IoT security: Challenges and solutions

The number of connected devices worldwide is projected to nearly quadruple, from 15.1 billion in 2023 to over 29 billion IoT devices in 2030, according to a Statista report. Chipmakers are tackling potential threats in the IoT ecosystem with hardware security technologies like secure elements (SEs), trusted execution environments (TEEs) and secure microcontrollers (MCUs). They also emphasize the importance of industry efforts, such as PSA Certified, in enhancing IoT security.

With the increasing number of connected devices, there is a growing concern about their security and the data they handle. It is critical to have strong security measures in IoT systems to protect privacy, secure sensitive data and prevent severe breaches.

Challenges in IoT security

Securing IoT devices is challenging because of the variety and number of connected devices in an IoT ecosystem and their limited resources. Due to their constrained processing power and memory, embedded systems in IoT devices are prone to security vulnerabilities, including buffer overflows, code injection and weak authentication methods.

Because they gather extensive data, from personal health details to confidential industrial information, IoT devices are subject to data privacy concerns. Ensuring the security of this data is crucial for upholding user privacy and trust by preventing illegal access, interception and misuse.

Moreover, managing the lifecycle of devices is essential for IoT systems, as software and firmware updates are necessary to address newly identified vulnerabilities over extended periods. Managing upgrades in various IoT implementations can be difficult, resulting in devices running old and vulnerable software.

In addition, IoT devices placed in uncontrolled settings, such as smart infrastructures and industrial control systems, are at risk of physical tampering and theft, which increases security vulnerabilities.

Figure 1: Secure hardware technologies for IoT encompass a range of features, including SEs, HSMs, TPMs and TEEs. (Source: Adobe Stock)

Hardware security solutions

Chipmakers are prioritizing the integration of strong security features into hardware components due to the shortcomings of traditional software-based security methods in IoT settings. Hardware-based security provides benefits like resistance to manipulation, higher cryptographic performance and increased protection against advanced attacks. Secure hardware technologies, such as SEs, HSMs, TPMs and TEEs, encompass a range of security features to protect IoT devices.

Secure elements

SEs, such as hardware security modules (HSMs) and trusted platform modules (TPMs), provide secure environments for performing important operations and protecting cryptographic keys.

HSMs are specialized hardware devices created to protect cryptographic keys and execute cryptographic operations in a secure and tamper-resistant setting. HSMs provide robust security for managing keys, encryption and digital signatures, making them essential for safeguarding sensitive data and communications in IoT implementations.

Microchip Technology Inc.’s ATECC608B, for instance, is a cryptographic co-processor with secure hardware-based key storage that uses a high-speed single-wire interface with one GPIO pin or a 1-MHz standard I²C interface to communicate with the main MCU or microprocessor (MPU). This interface protects the connected devices by performing end-to-end authentication.

To meet the demands of the growing IoT industry, the device incorporates ECDH, an ultra-secure method for providing key agreement for encryption and decryption, and ECDSA, a sign-verify authentication algorithm. Plus, the ATECC608B has an embedded AES hardware accelerator, which makes hardware-based security for LoRaWAN applications stronger and allows for secure boot capabilities on tiny MCUs.

Security chips based on hardware known as TPMs provide for the safekeeping of cryptographic keys, the evaluation of system integrity and the implementation of trusted computing processes. TPMs are vital for IoT device security because they establish a foundation of trust for device identification and enable safe boot procedures.

The OPTIGA Trusted Platform Module from Infineon Technologies AG provides a wide range of standardized security controllers designed to safeguard the integrity and authenticity of embedded devices and systems. OPTIGA TPM security chips offer strong protection for critical data and processes with their advanced features, including a secure key store and several encryption techniques.

The recently announced OPTIGA Trust M MTR makes it easy to add security and support for the Matter protocol to IoT and smart-home devices. This Matter-certified secure element enables seamless interoperability across interconnected devices, even from various brands. The Matter protocol establishes a set of rules to ensure consistent security and privacy standards for smart-home devices. The tamper-resistant security controller can be seamlessly incorporated into any MCU-based design to boost security and manage many product protocols at the same time, offering a high degree of safeguarding for sensitive data and cryptographic processes.

Figure 2: OPTIGA Trust M MTR, a Matter-certified secure element, makes it easier to incorporate the Matter standard and security features into smart-home and smart-building devices. (Source: Infineon Technologies AG)

Trusted execution environments

TEEs are secure areas within the processor that operate independently and are separated from the main operating system. Code and data within TEEs are kept with high integrity and confidentiality. This system safeguards important code and data, allowing less important content to operate freely on the primary operating system.

