As more and more embedded devices connect to the network and become part of the Internet of Things, network hackers are beginning to exploit these connections for their nefarious purposes. Therefore, embedded devices must enhance security to prevent hackers from copying IP, stealing data, or infiltrating systems. However, for embedded engineers, security is an extremely complex topic, making it difficult to grasp the level of protection needed when designing systems for embedded microcontrollers.
Figure 1: Security Thinking Model.
To simplify the discussion of security, we will explore it from three aspects. In Figure 1, embedded device A needs to communicate with remote device B. The three security factors to consider at this time are: (1) Device Integrity – secure access to device A; (2) Establishing trust with remote device B through authentication; (3) After establishing trust, ensuring the security of information transmission between the two devices through data encryption.
* Device integrity refers to how to prevent unauthorized access to the code (or IP) and data on embedded devices (such as remote software attacks, gaining access through established user interfaces, or physical/probing attacks on system hardware). There are various methods to prevent these attacks, but the costs and complexities of each method vary.
* Establishing trust between devices refers to the mutual verification of authenticity between one or both devices to ensure that data is not sent to impersonated devices or received from such devices. A common method to establish trust is asymmetric key encryption. This method uses a pair of keys (one private key and one public key) to establish trust. The private key is used for encryption while the public key is used for decryption. Common algorithms for asymmetric key encryption include RSA and ECC.
* After establishing trust, if data is transmitted from device A to device B, symmetric encryption algorithms will protect it. Symmetric encryption uses the same key for both encryption and decryption. (This method is faster than asymmetric encryption, which is why not all communications use asymmetric encryption). The current encryption standard for this algorithm is AES (Advanced Encryption Standard). This is a symmetric key block encryption standard that encrypts 128, 192, or 256-bit data blocks using keys of the same length.
Although any encryption algorithm can be broken under prolonged attack, even using modern supercomputers for brute force attacks (which involves trying every possible key combination: 2^128 or 3.4 x 10^38 combinations), breaking AES-128 key block encryption could take a million years, while AES-256 encryption has 2^256 or 1.1 x 10^77 combinations. Thus, both AES-128 and AES-256 are suitable for preventing brute force attacks. However, in general, AES-128 is preferred because it is 40% more computationally efficient than AES-256. Therefore, the possibility of brute force breaking AES is almost negligible. As a result, hackers focus their efforts on extracting the AES key. If the AES key is not securely protected, then no matter how secure the algorithm is, it is useless. This is like protecting your home with a six-inch thick steel door while leaving the key under the doormat.
Security is not a rigid requirement that must be met. The level of security needed in embedded design depends on the devices being connected, the content that needs protection, and the consequences of breaching security. Figure 2 lists the different levels of security available in embedded design.
Figure 2: Range of Security.
The first column represents typical embedded applications. If the embedded device does not need to connect to the Internet and is not part of the network, then there is no need to use encryption algorithms, establish trust, or store keys. However, device integrity must still be considered, especially in applications where intellectual property (IP) protection is very important. Preventing competitors from reading the program content in internal Flash can protect the company’s product IP from potential plagiarists. To achieve this protection, one must look for microcontrollers equipped with built-in code reading protection features.
If IoT connectivity is required, additional security features must be considered to protect code and data. Implementing software security algorithms in general microcontrollers can meet all the requirements for secure information transmission. Software-implemented RSA or ECC can be used to establish trust, while software-implemented AES can be used for secure information transmission. Keys are stored in Flash or RAM and are typically protected using software techniques. However, compared to hardware-accelerated AES implementations, software-implemented AES algorithms are slightly less secure.
Figure 2 also lists the advantages of replacing general microcontrollers running software algorithms with microcontrollers equipped with hardware security features (such as hardware-accelerated AES encryption, true random number generators, and improved AES key storage).
* The core advantage of hardware-accelerated AES modules compared to software-implemented AES is that they run eight times faster. Additionally, hardware AES is more power-efficient (requiring less MCU computation, thus consuming less power) and occupies less program code space. If the hardware-accelerated AES built into the microcontroller can be fully utilized, the same software AES encryption algorithms can run more efficiently.
