Advances in semiconductor technology are making it more difficult to embed Flash memory in an MCU that includes a Hardware Security Module (HSM) as process geometries continue to shrink driving the need for external Flash. When Flash is external to the MCU, the stored code and data become more vulnerable to attack, making it critical for devices to be designed with a secure boot process and other infrastructure that ensures content stored and retrieved can be trusted.
This article series explores the design challenges and security requirements for next-generation secure devices as Flash memory moves off the HSM in the MCU, ideally remaining a hardware-based root-of-trust. Additional topics covered include cryptographically secure storage, fast secure bootup, secure Firmware Over-The-Air updates and regulatory compliance.
The Importance of Security in a Connected World
In an increasingly embedded and connected world, security is becoming critical. Every embedded system expands the attack surface, making everything from appliances and vehicles to offices and factories more vulnerable to attacks. In certain applications, such as automotive electronics and industrial systems, functional safety rises to a mission-critical level.
Design engineers are well aware that the growing concern about security and privacy has become a major factor in buying decisions. Gone are the days when consumers and companies readily adopted new technology. Reluctance has now replaced confidence, making it necessary for every vendor to provide some level of assurance that its products and services are secure. Governments share this same concern and are now imposing regulations that require vendors to implement various security provisions, sometimes being subjected to penalties for failing to do so.
Design engineers may also be aware that making embedded systems secure is about to become more difficult. The reason is that, as the MCUs get more powerful to handle sophisticated, real-time applications, they are migrating to smaller geometry CMOS technology (e.g. 16 nanometers or 7nm). But at these geometries, there is currently no reprogrammable non-volatile memory (NVM) technology available. This is leading to the dis-integration of eFlash (Flash embedded inside the MCU), which has been providing an inherently secure architecture, and in favor of external Flash, which will require special provisions to ensure secure operation.
The Dis-integration of Flash
To address growing security concerns, silicon vendors have been integrating Hardware Security Module (HSM) functionality inside the MCU. The HSM exists within a secure processing environment that contains a hardware-based root-of-trust for securing sensitive data, processor state, bootloader, cryptographic keys and code for application-specific security services. The embedded memory (eFlash and RAM) is also part of the trusted boundary inside the secure processing environment, making it sufficiently secure against common threats.
Off-chip memory, such as external Flash, is not inherently trustworthy and may be vulnerable to persistent attacks. Security measures are normally taken to encrypt the data in the external Flash, which is then decrypted and authenticated by downloading code from external Flash to the MCU’s internal RAM prior to code execution. While this approach is sufficiently robust to protect against most attacks, it leads to performance degradation (a potential problem at boot time) and higher cost (by requiring more internal RAM and more power). The system may even still be prone to persistent attacks (e.g. rollback attacks).
As MCUs migrate to advanced technology nodes for higher performance, better price/performance and lower power consumption, the dis-integration of Flash potentially creates a greater exposure to threats. This has the effect of bringing back some trusted memory challenges that were previously overcome, in whole or in part, by eFlash. In addition, the increased threat environment caused by the proliferation of embedded systems also creates new challenges that are made more difficult to overcome when using external Flash.
The key threats from that need to be addressed to make external Flash secure include:
· Impersonating authorized transactions to/from Flash devices
· Tampering with the contents of the Flash device
· Replaying transactions to rollback contents of the Flash device
· Obtaining keys during provisioning in an unsecure facility
· Snooping (man-in-the-middle) attacks during transactions to/from Flash devices
· Disclosing (obtaining or observing) contents of Flash device and keys through side channel attacks or fault injection
· Electronically compromising the integrity of Flash devices
· Cloning of the Flash devices
In order to address these and other threats to an external Flash device, effectively making it part of the trusted boundary of a secure processing environment, it is necessary for the device to provide these three capabilities:
· A hardware-based root-of-trust to prevent the modification, manipulation, copying or other potential impact of an attack on the code and/or data stored
· Secure updates from the MCU or the cloud enabled by a combination of end-to-end protection through authenticated and encrypted transactions via the bus, secure regions with read/write access methods, secure key storage space, and non-volatile monotonic counters
· Low cost with no requirement for additional security devices (e.g. a Trusted Platform Module) and no change to circuit boards, including with support for the Quad Serial Peripheral Interface
Figure 1 shows how secure Flash provides all three of the above capabilities. In effect, secure Flash extends the HSM functionality integrated with the MCU’s embedded Flash externally via a standard bus. Note also how the secure Flash replaces the ordinary NOR Flash, enabling use of existing circuit boards.
It is worth noting some advantages to using external Flash, beginning with the ability to more readily accommodate growing code size. The standard Flash socket sizes commonly used in embedded systems can support one Gigabit (1Gb) or more of storage—considerably more than is feasible with eFlash. External Flash also offers room for more CPU cores/capacity to accommodate the more intensive and increasingly real-time processing required for sophisticated technologies such as machine learning and artificial intelligence. Together these changes make it possible to simplify design effort and accelerate time-to-market when offering different models to better meet a range of needs based on price, performance or other criteria.
In part 2, we’ll cover the design of secure embedded systems using external Flash.
ABOUT THE AUTHOR
Sandeep Krishnegowda is marketing and applications director of the Flash Business Unit at Cypress Semiconductor Corp. He has worked in Cypress’ memory products division for more than ten years in a variety of engineering, management and marketing roles. He earned an MS in Electronics and Communication from Rensselaer Polytechnic Institute and a BE in Electronics and Communication from Visvesvaraya Technological University.