You’re working hard to develop the next generation of your connected smart device. It improves on the capabilities of its predecessor while adding some new features. Then catch the latest headline about an IoT device that has been hacked. Is it too late to protect your design? It is never too late to design safely, and it is also more important than ever. IoT brings great convenience to the way we live, work and play. But if left unprotected, smart devices can provide an entry point to larger networks and sensitive data.
From copycats to customer damage
Some gaps in IoT design are more noticeable than others. Counterfeiting and cloning are common threats, leading to lost revenue for the OEM and often a quality hit that affects customers. Having authentic or genuine parts ensures that the parts will work as intended and also helps to ensure that no viruses are introduced into the environment. In an automated factory or utility plant, for example, equipment that has been tampered with can trigger a malfunction that leads to costly downtime, damage, or even damage to the customer. Then there are attacks that could potentially harm life. . For example, consider a WiFi-enabled pacemaker. Last year, the US Department of Homeland Security issued a warning that hackers could easily gain access to a brand of implanted cardiac defibrillators. According to the department, an attacker with short-range access to the product in question could, when the product radio is on, inject, reproduce, modify and / or intercept data within the telemetry communication. Another concern for medical devices is the restoration of products. While allowed by the US Food and Drug Administration, restoring a medical device can create problems. The biggest threat is limited-use peripherals. While the restoration process could restore the peripheral to like-new condition, it can also nullify its limited-use properties.Safety ICs with advanced cryptographic capabilities can protect IoT sensor nodes in power plants and similar applications. threats to security.
Figure 1. Security ICs with advanced cryptographic capabilities can protect IoT sensor nodes in power plants and similar applications from security threats.
Crypto without being an expert
Keeping IoT designs safe from threats requires: Secure communication and endpoint authenticity Strong key management to protect and encrypt sensitive data Secure boot to validate firmware and defend against malware attacks Feature control so you can enable and disable it Safe Multiple Factory Options Safety ICs continue to provide advanced levels of protection for new and existing IC designs. And one of the benefits of designing with these devices is that you can take advantage of strong crypto features without having to be a crypto expert. A software-based approach would require a lot more development effort while introducing vulnerabilities that hackers can exploit. Let’s take a closer look at the key features in a security IC that you will want to have to keep your IoT designs safe.
Physically Unclonable Function Technology (PUF)
If you want strong protection against invasive and reverse engineering attacks, PUF technology is here to help. A PUF circuit relies on the naturally occurring random analog characteristics of fundamental MOSFET devices to produce cryptographic keys. Because the key is generated only when it is needed and is not stored anywhere on the chip, an attacker has nothing to steal. If an attacker tries to probe or observe the PUF operation, this activity modifies the characteristics of the underlying circuit, preventing the attacker from discovering the secret key. PUF is like a unique fingerprint, making it invaluable for secret key implementation and private as used by the security IC. For example, a secret key derived from PUF is used to encrypt all information stored in the EEPROM memory of the security IC. A security attack that recovers the content from the EEPROM is definitely thwarted as the content is encrypted and the PUF key required for decryption cannot be extracted.
Asymmetric and symmetric algorithms
Cryptographic algorithms block or unblock cryptographic functions such as authentication, authorization, and encryption. There are two types of algorithms: symmetric and asymmetric. Symmetric algorithms involve keys that are private between the sender and the receiver. Your shared keys are stored securely and are never shared with anyone else. The sender and receiver authenticate the data using this shared key, providing both the assurance that the source of the information can be trusted. An asymmetric algorithm uses one key that is stored privately and a second that is public. Data signed with a private key can only be verified using its associated public key.
Advanced Encryption Standard (AES)
The AES algorithm is a fixed-width symmetric algorithm ideal for bulk encryption. Reversibly encrypts and substitutes input data based on the value of an input key, resulting in ciphertext (encrypted or encoded information). The input message is filled in first to ensure that it fits into an “n” number of 128-bit blocks. Each 128-bit block is entered into the encryption algorithm along with an encryption key, then the algorithm performs a certain number of rounds of dimming the input block bits based on the number of bits in the encryption key. . Obscuring consists of mixing bits of data, where parts of the data are substituted with values from a lookup table and XOR operations are performed to change bits from 0 to 1 based on the bit values in a set of round keys generated from the key entry encryption. To decrypt the data in the original input block, the AES decryption function performs the reverse operations of the encryption function using the same encryption key.
A standard element in cryptography, digital signatures give recipients a reason to trust that the message was created by a known sender and that it was not modified while in transit. In other words, the ability to sign data verifies that the device and the data are genuine. Both symmetric and asymmetric algorithms are used to generate digital signatures.
Using SHA and ECDSA for Secure Boot
The secure hashing algorithm (for example, SHA-2 or SHA-3) uses hashing, which takes data of varying sizes and condenses it into fixed-size bitstream outputs. For example, with SHA-256, the hash output is 256 bits long. The Elliptical Curve Digital Signature Algorithm (ECDSA) enables reliable communication by generating a digital signature for an input message based on a private key. A public key is mathematically related to the private key and is provided and used by others to verify the authenticity of the communicator. Together, SHA-256 and ECDSA provide features that enable the secure boot of a host processor as follows. Within the OEM development environment, a SHA-256 hash is calculated on the firmware file that is ultimately run by a microcontroller. This hash value is then signed by ECDSA with a private key that resides and is protected within the confines of the development environment. The firmware and the ECDSA signature are stored in the final application, for example, in flash memory. In addition, in the final application, the microcontroller stores the ECDSA public key to verify that the firmware is authentic and unchanged before execution, that is, a secure boot process. To perform this verification, the microcontroller would calculate the SHA-256 hash on the stored firmware and then use this hash value and the stored public key to perform a verification operation on the ECDSA signature. If the verification passes, the micro can trust and run the firmware. Advanced Security ICs are now designed with these built-in security features. A low-power cryptographic coprocessor provides a good option for new and existing embedded designs. One of the benefits is that the coprocessor can offload the host microprocessor (not secure) from the management of complex cryptography and secure key storage. Consuming little power, these devices work well for battery-powered IoT designs. An example of such a cryptographic coprocessor is the low-power DS28S60, which features PUF technology, a high-speed 20 MHz SPI interface for fast performance of security operations, SHA-256 based digital signature and ECDSA-P256 signature and verification for a secure boot. and integrated key exchange for end-to-end encryption.
Figure 2. DS28S60 Simplified Block Diagram
As embedded designs, including battery-powered IoT sensor nodes, become more ubiquitous in our everyday lives, ensuring that they are protected from security threats is essential. Today’s security ICs are embedded with a number of cryptographic functions that make it easy to protect these designs without having to be a crypto expert.
Zia Sardar and Nathan Sharp, also from Maxim Integrated, are co-authors of this article. Industry Articles are a form of content that allows industry partners to share useful news, messages, and technology with All About Circuits readers in a way that editorial content is inappropriate. All industry articles are subject to strict editorial guidelines intended to provide readers with useful news, technical expertise, or stories. Points of view and opinions expressed in industry articles are those of the partner and not necessarily those of All About Circuits or its editors.