Connectivity Adds Gravitas to Microcontroller Security



As the connected world continues to gather pace, reaching into homes, offices, vehicles, the retail space and factory floors, security becomes a pressing design issue.

There is an undoubted convenience for users of connected devices that is universally enjoyed. Today, driving a car does not mean you cannot access the Internet for traffic information, emails or entertainment. The Cloud means seamlessly synchronizing devices for updating. Even digital signage can connect to a smartphone, one able to identify where the user is, how active and healthy the owner is, and what special offers might appeal. And in manufacturing, the status, location, even maintenance needs of equipment and products can be reported and coordinated using connected devices.

It’s becoming very clear in this day and age that everyone has to take security, especially in connected applications, much more seriously than in the past.

Mattias Lange, General Manager, Embedded Connectivity Solutions, Connected Microcontroller (MCU), Texas Instruments, outlines the trend the company has seen, resulting in the second generation of SimpleLink Wi-Fi devices. “For TI, it was clear that with the increase in cloud-based services our customers would want to connect their devices to the Internet. Wi-Fi is then the obvious choice as the infrastructure is readily available and by providing devices like the SimpleLink Wi-Fi CC3220 wireless MCU, we can enable our customers to leverage the opportunity that the IoT is offering,” he says.

Risk Assessment

There is, however, a downside to easy-access connectivity. Ease of access does not always mean safe, secure access. “It’s becoming very clear in this day and age, that’s everyone has to take security, especially in connected applications, much more seriously than in the past. We have all seen and read in the newspapers about many of the security failures that have occurred recently, both in commercial products and to nation states, so security has to have a higher priority for all developers in the future,” observes Mohammed Dogar, Director MCU/MPU Solution Marketing, Industrial & Communications Business Group, Renesas Electronics Europe.

Figure 1: Microchip’s Jeanette Wilson: Advocates secure boot for hardware’s root of trust.

Figure 1: Microchip’s Jeanette Wilson: Advocates secure boot for hardware’s root of trust.

Jeanette Wilson, Product Marketing Manager, Microchip Technology, agrees: “Establishing and providing system integrity has been vital in many market segments for several years. Computing systems have required secure boot and firmware updates to prevent common attacks caused by virus injection, backdoor weaknesses, denial of service, man-in-the-middle and many other vulnerabilities. With the rapid growth of connecting devices to the Internet, non-traditional products such as traffic or street lights and whitegoods in our houses are now subject to the same types of vulnerabilities.”

She adds that as a result, Microchip has designed the CEC1302, and the CEC1702, 32-bit PIC microcontrollers, to mitigate security concerns in connected devices.

The CEC1302 is a low-power, crypto-embedded MCU that allows for pre-boot authentication of the system firmware to ensure that the firmware has not been tampered with or corrupted, either maliciously or accidentally. It can also be used to authenticate any firmware updates, so that the system is protected from malware or memory corruption during its operating life.

It is based on a 32-bit ARM® Cortex™ M4 processor core, and security features include a multi-purpose Advanced Encryption Standard (AES) cryptographic engine, authentication with public key algorithms, and Secure Hash Algorithm (SHA), supporting SHA-1 and SHA-256.

The MCU is supported with third party development tools, such as IAR Embedded Workbench for ARM 7.70 and compilers, development boards, programmers and debuggers from MikroElektronika.

Secure boot allows manufacturers to establish a hardware-based root of trust . . . a critical feature for . . .  authenticating system-critical commands, such as power plants or online server databases.

Figure 2: The CEC1702 employs secure boot to authenticate system-critical commands.

Figure 2: The CEC1702 employs secure boot to authenticate system-critical commands.

The CEC1702 programmable MCU (Figure 2) includes an ARM Cortex-M4F-based core. “The core is a low-power, but powerful programmable 32-bit microcontroller with a hardware Floating Point Unit (FPU),” Wilson elaborates. “CEC1702 features Virtual Circuit Identifier (VCI) logic to allow the device to consume very little power (typical 5-µA) and still handle events to turn on power to the system,” she says.

Unlike the CEC1302, which uses pre-boot secure, the CEC1702 operates secure boot. “Secure boot allows equipment manufacturers to establish a hardware-based root of trust,” explains Wilson. “This is a critical feature for customers concerned about authenticating system-critical commands such as power plants or online server databases. It is also vital for customers that want to protect their brand and revenue stream from the adverse effects of a security breach.”

Memory Function

A Memory Protection Unit (MPU) within the CEC1702 prevents one task from corrupting another. Explaining the role of the secure boot and memory, Wilson adds: “In order for secure boot to occur, it is essential that a microcontroller starts executing firmware from an internal, immutable memory. The firmware images stored in the microcontroller are considered to be inherently trusted since the code cannot be modified. In the case of the CEC1702, code is stored in the boot Read Only Memory (ROM) and authenticated before execution. The CEC1702 firmware code is encrypted for additional security. The CEC1702 firmware may also be used to authenticate system code from a Serial Peripheral Interface (SPI) Flash.

