Partner Program to Focus on Security

Microchip Technology has also established a Security Design Partner Program for connecting developers with third-party partners that can enhance and expedite secure designs. Along with the program, the company has also released its ATECC608A CryptoAuthentication device, a secure element that allows developers to add hardware-based security to their designs.

Microchip 38318249941_bf38a56692_zAccording to Microchip, the foundation of secured communication is the ability to create, protect and authenticate a device’s unique and trusted identity. By keeping a device’s private keys isolated from the system in a secured area, coupled with its industry-leading cryptography practices, the ATECC608A provides a high level of security that can be used in nearly any type of design. The ATECC608A includes the Federal Information Processing Standard (FIPS)-compliant Random Number Generator (RNG) that generates unique keys that comply with the latest requirements from the National Institute of Standards and Technology (NIST), providing an easier path to a whole-system FIPS certification.

Other features include:

  • Boot validation capabilities for small systems: New commands facilitate the signature validation and digest computation of the host microcontroller firmware for systems with small MCUs, such as an ARM Cortex-M0+ based device, as well as for more robust embedded systems.
  • Trusted authentication for LoRa nodes: The AES-128 engine also makes security deployments for LoRa infrastructures possible by enabling authentication of trusted nodes within a network.
  •  Fast cryptography processing: The hardware-based integrated Elliptical Curve Cryptography (ECC) algorithms create smaller keys and establish a certificate-based root of trust more quickly and securely than other implementation approaches that rely on legacy methods.
  •  Tamper-resistant protections: Anti-tampering techniques protect keys from physical attacks and attempted intrusions after deployment. These techniques allow the system to preserve a secured and trusted identity.
  •  Trusted in-manufacturing provisioning: Companies can use Microchip’s secured manufacturing facilities to safely provision their keys and certificates, eliminating the risk of exposure during manufacturing.

In addition to providing hardware security solutions, customers have access to Microchip’s Security Design Partner Program. These industry-leading companies, including Amazon Web Services (AWS) and Google Cloud Platform, provide complementary cloud-driven security models and infrastructure. Other partners are well-versed in implementing Microchip’s security devices and libraries. Whether designers are looking to secure an Internet of Things (IoT) application or add authentication capabilities for consumables, such as cartridges or accessories, the expertise of the Security Design Partners can reduce both development cost and time to market.

For rapid prototyping of secure solutions, designers can use the new CryptoAuth Xplained Pro evaluation and development kit (ATCryptoAuth-XPRO-B) which is an add-on board, compatible with any Microchip Xplained or Xplained Pro evaluation board. The ATECC608A is available for $0.56 each in 10,000 unit quantities. The ATCryptoAuth-XPRO-B add-on development board is available for $10.00 each.

Microchip Technology | www.microchip.com

MCU Vendors Embrace Amazon FreeRTOS

In a flurry of announcements concurrent with Amazon’s release of its new Amazon FreeRTOS operating system, microcontroller vendors are touting their collaborative efforts to support the OS. Amazon FreeRTOS extends the FreeRTOS kernel, a popular open source RTOS for microcontrollers, and includes software libraries for security, connectivity and updateability. Here’s a selection of announcements from the MCU community:

Microchip PIC32MZEF MCUs Support Amazon FreeRTOS
curiosityMicrochip Technology has expanded its collaboration with Amazon Web Services (AWS) to support cloud-connected embedded systems from the node to the cloud. Microchip’s PIC32MZ EF series of microcontrollers now support Amazon FreeRTOS.

STMicro Adds Amazon FreeRTOS to its IoT MCU Tool Suit
STMicroelectronics has announced its collaboration with Amazon Web Services (AWS) on Amazon FreeRTOS, the latest addition to the AWS Internet of Things (IoT) solution.

 

NXP MCU IoT Card with Wi-Fi Supports Amazon FreeRTOS
OM40007-LPC54018-IoT-ModuleNXP Semiconductors has introduced the LPC54018 MCU-based IoT module with onboard Wi-Fi and support for the new Amazon FreeRTOS on Amazon Web Services (AWS), offering developers universal connections to AWS.

 

TI SimpleLink™ MCU platform now supports new Amazon FreeRTOS (PRNewsfoto/Texas Instruments Incorporated)

TI Integrates SimpleLink MCU Platform with Amazon FreeRTOS
Texas Instruments (TI) has announced the integration of the new Amazon FreeRTOS into the SimpleLink microcontroller platform.

Renesas IoT Sandbox Supports RX65N MCU

Renesas Electronics America has expanded its Renesas IoT Sandbox lineup with the new RX65N Wi-Fi Cloud Connectivity Kit. The RX65N Wi-Fi Cloud Connectivity Kit provides an easy-to-use platform for connecting to the cloud, evaluating IoT solutions and creating IoT applications through cloud services and real-time workflows. The RX65N Wi-Fi Cloud Connectivity Kit integrates the high-performance Renesas RX65N microcontroller (MCU) and Medium One’s Smart Proximity demo with the data intelligence featured in Renesas IoT Sandbox.

