February 28, 2019
| By: Christine Young
Blogger, Maxim Integrated
Normally, you wouldn’t expect that a fish tank would need to be secured from hackers. But what if that fish tank is a smart one, with its temperature and lighting controlled by an internet of things (IoT) system? In this case, a hacked fish tank presents an avenue into the larger network…and troves of sensitive data. This is what happened to a Las Vegas casino, whose smart fish tank was not protected by a firewall, giving the bad guys access to its database of high-roller clients.
“Really, the point of kicking this off this way is, the IoT is pervasive. The connectivity associated with that is, a lot of products are vulnerable. We need to think about security,” said Scott Jones, managing director of embedded security at Maxim, during his recent webinar on the topic. During his hour-long session, “Why Does a Fish Tank Need Security?,” Jones emphasized the importance of designing with security in mind, explained how the SHA-3 hash algorithm and physically unclonable function (PUF) technology work, and introduced a secure authenticator that integrates both technologies.
The hacked fish tank presents a captivating example, and there are plenty of connected things from the embedded world that have similar vulnerabilities. Jones cited medical tool developers who have had their products harvested from medical waste and eventually put back into the supply chain, as well as fake sensors found in industrial control and automation systems. High-value products are targets for malware, counterfeiting, and unauthorized use—and their perceived value often lies in the underlying data.
Figure 1. Sensors in industrial automation environments, such as this bottle packaging production line, can be cloned if left unsecured.
If you’re unsure about whether you need to protect your design, Jones said, ask yourself these questions:
While design security comes in many flavors, Jones advocated for hardware-based security—such as via secure authenticators—as the most robust and cost-effective option. Secure authenticators can be used for intellectual property (IP) protection, device authentication, feature setting, use management, data/firmware integrity, and message authentication/integrity. These devices are typically designed to provide symmetric and asymmetric algorithms, bi-directional authentication, and secure system data storage, use counting, memory settings, and general-purpose I/O (GPIO). You can use a secure authenticator for a number of purposes, including:
Like Fingerprints for Data
Why should you care about SHA-3? Developed by a renowned European cryptographic team and based on the KECCAK cryptographic function, SHA-3 was adopted as the latest Secure Hash Algorithm in 2015 after a public competition and vetting process by the National Institute of Standards and Technology (NIST). “If you think about a hash algorithm,” said Jones, “they’re really like a function that can give us a digital fingerprint of data. You can take any arbitrarily sized data algorithm, push it through a SHA algorithm, and get a fixed-length output from that process.”
He continued, “The beauty of SHA-3 is, it’s very efficient in terms of hardware implementation and even on the software side.” This makes the algorithm ideal for symmetric key-based message authentication codes (MACs). With MACs, a short piece of information is used to authenticate a message and confirm that it originated from the stated sender, such as a sensor or a tool. This process ensures that the message can be trusted before the desired action is allowed to take place.
As Jones notes, SHA-3 provides a secure one-way function. You can’t reconstruct data from the hash, or change data without changing the hash. You also won’t find any other data with the same hash, or any two sets of data with the same hash. To understand how SHA-3 works, consider an end application that, at a system level, consists of a slave accessory designed with a SHA-3 authentication IC and a host controller with a SHA-3 coprocessor or microcontroller, as shown in Figure 2. The slave accessory will have a unique secret, while the host controller will have a system secret. For authentication functions, the host needs to first securely compute the unique secret that is stored in the slave IC. To do so the host requests the ROM ID from the slave and inputs it, along with its own securely stored system secret and some compute data, into its own SHA-3 engine. The engine then computes a SHA-3 hash-based MAC (HMAC) that is equal to the unique secret stored in the authentication IC. After securely deriving the unique secret in the slave IC, the host controller can perform various bi-direction authentication functions with the authentication IC. One example would be a challenge-and response authentication sequence to prove that the accessory is genuine. In this case, the host requests and receives a ROM ID from the slave. The host also produces a random challenge and sends it to the slave accessory. The slave accessory then inputs its unique ID, unique secret, and the challenge into its SHA-3 engine to compute a SHA-3 HMAC, which is then returned to the host. At the same time, the host has computed its SHA-3 HMAC with the unique slave secret, the challenge, and the slave’s ROM ID. If the HMACs are equal, then the slave accessory is verified to be authentic.
Figure 2. Fundamental elements in a SHA-3 authentication model.
You Can’t Steal a Key that Isn’t There
These days, even security solutions are under relentless and sophisticated attack. There are non-invasive methods, such as side-channel attacks. There are also invasive attacks, including microprobing, reverse-engineering, and the use of focused ion beam to make modifications in the silicon. PUF technology is designed to protect against these types of attacks. Maxim’s PUF implementation is in its ChipDNA™ technology, which utilizes random electrical characteristics within silicon to produce a key. “The beauty of this is, any interaction at all, any attempt to probe or expose the silicon, causes these very sensitive electrical characteristics to change,” said Jones, explaining that this renders the PUF to be useless. The key is generated and used in secure logic only when required by a cryptographic operation and it is erased when no longer needed.
Together, SHA-3 and PUF technology can be a formidable pair—one that’s available in one of Maxim’s newest secure authenticators, the DS28E50. In addition to PUF protection and FIPS202-compliant, SHA3-256-based challenge/response bi-directional authentication, the DS28E50 also features:
Wrapping up his session, Jones answered some interesting questions. One attendee wanted to know whether SHA-2 remains viable. Jones pointed out that there are no known cryptographic vulnerabilities within SHA-2 and that Maxim continues to use this algorithm in some of its products. “We try to stay on the security treadmill. [SHA-3] is the next evolution in hash algorithms and, therefore, a key reason we have migrated to it,” he said.
Another attendee wanted to know whether PUF circuits come under attack. Said Jones: “I don’t know of a particular entity that is attempting to break the PUF in a malicious sense.” What’s more, a third-party security lab conducted a reverse-engineering study of another PUF-based circuit, the DS28E38, and determined that the authenticator is “highly effective and resistant against physical reverse-engineering attacks.”