December 18, 2017
|By: Christine Young
Blogger, Maxim Integrated
The Transport Layer Security (TLS) protocol plays an essential role in securing the communication of smart, connected devices over the internet. It can help prevent eavesdropping and tampering of data in transit. For the TLS protocol to be effective, of course, keys and certificates must remain undisclosed, unmodified, and stored in the devices so that they can be used to execute the protocol. Protecting the TLS implementation, however, can be challenging, particularly for internet of things (IoT) devices that are deployed out in the wild.
A companion security IC, argues Stephane di Vito, a Maxim security expert, provides a relatively easy and affordable way to secure a TLS implementation in a connected embedded system. As a bonus, a security IC also offloads the main application processor. di Vito made his case earlier this month at the Embedded Systems Conference in San Jose, where he provided an overview of TLS and explained how a security IC can be integrated into an embedded design.
The TLS protocol consists of two main phases: handshake and secure application data exchange. It all starts with the handshake phase. Here, there is a negotiation of protocol properties, during which the client proposes to the server a list of algorithms that it can support. The server, meanwhile, also has a list of supported algorithms. The server will then select the most secure matching algorithm that is supported. Next, it's time to prove identities. In this step, the server must always prove its identity using a public key infrastructure (PKI), which uses public key cryptography. As di Vito explained, public key cryptography works like this:
For this process to work, public key ownership must be certified by a certification authority. A public key along with the identify of that key’s owner can be sealed in a certificate which is then used for authentication. In the same manner that it authenticates servers, PKI also authenticates clients. Once identities of both parties are proven, it’s time to create keys for the TLS session. As di Vito noted, there are different ways to create keys on both ends:
Once the keys are in place, said di Vito, you can proceed to the application layer and exchange data securely. In the secure exchange phase, the negotiated algorithms and keys are enforced. Exchanged data is authenticated and encrypted.
Connected devices such as smart home control systems can become avenues into the larger network if left unprotected.
Cryptography is not without some key security concerns. A vulnerable cryptography library, for example, could be exposed to timing, simple power analysis (SPA), and differential power analysis (DPA) attacks. Low-quality random numbers could generate weak keys. But addressing these issues via a pure software implementation isn’t the answer, di Vito argued. He highlighted that a software approach could still fall victim to remote timing attacks or regression, for example. By contrast, using a companion security IC offers a greater level of protection, he said.
A companion security IC offers a variety of advantages for cryptography:
Secure storage of keys and certifications is crucial, but a software-only approach here also has weaknesses. It’s possible for client private keys to be extracted from storage and cloned. Then, additional devices can be created using the same identity. If session keys become exposed, a cybercriminal can spy on the TLS communication and/or forge messages. There’s also the danger that compromised certification could authorize certificates.
A companion security IC offers various benefits while providing secure storage:
When implementing TLS, problems could arise if the wrong server/client configuration is used, or if server certificate verification is skipped. A companion security IC mitigates these issues by:
A companion security reduces overall complexity and isolates critical functions. If something were to break in the firmware, di Vito explained, the other portions would remain safe. Some of these ICs can even assess the integrity of firmware on the main application processor; if the firmware is not genuine, then the IC won’t use the client private key to authenticate to the server. “Security is like an onion, the smell aside. It’s a set of layers, and the more layers the better. If it takes too long to peel the onion, the attacker will either abandon or it will be very costly to them. There is no bullet-proof solution….by adding layers and layers, you increase the security level,” said di Vito.
Maxim's DeepCover® embedded security portfolio includes the MAXQ1061, which can be used as a cost-effective companion security IC for secure storage, digital signature, encryption, secure boot, and protecting a TLS implementation. Check out the MAXQ1061 data sheet. di Vito has also written an informative application note, Using Secure Companion ICs to Protect a TLS Implementation, that provides more detail on the topic.