RX65N_IoT_Sandbox_Wifi_Kit_UnpackedThe Renesas IoT Sandbox provides a fast path from IoT concept to prototype. It enables personalized data intelligence for system developers working with the Renesas SynergyTM Platform, the Renesas RL78 Family and RX Family of MCUs, and the Renesas RZ Family of microprocessors. The new RX65N Wi-Fi Cloud Connectivity Kit is based on the Renesas RX65N Group of MCUs, which is part of the high-performance RX600 Series of MCUs.

The new kit features the Smart Proximity demo implemented by Medium One. System developers can use workflows to extract data from the Ultrasonic Range Finder Sensor and then transmit distance data and duration length for objects close to the sensor to provide intelligence on end-user engagement with the objects. For instance, when deployed in retail environments, business owners can leverage the data to determine when and for how long shoppers view specific merchandise, providing greater insight on shoppers’ selection behaviors.

Developers can sign up for a Renesas IoT Sandbox account at www.renesas.com/iotsandbox. The data intelligence developer area is ready for immediate prototyping use. The RX65N Wi-Fi Connectivity Kit is available for order at Amazon for $59 per kit.

Renesas Electronics | www.renesas.com

NXP MCU IoT Card with Wi-Fi Supports Amazon FreeRTOS

NXP Semiconductors has introduced the LPC54018 MCU-based IoT module with onboard Wi-Fi and support for newly launched Amazon FreeRTOS on Amazon Web Services (AWS), offering developers universal connections to AWS. Amazon FreeRTOS provides tools for users to quickly and easily deploy an MCU-based connected device and develop an IoT application without having to worry about the complexity of scaling across millions of devices. Once connected, IoT device applications can take advantage of the capabilities of the cloud or continue processing data locally with AWS Greengrass.

Amazon FreeRTOS enables security-strong orchestration with the edge-cluster to further leverage low latencies in edge computing configurations, which extends AWS Greengrass core devices’ reach to the nodes. Distributed and autonomous computing architectures become possible through the consistent interface provided between the nodes and their gateways, in both online and offline scenario.

OM40007-LPC54018-IoT-ModuleNXP’s IoT module, co-developed with Embedded Artists and based on the LPC54018 MCU, offers unlimited memory extensibility, a root of trust built on the embedded SRAM physical unclonable functions (PUF) and on-chip cryptographic accelerators. Together, LPC and Amazon FreeRTOS, with easy-to-use software libraries, bring multiple layers of network transport security, simplify cloud on-boarding and over-the-air device management.

NXP enables node-to-cloud AWS connectivity with its LPC54018-based IoT module available on Amazon.com and EmbeddedArtists.com at $35 direct to consumers.

NXP Semiconductors | www.nxp.com

Microchip PIC32MZEF MCUs Support Amazon FreeRTOS

Microchip Technology has expanded its collaboration with Amazon Web Services (AWS) to support cloud-connected embedded systems from the node to the cloud. Supporting Amazon Greengrass, Amazon FreeRTOS and AWS Internet of Things (IoT), Microchip provides all the components, tools, software and support needed to rapidly develop secure cloud-connected systems.

Microchip’s PIC32MZ EF series of microcontrollers now support Amazon FreeRTOS, an operating system that makes compact low-powered edge devices easy to program, deploy, secure and maintain. These high-performance MCUs incorporate industry-leading connectivity options, ample Flash memory, rich peripherals and a robust toolchain which empower embedded designers to rapidly build complex applications. Amazon FreeRTOS includes software libraries which make it easy to securely deploy over-the-air updates as well as the ability to connect devices locally to AWS Greengrass or directly to the cloud, providing a variety of data processing location options.

For systems requiring data collection and analysis at a local level, developers can use Microchip’s SAMA5D2 series of microprocessors with integrated AWS Greengrass software. This will enable systems to run local compute, messaging, data caching and sync capabilities for connected devices in a secure way. This type of execution provides improved event response, conserves bandwidth and enables more cost-effective cloud computing. The SAMA5D2 devices, also available in System-in-Package (SiP) variants, offer full Amazon Greengrass compatibility in a low-power, small form factor MPU targeted at industrial and long-life gateway and concentrator applications. Additionally, the integrated security features and extended temperature range allows these MPUs to be deployed in physically insecure and harsh environments.

In any cloud-connected design, security and ease of use are vital pieces of the puzzle. Microchip’s ATECC608A CryptoAuthentication device enables enhanced system security as well as easy-to-use registration. The secure element provides a unique, trusted and protected identity to each device that can be securely authenticated to protect a brand’s intellectual property and revenue. In addition to enhancing system security, the ATECC608A allows AWS customers to instantly connect to the cloud through the device’s Just-in-Time-Registration (JITR) powered by AWS IoT.

curiosityMicrochip has an extensive toolchain for rapid and reliable development. The Curiosity PIC32MZ EF development board (shown), to kick-start Amazon FreeRTOS-based designs, is a fully integrated 32-bit development platform which also includes two mikroBUS expansion sockets, enabling designers to easily add additional capabilities, such as Wi-Fi with the WINC1510 click board, to their designs. The SAMA5D2 Xplained Ultra board, which can be used for AWS Greengrass designs, is a fast prototyping and evaluation platform for the SAMA5D2 series of MPUs. Additionally, the CryptoAuth Xplained Pro evaluation and development kit is an add-on board for rapid prototyping of secure solutions on AWS IoT and is compatible with any Microchip Xplained or XplainedPro evaluation boards. AWS is also a part of Microchip’s Design Partner Program which provides technical expertise and cost-effective solutions in a timely manner.

