barr, CEO of the Barr Group, talks to Alix Paultre about cybersecurity at the Embedded World conference in Nuremberg, Germany. Too many designers, even in critical spaces like milit...


Ted Marena of Microsemi talks about their scope-free on-chip debug tools

In this video Ted Marena of Microsemi talks about their scope-free on-chip debug tools with Alix Paultre at Embedded World 2018. SmartDebug tool works with the Microsemi FPGA array and SERDES without ...


Infineon demonstrates their iMotion motor control solution at Embedded World

In this video Infineon explains their latest  IMC100 series iMOTION motor control IC at Embedded World 2018 in Nuremberg. The device provides a ready-to-use solution for high-efficiency variable-...


Samsung goes over their new ARTIK IoT development system

In this video James Stansberry of Samsung talks to Alix Paultre about their ARTIK IoT development system at Embedded World in Nuremberg. The family of system-on-modules provide a complete, production-...


Cypress explains their latest low-power 32-bit Arm Cortex-M4 PSoC 6

In this video Allen Hawes of Cypress Semiconductor talks to Alix Paultre about their latest low-power 32-bit Arm Cortex-M4 PSoC 6, designed to provide a secure high-performance MCU for next-generation...