On-chip security makes electronic systems more difficult to hack
Electronics systems controlling factories, cars, medical devices and the power grid require new levels of security to prevent hacking and failures due to fake ICs. Securing electronic systems is becoming critical for most designers, and it now seems that the most cost-effective way of doing this is to design security features into the hardware and even at the chip-level.
To protect systems from hacking or counterfeit components it is necessary to build in security features such as IP encryption and authentication keys. This can be implanted in software and hardware. Software is easier, but the reality is it is easier to hack into security codes which are only in the software and not embedded in hardware.
Inevitably there can be an increase in design time and cost associated with encryption. But new techniques for embedding security technology into systems and even chips is bringing costs down.
According to Neil, ensuring the security of embedded systems involves a number of different elements.
These start with secure system boot procedures and bi-directional IP protection, in and out of the system. Plug-in modules need to be authenticated, as these can provide a point of access to the system. There should also be software level security with feature set authentication and high level authentication for accessing the system.
“Everyone wants security, but they do not always want to pay for it, until a problem happens,” said Neil.
“I believe designers can be more proactive on security.”
“It costs only $10k to pull all the code off an FPGA,” said Neil. “For a little extra cost the chip and the system can be protected.”
“We call this ‘encryption on the fly’,” said Neil. “We already offer technology which will provide encrypted communications links to embedded processors such as ARM and MIPS (now owned by Imagination Technologies).”
It is now possible to retrofit IP security technology to microcontroller-based designs.
Maxim has introduced a secure encryption IC which sits alongside the host controller to authenticate peripherals or embedded designs. It also offers encrypted bidirectional communications from the microcontroller.
Neil sees an obvious need for greater levels of IP security embedded in the hardware, be it in a IT data centre or smart meter, or in a factory automation system or medical device.
Called DeepCover embedded security, the device will provide secure storage of the authentication secret keys. It uses the FIPS 180 based SHA-256 authentication algorithm.
“The attraction of this is an IP authentication technology can be retro-fitted to an existing microcontroller,” said Neil.
The DS28C22 protects bidirectional communications between the microcontroller and its peripherals using challenge-and-response authentication with small message encryption.
Through bidirectional authentication, the host and the peripheral authenticate one another, protecting the IP in the peripheral from a non-authentic host trying to modify operation of the peripheral.
Likely applications include peripherals/disposables, sensors, network equipment, IP licensing, and industrial applications like programmable logic controllers (PLCs).
It is electronics systems controlling factories, cars and the power grid which are now being protected with various levels of encryption and authentication technology, embedded in the hardware and even in the chips themselves. This is the most secure and cost-effective approach.
Medical electronics devices is one application where security is an important design issue. On-chip identification codes can be embedded to provide protection of data links, and to ensure hardware is authenticated.
Financial transaction systems such as point of sale (POS) terminals incorporate multiple levels of security, both hardware and software encryption as well as intrusion sensors.
Another example is the various ways in which a smart electricity meter can be hacked. “It could be getting fake ICs introduced in the design, or it could be rogue software loaded on to the meter in the factory before shipping to the customer,” said Neil.
The meter is perhaps most at risk when it is installed. “It is possible to hack installed meters by recalibrating them,” said Neil.
There are now standard techniques available to address all these types of hacking. “There is chip authentication to ensure against the use of fake ICs, software code validation can be encrypted and finally tamper-protection systems can be designed into the meter,” said Neil.
Designers can also add a security co-processor to the design to provide secure and encrypted communications in and out of the meter. Maxim has included this in its ‘single chip’ smart meter design called Zeus.
Called Zeus, the SoC device has a built-in cryptographic module to secure communications and a secure bootloader to prevent unauthorised firmware modification.
It also integrates tamper detection so that attempts to physically attack the meter will be detected, recorded, and reported.
If security technology could be embedded in all silicon as a standard technique, it could effectively remove the threat of counterfeit components.
It seems that the US government is already asking this question of the chip makers.
“The desire is there to have some form of authentication in all chips, but in reality it is not practical for all chips,” said Neil.
“It would be practical to have authentication codes embedded as standard on the more complex and valuable ICs and SoCs, but I not think it will be practical on all chips,” said Neil.
ARM uses TrustZone security
ARM added hardware based security features to its processor architectures 10 years ago.
Called TrustZone, the technology allows trusted tasks to run in secure mode, limiting attacks on private keys and digital certificates.
The aim was to allow designers to develop ARM-based hardware with in-built levels of security against attacks on secret keys and certificates.
The move was originally driven by the increasing need for security in mobile phone design to control software and application upgrades and signed transactions with digital signatures.
But inevitably any system using an embedded operating system needs security.
“The need for software security is rippling all the way down embedded systems from the top,” said ARM’s chief technology officer, Mike Muller.
TrustZone creates two modes of operation, one for standard operating systems, the other for the trusted tasks, including booting the system.
Technology is now applied to all ARM processor architectures.