Making your device secure

The internet of things is faced with a major security challenge. Compared to traditional, often unconnected embedded systems, the nature of IoT devices radically increases the risk of attack not just on devices but on the services with which they interact. The ability to connect to IoT devices over the internet makes them, in principle, accessible from any other user of the global internet. That has made it possible for hackers not just to break into devices but recruit them for use in botnets, as the Mirai malware infestation of 2016 demonstrated so powerfully.

by Mark Patrick, Mouser Electronics


One of the reasons why the Mirai hack was so effective was the decision by manufacturers of affected devices such as home routers to make it easy to gain access to them and change their firmware. Many of the devices had shared passwords and security credentials. An attack on one would be successful on all.

Providing each device with its own security credentials for identification and access is the first step to securing IoT devices. But on the scale of the IoT it is potentially an expensive mechanism if an installer has to configure and provision each individual node manually. The answer is to make provisioning a fundamental part of the device’s security architecture by building the system around a root of trust.

Other machines need to be able to trust the device. And, before it attempts to start providing services to other machines, the device needs to trust them. Any other attempts to communicate need to be treated as if they come from imposters unless they can provide the right credentials. Man-in-the-middle attacks are becoming increasingly common. The system designer has to assume there will be attempts made to impersonate legitimate servers or devices in order to gain access to secure details. Not only is it essential to establish connections only to trusted devices but to encrypt and digitally sign the packets to prevent eavesdropping. The signing process makes it possible to detect tampering by network equipment that has been subverted.

The X.509 standard is one mechanism for achieving trusted communications. The standard is based on public key infrastructure (PKI) technology to associate a public key with the identity of the certificate’s owner and enforces a chain of trust based on the private key held by the certificate holder to ensure that interlopers cannot provide forgeries.

In the X.509, certificates refer back to a core root certificate maintained by a known provider. Through the Distinguished Name of the issuer on each child certificate, a client can obtain the public key of the certificate further up the hierarchy to check that the signature of the certificate is legitimate. An IoT device supplier might choose to employ a three-tier hierarchy. In this, the root certificate is held by the manufacturer. A group of devices might use a certificate derived from that root. Most importantly, each device has its own certificate derived from the device-family certificate that can easily be checked to ensure that it is a true derivative of the original root certificate.

With the chain of certificates established, the manufacturer is then faced with creating a mechanism for installing a unique certificate on each device it sells. A key requirement is that the certificate is stored in non-volatile memory that offers tamper resistance. Some companies in the finance sector use battery-backed SRAM to do this. If tampering is suspected, the battery connection is temporarily removed so that the key is destroyed rather than risk it falling into the wrong hands. But the storage mechanism is only part of the solution. The manufacturer needs a convenient but secure way to transfer private keys to individual devices. This can be difficult in today’s distributed supply chains. The manufacturer may have to deliver private keys to subcontractors that cannot provide strong security guarantees.

One solution is to use a device with a readymade certificate infrastructure. The Microchip Atmel ATECC508A is a cryptocontroller with key storage based on the Elliptic Curve Diffie–Hellman (ECDH) technology that employs cryptographic countermeasures to guard against physical attacks.

Microchip supports the device with a secure key-management infrastructure. Instead of being programmed at the manufacturer’s subcontractors, the application or customer certificates are created and stored on the Microchip secure manufacturing line. Once programmed, can be soldered onto the target PCB with no further intervention. It works with a host microcontroller attached using I2C to perform authentication functions.

A further benefit is that Microchip is working with Amazon Web Services (AWS) to handle the tasks of authentication and provisioning when the device attaches to the internet after deployment. More information on this zero-touch provisioning solution can be found here.

To be trustworthy to others, the device needs its own root of trust. Although secure key storage ensures digital certificates remain correct, on its own it does not stop hackers from breaking into the system and loading their own code that makes use of those certificates to spoof other systems on the network. There needs to be mechanisms in place to ensure that the code on which the system boots has not itself been tampered with.

Secure boot, assisted by hardware authentication, ensures the validity of code. The process ensures that the device boots only using authorised code. When the device starts up and reads the code from onboard read-only memory (ROM) it checks that each block has a valid signature from an authorised supplier. This can be achieved using the same digital certificates employed for network communication. The code signature is generally created as a one-way hash of the code itself combined with the private key. If the device encounters a block of code that is incorrectly signed, it stops loading the compromised software. At that point, it can move into a factory-programmed state and request maintenance.

A key advantage of secure boot is that it provides an infrastructure that makes firmware over-the-air (FOTA) a safe process. Using digital certificates, the device can check first that the update comes from an approved source. Once downloaded and inserted into program memory, the secure-boot process can check the code-block signatures as they load. If they have been compromised, the device can roll back to the earlier firmware if it has enough space to hold both, or move into the recovery state.

Although it is possible to implement some forms of secure boot without a hardware trust module, it is hard to ensure that the boot process will halt correctly if the hacker has penetrated far enough into the firmware. A growing number of microcontrollers have built-in support for the cryptographic functions needed to support secure boot together. Examples include Silicon Labs’ Jade and Pearl Gecko microcontrollers.

At the module level, Digi International has made security a key element of its DigiConnect 6 and 6UL, which are based around NXP Semiconductors’ I.MX6 applications processors. The TrustFence technology, see Figure 3, used by the modules provides out-of-the-box support for secure boot, in addition to encrypted local storage and certificate management features.

Although the ubiquity of the internet makes any IoT device a potential victim of hacks and attacks there are ways to protect against these problems. By investing in solutions that build upon a root of trust with proven PKI technologies, service providers can be sure the IoT devices they use are legitimate and that their precious data is protected.


