Enabling Secure IoT
Embedded systems face security challenges unlike those in the IT realm. To meet those needs, microcontroller vendors continue to add ever-more sophisticated security features to their devices—both on their own and via partnerships with security specialists.
By Jeff Child, Editor-in-Chief
For embedded systems, there is no one piece of technology that can take on all the security responsibilities of a system on their own. Indeed, everything from application software to firmware to data storage has a role to play in security. That said, microcontollers have been trending toward assuming a central role in embedded security. One driving factor for this is the Internet-of-Things (IoT). As the IoT era moves into full gear, all kinds of devices are getting more connected. And because MCUs are a key component in those connected systems, MCUs have evolved in recent years to include more robust security features on chip.
That trend has continued over the last 12 months, with the leading MCU vendors ramping up those embedded security capabilities in a variety of ways—some on their own and some by teaming up with hardware and software security specialists.
Built for IoT Security
Exemplifying these trends, Microchip Technology in June released its SAM L10 and SAM L11 MCU families (Figure 1). The devices were designed to address the increasing risks of exposing intellectual property (IP) and sensitive information in IoT-based embedded systems. The MCU families are based on the Arm Cortex-M23 core, with the SAM L11 featuring Arm TrustZone for Armv8-M, a programmable environment that provides hardware isolation between certified libraries, IP and application code. Security features on the MCUs include tamper resistance, secure boot and secure key storage. These, combined with TrustZone technology, protect applications from both remote and physical attacks.
In addition to TrustZone technology, the SAM L11 security features include an on-board cryptographic module supporting Advanced Encryption Standard (AES), Galois Counter Mode (GCM) and Secure Hash Algorithm (SHA). The secure boot and secure key storage with tamper detection capabilities establish a hardware root of trust. It also offers a secure bootloader for secure firmware upgrades.
Microchip has partnered with Trustonic, a member of Microchip’s Security Design Partner Program, to offer a comprehensive security solution framework that simplifies implementation of security and enables customers to introduce end products faster. Microchip has also partnered with Secure Thingz and Data I/O Corporation to offer secure provisioning services for SAM L11 customers that have a proven security framework.
Likewise focusing on IoT security, NXP Semiconductor in February announced its K32W0x wireless MCU platform. According to NXP, it’s the first single-chip device with a dual-core architecture and embedded multi-protocol radio. It provides a solution for miniaturizing sophisticated applications that typically require a larger, more costly two-chip solution. Examples include consumer devices such as wearables, smart door locks, thermostats and other smart home devices.
The K32W0x embeds a dual-core architecture comprised of an Arm Cortex-M4 core for high performance application processing and a Cortex-M0+ core for low-power connectivity and sensor processing. Memory on chip includes 1.25 MB of flash and 384 KB of SRAM. Its multi-protocol radio supports Bluetooth 5 and IEEE 802.15.4 including the Thread IP-based mesh networking stack and the Zigbee 3.0 mesh networking stack.
Features of the K32W0x’s security system include a cryptographic sub-system that has a dedicated core, dedicated instruction and data memory for encryption, signing and hashing algorithms including AES, DES, SHA, RSA and ECC. Secure key management is provided for storing and protecting sensitive security keys (Figure 2). Support is enabled for erasing the cryptographic sub-system memory, including security keys, upon sensing a security breach or physical tamper event. The device has a Resource Domain Controller for access control, system memory protection and peripheral isolation. Built-in secure boot and secure over-the-air programming is supported to assure only authorized and authenticated code runs in the device.
To extend the on-chip security features of the K32W0x MCU platform, NXP has collaborated with B-Secur, an expert in biometric authentication, to develop a system that uses an individual’s unique heart pattern (electrocardiogram/ECG) to validate identity, making systems more secure than using an individual’s fingerprint or voice.
IP Boosts Security
For its part, Renesas Electronics addressed the IoT security challenge late last year when it expanded its RX65N/RX651 Group MCU lineup. …
Read the full article in the October 339 issue of Circuit Cellar
Don’t miss out on upcoming issues of Circuit Cellar. Subscribe today!