Be Secure at ALL Times

Systems shut down. Sometimes it’s because you want them to, for maintenance or power savings or some other reason. And sometimes they shut down when you don’t want them to, and that’s what you try to avoid. It’s imperative that this phenomenon does not occur when your system is powering up or down, which is a time when security can unintentionally be more lax.

It’s fairly well documented how to keep your system secure when all is going well. But that’s not necessarily the case when the system is powering up or down, particularly if it’s an unplanned outage. So, what do you do in these unfortunate situations?

The easy answer is to be sure that you design in an MCU that incorporates all the latest security features. The harder part is determining whether that’s actually the case, as the standards and features change quite rapidly, as the bad guys are seemingly getting smarter by the minute. To learn even more about this technology, read the article titled “The Anatomy of Security Microcontrollers for IoT Applications.

Figure 1: Shown are the boundary areas of protection in an industrial platform. (Image source: Maxim Integrated Products)

In a typical “secure” design, all the embedded security building blocks operate together under a common boundary. The upper-level in that hierarchy of security protection involves techniques such as cryptography and hardware security (Figure 1). That boundary isolates authentication keys from software which should prevent hackers from carrying out attacks, including those that could occur while power cycling your system. But should power be removed, it’s vital that the system be brought up in the proper sequence; which means that the security gets loaded first, away from peering “eyes.”

The RX family of devices from Renesas, such as the RX651 microcontrollers, implements security using a Root of Trust. This is one way that system designers deal with the power-up and power-down issue. The system knows that it must power up and down in a particular sequence, using that Root of Trust. It reads in the encrypted keywords, which provides the “all clear” signal to the rest of the system.

The RX651 MCUs also address security concerns by integrating Trusted Secure IP (TSIP) and trusted flash area protection, which enables flash firmware updates in the field through secure network communications. The TSIP offers robust key management, encrypted communication, and tampering detection to ensure strong security against external threats such as eavesdropping, tampering, and viruses.

A second method of security, one that’s quite popular today, is Arm’s TrustZone, which isolates the critical security firmware and private information, such as secure boot, firmware update, and keys, from the rest of the application. Essentially, it divides the MCU into two parts, with one part being completely secure, containing the encryption keys, etc., and the other side being deployed for general-purpose activity. The two domains remain isolated, so tampering is eliminated.

One MCU that takes advantage of TrustZone is the STM32MP151A from STMicroelectronics. It’s based on the Arm Cortex-A7 32-bit RISC core, operating at up to 650 MHz and includes 32-kbyte instruction and data caches, as well as a 256-kbyte Level 2 cache. The on-board memory protection unit (MPU) enhances application security. That’s in addition to the embedded TrustZone technology.

Security From a Second Source

Another device, one that works independently of the MCU, is the ATECC608A secure element from Microchip (Figure 2). The device features a random number generator (RNG) for unique key generation while complying with the latest requirements from the National Institute of Standards and Technology (NIST). It also features cryptographic accelerators like AES-128, SHA-256, and ECC P-256 for mutual authentication.

Figure 2: The ATECC608A from Microchip is a cryptographic co-processor that works alongside an MCU. It provides secure hardware-based key storage. (Image source: Microchip)

While the hooks are built in to support Microchip’s extensive family of MCUs, the part is agnostic of any microprocessor or microcontroller. The device requires very little power, and requires just one GPIO over a wide voltage range. Its small form factor (8-pad UDFN or 8-lead SOIC package) makes it easy to design onto the board.

As you can see, there are many ways to secure your system. Pick the one that best suits your application.

Información sobre el autor

Image of Richard Nass

Las responsabilidades clave de Richard Nass incluyen establecer la dirección de todos los aspectos de las carteras de IoT de OpenSystems Media, incluidos el Diseño de Computación Integrada, la Universidad Integrada y varios eventos digitales, impresos y en vivo. Anteriormente, Nass fue el Director de Marca de la propiedad galardonada Design News de UBM. Antes de eso, dirigió el equipo de contenido del Grupo de Dispositivos Médicos de UBM Canon, así como todas las propiedades y eventos personalizados. Nass ha estado en la industria de la ingeniería OEM por más de 30 años. En períodos anteriores, dirigió el Equipo de Contenido en EE Times, manejando los grupos Embedded y Custom y la red de sitios web de ingeniería de diseño TechOnline DesignLine. Nass tiene una licenciatura del Instituto de Tecnología de Nueva Jersey.

More posts by Richard Nass