PIC32MZ EF MCUs are available starting at $5.48 each in 10,000 unit quantities. The PIC32MZ EF Curiosity board (DM320104) is available for $47.99 each. SAMA5D2 MPUs are available starting at $4.42 each in 10,000 unit quantities. The SAMA5D2 Xplained Ultra board (ATSAMA5D2C-XULT) is available for $150 each. ATECC608A secure elements are available starting at $0.56 each in 10,000 unit quantities. The CryptoAuth Xplained Pro evaluation and development kit (ATCryptoAuth-XPRO-B) is available for $10 each.

Microchip Technology | www.microchip.com

STMicro Adds Amazon FreeRTOS to its IoT MCU Tool Suite

STMicroelectronics has announced its collaboration with Amazon Web Services (AWS) on Amazon FreeRTOS, the latest addition to the AWS Internet of Things (IoT) solution. Amazon FreeRTOS provides everything one needs to easily and securely deploy microcontroller-based connected devices and develop an IoT application without having to worry about the complexity of scaling across millions of devices. Once connected, IoT device applications can take advantage of all of the capabilities the cloud has to offer or continue processing data locally with AWS Greengrass.

ST’s collaboration with AWS speeds designers’ efforts to create easily connectable IoT nodes with the combination of ST’s semiconductor building blocks and Amazon FreeRTOS, which extends the leading free and open-source real-time operating-system kernel for embedded devices (FreeRTOS) with the appropriate libraries for local networking, cloud connectivity, security, and remote software updates.

For the STM32, ST’s family of 32-bit Arm Cortex-M microcontrollers, the modular and interoperable IoT development platform spans state-of-the-art semiconductor components, ready-to-use development boards, free software tools and common application examples. At the official release of Amazon FreeRTOS, a version of the OS and libraries were immediately made available to run on the ultra-low-power STM32L4 series of microcontrollers.

The starter kit for Amazon FreeRTOS is ST’s B-L475E-IOT01A Discovery kit for IoT node, a fully integrated development board that exploits low-power communication, multiway sensing, and a raft of features provided by the STM32L4 series microcontroller to enable a wide range of IoT-capable applications. The Discovery kit’s support for Arduino Uno V3 and PMOD connectivity ensures unlimited expansion capabilities with a large choice of specialized add-on boards.

STMicroelectronics | www.st.com

TI Integrates SimpleLink MCU Platform with Amazon FreeRTOS

Texas Instruments (TI) has announced the integration of the new Amazon FreeRTOS into the SimpleLink microcontroller platform. Amazon Web Services (AWS) has worked with TI in the development of an integrated hardware and software solution that enables developers to quickly establish a connection to AWS IoT service out-of-the-box and immediately begin system development.

TI SimpleLink™ MCU platform now supports new Amazon FreeRTOS (PRNewsfoto/Texas Instruments Incorporated)

TI’s SimpleLink Wi-Fi CC3220SF wireless MCU LaunchPad development kit, which now supports Amazon FreeRTOS, offers embedded security features such as secure storage, cloning protection, secure bootloader and networking security. Developers can now take advantage of these security features to help them protect cloud-connected IoT devices from theft of intellectual property (IP) and data or other risks.

TI offers a broad portfolio of building blocks for IoT nodes and gateways spanning wired and wireless connectivity, microcontrollers, processors, sensing technology, power management and analog solutions, along with a community of cloud service providers, such as AWS, to help developers get connected to the cloud faster.

The SimpleLink MCU platform from Texas Instruments is a single development environment that delivers flexible hardware, software and tool options for customers developing Internet of Things (IoT) applications. With a single software architecture, modular development kits and free software tools for every point in the design life cycle, the SimpleLink MCU ecosystem allows 100 percent code reuse across the portfolio of microcontrollers, which supports a wide range of connectivity standards and technologies including RS-485, Bluetooth low energy, Wi-Fi, Sub-1 GHz, 6LoWPAN, Ethernet, RF4CE and proprietary radio frequencies. SimpleLink MCUs help manufacturers easily develop and seamlessly reuse resources to expand their portfolio of connected products.

Texas Instruments | www.ti.com

MCU Leverages New ARM Security Scheme

STMicroelectronics supports ARM’s new Platform Security Architecture (PSA) in ST’s STM32H7 high-performing microcontrollers. People and organizations are increasingly dependent on connected electronic devices to manage time, monitor health, handle social interactions, consume or deliver services, maximize productivity, and many other activities. Preventing unauthorized interactions with these devices is essential to protecting identity, personal information, physical assets, and intellectual property. As device manufacturers must always innovate to beat new and inventive hacking exploits, PSA helps them implement state-of-the-art security cost-effectively in small, resource-constrained devices.

en.STM32H7_Support_Arm_Security_T3989S_bigST’s STM32H7 MCU devices integrate hardware-based security features including a True Random-Number Generator (TRNG) and advanced cryptographic processor, which will simplify protecting embedded applications and global IoT systems against attacks like eavesdropping, spoofing, or man-in-the-middle interception. In addition, secure firmware loading facilities help OEMs ensure their products can be programmed safely and securely, even off-site at a contract manufacturer or programming house.

