Secure IoT devices from the microcontroller, up

July 18, 2018


Secure IoT devices from the microcontroller, up

Addressing IoT security goes beyond the capabilities of any individual supplier, and creates the need for specialized partner ecosystems to account for the growing number of IoT threat vectors.

Earlier this year it was reported that cyber criminals were able to hack into the high roller database of an unnamed casino. They did so through an Internet-connected fish tank in the casino lobby.

Similar to the way hackers were able to access to Target’s point of sale (POS) systems back in 2013, the casino hack illustrates just how much attack surface is available on the Internet of Things (IoT). Organizations looking to take advantage of IoT connectivity, data transparency, and insights must ensure that every network entry point, regardless of how small or seemingly insignificant, is protected.

Of course, this type of security comes at a cost – one that many companies have been unwilling to pay until a breach occurs, data or revenue is lost, or reputations are damaged. For OEMs, the expense of IoT security is more than simply adding a cryptographic IC to the bill of materials, as it also has implications on engineering development time, power consumption, the type of microcontroller selected, and so on.

Faced with the time to market and cost pressures of consumer and commercial product development, it’s not surprising many device manufacturers elect to shortcut or completely forego steps in the secure development lifecycle.

Silicon and software for secure connected devices

Even bleeding-edge technology companies struggle with secure IoT development due to the broad expertise it requires. As shown in Figure 1, attacks can be software-based, focus on communications channels, target vulnerable firmware during and after an update process, or look to compromise physical components. Addressing all of these areas at once goes beyond the capabilities of any individual supplier, and creates the need for specialized partner ecosystems to account for the growing number of IoT threat vectors.

Figure 1. Connected devices have a large attack surface that outstrips the capabilities of most organizations. Security ecosystems are needed to account for the growing number of threat vectors.

One such ecosystem is starting to take shape around Microchip’s recently released 32-bit SAM L11 microcontroller. The SAM L11 is the first embedded MCU based on the Arm Cortex-M23 processor, the smallest and most energy-efficient Armv8-M architecture core. The MCUs integrate up to 64 Kb flash, 16 Kb RAM, and make use of TrustZone for Armv8-M to isolate trusted libraries, application code, and IP from non-trusted software and firmware components running on the device (Figure 2).

Figure 2. Microchip’s SAM L11 microcontrollers are based on the Arm Cortex-M23 processor core and make use of TrustZone technology to protect sensitive regions of the chip from malicious code injection, malware, and other software-borne attacks.

In addition to TrustZone technology, the SAM L11 devices integrate a cryptographic module that provides secure boot, secure key storage, and chip-level tamper resistance to form a hardware root of trust (HRoT) that protects against physical and remote attacks. The built-in module supports AES, GCM, and SHA algorithms.

The video below illustrates how Arm TrustZone and SAM L11’s built-in countermeasures can be used to protect IP from malware and physical attacks. By establishing a trusted execution environment (TEE) on the SAM L11 using TrustZone technology, mission-critical or business-sensitive IP blocks can be securely partitioned from non-trusted portions of memory. Besides protecting the chip from malicious actions, this partitioning also enables multi-vendor IoT use cases as an OEM can provide application developers with APIs that grant access to certain system resources while denying access to others.

Video. Ram Konreddy, Senior Product Marketing Engineer at Microchip Technology, Inc. provides an overview of using Trusted Execution Environments (TEEs) on the recently released SAM L11 MCU.

While the above demonstrates secure use cases, the design complexity associated with correctly implementing technologies like memory protection units (MPUs) often results in them not being used at all. To ensure IoT engineers are able to exploit the capabilities of the SAM L11, Microchip has partnered with Secure Thingz, Data I/O, and Trustonic to provide software and firmware development frameworks that simplify the creation of secure end-to-end system stacks.

The Trustonic partnership, for instance, makes the Kinibi-M software development kit (SDK) available to SAM L11 engineers. Kinibi-M provides a modular environment for integrating key provisioning, secure boot, firmware upgrade, authentication, and other secure services on the MCU platform that abstracts the complexities of TrustZone and other chip-level protection mechanisms (Figure 3). Rather than poring over thousands of lines of code, developers can use APIs to call specific Kinibi-M software modules that contain security libraries, such as secure key storage.

Figure 3. Trustonic’s Kinibi-M software development kit (SDK) provides a modular, graphical development environment for IoT engineers working with the SAM L11 to abstract the complexities of chip-level security and Arm TrustZone.

Frameworks like this are what was missing in Arm’s original release of TrustZone technology, and provide a quick and cost-effective avenue to secure development for the lay engineer.

In addition, embedded operating system and tool suppliers have announced support for the SAM L11 chip, with IAR Systems’ Embedded Workbench for Arm toolchain to assist designers with code optimization and power debugging functionality (Sidebar 1). SEGGER has also made its IDE Embedded Studio, emboss RTOS, J-Link debug probes, SystemView runtime visual analysis tool, and emCrypt security suite available to SAM L11 developers, the latter of which includes cryptographic algorithms. The SEGGER tools are free for educational and non-commercial use in the company's Evaluation Package.

The SAM L11 is also compatible with Atmel START and the Atmel Studio IDE.

Sidebar 1 | picoPower sets the benchmark

Thanks to Microchip’s picoPower technology, the SAM L1X MCU family delivers its security functionality at less than 25 µA/MHz in active mode, 600 nA in sleep mode, and 100 nA at shut down (wake-up time of 1.5 microseconds). This represents a 200 percent power savings versus the next-most energy efficient competing MCU, and 152 percent better energy efficiency than Microchip’s own Arm Cortex-M0-based SAM L21 MCU on EEMBC’s ULPMark power consumption benchmark. The implications of this on battery life can be seen in Figure 4.

Figure 4. Microchip picoPower technology in SAM L11 MCUs delivers 200 percent lower power consumption on the ULPMark benchmark compared to leading low-power alternatives, which translates to significantly longer battery life.

Ecosystems enabling security

The security ecosystem developing around the SAM L11 is positioned to eliminate many of the hidden costs of secure device development, including engineering time/resources and power consumption. As a robust set of security technologies are integrated into the SAM L11 MCU itself, organizations can also save on the bill of materials by not having to add discrete security components.

With industry expertise converging around the IoT device security challenge, the reasons to forego secure development are disappearing. To start prototyping your next secure IoT device design you can purchase the SAM L11 Xplained Pro Kit for $58 from Microchip Direct or Mouser (Figure 5).

Figure 5. The SAM L11 Xplained Pro Kit is a low-cost way to evaluate the security capabilities of the Microchip SAM L11 MCU.