How Security Supervisors Safeguard IoT Devices
April 16, 2019
| By: Stella Or
Executive Business Manager, Embedded Security, Maxim Integrated
For consumers to trust your smart, connected products, they must be able to be confident that their data—sensitive or otherwise—will remain safe from cybercriminals. As the internet of things (IoT) becomes increasingly prevalent in modern life, it is more critical than ever to ensure that your IoT devices are protected against cybercrime. In this blog post, I’ll examine how security supervisors that provide tamper detection, cryptographic functions, and secure data storage can address the challenges of IoT design security.
Hackers are a crafty bunch. By exploiting a vulnerability in a connected device—which could be something as seemingly innocuous as a security camera or a baby monitor—they can potentially gain entry into an entire network. Earlier this year, the Japanese government began a massive, years-long effort to attempt to hack more than 200 million randomly selected IoT devices installed in homes and elsewhere in the country. During the process, the country’s National Institute of Information and Communications Technology will assemble a list of vulnerable devices that it will share with internet service providers (ISPs), so they can alert consumers and secure the devices. While this may seem extreme and Big Brother-ish, the activity can shine a spotlight on what needs to be done to prevent our data from getting into the wrong hands.
Unfortunately, security often takes a back seat in the design process. Some device developers believe that implementing security is expensive, time-consuming, or difficult. Others are inclined to address it later—but later might be too late. After all, the costs associated with a cyberattack can be high in terms of lost revenue and consumer trust, damaged reputation, and, worse, potential personal harm.
Smart security cameras are an example of an IoT device that should be protected against hacking, tampering, and other breaches; otherwise, these devices can be an entry point into the larger network.
Hardware Security Delivers Robust Option
While software encryption is considered to be cost-effective and relatively easy to implement and update, it is not as robust as its hardware-based counterpart. By using a secure microcontroller that executes software from an internal, immutable memory, you can provide a strong level of protection against attacks that attempt to breach an electronic device’s hardware. Stored in the microcontroller’s ROM, this software can be used to verify and authenticate the application’s software signature. It’s considered to be the “root of trust” because it cannot be modified. Since a hardware-based root-of-trust methodology starts from the bottom of the design, you can close off more potential entry points into your design than you’d be able to with a software-based approach.
Secure microcontrollers also support symmetric and asymmetric challenge-response authentication. Symmetric cryptography-based authentication uses a shared secret key, or number, between the host and the device to be authenticated. A device is authenticated when digital signature computations triggered by a random key (the challenge) sent by the host to the device are a match between the two sides. A function with adequate mathematical properties—such as SHA-256 secure hash functions—is important for ensuring that the results cannot be imitated. Asymmetric cryptography-based authentication involves a private and a public key. Only the device to be authenticated knows the private key. The public key can be shared to any entity that intends to authenticate the device. Like its symmetric authentication counterpart, the function used to compute the signature should have certain mathematical properties; in this case, RSA and ECDSA are commonly used functions.
Since IoT devices are deployed in the wild, it’s important to consider ways to block efforts at physical tampering. Once a hacker has gained physical access to an embedded system, the opportunities are open for attempts to steal sensitive data, inject malicious code into the system, gain control of the system, or clone the device. What can you do about this? One obvious technique is to plug any accessible ports on the connected device. Another measure happens at the component level, where you can integrate security ICs with built-in tamper resistance and cryptography functions. These types of ICs can detect when and where a tamper attempt is underway and immediately erase any stored sensitive data. Some anti-tamper security ICs are meant to be used as co-processors in the design. In these cases, you won’t have to change your existing design in order to implement protection. A digital cinema projector provides a good example of an application where a security IC would be effective. Each projector has a media server containing video files of movies, as well as a unique cryptographic key that safeguards access to that projector’s contents. To play the movie, each cinema would have a corresponding key to decrypt the video content. A tamper-resistant security IC can store the keys, safeguarding them from unauthorized access. Another advantage of this approach is that you don’t need to be a cryptography expert to implement the design protection.
New Security Supervisors with Tamper Detection
Two of the market’s newest security supervisors that serve as coprocessors to provide tamper detection, cryptographic functions, and secure storage for sensitive information are Maxim’s MAX36010 and MAX36011. Both low-power security supervisors are ideal for fiscal memory, internet security, and IP protection applications that require certificate-based or other public key cryptography schemes. They are designed with advanced security mechanisms to protect sensitive information in secure memory, two pairs of external sensor inputs, and temperature and voltage sensors that erase the secure memory when an attack condition is detected. The MAX36010 and MAX36011 also provides countermeasures against differential power analysis for applications that need Payment Card Industry (PCI) or Federal Information Processing Standard (FIPS) certifications. Since both parts feature robust security, you don’t need to be a security expert to integrate a high level of protection into your designs. Both ICs can be integrated into a design at any development phase.
To encourage consumer trust, device users have to feel that their sensitive data will not be breached in any way. Anti-tamper security ICs offer a worthwhile method for defending your connected designs against cybercrime.
A similar version of this blog appeared on February 20, 2019, in Embedded Computing Design: “A Smarter Way to Protect IoT Devices from Hackers.”