To enable secure loading, security keys and software services already on-board the MCU permit OEMs to provide manufacturing partners with already-encrypted firmware, making intercepting, copying, or tampering with the code impossible. This enables programming and authenticating the device to establish the root-of-trust mechanism needed for the device to be connected to the end-user’s network and remotely updated over the air (OTA) to apply security patches or feature upgrades throughout the lifetime of the device.

A member of the STM32H7 series supporting the PSA, the STM32H753 MCU with ARM’s highest-performing embedded core (Cortex-M7) delivers a record performance of 2020 CoreMark/856 DMIPS running at 400MHz, executing code from embedded Flash memory. Additional innovations and features implemented by ST further boost performance. These include the Chrom-ART Accelerator for fast and efficient graphical user-interfaces, a hardware JPEG codec that allows high-speed image manipulation, highly efficient Direct Memory Access (DMA) controllers, up to 2 MB of on-chip dual-bank Flash memory with read-while-write capability, and the L1 cache allowing full-speed interaction with off-chip memory.

Multiple power domains allow developers to minimize the energy consumed by their applications, while plentiful I/Os, communication interfaces, and audio and analog peripherals can address a wide range of entertainment, remote-monitoring and control applications. The STM32H753 is in production now, priced $8.90 for orders or 10,000 pieces.

STMicroelectronics | www.st.com

MCU Delivers Enhanced Security for Connected Devices

Renesas Electronics has announced the expansion of its RX65N/RX651 Group microcontroller lineup that addresses advanced security needs for connected devices operating in industrial automation, building automation, and smart metering systems. The expanded lineup features MCUs with integrated Trusted Secure IP, and enhanced, trusted flash functionality and human-machine interface (HMI) for industrial and network control systems.

2017113-rx65n-rx651-securityThe expansion of devices operating at the edge of the Industrial Internet of Things (IIoT) has increased system manufacturers’ need for secure network connectivity and reliability, including secure on-the-go firmware updates. The expanded RX65N/RX651 devices support these evolving security and reprogrammability needs, offering integrated Trusted Secure IP, enhanced flash protection, and other technology advancements to create a secure and stable integrated solution far above others in the market, as proven by the Cryptographic Algorithm Validation (CAVP) certification. In turn, these security advancements enable seamless flash firmware updates in the field through secure network communications.

The new MCUs expanded with enhanced security features are based on the high-performance RXv2 core and a 40nm process, which provide strong power efficiency for CPU operation at 4.55 Core Mark/MHz. Integrating the Trusted Secure IP into the new MCUs enables system control engineers to realize high root-of-trust levels for device operation through a combination of three new features:

  •    Protect encryption key by Trusted Secure IP
  •    Integration of encryption hardware accelerators including AES, 3DES, SHA, and      TRNG as part of Trusted Secure IP
  •    Protect boot code by area of Flash

The Trusted Secure IP received the CAVP certification, which ensures the customer will use a device with a high security level.

Renesas has optimized the new RX65N/RX651 MCUs for connected industrial environments. The new MCUs offer network connectivity and HMI support that makes it possible to:

  •     Monitor the operating state of machinery from both inside and outside the factory
  •     Exchange data for making changes to production instructions
  •     Reprogram the MCU’s memory to update equipment settings

Design engineers are often asked to integrate small thin-film-transistor (TFT) displays into their IoT edge devices or system control applications. These displays allow users to monitor machine behavior through a modern low-cost HMI solution. The RX65N/RX651 is an ideal solution for controlling these displays as it features an embedded TFT controller and an integrated 2D graphic accelerator to provide advanced graphics features and high-performance applications. Selecting a WQVGA display size allows the large 640 KB of on-chip RAM to be used as display frame buffer, which saves external RAM, ensuring a cost-optimized design.

Compared with other IoT devices, industrial applications are designed for long-term operation, which involves unique and sometimes challenging requirements, such as firmware updates in the field. The new RX65N/RX651 MCUs feature dual bank flash integration supporting both BGO (Back Ground Operation) and the SWAP function, making it easier for system and network control manufacturers to execute in-the-field firmware updates securely and reliably.

Firmware Integration Technology (FIT) is a holistic concept that emphasizes the embedded peripheral function module drivers and portability improvement between the RX65N/RX651 MCUs. The technology aims to lighten the burden of program development and resource management in software development using the entire family of RX MCUs. FIT provides a common application program interface for peripheral drivers and middleware for RX family, based on a solid Board Support Package, which controls the common information for these functions like initial MCU, clock, and board settings. FIT is available for all RX devices and fully integrated into the development environment.

