Mark Patrick, Mouser Electronics
Cybersecurity is one of the major concerns of our modern world and it seems that no organisation or individual is immune. Anyone who follows the news will be aware of a number of recent attacks that have significantly affected large organisations and, ultimately, has direct impact on individuals. While more effective security is being implemented, the frequency of attacks does not seem to be diminishing – in fact, if anything, successful attacks seem to be increasing.
When a successful attack happens the organisation is damaged. There is a financial impact in sorting out the effects, attacks are big news and cannot be hidden. As a result, the organisation’s reputation is inevitably damaged and not only loses future customers but also existing customers, all of which may go elsewhere to ensure their data is secure. As a result, ensuring that adequate security is implemented is high on the agenda of most organizations.
One of the highest profile recent incidents was the so-called WannaCry attack that locked up sensitive data until ransom payments were made. Spain’s largest telecom provider (Telefónica) was one company affected but probably the biggest news was the effect that it had on the UK’s National Health Service (NHS). The attack on the NHS was specifically designed to travel through the countrywide computer network as rapidly as could be achieved. Based on a worm, WannaCry rapidly moved from one system to another, spreading throughout the network in just a few hours. Even though the worm was detected, NHS cybersecurity teams had little time to react and the network was soon crippled, having a large impact on healthcare.
Many hospitals and doctor’s surgeries were impacted as a result. Many facilities were closed entirely and those that operated could not access patient records, leading to patients being sent elsewhere and many hundreds of operations being cancelled. Partly due to the success of the WannaCry attack, healthcare providers have been a focus of more attacks. To malicious individuals healthcare providers are an ideal target; their systems contain valuable private data including medical and financial records and, in many cases, the protection levels are not as high as commercial organisations.
However, it is not just the healthcare sector that is in the crosshairs of attackers. The NotPetya worm appeared just one month after WannaCry and had a significant impact on utility companies and financial institutions in Eastern Europe.
Many industry professionals are questioning what needs to be done to protect embedded systems from this growing threat. Until now, relatively simple measures based on software (including effective passwords, data encryption and access authentication) have been sufficient. However, modern attackers are able to circumvent software-only security relatively easily and to achieve the necessary protection, industry professionals are turning to solutions that incorporate both hardware and software elements.
In our modern world, devices have to be connected (either wirelessly, or via a wire) to reach their full potential and many embedded systems now incorporate some form of connectivity. However, every connected device (and there are literally billions) is a potential access point for a protective hacker and more sophisticated protection is needed to combat the equally sophisticated attackers.
Attackers are developing new methods of attack all the time. In the past, techniques such as malware injection, firmware substitution, eavesdropping, identity theft and unauthorised network connection were the most common methods. Now, with sophisticated devices being remotely deployed within the IoT, embedded systems can be subjected to physical damage as a form of attack. The vulnerabilities can be created during manufacture through the unwitting use of counterfeit components that include deliberately inbuilt vulnerabilities.
Modern microcontrollers are at the heart of embedded systems and incorporate many security features including built-in security blocks, strong cryptographic / authentication engines, key management features, tamper detection and prevention mechanisms, protection of external memory and encryption/decryption of communication protocols. All of these provide a new set of challenges to attackers and are more effective than solely software protection. While these measures may impact the performance of the microcontroller, manufacturers are including on-chip accelerators or small co-processors to allow the security to be achieved without slowing the system down.
Infineon’s OPTIGA family of trusted platform modules (TPMs) are packaged in TSSOP-28 and VQFN-32 formats and meet the demanding standards of the Trusted Computing Group (TCG). This range of hardware-based security devices include inbuilt hardware accelerators for asymmetric encryption techniques (such as ECC and RSA), as well as SHA-1 and SHA-256 hash algorithms. As a result, processor-intensive operations such as data encryption and decryption can be performed locally on the security device, with no impact on the performance of the main microcontroller – meaning that effective security is achievable without affecting system performance. Infineon’s TPMs operate over temperatures of -20°C to +85°C and are available with the ability to operate to -40°C to cover the increasing number of industrial applications in smart factories and the like.
The ATECC608A from Microchip includes a cryptographic hardware accelerator, making it ideal for data security and authentication in the resource-limited embedded nodes that form much of the IoT. When compared to standard microcontrollers, the ATECC608A can perform asymmetric cryptography operations (based on ECC and ECDSA algorithms) as much as 1000x faster. In addition, numerous key generation protocols (such as TLS 1.2 and TLS 1.3) accommodate the authentication of identity and creation of session keys. Small messages including personal information require encryption and the device supports this with minimal overhead via a symmetric AES-ECB Block Cipher mode.
Also valuable for IoT applications, the ATECC608A includes a key generation feature that enables authentication of highly important firmware-over-the-air (FOTA) updates that ensure firmware (including security features) are kept up-to-date. Secure boot capabilities allow the establishment of a root of trust when nodes are activated, preventing corruption of boot codes and thereby protecting IoT nodes during their start-up phase.
Maxim’s MAXQ1061 is a secure cryptographic controller IC that offers enhanced secure key storage as well as multiple tamper detection mechanisms and secure boot functionality. Unauthorised access is prevented by sophisticated private key management that is based on random number generation and certificate verification. Unless verification is achieved, TLS handshaking is prevented thereby stopping hackers from being able to establish communications with the chip.
Additional security measures include a 128-bit AES encryption engine that maintains security by supporting AES-GCM (SP 800-38D compliant) and AES-ECB (SP 800-A compliant) modes. The boot-up phase is protected by signature verification that prevents access to host processor data.
Security is clearly an important topic and it is equally important that it is addressed during the early phase of every design and to be effective the security solution must mesh together hardware, software and architectural elements. Adding in diagnostics and verification to this holistic approach will deliver a far more secure solution than can be achieved by any one of these elements in isolation.
By moving the security responsibility to a separate and dedicated device, the processing overhead can be addressed and effective security is delivered without slowing down the system.
