January 10th, 2019
By Lynnette Reese, Editor-in-Chief, Embedded Systems Engineering
Security is necessary, but it can be daunting to attempt to cover all the bases. However, Microchip, with over two decades of security expertise, can apply layers of security to an embedded, configurable solution in advance with communications-certified solutions that can be tailored to fit individual product needs.
Everything from budgets to time-to-market and scheduling pressures can influence success in revising or innovating a new product. From thermostats to doorbells and coffee makers, the latest products are smart and connected. However, security is still – and may always be – a moving target, especially as hackers apply Artificial Intelligence (AI) to automate finding and exploiting vulnerable systems. Security is no longer an option after multiple breaches via reputable companies. We hear almost daily about a hacking exploit, real or attempted.
The latest trend in embedded hacking appears to be centered on side-channel attacks (SCAs) that include hardware that is common to both standard and “trusted” zones by exploiting software interfaces to power management. By stretching operational limits, this new attack vector is an SCA that can induce faults that subvert trusted zone isolation. The result is that the hacker can infer portions of a secret AES key from outside the trusted zone, making it much easier to guess the remaining parts of the key.
Security is necessary, but it seems daunting to try and cover all the bases. Adding protection applies another pressure point to product developers with increasing complexity, time to market, and budgets. Rather than hire a team of embedded security consultants, it’s possible to create rapid prototypes without sacrificing security. However, seasoned security experts can apply layers of security to an embedded, configurable solution in advance, effectively pre-engineering the parts that demand a deep learning curve if attempted alone. Microchip Technology, for instance, has over two decades of expertise in security and offers pre-engineered, modular, and communications-certified solutions that can be tailored to fit the individual needs of your smart, connected, and secure products without requiring any expertise in security. The process of creating intelligent, connected, and secure devices does not have to be hobbled by fear, uncertainty, and doubt as to whether you’ve gotten it right or covered all the bases.
The Internet of Secure Things
Security is the new “smart” thing. However, building smart, connected, and secure products under existing design constraints doesn’t have to be stressful, even if security is a management- or customer-driven afterthought. It’s possible to have a power-efficient, secure device that sends data to the cloud yet also meets low-cost budget constraints. Microchip’s secure solutions include hardware root-of-trust and authentication for both Google Cloud IoT and Amazon Web Services (AWS) solutions.
An excellent example of a smart, connected and secure development tool is the small and power-efficient AVR-IoT WG Development Board. This easy-to-use board is plug and play; you can hook up the on-board 8-bit ATmega4808 AVR® MCU to the Google Cloud IoT Core platform within 30 seconds of removing it from the box. The on-board ATWINC1510 802.11 b/g/n Wi-Fi® module is pre-certified with agencies in several countries. Security isn’t an afterthought; the AVR-IoT WG Development Board includes an ATECC608A CryptoAuthentication™ element with hardware-based key storage that’s protected from users, factory operators and software. The ATECC608A can securely handle authentication of multiple devices, readying them for use with zero-touch provisioning. For example, ten thousand devices hung 40 feet off a warehouse ceiling would not be a labor-intensive headache to provision.
Connectivity Without Compromise
Microchip’s roadmap for secure wireless solutions includes a wide range of choices, including 802.15.4, Zigbee®, Wi-Fi, Bluetooth®, MiWi™ protocol, RFID/RF/IR, sub-GHz, and even LoRa® technology for everything from short-range, low-power, bursty data to long-range, modular communication solutions with certified protocol stacks. Microchip’s security experts cover the embedded realm for your choice of communication. When the Blue Borne attack vector was found to exploit security gaps in Bluetooth classic connections, Microchip responded quickly with a long list of Microchip products that were not affected and one product whose Bluetooth host stack was mildly affected.
Microchip’s in-house QA, interoperability testing, and security expertise combine to make it easier to create complete and secure smart applications for a connected world. Thorough documentation, videos, and a robust ecosystem of partners, turn-key solutions, cloud solutions, and reference designs are also available for developers that choose Microchip. Field applications and sales engineers at Microchip do not earn a commission, making them more accessible and unlikely to push a solution that’s more than what you need.