NXP’s LPC18Sxx and LPC43Sxx microcontrollers are extensions of the existing LPC1800 and LPC4300 series. These two microcontrollers add hardware features for code and data protection (Figure 3). The LPC18Sxx and LPC43Sxx series come with various high-end connectivity features, including Ethernet, two high-speed USBs, and SDIO (for the fastest data connections with WiFi modules). Additionally, some versions support graphical LCD connections. Most NXP LPC microcontrollers provide Code Read Protection (CRP) features to protect developer code. Added security features include an AES-128 hardware accelerator, a true random number generator, and two 128-bit OTP Keys located in one-time programmable memory for storing AES keys.
Figure 3: LPC43Sxx Functional Block Diagram. The functions provided by LPC18Sxx are similar to those of the Cortex-M3 core.
The two 128-bit one-time programmable (OTP) key locations help prevent keys from being remotely extracted after a software attack. Once the keys (in encrypted format) are written to OTP, they can no longer be accessed via software or JTAG boundary scan. These keys can only be accessed through the internal AES hardware module.
LPC18Sxx and LPC43Sxx microcontrollers offer built-in Flash (ranging from 512kB to 1MB) and versions without built-in Flash. The versions without built-in Flash must boot from an external memory location (i.e., external QSPI Flash) upon reset and run from large internal RAM. To prevent the code from being visible during the boot process, an encrypted image can be stored in QSPI upon reset. LPC18Sxx or LPC43Sxx will read this encrypted image, verify it using the built-in CMAC message authentication, decrypt it using the AES module and 128-bit key stored in OTP, and execute the decrypted code from internal RAM.
LPC18Sxx and LPC43Sxx microcontrollers are suitable for any IoT application requiring extensive connectivity and high processor performance, including industrial control, industrial automation or diagnostic applications, smart home products (including thermostats and access control), automotive aftermarket, and consumer electronics (such as musical instruments, printers, and other connected accessories). Another typical application is a secure IoT gateway (Figure 4).
Figure 4: Secure IoT Gateway Functional Block Diagram.
In this diagram, the microcontroller provides high-speed encrypted connections equipped with hardware-accelerated AES via Ethernet or WiFi expanded through SPI interface. Cypherbridge Systems is a software partner of NXP, providing IoT and cloud connectivity software development kits for LPC18Sxx and LPC43Sxx to fully leverage the advantages of AES hardware acceleration.
Simply connect NXP’s A7 series secure chip to the microcontroller via I2C interface to add bank-level security. The A7 secure chip will control hardware-accelerated authentication and provide secure storage for the permanent certificates required for cloud storage.
ESL Smart Solutions has developed EMap, a secure IoT gateway using the LPC18S57 microcontroller and Cypherbridge Systems software security library (Figure 5).
Figure 5: ESL Smart Solutions EMap IoT Gateway.
EMap is a highly secure Internet of Things (IoT) gateway that can be offered as a ready-made product or as part of a cloud development kit (CDK).
The trend of growing interconnected devices is unstoppable, and it comes with various levels of risk. NXP provides embedded designers with a variety of solutions to provide the appropriate levels of code and data security for specific applications.
* A true “random number generator (RNG)” is a physical improvement for creating true random keys via software implementation. True RNG uses physical phenomena (like noise) to create random numbers, while software implementations must rely on algorithms to create random numbers. True RNG is therefore more unpredictable compared to software implementations, resulting in higher security.
* Additional security features in some microcontrollers can store AES keys in locations in memory that can only be read by hardware IP blocks. This way, the keys cannot be extracted by software.
When hackers cannot physically access embedded devices, microcontrollers equipped with additional security features and software encryption algorithms can provide excellent solutions. An example is a thermostat in a residential setting, where you might be concerned that someone could remotely access it to infiltrate your internal network. However, you may not worry about someone breaking into your house and probing the microcontroller inside the thermostat to extract the AES key. If someone breaks into your home, the problems you face are much greater than losing the AES key.
On the other hand, if you install a smart meter outside your house, it may attract more attention from hackers looking to physically attack and steal keys. For power companies, revenue from electricity bills is an important asset that needs protection. Therefore, they may spend more on anti-tampering security features.
Combining microcontrollers with secure elements can provide bank-level security for your embedded system (Figure 2). Secure elements are tamper-resistant ICs that provide secure storage locations for keys and certificates; they typically come equipped with hardware-accelerated RSA and ECC for faster authentication. Although hardware-accelerated AES encryption is still controlled by faster microcontrollers, secure elements can enhance device integrity and lead the establishment of trust relationships and AES key protection.
Long press the following QR code to follow!
On the electronic road, let’s walk together!