Renesas has expanded its robust RX tool infrastructure to help engineers jump start their development work. The new Envision Kit provides an evaluation environment that allows engineers to easily benchmark MCU performance and start developing their own software. The new RX65N Renesas Starter Kit (RSK) includes a development board with MCU, display, on-chip debugger, trial Renesas C compiler and Integrated Development Environment (IDE), enabling engineers to get their evaluations and development up and running within a matter of minutes. To jumpstart their display designs, RX users can also leverage several ecosystem partner tools, including easy-to-use graphic GUI tools.

The expanded RX65N/RX651 MCUs, Renesas RX65N Starter Kit, and Envision Kit are available now

.Renesas Electronics | www.renesas.com

ARM-based SoC Targets Net Acceleration

NXP Semiconductors has announced the highest performance member of its Layerscape family, the LX2160A SoC. The LX2160A is specifically designed to enable challenging high-performance network applications, network edge compute, and data center offloads. Trusted and secure execution of virtualized cloud workloads at the edge is driving new distributed computing paradigms.

LX2160AThe LX2160A features sixteen high-performance Arm Cortex-A72 cores running at over 2 GHz in a sub 30 W power envelope, supporting both the 100 Gbit/s Ethernet and PCIe Gen4 interconnect standards. In addition, it provides L2 switching at wire rate and includes acceleration for data compression and 50 Gbit/s IPSec cryptography.

NXP supports and drives the rich ARM ecosystem for virtualization, building on the foundations of open source projects for cloud and network function virtualization including Open Daylight, OpenStack, and OP-NFV. NXP Arm processors incorporate hardware for virtualization technologies such as KVM and Linux containers and hardware acceleration of network virtualization. NXP also supports industry-standard APIs for virtualization, including DPDK, OVS, and Virtio, and standard enterprise Linux distributions, such as Debian and Ubuntu. Silicon samples and a reference board will be available in Q1 2018.

NXP Semiconductors | www.nxp.com

CENTRI Demos Chip-to-Cloud IoT Security on ST MCUs

CENTRI has announced compatibility of its IoTAS platform with the STMicroelectronics STM32 microcontroller family based on ARM Cortex-M processor cores. CENTRI successfully completed and demonstrated two proofs of concept on the STM32 platform DJDTab0VoAAB_sKto protect all application data in motion from chipset to public Cloud using CENTRI IoTAS. CENTRI Internet of Things Advanced Security (IoTAS) for secure communications was used in an application on an STM32L476RC device with connected server applications running on both Microsoft Azure and Amazon Elastic Compute Cloud (Amazon EC2) Clouds. The proofs of concept used wireless connections to showcase the real-world applicability of IoT device communications in the field and to highlight the value of IoTAS compression and encryption.

IoTAS uses hardware-based ID to establish secure device authentication on the initial connection. The solution features patented single-pass data encryption and optimization to ensure maximum security while providing optimal efficiency and speed of data transmissions. The small footprint of IoTAS combined with the flexibility and compute power of the STM32 platform with seamless interoperability into the world’s most popular Cloud services provides device makers a complete, secure chip-to-Cloud IoT platform. CENTRI demonstrated IoTAS capabilities at the ST Developers Conference, September 6, 2017 at the Santa Clara Convention Center.

STMicroelectronics | www.st.com

Breaking a Password with Power Analysis Attacks

Breaking a Password with Power Analysis Attacks

In his previous column, Colin showed how timing attacks could be used to break a password check. This article brings out a more advanced type of attack called a power analysis attack, which exploits small leaks about internal states of a microcontroller to recover the password.

By Colin O’Flynn

Article originally published in Circuit Cellar June 2017, Issue #323

Last month, I introduced a type of attacks on embedded systems called power analysis attacks. I used these to attack a simple PIN code check, where the power analysis attack told us what steps the code was performing. This was possible because different instructions had unique signatures we could see in a detailed measurement of the power of the device as it was performing operations. I won’t replicate the hardware setup I discussed in the previous column, but again the example figures here will be measured on my open-source ChipWhisperer-Lite platform.

I’ll be returning to the PIN code check I have in Listing 1. This code uses an XOR of the input PIN code (could be a password or anything else) with the correct code. If the input and correct code are the same value, the result of all the XORs will be zero. If a single bit differs, the XOR will output a 1 for that bit. The accumulating OR circuit will then keep that bit set to “1” for the remainder of the comparisons.

int check_pin( uint8_t entered_pin[]){
 uint8_t correct_pin[4] = {1,2,3,4};

 uint8_t pin_fail = 0;

 for (int i = 0; i < 4; i++){
 pin_fail |= correct_pin[i] ^ entered_pin[i];
 }
 
 if(pin_fail){
 return 0;
 } else {
 return 1;
 }
}
Listing 1
This password check code came from my previous column, as it was written to avoid timing attacks. We’re going to use a more advanced type of attack in this column to break the code.

BACKGROUND
Let’s begin with a little background. Consider a digital device like our microcontroller. Internally, it has a data bus, which moves data from one section (e.g., a register) to another section (e.g., the arithmetic logic unit, or ALU).