Most important, with a pre-engineered solution for securely connected devices, developers aren’t forced to spend days gathering information to determine how much work is required to implement secure prototypes and the resulting impact on schedules. Even in-depth evaluation of Microchip solutions is low cost in both time and materials.
Adding Security to Automotive Infotainment
The automotive industry is an example where security has become a critical part of design. Everything from communication via Near Field Communication (NFC) in keyless fobs to wireless communication with infotainment modules can initiate hacking points of entry. Starting in 2012, an automotive manufacturer launched keyless entry using NFC, a passive RF communication technology. Using laptops, hackers were able to clone the keyless remote in three minutes, allowing them to open the door, start the car, and drive it away. Three years ago, a couple of white hat hackers demonstrated how easy it was to take over another vehicle’s audio, air conditioner, windshield wipers, and everything else. When the vehicle was traveling at 70 mph down a highway, the hackers were able to kill the engine from their living room. Security is underappreciated when it’s doing its job, but preventing dangerous hacks is priceless.
“Security measures need to be considered across all layers of embedded design, including on-device storage, communication hardware and protocols, node and gateway implementations, device management systems, cloud computing, and more. Security must be considered at each design inception – and Microchip can provide the solutions and partners needed to protect products and, ultimately, intellectual property, brand and revenue stream,” states Nuri Dagdeviren, vice president of Microchip’s Secure Products Business Unit.
Microchip’s automotive security development kit for the CryptoAutomotive™ Security ICs In-Vehicle Network (IVN) TrustAnchor/Border Security Device (TA/BSD) enables developers to start architecting security into existing systems. The automotive development cycle is typically 18 to 24 months long. However, this kit emulates the addition of a security IC to an automotive system, including outfitting the IVN with facilities such as secure boot and CAN message authentication. This boosts the outlook on scheduling, as developers can begin performing backend testing and verification earlier in the development cycle.
Security is Not a One-Size-Fits-All Solution
Microchip knows that security is never a one-size-fits-all solution, thus offers a range of security options that grow with your product line. There are different methods with which to layer security appropriate for every type of embedded application running on 8-bit to 32-bit processors. Maintaining the security of connected products means more than preserving one’s reputation and revenue; the privacy and trust of potentially millions of individuals are at stake.
Even attacks on embedded hardware are possible these days. Recent developments include computer chips’ vulnerability to SCAs through Meltdown and Spectre, where hardware vulnerabilities could allow programs to steal data.3 Microchip’s security experts work to secure both hardware and software surrounding Microchip solutions. If documentation doesn’t detail your specific case, you can contact Microchip for assistance on which are most suitable for your use case. Microchip takes security seriously. According to Nicolas Schieli, senior manager of product marketing in Microchip’s Secure Products business unit, “Security is only as strong as its weakest link. Security means protecting devices from a 360° viewpoint – from protecting your design or intellectual property to protecting your customer’s or the end user’s privacy. There’s no need for every developer to re-invent security measures. Microchip is committed to taking on the difficult piece, providing complete, easy-to-use solutions for rapidly creating smart, connected, and secure products. That way, you don’t have to be a security expert, and everyone sleeps better at night.”
Microchip offers many different methods and layers of security through offerings such as hardware cryptography, secure boot, secure memory technologies, multiple monitoring mechanisms to detect or prevent intrusion attempts, Arm® TrustZone® technology for isolation, and more. No device is too small or power efficient for layers of security; even Microchip’s eXtreme Low Power (XLP) MCUs include families with integrated hardware cryptographic engines to protect embedded data.
The Extra Mile
One of the greatest concerns today is security for what will soon be over a trillion interconnected devices. Microchip offers the ability to create without worry or having to dig deep into the stack on several layers for meticulous protection. Smart, connected, and secure designs don’t have to be an ordeal if security is baked into modular, scalable components that free your creativity to innovate.