Modern applications like connected industrial systems, smart grids, connected cars and autonomous driving widely summarized under the term “Internet of Things” (IoT) (figure 1) have a high demand for reliable security. There are some typical use cases such as authentication of components and their unique identity, monitoring and safeguarding of system integrity and protection of data and communication.
To build trust in new services and technologies, IP protection is key and data security and system integrity are a prerequisite for the successful implementation of new services and applications. To establish new solutions we need integrated system solutions based on secured hardware which protects infrastructure and components from attacks, fraud and sabotage. In brief, hardware which enables to store, run and update software in a protected way.
Purely Software-based security is not enough
Several attempts have been made in the past to apply purely Software-based solutions for device authentication. Unfortunately, software – due to its nature – bears several significant weaknesses. Software is written code, and code can be read and analyzed. And once it is analyzed, it can be modified to the requirements of an attacker. And finally, once the device is re-programmed with the modified software, the authentication process and system integrity can be broken.
Another severe weakness of software-based solutions can be the inappropriate storage of secret keys via all relevant process and production steps. Typically, in software-based protection systems, attackers can identify secret keys from software in a very simple way: Keys usually behave like random numbers – in total contrast to the program code itself. So-called “entropy analyzers” are able to scan software and identify parts with high randomness – these parts typically contain the keys. Such a scan is done in seconds, and the keys found could directly be used to generate falsified products in masses. Software-only solutions allow protection only in the case that none of the components used are physically accessible to an attacker. In real life, this exception would render such solutions unpractical. All in all, software is usually not seen as a valid alternative for product authentication, system integrity and IP protection today.
However, software can be protected by hardware: secured hardware protects the processing and storage of code using encryption, fault and manipulation detection, and secure code and data storage. Software becomes trustworthy by combining it with secured hardware. This has been proven by extensive experience from the areas of trusted computing and the use of secure elements in mobile phones and the protective functions of smart grids.
Hardware-based solutions provide more security
A typical embedded control architecture with a standard micro controller on which a real-time operating system and the applications are running can currently be found in the majority of installed systems. Usually the security functionality is implemented using software-based encryption mechanisms. What is missing is an efficient, secured trust anchor (Hardware Rout of Trust, HRoT) with dedicated encryption functionality for increased security.
This is why modern micro controllers are an ideal solution to respond to increasing security demands. On the one hand, available standalone security controllers are usually implemented with micro controllers. On the other hand there are application-optimised micro controllers (MCUs) with integrated security functions.
The use of a standalone security element (security processor or co-processor) that acts as a HRoT has proven itself for years in other industries such as personal computers, servers, chip cards and identity documents. The concept is also recommended for industrial applications. For example, a trusted platform module (TPM, figure 2) can be used as a HRoT in conjunction with other security elements in order to provide an industrial controller with comprehensive security functions such as integrated crypto-processors, encrypted storage, buses and peripheral functions as well as integrated error detection. Network end points can be efficiently protected using this hardware-based approach.
Hardware-based security is proven in the field
Coming back to the initial point of discussion – new business models and opportunities in the context of the Internet of Things – there are already numerous use cases and examples demonstrating how hardware-based security solutions add real value in terms of integrity and reliability of connected devices.
For example Infineon has been shipping TPMs for devices running Google’s Chrome-based operating system since 2011. The Infineon TPM is an integral part of the security architecture of Google Chromebooks which were designed to provide a fast, simple and secured experience for people who use computing devices primarily to access the Internet and use web-based applications. One key part of their design is called “defense in depth,” which provides multiple levels of protection against malware.
Meanwhile the structure of the TPM standard was enhanced with some specific functions and interfaces added to support new applications. New profiles of the TPMs can address security relevant applications in the IT industry, but also in embedded systems, smartphones, communications equipment, industrial automation or automotive. In addition TPMs include a comprehensive software stack enabling a secure upgrade.
Automotive is a also an arising field of application – as there are a lot of features and functions already widely based on hardware security, designed in response to the level of security required by the specific application. The micro controllers of the AURIX family for example provide special function blocks such as Security Hardware Extensions (SHE) or Hardware Security Modules (HSM). The HSM takes care of secured communication with other micro controllers by signing messages or even using full encryption. Furthermore, the HSM can be used to securely boot the micro controller in order to prevent attacks from viruses and Trojans, and to prevent unauthorized access
With regards to the fact that the car is becoming an increasingly connected computing device communicating with other vehicles and infrastructure, TPMs will become indispensable to protect the car’s communication interfaces from hacker attackers or malware during software updates.
It will only be possible to implement new connected technologies like IoT by making comprehensive use of powerful safety and security technology in order to protect infrastructure and the components that are used from manipulation, attacks and malfunctions. Secured hardware is an important prerequisite, since a maximum of security requires secured hardware and cannot be achieved with software based concepts alone. Infineon provides micro controllers with integrated security functions and offers efficient and secured solutions tailored to the applications’ needs – whether industrial, automotive or consumer-oriented.