Stephane Di Vito, Principal MTS, Embedded Security, Maxim Integrated
It’s wise to protect session keys while in use, use secure cryptographic algorithms, and safely store the client’s private authentication keys
It seems that the smarter and more connected our devices, the more vulnerable they become to security breaches. That’s why it’s more critical than ever to thoroughly protect data. After all, one of the trade offs of all of these new conveniences is that more of our personal or sensitive data is at risk. The Transport Layer Security (TLS) protocol offers a proven method to safeguard data in transit.
The successor to Secure Sockets Layer (SSL), the TLS protocol prevents eavesdropping or tampering of data in transit as internet of things (IoT) devices communicate over the internet. Basically, TLS creates a secure communication channel between a client and a server. For this protocol to be trusted on the device side, secret and private keys and certificates cannot be disclosed or modified and must be stored in the devices for use in executing the protocol. Given that IoT devices are out “in the wild,” however, they could be exposed to attack. A cyber criminal could try to open the device’s enclosure to manipulate the memory content, probe the PCB traces, or replace the firmware. Don’t forgot about non-invasive attacks, too, where logical bugs in the device’s firmware are targeted.
The TLS protocol has two main phases: a “handshake phase” that uses asymmetric keys to agree on a symmetric key pair and a secure communication phase for secure transport of application data with authentication and encryption. The handshake phase is only used for that particular session, facilitating efficient and fast data encryption and decryption. Once the handshake phase has been completed, a secure communication channel is established and the two communicating parties can begin exchanging application-level data. A secure companion IC can perform this handshake phase, storing the private session keys and performing the encryption/decryption in a separate device with countermeasures against known methods of hacking and attacks.
Protect your IoT design with the TLS protocol, backed by a secure companion IC.
Drawbacks of TLS Protocol
While the TLS protocol can be integrated fairly easily into any application using off-the-shelf software libraries, the protocol is not without its drawbacks. Even if you have a bug-free TLS stack, the integration and use of the TLS library in your software may still be flawed. In an embedded device, there are some TLS integration weaknesses that are fairly common:
- Compromised client authentication keys
- Weak cipher suites
- Insufficient protection of certification authority certificates
- Exposure of session keys
- Skipped certificate verification
- Use of poor cryptographic implementations and low-quality random numbers
To avoid these drawbacks and maintain a truly secure TLS scheme, there are a few guidelines to keep in mind. It’s wise to protect session keys while in use, use secure cryptographic algorithms, and safely store the client’s private authentication keys. Using a secure companion IC to secure the TLS implementation is another smart move. Without burdening your design’s application processor, a secure IC can inherently prevent many of the vulnerabilities of a TLS implementation. For a deeper understanding of TLS implementation shortcomings and how a secure IC such as the MAXQ1061 can help you avoid these problems, read my application note, “Using Secure Companion ICs to Protect a TLS Implementation.” The MAXQ1061 reinforces the intrinsic security of the TLS protocol by protecting the critical steps of authentication during the handshake phase, session key computation, and package encryption/decryption.