Arm’s TrustZone technology is the most widely used commercial implementation of TEEs. Several chipmakers, including Microchip Technology, NXP Semiconductors, Renesas Electronics and STMicroelectronics, have implemented Arm’s TrustZone on some of their MCUs.

Secure MCUs

Newer solutions like secure MCUs incorporate specialized hardware security components, including cryptographic accelerators, secure boot methods and tamper-resistant storage, to defend against threats like firmware tampering, code injection and side-channel attacks.

Secure boot systems verify and load only trusted firmware and software components during the boot process, protecting against bootloader assaults and illegal code execution. Secure firmware update mechanisms allow for authorized and encrypted firmware updates, protecting against tampering and rollback threats.

Manufacturers offer a diverse portfolio of secure MCUs tailored to different IoT applications, ranging from smart meters to connected medical devices. For example, Microchip has launched the PIC18-Q24 family of MCUs, introducing the programming and debugging interface disable (PDID) feature. When enabled, this enhanced code protection feature is designed to lock out access to the programming/debugging interface and block unauthorized attempts to read, modify or erase firmware.

The PIC18-Q24 MCUs are equipped with multi-voltage I/O (MVIO) to support safe systems that interact with various sensors, memory chips and CPUs. This functionality removes the necessity for external level shifters, enabling the MCUs to connect with digital inputs or outputs at varying operating voltages. MVIO simplifies board design and lowers bill-of-materials cost for PIC18-Q24 MCUs, making them suited for managing systems by handling monitoring and telemetry tasks for a main CPU. The PIC18-Q24 family offers the feature of an immutable bootloader for applications seeking a secure method to update firmware.

Figure 3: Microchip’s PIC18-Q24 MCUs prioritize advanced security in its design. (Source: Microchip Technology Inc.)

Physical unclonable functions

Physical unclonable functions (PUFs) are cryptographic primitives that use the inherent differences in the physical properties of semiconductor devices, due to manufacturing process variations, to create keys or identities that cannot be replicated. The IoT uses PUFs to create and store cryptographic root keys of devices, protect sensitive data via a secure vault and create certificates to authenticate devices for secure cloud connections.

The reliability of PUFs is contingent upon the small variations in physical properties of the transistor, such as for threshold voltages, gate lengths and capacitances. Hence, the replication or cloning of these variations is exceedingly challenging. The PUF technology produces a digital fingerprint for the security IC, which can be used as a distinct key or secret to facilitate cryptographic algorithms and services, such as encryption/decryption, authentication and digital signature capabilities.

The MAXQ1065 from Analog Devices Inc. is a security co-processor that incorporates ChipDNA PUF technology to securely store encrypted keys. The MAXQ1065 offers a range of cryptographic functions, including root of trust, mutual authentication, data confidentiality and integrity, secure boot, secure firmware update and secure communications. These functions are controlled through a high-speed SPI interface and include generic key exchange, bulk encryption and TLS support.

The security co-processor incorporates a secure storage capacity of 8 kB to accommodate user data, keys, certificates and counters while also incorporating user-defined access control and lifecycle management. In addition, the device is equipped with a customizable output pin and a tamper input pin.

PSA Certified

The increasing variety of IoT devices highlights the importance of having standardized security assessment criteria and certification programs to assist consumers and businesses in making well-informed choices regarding IoT implementations. The Platform Security Architecture (PSA) Certified program intends to define a thorough set of security requirements and evaluation criteria for IoT devices and platforms.

PSA Certified provides three levels of security assurance (Level 1, Level 2 and Level 3), which are designed to meet the security requirements of various IoT applications and deployments. The three assurance levels aim to safeguard systems from fundamental vulnerabilities (Level 1), expandable software attacks (Level 2) and significant hardware attacks (Level 3).

The levels include a variety of security features, such as secure boot, cryptographic acceleration, secure firmware update and hardware-based isolation. They offer guidance for manufacturers to create and certify IoT devices with different levels of security strength. Chipmakers and IoT device manufacturers can show adherence to PSA Certified’s security principles and pass independent security evaluations to prove compliance with industry-recognized security standards. This helps build trust in the security of their products and promotes compatibility within the wider IoT ecosystem.

For example, STMicroelectronics offers several product series, including the STM32, that are PSA Certified. The most recent include the STM32L4, STM32L5 and STM32U5.

The STM32L4, a highly efficient MCU based on the Arm Cortex-M4 CPU, achieves high performance and security through ST’s firewall implementation. The STM32L5 MCU series, based on the Arm Cortex-M33 processor with Arm TrustZone for Armv8-M combined with ST security implementation, targets IoT devices in the medical, industrial and consumer sectors. The STM32U5 series leverages the security capabilities of the Arm Cortex-M33 with TrustZone, along with ST’s security measures, to provide an improved balance between performance, power efficiency and security.