By Dana Neustadter, Sr. Staff Product Marketing Manager for DesignWare Security IP
The continued innovation and widespread adoption of connected devices — the internet of things (IoT) — has resulted in a vast range of conveniences that improve our lives every day. At the same time, the ubiquity of IoT devices, which market watchers estimate to be in the tens of billions, also makes it more attractive to bad actors who see opportunities in the sheer volume of “open doors” that the popularity of IoT offers. At every point, there are vulnerabilities to malicious attacks allowing interception of vital information. For all the advances and automation that IoT enables, security is paramount because it affects both device manufacturers and end users alike.
The number and variety of IoT security attacks have increased as the volume of devices proliferate on networks, even with those that offer the most secure connectivity. IoT security is complex and encompasses many layers involving both hardware and software efforts at all levels of the network, and the rules of the game are constantly in flux. Connected devices operate in an environment where attacks can originate from anywhere and must be capable of adapting to an evolving threat landscape. With the amount and value of data that can be accessed, hackers are becoming increasingly sophisticated in their approaches. AI-enabled attacks are commonplace, for example, as breaches use advanced algorithms to bypass seemingly secure systems and networks.
Security is a fundamental requirement of any connected device, but implementing security solutions is not a “one size fits all” proposition. Different applications have specific needs and restrictions — performance, form factor, power consumption, operating environment, and cost, to name a few. And, of course, the value of the data being processed by the application varies widely. Consider a fitness tracker that only monitors your daily step count compared to a complex healthcare network that contains a trove of highly confidential and personal data; the latter requires higher-grade security and safeguards.
Every IoT device has security design considerations that must be thought through at the earliest stages of the SoC design process. Minimum requirements such as protection at power on and off, and basic security during runtime and when connected to a network or when devices are communicating with each other, are essential. In addition, designers must consider laws around data protection. For example, there’s the Global Data Protection Regulation (GDPR) in Europe, which imposes steep fines on corporations if private user data is compromised. An example in the U.S. is the Health Insurance Portability and Accountability Act (HIPAA) that stipulates how Personally Identifiable Information (PII) maintained by the healthcare and healthcare insurance industries should be protected from fraud and theft. From there, the specifics of the application and use cases need to be addressed and prioritized, such as what software is being run on the devices, where it is physically located, and the robustness of the authentication and identification needed.
In this post, we’ll offer an overview of two weapons in the battle for secure IoT design.
From an SoC design perspective, security has both hardware and software implications; the engineer’s toolbox requires ways to address both, from RTL design to system verification. A key enabler is pre-verified IP subsystems that can be easily integrated within the SoC to provide a scalable platform for diverse security functions and applications.
The Synopsys DesignWare IP offering includes the tRoot Hardware Secure Module (HSM), which was created specifically for implementing a secure hardware root of trust in connected devices. This solution supports all the essential elements for developing an effective root of trust, which provides a security perimeter for protecting sensitive data and operations. It includes a secure CPU, multiple secure key servers for key transport protection, secure instruction and data controllers to provide external memory access protection and runtime tamper detection, and cryptographic acceleration with protection against side-channel attacks.
A root of trust can be started by a variety of methods, including simply loading its protected memory region and signaling that it has firmware available. Alternatively, it can be loaded using a hardware state machine from external Flash memory, run directly out of SPI memory, or a variety of other methods. When it starts, the root of trust derives its internal keys from supplied device identity inputs and executes self-tests and code validation for itself. If these tests are passed, it can move on to validate code for other subsystems in the chip using a secure bootstrap process.
The root of trust is used to perform several functions, including secure monitoring during power up and runtime operation of the SoC, secure validation/authentication for verifying the validity of the code and/or data on the SoC, storage protection, secure communication, and key management.
tRoot HSM provides robust hardware protection while being highly configurable, flexible, and maintaining a high level of performance. tRoot HSM is used to provide security functions in a trusted execution environment as a companion to a host processor that runs most system applications. To minimize the number of attack vectors, tRoot HSM uses a simple interface with a limited set of interactions with the host processor. At the same time, it provides a fully programmable platform that can offer a variety of services throughout the device’s lifecycle.
tRoot protects IoT devices using unique code protection mechanisms that provide runtime tamper detection and response, and code privacy protection without the added cost of more dedicated secure memory. This unique feature reduces system complexity and cost by allowing tRoot’s firmware to reside in any non-secure memory space.
tRoot HSM can be leveraged to implement an evolving security approach that is based on the concept of the familiar SIM card. Mobile operators have been using SIM cards for years to protect their devices and networks from fraud and misuse, and to ensure secure communications for customers.
The traditional SIM card has evolved into new forms, including an eSIM format: a chip that can be soldered on a board instead of a card that is inserted into a SIM card slot. This allows for devices to include the SIM hardware secure element when the device is manufactured. eSIM provides the additional benefit of being able to remotely install and manage the connectivity profile and subscriber identity.
To further address the cost and size requirement of IoT devices, there is a move toward integrated SIM (iSIM), which is implemented not as a separate secure element chip but is instead integrated with the modem or application chip. The technology has led to the successful integration of discrete chips and modules into a single SoC combining the application, modem, and SIM functions.
Synopsys has partnered with several eSIM/iSIM OS and service providers, including Truphone, to provide complete solutions comprised of the hardware, software, and services needed to enable mobile network operators and product manufacturers to securely connect and manage devices in worldwide cellular networks.
SoCs that incorporate iSIM reduce component count, simplify board integration, and enable resource sharing within the chip. Instead of duplicating resources like a memory controller and peripherals for the SIM card or chip, for the application processor chip, and for the modem module, some resources can be shared on-chip between these different subsystems.
Implementing an iSIM can be complex, which is why the ease of integration with tRoot HSM is appealing. Designers who use tRoot HSM can create a trusted execution environment that both logically and physically isolates and shields all processing of the iSIM software stack from other components, like the application processor or direct memory access (DMA) engines that could tamper with the iSIM processing and leak secret keys. In addition to providing a high level of security, the processing is energy- and area-efficient to support the long lifetime of low-cost, battery-powered IoT devices.
Security is a critical element of IoT deployment, yet it is too often neglected in the early stages of SoC and system development. Applying security as an afterthought can lead to data breaches, especially in the era of intelligent, connected devices. Security must be designed into IoT devices from the very beginning, and manufacturers need to adopt a security-by-design mindset, protecting both their products and their customers’ data starting at the silicon level.
Catch up on other IoT and security news by reading these recent blog posts: