We hear about security breaches at big retailers and banking institutions just about every day.
Fig. 1: Device level security drives information security in connected devices.
Attacks that target the secure data of millions of customers are scary, but bringing it down to a more personal level, there are major concerns about the ease of which hackers can access data from the embedded systems in homes, cars, and the hundreds of embedded devices that the general population interacts with on a daily basis. An individual’s smart home, for example, might know when to expect its owner home, but is the homeowner safe if anyone has access to that information? If an individual wears an activity tracker that connects to the cloud, what are the security ramifications if just anyone can access details about the location of the wearer and whether he or she is sleeping? Who knows what seemingly innocent data might be used for if it can be combined, compared, and data-mined from other sources?
Device Security
The Big Data security mantra maintains that robust security must be layered so a single point of failure doesn’t give attackers (or data miners) an easy way to access important data. So the question arises: How can we, as systems designers, implement layered security in an embedded device?
Perhaps the most obvious security functions required in an MCU or FPGA are support for common cryptographic standards for encrypting and decrypting sensitive data. Additionally, secure password protection is critical so that passwords can’t be accessed via network attacks or physical tampering. Some of the most advanced password protection techniques use the nanoscale differences in the integrated circuit manufacturing process to create unique device passwords that never leave the device and are never visible to outside attacks. One example of such a physically unclonable function, or PUF, relies on the slight differences in SRAM initialization values during a power up cycle to create a truly device-unique and random password.
Another opportunity for layered security relates to the data stored on-chip. Many MCUs and FPGAs can provide restricted access to on-chip data. Security-related code, for example, could be stored in an execute-only memory bank that can’t be easily accessed by other on-chip processes. Common attack methods on embedded devices count on programming errors that generate “wild” pointers to access otherwise inaccessible data. However, hardware protection of critical data can restrict such access attempts and flag the error as a potential tampering event, so the system can apply appropriate penalties.
Often an embedded device can be reprogrammed remotely, a useful capability for fixing bugs and adding features. Unfortunately, if this facility isn't protected, an attacker could insert their own malicious code and hijack confidential data as it flows through the system.
Conclusion
The above examples are just a few of the issues that are being addressed by MCU manufacturers such as Freescale, TI, Intel, ST, and Altera FPGAs as their use in connected embedded systems continues to expand over the next few years. Systems designers should expect devices that provide for multiple layers of security at the device level to be growing players in the rollout of connected devices in the near-term.
By Warren Miller for Mouser Electronics
Advertisement
Learn more about Mouser Electronics
