Making Secure Chips For IoT Devices

by OMA | Monday, January 9, 2017

Semiconductor Engineering, by Jeff Dorsch, January 05, 2017

Technology is improving, but so is awareness about the need for security.

Chips and modules going into Internet of Things node devices must have cybersecurity features designed and built into them. Multiple vendors are responding with products meant to keep the IoT devices protected from the cyberattacks that are becoming more common.

While IoT privacy remains a key concern for consumers and homeowners, IoT security has taken on top-of-mind priority for the many companies entering and serving the market. A recent report outlines four areas: Public perception, hacking vulnerability, company readiness, and true security.

Hardware vendors have been focused on this issue for some time, often with mixed results because threat levels—and perceived threat levels—vary greatly from one market to the next, and from one product to the next.

“When you look at verticals and you analyze the use cases, this is the extension between usability and security,” said Asaf Shen, vice president of marketing for security IP in ARM’s Systems & Software Group. “You identify the assets, the factors that are relevant, and the mitigation means. And you try to keep that balance. Once this device is all of a sudden tied to different use cases, it’s no longer the same analysis. That could make it more vulnerable because the attack vector might be different due to the value of these assets.”

The problem is that as more things are connected, so are their vulnerabilities. So the least-important device in a connected chain may provide an entry point for a much more complex and well-designed system.

In November, the U.S. Department of Homeland Security recently outlined six principles for securing the Internet of Things. Top on the list was incorporating security at the design phase.

“Building hardware that incorporates hardened security features would see devices protected throughout their lifecycle from chip manufacture, to day-to-day deployment, to decommissioning,” said Asaf Ashkenazi, senior director of product management in Rambus’ Security Division. “This can be accomplished with a silicon-based hardware root-of-trust that offers a range of robust security options for IoT devices, including secure connectivity between the IoT device and its cloud service.

Among the other principles laid out by Department of Homeland Security are:

  • Advance security updates and vulnerability management;
  • Build on proven security practices;
  • Prioritize security measures according to potential impact;
  • Promote transparency across IoT, and
  • Connect carefully and deliberately.

Counterfeiting is another risk factor. While most IP or counterfeit chips are simply less expensive, it carries a dual risk of either extra circuitry or inferior security.

“There is an unbelievable amount of counterfeiting going on, and it’s not just valuable chips,” said Michael Ford, senior marketing development manager for Mentor Graphics’ Valor Division. “Some of this includes cheap ICs. These companies have figured out how to do re-reeling in a way that is cost-effective. The only way to stop it is to do an inspection of incoming materials, which is an extra cost. You need to record the info and detect it, and then track the history of where the counterfeit parts came into the supply chain.”

Ford said there are standards in place, such as IPC 1782, but the problem continues to grow.

Shifting attitudes
In fact, the picture that is emerging is that there are so many variables that come into play with devices that it’s hard to know where to start. Threats need to be dealt with at every level, from hardware to I/O to package to software.

One thing has changed, though. While security was considered something of a burden in the past, it has been propelled into the limelight in recent months by top security agencies. The value of this hasn’t been lost on technology companies.

Kilopass is pitching its antifuse one-time programmable memory, for example, as a more secure alternative to other OTP technology.

“Antifuse is better because there is no visible difference between a programmed bit and unprogrammed bit,” said Nick Chen, Kilopass’ field marketing and applications manager for Asia Pacific. “There are no blown portions to be found in the cross-section or the top view, and there is no hot spot in the voltage contrast FIB. This makes it very difficult for unauthorized users to obtain the contents of the data stored in the antifuse memory.”

Software companies are using security as a competitive advantage, as well. CENTRI, Icon Labs, Symantec, and Wind River Systems (an Intel subsidiary) are among those touting IoT security solutions. IoT security testing is a growth market.

At last month’s Embedded Systems Conference in San Jose, Calif., IoT security was the topic of several presentations.

Joe Pilozzi, technical marketing manager for Secure Microcontrollers, Americas, at STMicroelectronics, gave a talk titled “Embedded Security Considerations.” An alternative title would be “Lifecycle Management and Security,” he said.

He took “fortifying an IoT device” as his theme. “We need to protect devices from cloning,” Pilozzi said. “We must authenticate device-to-device, device-to-service.”

Pilozzi acknowledged there are privacy issues in play, as well. He focused in on product integrity and cryptography.

There are a number of questions to answer in implementing cryptography, Pilozzi noted. “One key, or two?” he asked. There is the Advanced Encryption Standard (AES) symmetric block cipher, along with AES2 and AES3. In asymmetric cryptography, he added, there is the RSA cryptosystem, elliptic curve cryptography (ECC), and various private and public keys.

“Bigger is better and stronger in keys,” he said. “ECC uses a smaller key for some strength.”

The aim of all these cryptography technologies is “securing assets,” he said. “Threats and levels – it’s all about risk management.”

When it comes to cyberattacks, there are non-invasive attacks, invasive product attacks, and invasive silicon attacks, according to Pilozzi. When it comes to anticipating and dealing with these varieties of attacks, “product lifecycle is important,” he said.

There are simple devices (thermostats, et al.) and complex devices (those running operating systems and using software) to consider, in addition.

Pilozzi touted the STM32 line of microcontrollers for their security features, along with the STSAFE-A100 authentication and brand protection secure solution, for IoT device designers. Using these products can improve the chances of passing a cybersecurity audit, he asserted.

Sierra Wireless held its first IoT Developer Day in Silicon Valley in early December. Held at the historic Hotel De Anza in downtown San Jose, the all-day event was filled with discussions about designing IoT devices, making them secure for the future, and coding applications for them.

Philippe Guillemette, the chief technology officer of Sierra Wireless, was among the executives greeting the room full of developers at the hotel. The Internet of Things, he said, is “a very complex implementation.” He added, “It’s a lot of work [and] a lot of pieces.” He touted the company’s Project mangOH Open Hardware, an IoT platform.

Fast prototyping is enabled with mangOH, he noted. “It’s fully open-source. You have access to the source code,” Guillemette said.

Ashish Syal, principal engineer in the CTO office of Sierra Wireless, elaborated upon mangOH later in the morning. The mangOH Green module released last year by the company will be succeeded by the smaller mangOH Red module. Power consumption is kept to a minimum with mangOH, he said, in order to provide a battery life of 10 years.

Jen Chitty, a software architect, developer, and team leader at Sierra Wireless, discussed the company’s Legato Open Source Linux Platform for application-level development with a secure app framework. Legato is customizable with its Yocto Project build tools from The Linux Foundation, he noted. It boasts multiple-language application programming interfaces, he added, along with an Open Mobile Alliance protocol stack and MQTT machine-to-machine connectivity implementation for IoT.

Legato provides application-layer security, said Alex Jiang of Sierra Wireless, which is “not the same as device security.” The platform makes use of sandboxing to contain attacks to an app, he added. “Legato sandboxing is well-suited for IoT,” Jiang said.

Developers also heard from executives of FLEX, IBM, Two Tall Totems, Talon Communications, and Blynk.

Sierra Wireless got nearly half of its 2015 revenue of $607.8 million from the Asia-Pacific region, with about a third from the Americas and the remainder from Europe, the Middle East, and Africa, according to the company’s 40-F filing. It spent $74.6 million last year on research and development.

STMicroelectronics, Sierra Wireless, and other companies are contributing to IoT cybersecurity through numerous products and services. That topic promises to be a leading item of controversy and discussion throughout this year.