Related


Give Your Product a Voice with Alexa

Join us for a deep dive into the system architecture for voice-enabled products with Alexa Built-In. Device makers can use the Alexa Voice Service (AVS) to add conversational AI to a variety of produc...

The two big traps of code coverage

Code coverage is important, and improving coverage is a worthy goal. But simply chasing the percentage is not nearly so valuable as writing stable, maintainable, meaningful tests. By Arthur Hick...

Securing the smart and connected home

With the Internet of Things and Smart Home technologies, more and more devices are becoming connected and therefore can potentially become entry points for attackers to break into the system to steal,...

Accurate and fast power integrity measurements

Increasing demands on power distribution networks have resulted in smaller DC rails, as well as a proliferation of rails that ensure clean power reaches the pins of integrated circuits. Measuring r...

 

DIN-Rail Embedded Computers from MEN Mikro

The DIN-Rail system from MEN is a selection of individual pre-fabricated modules that can variably combine features as required for a range of embedded Rail Onboard and Rail Wayside applications. The ...


Embedded Graphics Accelerates AI at the Edge

The adoption of graphics in embedded and AI applications are growing exponentially. While graphics are widely available in the market, product lifecycle, custom change and harsh operating environments...


ADLINK Optimizes Edge AI with Heterogeneous Computing Platforms

With increasing complexity of applications, no single type of computing core can fulfill all application requirements. To optimize AI performance at the edge, an optimized solution will often employ a...


Synchronized Debugging of Multi-Target Systems

The UDE Multi-Target Debug Solution from PLS provides synchronous debugging of AURIX multi-chip systems. A special adapter handles the communication between two MCUs and the UAD3+ access device and pr...


Smart Panel Fulfills Application Needs with Flexibility

To meet all requirement of vertical applications, ADLINK’s Smart Panel is engineered for flexible configuration and expansion to reduce R&D time and effort and accelerate time to market. The...


AAEON – Spreading Intelligence in the connected World

AAEON is moving from creating the simple hardware to creating the great solutions within Artificial Intelligence and IoT. AAEON is offering the new solutions for emerging markets, like robotics, drone...


ASIC Design Services explains their Core Deep Learning framework for FPGA design

In this video Robert Green from ASIC Design Services describes their Core Deep Learning (CDL) framework for FPGA design at electronica 2018 in Munich, Germany. CDL technology accelerates Convolutional...


Microchip explains some of their latest smart home and facility solutions

In this video Caesar from Microchip talks about the company's latest smart home solutions at electronica 2018 in Munich, Germany. One demonstrator shown highlights the convenience and functionalit...


Infineon explains their latest CoolGaN devices at electronica 2018

In this video Infineon talks about their new CoolGaN 600 V e-mode HEMTs and GaN EiceDRIVER ICs, offering a higher power density enabling smaller and lighter designs, lower overall system cost. The nor...


Analog Devices demonstrates a novel high-efficiency charge pump with hybrid tech

In this video Frederik Dostal from Analog Devices explains a very high-efficiency charge-pump demonstration at their boot at electronica 2018 in Munich, Germany. Able to achieve an operating efficienc...


Microchip demonstrates a flexible motion control platform at electronica

In this video Marcus from Microchip explains a motion control demonstration at their booth at electronica 2018 in Munich, Germany. The demonstration underscores the ability of the solution to rapidly ...


Infineon goes over their latest SiC devices for automotive systems

In this video an Infineon engineer goes over their latest Silicon Carbide (SiC) devices for automotive systems at electronica 2018 in Munich, Germany. Among the devices described are an inverter for a...


Bertrand Lombardo of Honeywell, Sensing requirements of IoT

Bertrand Lombardo, Sales director for EMEA for Honeywell SIOT discusses future sensing trends in relation to IoT at Electronica 2019 with Alix Paultre. Links to more information: Dynamic Hone...


Analog Devices updates their Silent Switcher technology

In this video an FAE from Analog Devices explains the latest version of their Silent Switcher technology, which addresses noise issues in power systems. He describes a live demonstration in their boot...


Western Digital talks about their automotive-grade memory solutions

In this video Martin Booth from Western Digital talks about the company's memory solutions specifically designed for automotive applications and the harsh environments involved. Systems such as ne...


Picotest demonstrates their latest advanced power test solutions

In this video Steve Sandler from Picotest shows us two of the company's latest test solutions at electronica 2018 in Munich, Germany. The first demo is of a micro-Ohm-resolution power rail measure...


STMicro describes their latest smart 48V DC brushless motor driver board

In this video an engineer from STMIcroelectronics explains a motor-driver board setup based on their L9907 smart power device at electronics 2018 in Munich, Germany. Based on BCD-6s technology. the de...


Microchip shows their newest PolarFire FPGAs at electronica 2018

In this video Microchip shows a one of the demos highlighting the capabilities of their newest low-power PolarFire FPGAs at electronica 2018 in Munich, Germany. The demonstration shown here is a kit f...


Western Digital discusses their memory solutions for Cloud-enabled devices

In this video Ze'ev Paas of Western Digital talks to Alix Paultre of Aspencore Media about their latest memory products at electronica 2018 in Munich, Germany. Depending on the application space, ...


Picotest explains a couple of power test systems at electronica 2018

In this video Steve Sandler from Picotest explains a couple of his power test systems at electronica 2018 in Munich, Germany. The first demonstration shows a micro-Ohm measurement system, and the seco...