Heightening the Security of IoT Networks Simon Holt, Mouser Electronics
1
Abstract
The Internet of Things (IoT) will see connectivity applied on a far biggest scale than anything we have seen before. With the prospect of tens of billions of connected nodes being deployed to serve a vast and increasingly diverse variety of critical functions, one of the biggest challenges that engineers face will be protecting the huge quantities of sensitive data that will be carried. IoT is in danger of being a victim of its own success - as the more pervasive it becomes, and the greater the number of nodes it comprises, the larger the attack surface it will present to potential hackers. The following article outlines some of the advanced hardware and key strategic approaches that will help to keep IoT implementations secure in an increasingly hostile application landscape, while also adhering to exacting cost and power consumption constraints.
2
mouser.com
The advent of the Internet of Things (IoT) has many potential benefits for society — including such diverse aspects as home automation, environment monitoring, Industry 4.0 implementation and — in the longer term — smart cities. The incredible scale of IoT networks, and their resulting pervasiveness is where this technology gains its value — comprising billions of connected nodes all acquiring data which can then be compiled, analysed and subsequently acted upon. However, it is also where its vulnerability lies. By definition, the greater the number of IoT nodes, the larger the attack surface will be for malicious third parties to target. Once a weakness has been uncovered and a breach made, the whole network can be infiltrated thereafter — with malware basically rendering it inoperable, denial of service (DoS) attacks preventing continued communication, or sensitive information being extracted for industrial espionage purposes. Through there are obviously other aspects to consider when looking to ensure that an IoT network is secure, the foundation will be the integrity of the software running on the microcontroller units (MCUs) at each node, plus the MCU hardware itself. An array of different protection mechanisms are being integrated directly into modern MCUs. These include sophisticated cryptographic/authentication engines, built-in security blocks, key management functions and tamper detection/prevention features. With regard to the numerous IoT communication protocols being employed (whether they are of a wireline or wireless nature), appropriate encryption/decryption will of course be mandated too, so that data passing to and from the node is adequately protected. It is critical that when MCUs are booting up, software that has in some way been interfered with by an unauthorised source is not allowed into the system. To safeguard against this a ‘Root of Trust’ will need to be established, so that a secure boot operation can be initiated. In order to assure the validity of the software, strong certification and authentication mechanisms need to be put in place. Any alteration to the software will thereby be detected and appropriate measures can be taken to prevent it from permeating into the IoT network. Furthermore, protecting where this software is stored is of paramount importance. It needs to be placed on a non-volatile memory that has robust security features incorporated to prevent hackers from carrying out modifications or the possibility of some form of tampering taking place.
mouser.com
3
Authentication & Cryptographic Protection
One way of apply some degree of security to IoT infrastructure will be through the application of hash codes. A hash code is generated by application of a mathematical algorithm to a specific digital asset, so as to provide a unique identifier that will be associated with that asset. Through this any such asset can be validated, in a streamlined and time-saving manner - simply by regenerating its hash code. This is done by applying the same algorithm and then comparing the two hash codes against one another. The executing of hash code algorithms in software will generally require a lot of processing and consume considerable amounts of power as well. This is something that really goes against the fundamental principles of IoT design - where resources will usually be limited and energy reserves need to be used sparingly as possible. Let’s return to such issues shortly. There are two basic types of cryptography. Symmetric encryption is a fairly straightforward concept to understand, with both the sender and the recipient relying on an identical key to encrypt and decrypt the data. The downside of adopting this strategy is, as you would expect, that if the key gets into the wrong hands the encryption is forthwith deemed useless and the data can be revealed. Conversely, the asymmetric key method requires two different keys - a private key (which is kept secret) and public key (which is shared). In essence, there is no difference between the status of these keys when they are generated, with either one potentially able to serve as the private or the public key, it is simply a matter of how they are used afterwards that counts. An algorithm allows the two different but complementary keys to be generated — with any data encrypted via one key being decrypted via the other one. What is crucial is that it is not possible to use the public key to reverse engineer the private key. Consequently, the sharing of the public key does not prove to be a problem in terms of undermining the security of its private counterpart. Since the public key is freely available, it would be unwise for the holder of the private key to put any trust in data that had been encrypted via the public key, though it would be safe for any device receiving encrypted data via the private key to decrypt it by utilising the public key. Asymmetric encryption is far more effective at keeping data secure than symmetric encryption, though this comes at a price - as it requires much greater computational effort.
