Secure Provisioning Platform Makes It Easier to Protect IoT Designs
January 22, 2019
| By: Christine Young
Blogger, Maxim Integrated
As the things around us get smarter and connected, they can also become more vulnerable to security breaches. While a hacked thermostat might not sound like too big of a deal, this type of breach can open up a path into the larger network. And that’s where hackers can potentially access more valuable data and also more critical functions. In one of the more unique incidents of the recent past, hackers broke into an Internet-connected fish tank at a North American casino and, through this channel, were able to access other areas of the casino’s network, including its database of high-roller clients. Unfortunately, with pressure to deliver differentiated products to the market quickly, design security isn’t always given the attention it deserves. Or, less secure routes are taken because they’re perceived to be faster and easier to implement.
The level of security required should be influenced by the type of internet of things (IoT) device being considered. Those that come with fairly low security risk may be well served by a trusted execution environment (TEE). This is a secure area inside a system’s main processor that runs in an isolated environment, providing code and data protection. But connected devices with higher value data, which can be at greater risk of attack, would benefit from the more robust protection provided by integrating a hardware-based root-of-trust into the environment. In a cryptographic system, a root-of-trust is a source that can always be trusted by its operating system, supporting the authentication that is essential in protecting data and applications. The root-of-trust generally includes a hardened hardware module, such as a hardware security module (HSM). An HSM generates and protects cryptographic keys and also performs cryptographic functions. Offering protection against physical hardware attacks while also hardening against software attacks, the hardware root-of-trust is a key building block in creating a robust TEE.
When chipmakers integrate the hardware root-of-trust into their security ICs, it’s their way of vouching for the security of their part. In these cases, the hardware-based root-of-trust actually starts with software. For example, a secure microcontroller that executes software from an internal, immutable memory guards against attacks that attempt to breach an electronic device’s hardware. The software, stored in the microcontroller’s ROM, is considered to be inherently trusted because it cannot be modified. This software can be used to verify and authenticate the application software’s signature. However, customers who buy these security ICs will also want their own root-of-trust included in the chips for an additional layer of security.
Figure 1. The more we rely on connected devices, the more critical it is to keep these devices—and their data—secure from hackers.
Your Secrets Are Safe Here
OEMs who buy security ICs can work with manufacturers to embed their own keys and certificates into the chips. Of course, this arrangement can only be successful if the OEM can fully trust the manufacturer. Another flexible, efficient, and cost-effective option involves working with a secure provisioning solution, such as the security provisioning and data programming system provided by Data I/O. Headquartered in Redmond, Washington, Data I/O is behind the SentriX Security Provisioning Platform (Figure 2). This platform provides a flexible way to provision a hardware-based root-of-trust during the manufacturing process for authentication ICs, secure elements, and secure microcontrollers. Data I/O’s semiconductor manufacturing partners utilize its SentriX Platform to establish roots-of-trust in silicon through volume production. The platform is now available for Maxim’s DeepCover® DS28C36 secure authenticator and DS2476 secure coprocessor, and the first customers to use it are starting to go into production with their designs.
“You can send any secret, such as a key, to the SentriX Platform, and you can encrypt it so only that particular SentriX Platform can decrypt it,” explained Sean Riley, VP of marketing and business development at Data I/O.
Figure 2. Data I/O’s SentriX Platform received an embedded award 2018 in the tools category at embedded world. Photo courtesy of Data I/O.
Riley notes that many of the company’s customers have attempted to integrate keys into the production process with third-party manufacturers, but they eventually became uncomfortable with their arrangements and turned to Data I/O. Its SentriX Platform requires no minimum quantities, so OEMs of all sizes and volumes can secure their connected devices from design through the manufacturing process.
Putting Your Own Unique Stamp on Your Product
A highly automated system utilizing robots, the SentriX Platform becomes a part of the production flow to embed potentially thousands of unique keys and certificates into the devices in volume production. The SentriX Platform consists of Data I/O’s PSV7000 device handling technology, its LumenX programming technology, its ConneX Smart Programming Software, and the Secure Thingz Secure Deploy platform. By embedding a foundation of security, roots-of-trust, and authentication into the manufacturing flow, the SentriX Platform enables a secure supply chain for trusted devices. Because the platform allows customization down to small quantities, a customer can even provision a security IC for multiple products. By securing the devices in this way, OEMs can securely update their products in the field and also protect their supply chain against counterfeiting and cloning.
Maxim’s DS28C36 and DS2476 secure authenticators are two of the newest security ICs to be supported by the SentriX Platform. These authenticators were designed to address a variety of security issues for connected devices, providing counterfeit protection, secure download/boot, and IoT device integrity and authenticity. The cryptographic tools in the DS28C36 are derived from integrated asymmetric (ECC-P256) and symmetric (SHA-256) security functions. The device also integrates a FIPS/NIST true random number generator, 8Kb of secured EEPROM, a decrement-only counter, two pins of configurable GPIO, and a unique 64-bit ROM identification number. The DS2476 is a secure Elliptic Curve Digital Signature Algorithm (ECDSA) and hash-based message authentication code (HMAC) SHA-256 coprocessor companion to the DS28C36. As a coprocessor, it can compute any required HMACs or ECDSA signatures to perform any operation on the DS28C36.
With the libraries and reference code provided as well as capabilities that are easy to implement, Riley notes that these secure authenticators are overall easy to work with. Integrating secure provisioning into the mix isn’t too far of a stretch, either. “Hardware-based security is easier than you think. Moving from design to manufacturing won’t be hard if you work with us,” he said.