The amalgam of ultra low-power computing and connectivity in the Internet of Things (IoT) is at a crossroads. At one end of the spectrum is the promise of design transformation in automotive, industrial, smart home, medical, and more. At the other end is the frequent and regular news of security breaches; ranging from malware that is unleashed leading to Distributed Denial of Service (DDoS) to battery-drain attacks having the potential of jeopardizing the whole premise and promise of IoT. These security breaches of edge devices leave a lot of the vulnerabilities exposed, which is cause for major concern for IoT developers.
The recent hack of a casino through unprotected IoT nodes is an example of how security breaches can occur. Hackers were able to exploit the vulnerabilities in the connected thermometer of a fish tank in a casino, and subsequently, access the high-roller database of gamblers. Naturally, this brings us to other IoT systems such as home automation which is extremely vulnerable to such breaches, with thermostats, refrigeration and HVAC systems all interconnected. Banks and commercial establishments could are also vulnerable to poor-security CCTV connections across data networks.
Conventional security practices are usually implemented at the server and gateway levels, but power consumption and the small footprint of edge devices can be constraining when adding robust security in IoT node designs. One must not forget that security application development does add significant overhead in terms of design time and cost.
IoT developers can counter various security vulnerabilities while maintaining low power consumption. How? What kind of security framework can be implemented early in the design cycle? And how can low-cost microcontrollers (MCUs) with hardware security features be leveraged to simplify security implementation?
Facets of IoT Node Security
An IoT node design must be robust enough to provide security against communication attacks, malware and physical attacks. To prevent communication attacks or man-in-the-middle attacks, a common practice is to use a crypto module that carries out encryption, decryption and authentication.
Arm® TrustZone® technology restricts access to specific memory, peripheral and I/O components. The MCU is partitioned into trust and no-trust zones and sensitive data is isolated from the non-critical data. Secure boot ensures that the MCU starts up in a known good state, and when implemented with Arm TrustZone, can provide an environment that can help counteract malware.
Physical security of an IoT node can be enhanced with anti-tampering pins for preventing board-level tampering. . In case of breach of the board or the enclosure, the anti-tampering pins can be programmed to provide multiple responses, including erasing confidential or critical data. But we need to have anti-tampering protection for chips as well, to protect against t cloning and intellectual property (IP) theft.
In addition to the above mentioned aspects, it is essential to establish a hardware root of trust, which can be accomplished with a secure boot and enhanced by a secure key provisioning mechanism.
Today, applications must satisfy several parameters: low power, highly safe and secure, peak performance and must be time and cost-effective. IoT node designers need to strive to strike a balance between low power usage and security. For IoT edge devices running on batteries, power usage is crucial which in turn, demands MCUs that can drastically reduce power consumption while adding robust security.
Last but not the least, low-cost IoT node designs require a simple mechanism for the implementation of security that abstracts low-level security details to avoid complexity, does not have steep learning curves and avoids substantial overhead expenses.
Simplifying Embedded Security
An example of an MCU that simplifies the implementation of these security features is the SAM L11 microcontroller, which had security deeply embedded during the silicon design phase itself. It runs at 32 MHz with a memory configuration of up to 64 KB Flash and 16 KB SRAM. To illustrate what developers should look for to introduce security early in the design cycle in MCUs, we’ll take a closer look at four key security elements included in the SAM L11.
- Immutable Secure Boot
The SAM L11 includes a Boot ROM design to facilitate an immutable secure boot. It has an onboard Crypto Accelerator (CRYA) that accelerates AES, SHA and GCM algorithms computation for encryption, decryption and authentication and NIST-compliant TRNG for random number generation.
- Trusted Execution Environment
Arm® TrustZone® technology allows the creation of a secure zone within the SAM L11 which when combined with immutable secure boot, creates a Trusted Execution Environment (TEE) to counteract malware effectively. The TEE enables the IoT nodes to take remedial action whenever they encounter malware. It avoids the downtime of critical functions and helps to significantly improve the reliability of IoT nodes.
- Secure Key Storage
In addition to tamper pins providing protection against board-level tampering, the SAM L11 has an active shield on 256 bytes of RAM that can resist chip-level microprobing and data remanence issues to provide secure storage for volatile keys. It also has a dedicated 2KB of Flash that can be scrambled to store non-volatile keys, certificates and other sensitive data. The secure key storage on the device protects systems from software and communication attacks and provides developers with an option to erase the sensitive data in case of tampering.
Comprehensive Security Solution Framework
The SAM L11 is supported by a Comprehensive Security Solution Framework that provides end-to-end security which spans key provisioning at a secure facility during the silicon manufacturing phase, to implementation of security modules during application development, to remote firmware upgrades anytime during the lifecycle of the device.
The framework includes Trustonic’s Kinibi-M security software that abstracts the lower level details of the device’s security features to provide a modular GUI-based interface for designers to choose the relevant security module for their application.
For example, the secure bootloader which is provided by this framework eliminates the effort of sifting and sorting through hundreds of pages of the datasheet on the embedded developers side to create one. Developers can quickly implement secure bootloader to secure their firmware upgrades as the security framework is thoroughly defined. This does 2 things: eliminates the need for training on embedded security and brings down cost and time of development significantly.
The hardware security features deeply embedded within the SAM L11 microcontrollers helps embedded designers carry out key provisioning at Microchip’s secure facility using Trustonic’s Root of Trust (RoT) flow.
Figure 2 shows various modules provided by the framework to simplify the security implementation.
A Comprehensive Security Solution Framework helps embedded developers who are new to security, to quickly learn security implementation and reduces overhead expenses. Within no time, developers can easily implement robust security in various application use cases as depicted in the figures below.
The device features picoPower technology, which ensures low-power consumption in active and sleep modes, with industry-leading ULPMark scores certified by EEMBC.
It also offers various power saving modes and low-power techniques to provide flexibility, so designers can conveniently implement security without taking a hit on power consumption
IoT edge devices are being connected at an unprecedented rate, far outpacing the rate of security deployed in them. One of the reasons could be that security is an afterthought in the embedded application space.
The other reason could be the limited number of MCUs available in the market that incorporate robust security like the 64 KB Flash or below to meet the price point of constrained IoT nodes. However, while embedded security vulnerabilities are opening new attack vectors for hackers, a new crop of microcontrollers are simplifying security implementation for IoT node developers which enables them to configure and deploy security features quickly and efficiently, and cost effectively.