Why a Secure Micro with PUF Is a Strong IoT Hacking Defense
March 12, 2020
| By: Christine Young
Blogger, Maxim Integrated
How would you feel if you put hours of effort and your ingenuity into designing a product, only to find cheaper copycats on the market? And what if, over time, those copycats failed and somehow eroded your company's brand reputation? It happens more often than it should, especially as hackers up their game in sophistication and consumers get attracted to lower cost options.
So that's why it's important to design security into your products right from the start—especially if your products are internet-connected and smart. According to NETSCOUT's Threat Intelligence Report, it takes only an average of five minutes for an IoT device to be attacked once it is connected to the internet. By factoring in robust security for your designs, you can ward off:
- Revenue and intellectual property loss
- Subpar counterfeits and clones
- Breaches into your customers' networks, where sensitive information may become accessible
- Theft of data in transmission between, say, the connected device and the cloud
- And even physical harm in the case of smart medical devices
So now that we've made a case for considering security, what's the best method? There are various ways to protect your designs – hardware-based security is one of the most robust methods. Unlike its software-based counterpart, hardware security provides the advantages of a physical layer that's difficult to alter as well as support for key management. Secret keys are an integral part of cryptography, helping to ensure that the two sides that must exchange a message or piece of data are valid.
The emergence of secure ICs makes it easier to protect your designs from the ground up, or even to add security to an existing design. However, through sophisticated invasive attacks, hackers can attempt to steal cryptographic keys from secure ICs, compromising these ICs. Here's where chip designers may have an upper hand, thanks to their ingenuity in creating physically unclonable function (PUF) technology. PUF technology is virtually impossible to clone or duplicate because it stems from the complex and variable physical as well as electrical properties of ICs. These properties are random and unpredictable. PUF technology natively generates a digital fingerprint for its associated IC; this fingerprint can be utilized as a unique secret key for algorithms used in identification, authentication, encryption/decryption, anti-counterfeiting, and hardware-software binding. An ideal implementation of PUF technology requires no battery or other permanent power source; features circuitry that is resistant to physical inspection; and generates the secret key only when it is needed for a cryptographic operation.
Secure microcontrollers can thwart hackers from attacks on remote IoT sensors, such as in this wireless weather monitoring station.
ChipDNA PUF Technology: You Can't Steal a Key That Isn't There
Maxim's PUF implementation, called ChipDNA™ technology, was designed to deliver strengthened protection against invasive and reverse engineering attacks. A ChipDNA PUF circuit is based on the naturally occurring random analog characteristics of fundamental MOSFET devices to produce the cryptographic keys. The key is generated only when needed and is never stored on the chip. The unique binary value generated by each PUF circuit can be repeated over temperature and voltage and as the device ages. If someone attempts to hack a ChipDNA device, the invasive attack itself would change the electrical characteristics of the PUF circuit, thwarting the attack.
The newest device in the ChipDNA portfolio is the DeepCover® MAX32520 secure Arm® Cortex®-M4 microcontroller with secure boot for IoT applications, the industry's first secure microcontroller with PUF technology. The MAX32520 received a Best in Show Award by Embedded Computing Design at the recent embedded world Conference. The device:
- Prevents tampering via voltage and temperature monitoring for out-of-range values, along with die shield integration to thwart probing
- Prevents side-channel attacks
- Verifies flash integrity before code execution and authenticates source before secure flash upload via secure bootloader
- Provides advanced encryption with FIPS SP-800-90B and SP-800-90A compliant TRNG and hardware accelerators for AES-256, ECDSA-512, and SHA-512
- Features 2MB of secure memory, enough to extend protection beyond encryption keys to include application code
With features like PUF technology, advanced cryptographic engines, code encryption, and secure bootloader, the MAX32520 can be used to address threats including cloning, physical inspection, code alteration, IP theft, and subscription fraud, as well as concerns such as data privacy, network protection, and supply chain control. An evaluation kit, MAX32520-KIT, as well as a feather board, MAX32520FTHR, are available. Test-drive the MAX32520 for applications such as embedded communication equipment, embedded connected systems, IoT nodes and gateways, secure industrial appliances and sensors, and set-top boxes.
Bottom line: if you want to make a hacker's life a lot harder—and protect your customers and your business—a secure microcontroller with physically unclonable function technology can be your best friend.