Thursday, November 21, 2024

Connected Systems Require Hardware Based Security

- Advertisement -

Modern applications like connected industrial systems, smartgrids, connected cars and autonomous driving widely summarised under the term the Internet of Things (IoT), see Fig. 1, have a high demand for reliable security. There are some typical use cases such as authentication of components and their unique identities, monitoring and safeguarding of system integrity and protection of data and communication. To build trust in new services and technologies, intellectual property (IP) protection is key, and data security and system integrity are a prerequisite for successful implementation of new services and applications.

To establish new solutions, we need integrated system solutions based on secured hardware that protects infrastructure and components from attacks, fraud and sabotage; in brief, hardware that enables to store, run and update software in a protected way.

Purely software based security is not enough
Several attempts have been made in the past to apply purely software based solutions for device authentication. Unfortunately, software, due to its nature, bears several significant weaknesses. It is written in code, and code can be read and analysed. And once it is analysed, it can be modified as per the requirements of an attacker. And once the device is re-programmed with the modified software, the authentication process and system integrity can be broken.

- Advertisement -

Another severe weakness of software based solutions can be the inappropriate storage of secret keys via all relevant processes and production steps. Typically, in software based protection systems, attackers can identify secret keys from the software in a very simple way; keys usually behave like random numbers, in total contrast to the program code itself. So-called entropy analysers can scan the software and identify parts with high randomness (these parts typically contain the keys). Such a scan is done in seconds, and the keys found could directly be used to generate falsified products in masses.

Fig. 1: The IoT and various other connected applications require secure communication, data and IP protection as well as system integrity
Fig. 1: The IoT and various other connected applications require secure communication, data and IP protection as well as system integrity

Software-only solutions allow protection only in the case when none of the components used are physically accessible to an attacker. In real life, this exception would render such solutions unpractical. So software is usually not seen as a valid alternative for product authentication, system integrity and IP protection today.

However, software can be protected by hardware; secured hardware protects the processing and storage of code using encryption, fault and manipulation detection, and secure code and data storage. Software becomes trustworthy by combining it with secured hardware. This has been proven by extensive experience from areas of trusted computing and the use of secure elements in mobile phones and protective functions of smartgrids.

Hardware based solutions provide more security
A typical embedded control architecture with a standard microcontroller (MCU) on which a real-time operating system (OS) and applications are running can currently be found in the majority of installed systems. Usually, security functionality is implemented using software based encryption mechanisms. What is missing is an efficient and secured trust anchor (Hardware Roots of Trust, or HRoT) with dedicated encryption functionality for increased security.

This is why modern MCUs are an ideal solution to respond to increasing security demands. On one hand, available standalone security controllers are usually implemented with MCUs; on the other, there are application-optimised MCUs with integrated security functions.

Use of a standalone security element (security processor or co-processor) that acts as an HRoT has proven itself for years in other industries such as personal computers, servers, chip cards and identity documents.

The concept is also recommended for industrial applications. For example, a trusted platform module (TPM) (Fig. 2) can be used as an HRoT in conjunction with other security elements in order to provide an industrial controller with comprehensive security functions such as integrated crypto-processors, encrypted storage, buses and peripheral functions as well as integrated error detection. Network end points can be efficiently protected using this hardware based approach.

Hardware based security is proven in the field

Fig. 2: OPTIGA TPMs are special MCUs that provide computer systems with comprehensive protection from unauthorised access and attacks
Fig. 2: OPTIGA TPMs are special MCUs that provide computer systems with comprehensive protection from unauthorised access and attacks

Coming back to the initial point of discussion about new business models and opportunities in the context of the IoT, there are already numerous use cases and examples demonstrating how hardware based security solutions add real value in terms of integrity and reliability of connected devices.

For example, Infineon has been shipping TPMs for devices running Google’s Chrome based OS since 2011 and it is an integral part of the security architecture of Google Chromebooks, which were designed to provide a fast, simple and secured experience for people who use computing devices primarily to access the Internet and use Web based applications. One key part of their design is called defence in depth, which provides multiple levels of protection against malware.

Meanwhile, structure of the TPM standard was enhanced with some specific functions and interfaces added to support new applications. New profiles of TPMs can address security-relevant applications not only in the IT industry but also in embedded systems, smartphones, communications equipment, industrial automation or automotive. In addition, TPMs include a comprehensive software stack enabling a secure upgrade.

Automotive is also an upcoming field of application, as there are many features and functions already widely based on hardware security, designed in response to the level of security required by the specific application.

MCUs of the AURIX family, for example, provide special function blocks such as security hardware extensions (SHEs) or hardware security modules (HSMs). HSMs take care of secured communication with other MCUs by signing messages or even using full encryption. Further, these can be used to securely boot the MCU in order to prevent attacks from viruses and trojans and prevent unauthorised access.

With regards to the fact that the car is becoming an increasingly connected computing device communicating with other vehicles and infrastructure, TPMs will become indispensable to protect the car’s communication interfaces from hacker attackers or malware during software updates.

Conclusion
It will only be possible to implement new connected technologies like the IoT by making comprehensive use of powerful safety and security technology in order to protect infrastructure and components that are used from manipulation, attacks and malfunctions. Secured hardware is an important prerequisite, since maximum security requires secured hardware and cannot be achieved with software based concepts alone.

Infineon provides MCUs with integrated security functions and offers efficient and secured solutions tailored to the applications’ needs, whether industrial, automotive or consumer-oriented.

SHARE YOUR THOUGHTS & COMMENTS

EFY Prime

Unique DIY Projects

Electronics News

Truly Innovative Electronics

Latest DIY Videos

Electronics Components

Electronics Jobs

Calculators For Electronics