Is there some way an external observer could detect details of that data? It turns out there might be, and it might be a lot easier than you expect. That data bus contains a number of lines, which we can model as capacitors. Changing the logic state of those lines is the same as changing the voltage on those lines, as in Figure 1.

OFlynn #323 - Figure 1

Figure 1
Changing the voltage on an internal data bus is equivalent to charging or discharging a capacitor, something that takes a tiny amount of energy.

While changing the voltage on a capacitor takes energy—a tiny amount of energy—but it still physically requires a little bit of power. When four data lines change from a 0 to a 1 state, it actually takes more power than when only one of the data lines change state. And when it comes to a microcontroller, as we make a more complete picture, things get even easier for us. Most buses on microcontrollers use a precharge state, which you can consider a state partway between a 0 and a 1.

To transfer data on the bus, the bus goes from this intermediate state, to the final state, and then back to the intermediate state. What this means for us is the amount of power consumed may depend not on the difference between number of bits set in the data, but in fact just on the number of bits in the data. For example, if you transfer 0xFF on the data bus, you’ll see a slightly higher spike at that instant in time than if you transferred 0x00 on the data bus. This probably still seems a little abstract, so let’s keep working and see two different ways this can be used to break the XOR code of Listing 1.

DPA ATTACK
The first attack I’ll discuss will be the “classic” differential power analysis (DPA) attack, which was published by Paul Kocher, Joshua Jaffee, and Benjamin Jun in the paper entitled “Differential Power Analysis” around 1999. For this attack to work, assume we have a method of sending in a four-digit guess for the pin-code of Listing 1, and we can trigger such that we can record the power consumption around when the XOR is happening. We don’t need to guarantee we get the exact moment; just that we know roughly when the XOR test is happening. Practically, this can be pretty easy. You know at some point after sending the input data the XOR will happen, so you just need to record a section of power after sending the input data.

Next, assume we could send a bunch of wrong guesses. For each wrong guess, we record the guess and the power trace of the system processing this guess. Figure 2 shows a number of such power traces overlaid on each other. Notice that the traces are mostly uniform, but certain small areas seem to have minor differences.

OFlynn-323-F2

Figure 2
An example power trace as the code in Listing 1 is executed an a XMEGA device.

Next, we’ll do the most important part, which is to take the power traces and move them into two groups. Our attack will work by looking at a single bit of the secret pin at a time. Let’s say we want to get the value of byte 0, bit 0. Taking our set of known inputs and associated power traces, we can split them into two groups—one where byte 0, bit 0 is “0” and one where that same bit is “1.” We’ll take the average of these two groups to end up with two traces. Finally, taking the difference between these “average” traces (a difference of means) tells us specifically where the amount of power varied for each operation.

What has all this fuss accomplished? First off, we’d expect to see a very small spike in power consumption at the point that byte 0 is manipulated. If bit 0 of byte 0 is “1,” it will take a tiny bit more power than when that bit is “0.” “But what about the other bits?” you might ask, as they are also being flipped. The rest of the bits are set to random values, so the average of them should be the same between the two groups. The only difference between those groups was the value of byte 0, bit 0. And it’s that bit we are concentrating on.

Then there will be a second spike, as the “correct” PIN code is a constant that will basically either flip (if the bit of the pin-code is “1”) or not flip (if the bit of the PIN code is “0”) that spike. This is shown in Figure 3, where the bit of the secret key is “1,” so we see two opposite polarity spikes. These are from real measurements performed on Listing 1 running on an Atmel XMEGA microcontroller measured with my ChipWhisperer-Lite. These tiny differences are clear as day—it might seem impossible from the text, but it works in real life!

OFlynn-323-F3

Figure 3
This shows the power difference when attacking a single bit of a password byte. I’ve averaged two groups of traces and subtracted them to see the difference between the groups. See Listing 2 for the code that generated this plot.

And as in my other article, I encourage you to try this yourself. This is something you can measure with a regular oscilloscope and using a shunt resistor in the voltage line of a microcontroller, as discussed in my April 2017 column.

If you need a hint, the code in Listing 2 shows a simple Python listing that performs this splitting of an array of data into two groups, averages them, does the difference, and plots this for you. This will give the value of a single bit of the secret key.

from chipwhisperer.common.api.CWCoreAPI import CWCoreAPI
from matplotlib.pylab import *

cwapi = CWCoreAPI()
cwapi.openProject(‘xortest_1000.cwp’)

tm = cwapi.project().traceManager()
number_traces = tm.numTraces()

zerolist = []
onelist = []

for tnum in range(0, number_traces):
 entered_pin = tm.getTextin(tnum)
 trace_data = tm.getTrace(tnum)

 #Get value of bit 1 in data we sent
 bit_value = entered_pin[0] & 0x02
 
 #Seperate into group based on bit value
 if bit_value:
 onelist.append(trace_data)
 else:
 zerolist.append(trace_data)
 
#Take mean of both groups of traces
one_mean = np.mean(onelist, axis=0)
zero_mean = np.mean(zerolist, axis=0) 

#Get difference
diff = one_mean - zero_mean

plot(diff)
Listing 2
This Python code performs a single-bit DPA attack, by attempting to determine the value of bit 0 of the key. The resulting plot is given in Figure 3.

