Why connected systems require hardware-based security.
By Juergen Spaenkuch, Division Vice President Chip Card & Security at Infineon Technologies.
Modern applications, like connected industrial systems, smart grids, connected cars and autonomous driving widely summarised under the term IoT have a high demand for reliable security. There are some typical use-cases such as authentication of components and their unique identity, monitoring and safeguarding of system integrity and protection of data and communication. To build trust in new services and technologies, IP protection is key and data security and system integrity are a prerequisite for the successful implementation of new services and applications. To establish new solutions we need integrated system solutions based on secured hardware which protects infrastructure and components from attacks, fraud and sabotage. In brief, hardware which enables software to be stored, run and updated in a protected way.
Software-based security is not enough
Several attempts have been made in the past to apply purely Software-based solutions for device authentication. Unfortunately, due to its very nature, software bears several significant weaknesses; it is written code and as such can be read, analysed and modified to the requirements of an attacker. Once the device is re-programmed with the modified software, the authentication process and system integrity can be broken.
Another severe weakness of software-based solutions can be the inappropriate storage of secret keys via all relevant process and production steps. Typically, in software-based protection systems, attackers can identify secret keys from software in a very simple way: keys usually behave like random numbers; in total contrast to the program code itself. So-called ‘entropy analysers’ are able to scan software and identify parts with high randomness, these parts typically contain the keys. Such a scan is done in seconds and the keys found could directly be used to generate falsified products in masses. Software-only solutions allow protection only in the case that none of the components used are physically accessible to an attacker. In real life, this exception would render such solutions impractical. All in all, software is usually not seen as a valid alternative for product authentication, system integrity and IP protection today.
However, software can be protected by hardware: secured hardware protects the processing and storage of code using encryption, fault and manipulation detection and secure code and data storage. Software becomes trustworthy by combining it with secured hardware. This has been proven by extensive experience from the areas of trusted computing and the use of secure elements in mobile phones and the protective functions of smart grids.
Hardware-based solutions provide more security
A typical embedded control architecture with a standard MCU on which a real-time operating system and the applications are running can currently be found in the majority of installed systems. Usually the security functionality is implemented using software-based encryption mechanisms. What is missing is an efficient, secured trust anchor (Hardware Root of Trust (HRoT)) with dedicated encryption functionality for increased security.
This is why modern MCUs are an ideal solution to respond to increasing security demands. On the one hand, available standalone security controllers are usually implemented with MCUs. On the other hand there are application-optimised MCUs with integrated security functions.
The use of a standalone security element (security processor or co-processor) that acts as an HRoT has proven itself for years in other industries such as personal computers, servers, chip cards and identity documents. The concept is also recommended for industrial applications. For example, a Trusted Platform Module (TPM) (see Figure 2) can be used as an HRoT in conjunction with other security elements in order to provide an industrial controller with comprehensive security functions such as integrated crypto-processors, encrypted storage, buses and peripheral functions as well as integrated error detection. Network end points can be efficiently protected using this hardware-based approach.
Figure 1 - OPTIGA TPM are special MCUs that provide the computer systems with comprehensive protection from unauthorised access and attacks.
There are already numerous use cases and examples demonstrating how hardware-based security solutions add real value in terms of the integrity and reliability of connected devices. For example Infineon has been shipping TPMs for devices running Google’s Chrome-based operating system since 2011. The Infineon TPM is an integral part of the security architecture of Google Chromebooks which were designed to provide a fast, simple and secured experience for people who use computing devices primarily to access the internet and use web-based applications. One key part of their design is called ‘defence in depth’, which provides multiple levels of protection against malware.
Meanwhile the structure of the TPM standard was enhanced with some specific functions and interfaces added to support new applications. New profiles of the TPMs can address security relevant applications in the IT industry, but also in embedded systems, smartphones, communications equipment, industrial automation or automotive. In addition TPMs include a comprehensive software stack enabling a secure upgrade.
Automotive is also an arising field of application as there are a lot of features and functions already widely based on hardware security, designed in response to the level of security required by the specific application. The MCUs of the AURIX family, for example, provide special function blocks such as Security Hardware Extensions (SHE) or Hardware Security Modules (HSM). The HSM takes care of secured communication with other MCUs by signing messages or even using full encryption. Furthermore, the HSM can be used to securely boot the MCU in order to prevent attacks from viruses and Trojans and to prevent unauthorised access.
With regards to the fact that the car is becoming an increasingly connected computing device, communicating with other vehicles and infrastructure, TPMs will become indispensable to protect the car’s communication interfaces from hacker, attackers or malware during software updates.
It will only be possible to implement new connected technologies like IoT by making comprehensive use of powerful safety and security technology in order to protect infrastructure and the components that are used from manipulation, attacks and malfunctions. Secured hardware is an important prerequisite, since a maximum of security requires secured hardware and cannot be achieved with software based concepts alone. Infineon provides MCUs with integrated security functions and offers efficient and secured solutions tailored to the applications’ needs; whether industrial, automotive or consumer-oriented.