Entering the new decade, IoT applications have become ubiquitous in our lives. Common devices connected to the IoT include routers, printers, thermostats, refrigerators, network cameras, and AI-driven home automation control centers, smart locks, smartwatches, etc. As the number of connected devices increases, the IoT threats we face also grow. In addition to software protection, many manufacturers are beginning to value hardware-based protection.
NXP has taken proactive measures to address IoT security issues:
As described in the video, compared to conventional MCU controllers, the LPC5500 series (LPC55S69) has significantly improved performance, particularly in terms of security:
In an IoT device, in addition to the sensor subsystem, execution subsystem, and user interaction subsystem, a complete security subsystem is also required, as shown in the following diagram:
This security subsystem can be divided into four levels:
(Drawings will be released at 8 PM tonight)
Through these layers of protection, we hope to assist products in achieving higher system security. Here, we focus on analyzing the four foundational security features of the LPC5500 series: secure boot, TrustZone, PRINCE, and PUF. First is the secure boot that provides a trusted root, followed by TrustZone, which can isolate user workspaces into secure and non-secure areas, then PRINCE, which can provide online encryption and decryption of code, and finally PUF, which ensures the security of key storage, as secure boot and PRINCE require key storage.
Embed cryptographic hash algorithms, encryption and decryption algorithms, and signature verification algorithms into a piece of code. At power-up or whenever needed, use cryptographic algorithms to check the program code in the secure area. Only after authentication can these codes be executed. If the executable code is maliciously tampered with while the system is powered off, the entire system faces significant risk, which falls under the category of physical security of the chip and is not discussed in this article. If the secure boot mechanism is compromised, the reliability of all other keys, encryption facilities, TrustZone divisions, etc., will be impacted.
Using the LPC55S69’s secure boot requires the assistance of a PC configuration tool, found in the NXP SDK directory: .\middleware\mcu-boot.
The steps for secure boot are as follows:
TrustZone is a hardware-implemented security isolation mechanism optional in Arm Cortex-M33, and is included in the LPC55S69 with the Arm Cortex-M33 core. TrustZone technology divides CPU operation into secure and non-secure states, allowing the CPU to switch between the two states using specific instructions:
When the CPU is in a secure state, it can only run code in the secure storage area and access data in both secure and non-secure storage areas;
When the CPU is in a non-secure state, it can only run code in the non-secure storage area and access data only in the non-secure storage area.
Simply put, if an admin user logs in, TrustZone considers it a secure state, allowing management of various resource permissions. If a regular user logs in, TrustZone considers it a non-secure state, allowing only general access permissions.
NXP provides a TrustZone configuration tool with the following features:
1) Graphical configuration tool
2) Configuration of access policies for storage, bus, and peripherals
3) Direct output of C code
PUF (Physical Unclonable Functions) stands for physical unclonable functions. For security applications, key management mechanisms are crucial. In traditional general-purpose MCUs, the most common practice is to store the plaintext of keys in on-chip OTP or Flash. However, in reality, an attacker only needs to spend a small amount ($200-$5000) to extract keys from on-chip OTP or Flash.
The LPC5500 has a built-in SRAM PUF. Due to the silicon structure characteristics of SRAM, the digital characteristics of each chip’s SRAM are unique, thus the content read from each chip is also unique.
Generally, our programs and data exist in plaintext form in Flash. If accessed through slicing or other techniques, it is easy to read the contents of Flash. This exposes our programs and data, leaving them unprotected and easily susceptible to theft or imitation by others. With PRINCE, this issue can be resolved.
PRINCE is an encryption and decryption engine located between the CPU and memory, capable of real-time decryption when the CPU reads executable instructions from code memory; it can also encrypt content in real-time when programming Flash. As it is purely hardware-implemented, PRINCE does not affect CPU operating efficiency.
The key for PRINCE is managed by the on-chip PUF, making it unreadable by software, and the key disappears automatically after power loss, further ensuring key security.
Conclusion:
The four security mechanisms of the LPC55S69 ensure the reliable operation of the system at different levels:
1) The secure boot mechanism ensures that the program executed by the chip is reliable and unaltered, providing the most fundamental guarantee for other security mechanisms;
2) TrustZone isolates the system into secure and non-secure areas, identifying different users executing different codes, effectively preventing important code from being exposed;
3) PUF generates a unique ID for each chip, ensuring the security of all keys in the system;
4) PRINCE protects the security of code in Flash; even if the code is maliciously obtained, what is retrieved is a pile of garbled text.
The above discusses the security protections provided by the LPC55S69 after the product or system has been launched. In fact, during multiple stages such as system debugging and updates, the LPC55S69 also protects the system’s security, such as secure debugging mechanism— ensuring system security during the debugging phase; secure update mechanism— allowing for certain upgrades and modifications based on application requirements after the design and implementation are completed, saving development time and costs; secure standard peripherals— are specially designed and highly recommended configurations for certain standard peripherals in the secure domain, assisting in safer system resource isolation.
Regarding system security mechanisms, NXP has launched many articles and training videos on the LPC5500 series. Please follow “NXP Guest House” and “NXP MCU Station” for more information.
Related Reading: More NXP MCU technical articles——
The distance between you and AI is just this development board
How important is a good MCU for the IoT?
What does a “small size and large capacity” $1 microcontroller look like?
Powering on incorrectly can ruin the chip
Recommended Reading:
Project Sharing | Electric Competition Series | Artificial Intelligence | Postgraduate Entrance Exam
Essential Knowledge Points | Graduation Project | Switch Power Supply | Job Seeking
We are Nimo, the founder of Darwin, a sister who only talks technology and doesn’t flirt. The Darwin online education platform aims to serve professionals in the electronics industry, providing skill training videos covering popular topics in various subfields, such as embedded systems, FPGA, artificial intelligence, etc. It tailors learning content for different groups, such as common knowledge points, disassembly assessments, electric competition/smart car/postgraduate entrance exams, etc. Welcome to follow us.
Official website: www.darwinlearns.com
Bilibili: 达尔闻
QQ Group: 786258064
