Securing RF Links for the IoT

作者:Jon Gabay

投稿人:电子产品

As we move toward connecting everything from our sneakers, refrigerators, and coffeemakers to our pacemakers and door locks, security issues such as restricting access to confidential information have renewed importance. This has become of even greater concern as we go wireless with our Internet of Things (IoT) communications infrastructure.

This article looks at modern high-speed wireless links and the security measures they can carry with them to try and assure that our data and property are secure and guarded against mischief and mayhem. All parts, data sheets, tutorials, and development systems referenced here can be found online at DigiKey’s website.

Network and processor security

With wired networks, a tap point must be established to gain access to the raw data streaming over the network. Points outside the collision domain can still gain access if one knows the vitals of the IP address and MAC address of the machine or device you wish to covertly connect to through a layer 2 switch.

With gained access to the network, packet sniffing may eventually expose all the nodes directly accessible on the network. Then, bogus packets can be injected onto the network, and services can be accessed and sockets opened, providing you can overcome any security passwords and encryption measures in place (and not every service is encrypted).

With wireless devices connected as part of a peer-to-peer, ad-hoc, or mesh structure, all data packets are more easily exposed; when in proximity to the would-be interloper. This is a key point. Wireless security, especially of IoT-connected devices, refers to the wireless accessibility of a device or wireless access to its data, both of which may be vulnerable.

Several approaches are offered by device makers to try and combat this security issue. High-end processors like the Freescale ARM Cortex A-9 MCIMX6S5DVM10AB provide boot security as well as Digital Rights Management (DRM) features specifically aimed at e-commerce (Figure 1). This helps protect downloads and even firmware updates, which can also occur wirelessly.

Image of Freescale ARM Cortex A-9 MCIMX6S5DVM10AB (click for full-size)

Figure 1: Security inside a processor is no longer a second thought, bolt-on addition to processor cores, especially when wireless access is to be used. Everything from boot code, to J-Tag ports need to provide some level of protection against tampering and unwanted access. Fuse-style OTP functionality can also fix boot loaders once deployed.

It is up to the designer to be aware of the tricks and techniques that can be used to protect a design. For example, the Freescale parts start at boot time to verify tamper-proof operation. The A-HAB (Advanced High Assurance Boot) uses embedded enhancements including SHA-256 encryption, which features 2048-bit TSA keys alongside version control to protect even during warm-boot operations.

Note, specialized hardware blocks inside the processor take advantage of a technique called ARM Trust Zone, which uses architectural partitioning to separate interrupts, memory mapped areas, and even I/O-mapped areas into designated zones of access. Using secure RAM and true random- and pseudo-random sequence number generators on-chip generate NIST-certified hash codes and the addition of a Central Security Unit in hardware works with other hardware/software to assure proper Identification of IC Modules (IIM) and security-level operational modes.

The J-tag ports also need to be secured, even though these are not typically wireless. The same holds true for the real-time clock. Manipulating timestamps and time can allow certain scheduled events to open holes in the security of a device.

Freescale’s Secure Non-Volatile Storage (SNVS) functional block and Cryptographic Acceleration and Assurance Module contains cryptographic and hash engines using 16 Kbytes of secured RAM and even features a run-time integrity checker.

A nice feature is the Electrical Fuse Array which enables the designers to set up boot modes and security levels of function and hardware blocks. A 512 x 8 fuse box is accessible only through a specialized on-chip OTP controller and control interface to remain tamper-proof and secure.

Another technique is a specialized watchdog timer called the Watch Dog Trust Zone timer. It protects against watchdog “starvation” which can compromise security by preventing the normal OS from switching to TZ mode. Working with secured interrupts, if servicing does not take place, the TZ watchdog asserts a security-violation signal to the TSU. This cannot be programmed or deactivated by normal mode software.

