PKI security for embedded systems
May 01, 2010
Public Key Infrastructure (PKI) isn’t just for enterprise applications – a Machine-to-Machine (M2M) authentication strategy based on PKI c...
Public Key Infrastructure (PKI) isn’t just for enterprise applications – a Machine-to-Machine (M2M) authentication strategy based on PKI can form the backbone of a secure embedded system.
Embedded systems are now pervasively deployed in diverse large markets: industrial, medical, telecom, home appliance, consumer, automotive, and others. As Internet adoption proliferates, more embedded devices and applications are being connected to networks to take advantage of the extraordinary benefits of the Web. Some experts predict that the number of Web-connected devices will soon exceed the number of human users and grow to far higher levels.
The success of Internet-connected consumer products and applications results from the remarkable progress vendors have made in providing ease of use and security, thus removing major barriers to widespread usage by people of all ages across the globe. Billions of users now confidently make transactions online with public and private companies, banks, and health organizations. They purchase books, cars, stocks, retirement plans, insurance policies, and many other things. Consumers and businesses exchange products of small and large dollar values over the Internet.
Numerous security mechanisms, technologies, and policies have emerged to make such transactions possible and protect the trading parties. In addition, enterprises, banks, e-commerce companies, and the computing industry (hardware and software) have invested serious amounts of money to educate, enable, and monitor such transactions and respond quickly to inquiries. Enterprise IT staffs, bank payment networks, and e-commerce system providers constantly supervise their networks to ensure that transactions are performed legitimately and that risks are contained early on when they arise.
But what about the millions of Web-connected devices – how secure will they be?
Strong security needed in the embedded Internet
Authentication technologies (multifactor) and password-management processes are commonly available to all users including consumers and employees of an enterprise. Public Key Infrastructure (PKI) technology is widely deployed and effectively used on the Internet to ensure that every user is indeed interacting with a legitimate online service such as a bank, e-commerce company, or government agency.
Given the growing number of Internet-connected embedded devices, an important question arises: How will these devices provide a reliable and safe service when they are left unsupervised and connected to the Web? Unless devices incorporate strong security capabilities, they are highly exposed and vulnerable to misuse and hacks. For example, how can a remote machine reliably perform a command if it can’t verify with high certainty that it has received that command from a legitimate host? Would a weak authentication approach be acceptable, knowing that millions of deployed devices can interact with the public infrastructure or with equipment in private homes? Given the risk, what level of protection is appropriate and adequate?
This is a real problem; one that is being identified by major initiatives including the smart grid, cyber security, health care automation and other areas requiring strong protection. This situation now presents a technology opportunity: Machine-to-Machine (M2M) authentication.
Challenges of PKI adoption for embedded devices
Experts in enterprise IT, e-commerce, banking, and the Internet Engineering Task Force know that PKI technology provides the strongest and most effective authentication solution available today. However, the huge global embedded devices market has evolved in an isolated manner and for the most part has not yet adopted this proven technology. The reasons for the delay include:
· Very tight constraints (limited computing resources) on the hardware design: In most applications, the main MCU does not have the resources needed to perform PKI computations. Many embedded system designs still use outdated security solutions built with memory chips, which provide a weak level of security unsuitable for Web connectivity.
· Cost pressure and lack of skills: PKI is perceived as an expensive technology that is difficult to implement in the design and deployment phases and requires an expertise not commonly available among embedded system designers. Thus, a standard off-the-shelf memory chip is assumed to be good enough and is easy to include in a design.
· Proprietary environment not often connected to the external world: The risk of hacks is underestimated, and/or the proprietary security scheme is believed to be sufficiently robust to successfully withstand attacks.
Overcoming barriers to acceptance
The computing technology for embedded systems is changing rapidly. More higher-performance microcontrollers are available today at attractive cost points. Furthermore, a generation of secure MCUs can be integrated easily into designs, thereby providing an unparalleled level of authentication security without impacting the application performance of the main MCU.
Three major Renesas innovations are bringing PKI-based security to the community of embedded system designers.
First, the Board ID-based M2M authentication chip delivers a very high level of security using the same security technologies rigorously tested and proven in the billions of smart card ICs produced to date. This chip can connect to virtually any processor (MCU or MPU) using a standard serial communication interface (I2C). The chip incorporates multiple electrical and mechanical safeguards to make it tamperproof and is produced at Renesas Electronics’ manufacturing facilities, which meet the strict security standards of the smart card industry and are approved by bank and government ID issuing authorities.
Second, a complete suite of security service software and firmware provides an M2M authentication solution that takes a comprehensive approach to risk minimization. It includes a suite of hardware and software components and partner services that combine to offer a complete service to embedded system designers.
Finally, PKI services are available from a distribution partner for OEMs. A major strength of PKI that is also an element of complexity is the necessity to generate unique keys and a certificate (X509) for each security chip and thus for each device. Until recently, this process was economically viable only for large customers in the enterprise, e-commerce, and banking markets. Renesas Electronics America and Avnet have partnered in a chain of trust, shown in Figure 1, to change this situation, making it more viable to other firms by delivering an affordable, secure, easy-to-use/deploy PKI solution. This robust security solution complies with industry standards and can be made available to companies of all sizes that need protection against misuse.
This partnership provides the critical service components necessary for implementing complete security solutions, as illustrated in Figure 2:
· A root-of-trust Certificate Authority
· A sub-Certificate Authority (optional)
· A system for generating unique certificates and private keys for each Board ID chip
· A programming service provider that can securely insert the certificate and key pairs in each chip
Security for any embedded device
This combination of innovations in the product and business and service models enables the Renesas Board ID security solution to eliminate or significantly reduce previous barriers to the adoption of PKI technology.
A company does not have to be an IBM, General Electric, or Google to successfully apply this security technology. Whether shipping 20,000 products or hundreds of thousands of them, companies can now innovate and design Web-connected embedded devices that incorporate state-of-the-art PKI security technology. This capability will facilitate the development of products that can become part of the ever-growing embedded Internet for the smart grid or other ambitious programs that leverage the Web.
Note: This document does not cover the details of the cryptography and security mechanisms. More technical details about PKI technology are available at the Renesas Electronics website and through various public sources such as the National Institute of Standards and Technology, Federal Information Processing Standards, and others.
Nadaradjane Ramatchandirane is the senior business development manager of the Consumer and Industrial Business Unit at Renesas Electronics America responsible for managing business development in the security space. He joined Renesas Technology America in 2007 (now Renesas Electronics America), and prior to that held executive positions at Schlumberger/Gemalto, ActivIdentity, Hypercom, and Bitfone.