BREAKING A REAL SYSTEM
Moving from that single-bit break to a real system requires little more than taking the same power traces, and iterating through each bit and byte to recover the complete value. You’ll be able to get the entire PIN code (or password) out of the system, even though there appears to be no timing or similar errors.

As a test, we can do this for the case where we know the “secret key.” I’ve done this for Byte 0 in Figure 4, where you can see all the bits with a certain state have a positive power difference, and all the bits with the opposite state have a negative power difference. The red and blue coloring is only possible as I know the secret key, if I hadn’t known it we would recover it based on the difference direction.

OFlynn-323-F4

Figure 4
This shows differences for all 8 bits of a guessed password byte, where red power traces are bits where the value of the key-bit ‘0’, and blue power traces are values of the key are ‘1’. You can see all the bits of each value go in opposite directions.

A complete attack is shown in Listing 3. Note that I just consider a single point to determine if the bit is a “0” or a “1.” This point moves for each byte. Because this is an 8-bit microcontroller, the byte moves further in time every 8 bits that are processed. If I had a 32-bit microcontroller then it could have processed 4 bytes at once, for example. But looking at the difference traces (such as in Figure 3) helps you determine where exactly to look for a large difference, even if you don’t know much about the device you are attacking or how the code works. The only tricky part is getting a nice trigger. In many systems, this can be done by triggering on the communication line. For example, if you have a UART protocol to send the password, you can trigger when you see the last byte go over the UART.

from chipwhisperer.common.api.CWCoreAPI import CWCoreAPI
from matplotlib.pylab import *

cwapi = CWCoreAPI()
cwapi.openProject(‘xortest_1000.cwp’)

tm = cwapi.project().traceManager()
number_traces = tm.numTraces()

for byte in range(0, 4):
    recovered_byte = 0
    for bit in range(0, 8):
        zerolist = []
        onelist = []
        for tnum in range(0, number_traces):
            entered_pin = tm.getTextin(tnum)
            trace_data = tm.getTrace(tnum)
            
            #Get value of bit in input guess for this trace            
            bit_value = entered_pin[byte] & (1<<bit)
            
            #Seperate into group based on bit value
            if bit_value:
                onelist.append(trace_data)
            else:
                zerolist.append(trace_data)
        #Take mean of all traces where one, all traces where zero
        one_mean = np.mean(onelist, axis=0)
        zero_mean = np.mean(zerolist, axis=0)        
        #Get difference
        diff = one_mean - zero_mean
        
        #Based on our graphical plotting, we identified point 129 in byte 0
        #and that point occurs 92 samples later in each successive byte
        print “byte %d, bit %d = “%(byte, bit),
        if diff[129 + 92*byte] < 0:
            print “0”            
        else:
            print “1”
            recovered_byte |= (1<<bit)
    print “Guess for byte %d: 0x%02x”%(byte, recovered_byte)
}
Listing 3
This is Python code for breaking complete system iterates through the test done in Listing 2. (See text for details.)

You can even get fancy by triggering on patterns in the analog waveform. Certain oscilloscopes provide this capability, and it’s possible with custom hardware such as I built for the ChipWhisperer-Pro (a higher-end version of the same capture hardware). But in most practical cases it’s enough to trigger on communication lines that are already present. The open-source ChipWhisperer software I’m using here also has capabilities to resynchronize traces with some “jitter” in them by looking for patterns that appear in both traces and lining them up.

Hopefully, this article has opened your eyes to how it’s possible to attack real systems using side-channel power analysis. This is just the tip of the iceberg for advanced hardware attacks that are possible, and I’ll be sharing more of these with you in the coming columns.

If you want more detailed examples, I’ll link them from a blog post for this article on oflynn.com, but they are all part of the open-source ChipWhisperer project. I’m creating some unique examples for my columns here, but the overall goals will be the same.

Read this article in the June #323 issue of Circuit Cellar

Stay informed, subscribe today:

 

Single issues can be purchased in the  CC-Webshop

PC/104-Plus SBC Features On-Board TPM Security

Versalogic is now shipping the “Liger”-a new high-performance PC/104-Plus single board computer (SBC). Based on Intel’s Kaby Lake processor, Liger combines high performance processing and high performance video with moderate power consumption (12 to 14 W typical). It features hardware-level security using an on-board Trusted Platform Module (TPM) security chip, and backwards compatibility with systems using PC/104-Plus (ISA or PCI) expansion.

PR_EPM-43_HI

Liger is designed for applications which require extreme CPU and video processing performance in a compact 108 x 96 mm (4.3 x 3.8″) PC/104 footprint.The Liger’s on-board TPM security chip can lock out unauthorized hardware and software access. It provides a secure “Root of Trust” processing environment for defense, medical, and industrial applications that require hardware-level security functions. Additional security is provided through built-in AES (Advanced Encryption Standard) instructions.

Versalogic | www.versalogic.com

NXP to Make Security Chips in its US Facilities

NXP Semiconductors has announced a $22 million dollar program that expands its operations in the United States, enabling the Company’s US facilities to manufacture security chips for government applications that can support critical US national and homeland security programs. Upon completion of the expansion project, NXP facilities in Austin, TX and Chandler, AZ will be certified to manufacture finished products that exceed the highest domestic and international security and quality standards.