Figure 3: The secure boot operation in Microchip’s CEC1702 MCU.

Figure 3: The secure boot operation in Microchip’s CEC1702 MCU.

The CEC1702 provides a hardware cryptography cipher suite for encryption and decryption, authentication, and private and public key management in addition to secure boot. Algorithms include AES-256, SHA-512, RSA-4096, ECDSA, EC-KCDSA, Ed25519, true random number generator, and 2.5k-bits of One Time Programmable (OTP) memory.

When compared to firmware-based solutions, the CEC1702’s hardware cryptographic cipher suite reduces compute time significantly. The company cites a 20x-50x performance improvement for Positive Kinetic Energy (PKE) acceleration, and 100x improvement for encryption/decryption over software solutions.

Figure 4: Renesas Electronics embeds advanced security features in the Synergy S7 family.

Figure 4: Renesas Electronics embeds advanced security features in the Synergy S7 family.

Renesas Electronics is also embedding advanced security features into many of its MCU products. One is the Synergy™ Microcontroller Synergy S7 (Figure 4).

“Many of the Renesas Synergy Microcontrollers, including the S7 family, contain a separate security engine, that is tasked, independently of the CPU, to manage all of the applications security requirements,” explains Dogar (Figure 5). “The Secure engine provides the basis of a secure key management strategy, as well as supporting both symmetric and asymmetric encryption accelerators.”

“These hardware features, when combined with the Synergy Software Platform, and the associated, tested and integrated security libraries, allow customers to easily manage a variety of common security tasks in minutes, rather than having to spend weeks of development time to develop these functions themselves,” he adds.

In this way, says Dogar, developers can execute their security policies on the devices and manage keys, secure a channel, and encrypt and decrypt the transmitted data.

Figure 5: Mohammed Dogar, Renesas: Hardware and software in the S7 combine to meet security requirements.

Figure 5: Mohammed Dogar, Renesas: Hardware and software in the S7 combine to meet security requirements.

The Synergy S7 family’s security functionality includes key provisioning and key generation, as well as a variety of hardware encryption accelerators. “These functions include a unique ID and a true random number generator and secure key storage. “Each microcontroller not only includes the standard ARM MPU but a number of additional MPUs to also control memory access by other bus masters and slaves,” continues Dogar. “These basic hardware functions also form the basis of a number of higher-level security functions, providing a complete device lifecycle management solution, providing for secure manufacturing solutions, using features like secure boot which the Synergy software platform allows us to support.”

Commenting on the choice of core, Dogar reveals: “Renesas choose the ARM Cortex family of microcontrollers to access the wide variety of third-party software and applications available for this core. This has allowed us to work with many partner companies, such as Cypherbridge, Icon Labs and Data I/O, to extend the security functionality we can offer within the Synergy software package. Our third-party partners allow us to leverage software and solutions to make it even easier for developers to create secure, connected applications as quickly and easily as possible.”

Figure 6: TI’s Mattias Lange: SimpleLink MCUs provide security and RF expertise.

Figure 6: TI’s Mattias Lange: SimpleLink MCUs provide security and RF expertise.

Wi-Fi Connectivity

The first generation of SimpleLink™ Wi-Fi devices from Texas Instruments, were the first true wireless MCUs to integrate Wi-Fi, asserts Mattias Lange (Figure 6), introducing the second generation, with new features, which was launched in March. He describes the company’s aim to provide versatile and easy-to-use wireless MCUs, whereby its customers do not need deep-RF expertise in-house to build low-power, secure MCUs. “As part of this mission, all of the ARM-based MCUs in the SimpleLink MCU platform are connected in a single software development environment,” he says, adding that with flexible hardware, software, and tool options for IoT applications, customers can move from one device in the platform to another with 100 percent code reuse.

The SimpleLink platform supports RS-485, Bluetooth® low energy, Wi-Fi, Sub-1 GHz, 6LoWPAN, ZigBee, Ethernet, Thread, RF4CE and proprietary RF. “We are addressing security with an end-to-end mind set, providing security at both Wi-Fi, Internet and device level, through runtime, storage or transfer,” says Lange. “We have more than 25 security features to provide a complete toolkit, including features like on chip certificate store, secure on chip storage, device specific identity and, secure file system,” he adds.

It is also based on the ARM Cortex-M4, which is “100 percent available for customer applications with a 256KB of base memory, extendable with an additional 1-MB eXecute In Place (XIP) flash on chip memory. It comes as part of the versatile SimpleLink MCU platform with a wide set of tools, EVMs, training and many online resources,” says Lange.


hayes_caroline_115Caroline Hayes has been a journalist covering the electronics sector for more than 20 years. She has worked on several European titles, reporting on a variety of industries, including communications, broadcast and automotive.

Share and Enjoy:
  • Digg
  • Sphinn
  • del.icio.us
  • Facebook
  • Mixx
  • Google
  • TwitThis

Tags: