How to use the Latest Microcontrollers to Simplify Embedded Security
投稿人:DigiKey 北美编辑
2016-10-12
The Internet of Things (IoT) continues to become a reality with devices being connected to the Internet by the millions on a daily basis. As exciting as this may be, with many opportunities opening up for innovation, developers of devices and systems for the IoT face many challenges, the most critical of which is securing their devices and ensuring privacy for the end user. Thankfully, new microcontrollers (MCUs) are emerging that greatly simplify the security task, but these features are only as good as the developer’s ability to use them.
It’s somewhat surprising that security has been, and remains an afterthought for many developers. This is a mistake, as it lays homes, vehicles, manufacturing, retail, and critical infrastructure vulnerable to attack. Yet despite the historical reluctance to address security, the IoT is now forcing designers to more seriously consider security up front as they develop embedded systems, fortunately they are finding they are not alone in tackling it.
Makers and vendors of microcontrollers, that fundamental element of so many IoT systems and devices, now also recognize the importance of security and are building hooks into their hardware and software libraries that ease development and lighten the developer’s security burden.
A prime example is the Synergy Platform from Renesas Electronics America. This not only includes a series of ARM®-based microcontrollers such as the S1, S3 and S7 series, but an entire software package designed to give developers a jump start by providing drivers, an RTOS, middleware, frameworks and libraries right out of the box.
Included in the Synergy Software Package (SSP) is a security and encryption module that developers can leverage to properly secure their device. While it’s good to have these software components available, developers still need to understand how to apply these resources to the three primary elements of embedded security: authentication, integrity and availability.
Figure 1: The Renesas Synergy Platform’s Synergy Software Package (SSP) includes drivers, RTOS, middleware, frameworks, libraries and development tools all included in the platform. All the different software components that are included in the platform can be seen here. (Source: Renesas Electronics America)
Authentication and encryption are tricky business
Authentication gets the most focus in security, and rightly so. Authentication is the system’s ability to verify that firmware updates and communications are from a legitimate source and are not an attempt to confuse or override the default system behavior. Common techniques that developers can use in their design that can work on any microcontroller starting from simplest and least resource constraining include:
- Passwords
- Handshakes
- Digital signatures
- Checksums
- Cyclical redundancy checks (CRCs)
A CRC should be included on important data such as the application image stored in flash and data packets that are communicated over a network or communication interface. CRC’s on a microcontroller can be tricky business, especially without a floating-point hardware unit. A great trick for developers is to use a checksum similar to the fletcher16 algorithm.
The fletcher16 algorithm detects whether any data has been changed in a data stream. It does this by essentially breaking down a data stream into blocks of 8-bits, and then summing the blocks to generate two unique 8-bit values that are recombined into a 16-bit checksum. The fletcher16 algorithm is limited to a modulus no greater than 255, so there is a 1/255 chance that a random number inserted into the data stream will go undetected. Fletcher16’s effectiveness is on par with the lowest-hanging CRCs.
In order to secure an embedded system, a developer may need to employ a combination of techniques that also include encryption. Encryption on an MCU can be tough business if you don’t pick the right device. Each application will require its own unique encryption needs but there are several hardware resources that you should be looking for on an MCU, at a minimum:
- A unique device identifier
- Limited JTAG access
- A true random number generator (TRNG)
- Symmetric cryptograph accelerator
Pay careful attention to the datasheets for a microcontroller that uses a TRNG. All TRNG’s are not created equal and if they aren’t certified to NIST SP 800-90 – the latest and greatest specification for entropy – then it will be possible for would-be hackers to manipulate the generator by impacting system entropy that then generates predictable results.
Entropy is a measure of the randomness or chaos that exists within a system. A TRNG will often use entropy to calculate a random number. If a hacker is able to control the entropy for the system, such as manipulate time or temperature (properties used by pseudo-random number generators) then the random number becomes predictable. A predictable number allows a hacker to make educated guesses that eventually break down the system security and open it up for attack.
