Be Secure at ALL Times

Systems shut down. Sometimes it’s because you want them to, for maintenance or power savings or some other reason. And sometimes they shut down when you don’t want them to, and that’s what you try to avoid. It’s imperative that this phenomenon does not occur when your system is powering up or down, which is a time when security can unintentionally be more lax.

It’s fairly well documented how to keep your system secure when all is going well. But that’s not necessarily the case when the system is powering up or down, particularly if it’s an unplanned outage. So, what do you do in these unfortunate situations?

The easy answer is to be sure that you design in an MCU that incorporates all the latest security features. The harder part is determining whether that’s actually the case, as the standards and features change quite rapidly, as the bad guys are seemingly getting smarter by the minute. To learn even more about this technology, read the article titled “The Anatomy of Security Microcontrollers for IoT Applications.

Figure 1: Shown are the boundary areas of protection in an industrial platform. (Image source: Maxim Integrated Products)

In a typical “secure” design, all the embedded security building blocks operate together under a common boundary. The upper-level in that hierarchy of security protection involves techniques such as cryptography and hardware security (Figure 1). That boundary isolates authentication keys from software which should prevent hackers from carrying out attacks, including those that could occur while power cycling your system. But should power be removed, it’s vital that the system be brought up in the proper sequence; which means that the security gets loaded first, away from peering “eyes.”

The RX family of devices from Renesas, such as the RX651 microcontrollers, implements security using a Root of Trust. This is one way that system designers deal with the power-up and power-down issue. The system knows that it must power up and down in a particular sequence, using that Root of Trust. It reads in the encrypted keywords, which provides the “all clear” signal to the rest of the system.

The RX651 MCUs also address security concerns by integrating Trusted Secure IP (TSIP) and trusted flash area protection, which enables flash firmware updates in the field through secure network communications. The TSIP offers robust key management, encrypted communication, and tampering detection to ensure strong security against external threats such as eavesdropping, tampering, and viruses.

A second method of security, one that’s quite popular today, is Arm’s TrustZone, which isolates the critical security firmware and private information, such as secure boot, firmware update, and keys, from the rest of the application. Essentially, it divides the MCU into two parts, with one part being completely secure, containing the encryption keys, etc., and the other side being deployed for general-purpose activity. The two domains remain isolated, so tampering is eliminated.

One MCU that takes advantage of TrustZone is the STM32MP151A from STMicroelectronics. It’s based on the Arm Cortex-A7 32-bit RISC core, operating at up to 650 MHz and includes 32-kbyte instruction and data caches, as well as a 256-kbyte Level 2 cache. The on-board memory protection unit (MPU) enhances application security. That’s in addition to the embedded TrustZone technology.

Security From a Second Source

Another device, one that works independently of the MCU, is the ATECC608A secure element from Microchip (Figure 2). The device features a random number generator (RNG) for unique key generation while complying with the latest requirements from the National Institute of Standards and Technology (NIST). It also features cryptographic accelerators like AES-128, SHA-256, and ECC P-256 for mutual authentication.

Figure 2: The ATECC608A from Microchip is a cryptographic co-processor that works alongside an MCU. It provides secure hardware-based key storage. (Image source: Microchip)

While the hooks are built in to support Microchip’s extensive family of MCUs, the part is agnostic of any microprocessor or microcontroller. The device requires very little power, and requires just one GPIO over a wide voltage range. Its small form factor (8-pad UDFN or 8-lead SOIC package) makes it easy to design onto the board.

As you can see, there are many ways to secure your system. Pick the one that best suits your application.

About this author

Image of Richard Nass

Richard Nass’ key responsibilities include setting the direction for all aspects of OpenSystems Media’s Embedded IoT portfolios, including Embedded Computing Design, Embedded University, and various digital, other print, and live events. Previously, Nass was the Brand Director of UBM’s award-winning Design News property. Prior to that, he led the content team for UBM Canon’s Medical Devices Group, as well as all custom properties and events. Nass has been in the engineering OEM industry for more than 30 years. In prior stints, he led the Content Team at EE Times, handling the Embedded and Custom groups and the TechOnline DesignLine network of design engineering web sites. Nass holds a BSEE degree from the New Jersey Institute of Technology.

More posts by Richard Nass