4
mouser.com
Offloading MCU Security
In cost and power constrained IoT designs, the MCUs employed will not be complex, high performance devices. Therefore, in most cases, it is likely to be apt to complement the security features present on the actual MCU. The specifying of a co-processor IC to accompany the MCU is proving to be a highly effective approach. The OPTIGA family of trusted platform modules (TPMs), from Infineon, possess the hardware accelerators needed for asymmetric encryption operations - such as ones supporting elliptic curve cryptography (ECC) and Rivest Shamir Adleman (RSA) algorithms. They also have the algorithms necessary to generate SHA-1 and SHA-256 hash codes. By using these TPMs, the encryption and decryption of data no longer has to be taken care of by the system MCU, but can instead be offloaded - thus allowing its resources to be focussed on other tasks. The upshot of this being that having a high degree of system security is no longer at the expense of the MCU’s operational performance.
Figure 1: The Infineon OPTIGA TPMs
mouser.com
5
Maxim Integrated’s DS28C36 secure authentication chip can likewise be implemented alongside any MCU and external non-volatile memory in order to create a Root of Trust - so that secure boot or over-the-air updates to firmware can be undertaken, even on simple, low cost hardware. It works by using public and private keys, along with SHA-256 hash codes, to validate the authenticity of software before it starts to run on the MCU. This is accomplished by the combination of symmetric and asymmetric cryptography. When utilising the DS28C36, the OEM generates a public and a private key in a secure environment (such as within the manufacturing site). The private key never leaves this location, so there is no opportunity for it to be acquired by an unauthorised party with malicious intentions. The firmware is encoded using this private key, with the corresponding public key being incorporated into the device before it is shipped out.
3.3V
Rp
Vcc
ÎźC
DS28C36
lC PORT 2
SDA
PIOA
IO
SCL
PIOB
IO
GND
Figure 2: Typical Application Circuit from a Maxim DS28C36 Authentication IC
6
mouser.com
During power-up, the MCU loads firmware from the external memory, which has been encrypted via the private key. It doesn’t start executing it immediately however. The MCU’s boot manager retrieves the code and passes it to the DS28C36, which then generates a SHA-256 hash code from the firmware. Next, this is compared against the hash code inside the firmware’s certificate, which was generated when the code was encrypted by the private key within the secure environment. Finally, through the public key inside the DS28C36, the code’s signature can be verified. The DS28C36 is then able to confirm that the MCU is OK to execute the firmware.
Figure 3: Microchip’s ATECC608A
Microchip’s ATECC608A cryptographic co-processor offering has the capacity to securely store up to 16 different keys. It supports asymmetric signing, verification and key agreement through elliptic curve digital signature algorithm (ECDSA), elliptic curve Diffie-Hellman (ECDH) and NIST standard P256 elliptic curve support. It also comprises hardware accelerators for symmetric algorithms, such as ones for generating SHA-256 hash codes, and AES-128 encrypt/decrypt capabilities too. Secure boot operation is supported too. The ATECC608A has been designed to address the whole key lifecycle - encompassing private key generation, ECDH key agreement, ECDSA signature generation and ECDSA public key signature verification. It has the ability to execute asymmetric cryptographic functions at up to 1000 times faster than a software implementation running on a standard microprocessor. Multiple private and public key combinations can be directly stored onto the device. Furthermore, it supports random private key generation without ever allowing the private key to leave the device. A public key is automatically generated as part of this process, but can also be generated after the event.
mouser.com
7
The security for IoT networks needs to be built from the ground up, with each node being armed accordingly. It is clear that placing security tasks directly onto already overworked MCUs can be counterproductive. Whereas offloading this responsibility onto another IC that is fully dedicated to the security aspect will have a multitude of operational and logistical benefits.
butor of Semiconductors omponents oducts Online
anufacturers rs
ing* 8
mouser.com