NXP_logo_RGB_web

NXP R&D manufacturing facilities in San Jose, Austin and Chandler have also undergone a thorough security site certification process to produce Common Criteria EAL6+ SmartMX microcontroller family products. Common Criteria is an international set of guidelines and specifications developed for evaluating information security products to ensure they meet a rigorous security standard for government deployments.

NXP’s SmartMX microcontroller platform is designed for highly secure and fast data transactions. It is ,a proven solution for contact, contactless and dual interface applications. with over six billion ICs deployed in the field. It secures transactions for over one-third of chip-based payment cards in circulation, serving banks all over the world.

More SmartMX info:

  • It serves as the core component in a variety of digital identity schemes and is deployed in nearly 120 out of 145 countries implementing e-Government programs.
  • Used in many sovereign electronic documents such as ePassports, citizen cards, national ID cards, driving licenses, social security cards and health cards.
  • SmartMX is the 6th generation in the market, with NXP holding the most security certificates in the industry.
  • It is the preferred technology for the secure element of NFC-enabled phones.

 

NXP Semiconductors | www.nxp.com

The Future of IoT Security

By Haydn Povey

Unlimited opportunity. That’s what comes to mind when I think about the future of the Internet of Things (IoT). And, that is both a blessing and a curse.

As the IoT proliferates, billions of cloud-connected devices are expected to be designed, manufactured, and deployed over the next decade. Our increasingly connected world will become hyper-connected, transforming our lives in ways we likely never thought possible. We will see smarter cities where the commuter is automatically guided, smarter farming where livestock health is individually monitored with on-call veterinary services, smarter healthcare to reduce the spiraling costs, integration between smart white goods and utilities to manage grid loading, and the integration of smart retail and personal assistant AI to provide a “curated” shopping experience. That future is limitless and exciting. But it is also frightening. We have already seen the headlines of how attacks have impacted businesses and people with valuable data being stolen or ransomed. It is widely believed the attacks are just starting.

Devices—not often seen as likely hacking targets—now have the potential to be weaponized. No one wants a device or application that is prone to hacking or theft. Hacks, malware, and IP theft have a significant dollar cost and can destroy corporate brands and reputations. And these devices may have extended lifecycles of decades. And a “secure” connected device does not guarantee a secure system. All too often, security has been an after-thought in the development of systems.

Hardware, software, communications, and communications protocol, device commissioning, applications layers, and other systems considerations all could impact security of a device and its data. The future of IoT must see security become an integral part of the design and deployment process, not merely an after-thought or add-on.

Delivering security-orientated embedded systems is a major challenge today. It will take a strong ecosystem and the development of a “supply chain of trust” to deliver truly secure product creation, deployment, and lifecycle management for the rapidly evolving IoT marketplace.

Security needs to be architected into devices from the moment of inception. In addition, it needs to be extended across the supply chain, from security-orientated chips through to manufacturing and management for the lifecycle of the product.

To deliver secure manufacturing and ensure no malware can be injected, cold and hard cryptography principles must be relied upon to ensure solutions are secured. Security principles should be embedded in every aspect of the system from the delivery of secure foundations in the silicon device, through to the secure mastering and encryption of the OEM codebase to ensure it is protected. The programming and manufacturing stages may then freely handle the encrypted code base, but the utilization of secure appliances, which integrate high-integrity and high-availability hardware security modules, enables secure enclaves to be integrated into the process to manage and orchestrate all key material. Furthermore, the ability to encrypt applications within the development process and subsequently decrypt the images in place within the device is a critical to securing the intellectual property.

While simple in theory, there are multiple aspects of a system that must be secured, encompassing the device, the mastering of the application, the handling and sharing of the keys, and the loading of the application on to the device. The only real solution is to develop a “zero trust” approach across the supply chain to minimize vulnerabilities and continually authenticate and individualize deliverables as far as possible.

While this integrated approach cannot resolve all aspects of counterfeiting, it does mark a key rallying point for the industry, and finally enables the industry to start to draw a line under the mass counterfeiting and over-production of devices. And all stakeholders in the process—including device platform providers, OEMs, programming centers, contract manufacturers, end users, security experts, and standards bodies—must do their parts to make cyber-secure programming and manufacturing ubiquitous, easy to use, and easily adoptable.

As I said, the future of IoT holds limitless opportunity, and that will drive new solutions. There will be new business models and new ecosystems. The threats are real, and the cost of failure could be astronomical. So, for the future of IoT to be bright, it must start with security.

This article appears in Circuit Cellar 324.

Haydn Povey [Headshot - Colour]Haydn Povey is the Founder/CEO of Secure Thingz, a company focused on developing and delivering next-generation security technology into the Internet of Things (IoT) and other connected systems. He also currently sits on the Executive Steering Board of the IoT Security Foundation. Haydn has been in senior management at leading global technology companies for more than 20 years, including 10 years in senior marketing and business development roles at ARM.