The new world of the Internet of Things (IoT) and ubiquitous computing has created both opportunities and problems, usually related to the aforementioned opportunities. There has been a tremendous explosion in cloud-based services, and everybody's trying to put some level of accessibility in their devices, which can make for a tremendous security nightmare. In order to address it properly, it is important to not only secure the software, but the underlying hardware as well.
There are concerns about things like equipment hijacking, data theft and corruption, and ransomware, among others. This is especially concerning in critical applications in medicine, transportation and industrial processes. People are coming to the realization that the vast majority of hardware is unsecured, as designers are looking for solutions that will allow them to lockdown the hardware. Where it was once acceptable to address security almost completely with software, it has gotten to the point where the device itself has to be intrinsically secure.
A Matter of Trust
One of the emerging solutions is based on the concept of Hardware Root-of-Trust, where you have a device that can securely boot itself, forming the foundation for security in the rest of the system. Having an inherently secure FPGA goes a long way to solving hardware security issues, as it is the first-on and last-off device. Such secure processors have their own device-specific private keys to encrypt code and data. A hardware root of trust enables an engineer to incorporate security at the design phase.
One example of such a secure device is the MachX03D FPGA from Lattice Semiconductor that can protect and recover itself and other components from unauthorized firmware access, from the point of manufacturing all the way to the system’s end of life (Figure 1). By integrating security and system control functions, the MachXO3D becomes the first link in a chain of trust that protects entire systems.
As the MachXO3D boots up, it checks its boot configuration to make sure that it's been appropriately signed by an authorized developer, and if it doesn't detect that, it will switch over to a second boot image, check that, and then boot up. Its embedded security block provides a variety of security-related capabilities supporting secure systems, like AES encryption, and a Secure Unique ID so each of the parts can be securely identified and authenticated.
Features include 4K and 9K look-up tables for implementing logic that configures at power-up from on-device flash memory, and an embedded security block that provides pre-verified hardware support for cryptographic functions such as ECC, AES, SHA, PKC and Unique Secure ID. An embedded secure configuration engine ensures only FPGA configurations from a trusted source can be installed, and dual on-device configuration memories enable fail-safe reprogramming of component firmware in the event of compromise.
On Common Ground
Our growing Cloud-enabled networked society is approaching common standards, interfaces, and languages for all of the different things, devices and application spaces involved. When it comes to security, a standard recently released by the NIST (National Institute for Science and Technology) called Platform Firmware Resiliency, Standard Number 800-193, is a series of guidelines for people to develop on their platforms where all of the firmware is secure.
These guidelines cover the fundamental hardware and firmware components needed to boot and operate a secure system, describing the security mechanisms needed to detect and protect against unauthorized changes, and securely recover from attacks quickly. In addition to using these guidelines to create an optimal security mechanism, system administrators and others can use the information to guide their procurement strategies and plans for future products and services.
The ability to create a secure block for a trust platform is all well and good, but what if the tampering occurs on the assembly line? Manufacturers should already be practicing operational security, to prevent theft of both property and IP, but the need for secure processes in product manufacturing is more important now than ever before.
Among the companies addressing this need is Microchip Technology, who was the first to field a pre-provisioned manufacturing solution providing secure key storage using the ATECC608A secure element. Microchip’s Trust Platform for its CryptoAuthentication family consists of a three-tier offering of pre-provisioned, pre-configured, or fully customizable secure elements (Figure 2).
Offering on-demand secure authentication for mass-market applications, Trust&GO, the first level, provides drop-in pre-provisioned secure elements, with pre-programmed device credentials. The units are shipped and locked inside the ATECC608A for automated cloud or LoRaWAN authentication onboarding. At the same time, the corresponding certificates and public keys are delivered in a downloadable file.
The next level up, TrustFLEXv, offers the flexibility to use the customers’ certificate authority of choice while still benefiting from pre-configured use cases. For those who want to entirely customize their products, TrustCUSTOM enables customer-specific configuration capabilities and custom credential provisioning. The ATECC608A provides the Common Criteria Joint Interpretation Library “high”-rated secure key storage.
Modern electronic security in our person and products is an issue that even the average user is beginning to understand. Being able to trust the secure operation of our devices, and the data they exchange with the world, is a key infrastructure capability for safe communications and commerce. The ability to create fundamentally secure devices that can be trusted to perform any function is critical to the continued growth of our information-based society.