The Renesas Synergy MCUs have all the above hardware resources, and using the Synergy toolchain gaining access to the TRNG is nearly trivial. Just go under the Synergy configuration file and then, from within the threads tab, add the TRNG component. The component is added completely through a visual interface and the necessary step can be seen in Figure 2. In this example, a Renesas S1 development kit was used to deploy the TRNG. Once the TRNG driver is added, the following API call will generate the random number:
R_SCE_TRNG_Read ( trng_ctrl_t *const p_ctrl , uint32_t *const p_dest ,uint32_t nwords )
Figure 2: To add a true random number generator (TRNG) driver component to a Synergy project, simply select add and then follow the menus from the upper right to the lower left to find the TRNG driver. (Source: Renesas Electronics America, E2 Studio Synergy Project)
Advanced applications will want far more than a simple TRNG or a symmetric cryptograph accelerator. To take advantage of the latest encryption technologies, a developer should look for additional hardware within their microcontroller such as:
- Asymmetric cryptograph accelerators
- HASH accelerators
- Asymmetric key generators
- Secure key storage
Without these critical components, developers will find that their systems are vulnerable to attack and may be compromised in the field. In fact, end users may find their privacy being invaded. Privacy is the ability for the end-user’s data to be hidden and not viewable to other people. Systems that lack good encryption methodologies will result in privacy violations that the user may not even be aware of or that could result in cybercrimes such as identity theft. The advanced features listed above can help aid in protecting privacy but may not be included in every microcontroller. For example, you won’t find a HASH accelerator on a Renesas S1 device, but you will find one on a Renesas S7.
Ensuring system integrity
Developers are usually so focused on authentication and encryption that many times they fail to consider how important system integrity can be. Integrity is a measure of how trustworthy the software is. Many developers will assume at start-up that the application has not become corrupted or has been injected with malware. For a device that is constantly connected to the Internet this is a poor assumption.
There are a few techniques developers can use to verify the integrity of their system. First, you can add a CRC or checksum to their application image stored in flash. When starting the system, the boot code calculates the checksum or CRC and verifies that it still matches the expected value. Alternatively, you could use a software component such as the Secure Boot Framework (QSA) that is included in the Renesas SSP. Not only does it provide secure boot capabilities, it also provides protected memory locations that prevent malware or other code from gaining access to the entire system. This lets you create sandboxes for different application components to keep them secure.
Availability
An embedded system should be nearly 100% available, but there are times when a hacker may be performing distributed denial of service (DDoS) attacks that result in thread starvation or memory overflows that then bring the system down. To secure an embedded system and prevent this from happening, but sure to use an RTOS that has the ability to enable memory protection and manage the application to ensure that an overbearing task can’t bring down the entire system.
Getting started with security
Embedded security can be considered a niche area since security was not a concern until the IoT. Devices used to be disconnected which drastically limited their area for attack. A connected device though can be attacked at any moment and under a wide variety of circumstances. The best way to learn embedded security is to start on the bench. There are two development kits, the aforementioned Renesas S1, as well as the Renesas S7 that can be used to jump start security work.
Figure 3: The Renesas SK-S7G2 development kit is the best place to start exploring security concepts, before narrowing down your hardware encryption choices. (Source: Renesas Electronics America)
Each development kit has Arduino header break-outs so that hardware shields such as a Bluetooth module can easily be added to the development kit for custom design work. The Renesas S7 includes an Ethernet port which, when coupled with the SSP, can have you up and running with an IoT device in short order.
When first starting out exploring secure concepts, you will likely want to focus on the S7 first since it has all the bells and whistles and is most capable. Once you understand the capabilities for the platform and the end-system requirements, only then does it make sense to consider decreasing your hardware encryption capabilities.
Conclusion
The challenges facing designers to secure their embedded system, from authentication through to system integrity and high availability, may at first glance appear overwhelming. However, microcontrollers are emerging with built-in features, hooks, and libraries that help developers tackle these challenges and simplify the process. An excellent example is the Renesas Synergy microcontroller and its associated evaluation platforms examined in this article.
免责声明:各个作者和/或论坛参与者在本网站发表的观点、看法和意见不代表 DigiKey 的观点、看法和意见,也不代表 DigiKey 官方政策。