Ensuring security for processors, especially multi-core processors, can be more than a full-time job. Fortunately, Freescale has encapsulated its techniques and features into a Security Reference manual for its IMX processors.1

Focusing on secure infrastructure communications

When communicating data over a network that was never intended to be secure (such as TCP/IP), the cryptographic techniques used can make a big difference. Remember that any listener can capture data packets and log them, which allow off-line crunching to try and reverse engineer cryptographic codes and keys so as to recover data that was meant to be secure. In addition, advances in quantum computing may make it possible for every key or password to be tried at once, eliminating the false sense of security we have now when we think it would take 1,000 computers 1,000 years to try every possible permutation.

Wi-Fi is by far the most popular real-time, multi-user wireless network in place for data and control. Wi-Fi securities do a good job of warding off most unsophisticated intruders. However, as an alarm sticker on a window will discourage many burglars, those that really want to get in will be undeterred. That’s why even discrete functions, like switches and sensors for critical infrastructure and dangerous environments, are carrying their own security measures.

An example is the Honeywell WDRR Series wireless relays. Based on 2.4 GHz 802.15.4 interconnect technology, Honeywell uses an embedded 128-bit ASE security engine to protect its family of sensors and switches from unauthorized wireless access.

Parts like the WDRR1A03A0A communicate wirelessly up to 305 meters via license-free WPAN point-to-point connectivity using a 16 bit PAN network ID with a 128 bit ASE security key (Figure 2). This is done while remaining sealed to NEMA IP66/67 standards. Note the externally connected antenna to allow such range in a potentially noisy and obstructed environment.

Image of Honeywell Sensing and Control WDRR1A03A0A

Figure 2: Especially critical are wireless infrastructure and factory nodes. If a skilled hacker in a car a hundred feet away can gain access to a gas refinery mixing valve, for example, lives lost and property damage can be catastrophic. In addition to internal encryption, simple features like an LED that indicates when a device is paired can give operators a visual queue if someone has gained unauthorized access.

Developing custom security

Many security protocols and standards have been established to assure interoperability. However, not everyone needs to conform to these standards. If, for example, you are creating your own IoT-based device that has a dedicated and private link between two points, you are free to implement standard security with the rest of the network and create a private security link between your two proprietary nodes.

Development kits can allow engineers to develop and test encryption and security set-ups. Most micro- and RF-micro makers provide development support, references, and application notes in their documentation.

Take, for example, Atmel’s Crypto Development and Starter Kits. Kits like the AT88CK101STK8 allow you to implement and test anti-tamper and security measures (Figure 3). As part of its CryptoAuthentification Series, Atmel also provides several useful training sessions, including video Product Training Modules for its Crypto products.

Image of Atmel AT88CK101STK8

Figure 3: Cryto-development kits provide a window into standard and custom encryption techniques. Processor daughter boards can route to GPIO to indicate stage by stage verifications of encoding and decoding.

Be aware and alert

While security concerns of the past are still valid, the widespread use of wireless communications has added new possible layers of intrusion that can take place either through our handheld devices and phones, or through IoT infrastructure-linked devices like valves in a chemical factory or a Liquid Propane center.

The many benefits that the IoT can bring can quickly become a nightmare scenario if mischievous hackers are able to find a way in. We ourselves may be the weak link if the apps we install have backdoors. What is more, intruders suddenly do not have to be physically present to do their dirty work; globally connected IoT devices may be accessible from a point on the other side of the world. Firmware and software updates also can provide openings.

If we all had a network that was private and not connected to the Internet, we could be fairly certain the links to our houses, entertainment systems, and critical infrastructure elements were secure; but we don’t, so until then, users beware.

For more information about the parts discussed in this article, use the links provided to access product pages on the DigiKey website.

免责声明:各个作者和/或论坛参与者在本网站发表的观点、看法和意见不代表 DigiKey 的观点、看法和意见,也不代表 DigiKey 官方政策。

关于此作者

Jon Gabay

关于此出版商

电子产品

《电子产品》杂志和 ElectronicProducts.com 网站服务于负责电子设备和系统设计的工程师和工程管理人员。