Researchers discovered earlier this year that a security issue enabling a hacker to infiltrate a home or corporate network through smart light bulbs—first detected four years ago—is still present unless a patch is installed. Hackers are launching distributed denial of service (DDoS) attacks after hijacking access control systems for smart doors and smart buildings, potentially gaining access to internal networks. A smart vacuum cleaner has turned out to be, well, not so smart, as flaws make it vulnerable to various attacks, including one that allows malicious actors to peek inside users' homes through the appliance's embedded camera. The list goes on.
While the IoT continues to bring greater conveniences into our lives, left unprotected, smart devices could also open the door to malicious attacks that burrow into networks and attempt to access sensitive data. Clearly, you've got to protect your IoT designs from security threats—and this is especially critical for those designs that could trigger more harmful breaches. For example, hacking of a smart medical device, such as a pacemaker, could lead to dire or even deadly consequences. In these medical applications, it's essential to be able to guarantee that the sensors inside are genuine and to protect them from aftermarket clones; to verify that the data collected by the sensors is genuine; and to enforce usage control and expirations in the case of single- or limited-use disposable peripherals.
Another area where security is important is the industrial IoT, where an attack on automated factory equipment, for example, could disrupt the manufacturing line and lead to lost revenue. Here, it's imperative to ensure that OEM modules are genuine and to establish point-to-point security. Feature control is another consideration. In the production world, it's economical to manufacture, say, one board that supports multiple versions and levels of features. Allowing secure end user feature upgrades protects the integrity of those upgrades.
In summary, some of the key challenges you'll need to address to keep your IoT designs secure include:
- Safety and reliability: You'll want to prevent counterfeit components that could pose safety risks to your customers
- Key management: With a weak security scheme, keys for protecting and encrypting sensitive data can be left exposed
- Secure boot: Invalid firmware can create opportunities for malware attacks
- Endpoint security: Secure communication and authenticity of end points must be addressed
- Feature control: You'll need a way to securely enable and disable various factory-based options
Hardware-based security provides the most robust protection for IoT designs. Compared to its more easily infiltrated software approach, hardware security provides layers of advanced physical security, cryptographic algorithms, secure boot, encryption, secure key storage, and digital signature generation and verification to fend off malicious attacks. For example, Maxim Integrated's newest DeepCover secure coprocessor with hardware-based cryptography, the DS28S60, provides robust countermeasures that make it easier for you to protect against security attacks. The device includes:
- A high-speed 20MHz SPI interface for fast throughput of security operations.
- A fixed-function ECC/SHA-256/AES cryptographic toolbox.
- ChipDNA physically unclonable function (PUF) technology.
- A simple way to implement end-to-end encryption via its built-in key exchange capability, in which the part uses an asymmetric key algorithm to exchange a symmetric key. The symmetric key can then be used to encrypt/decrypt data between two IoT nodes or a sensor node and the cloud.
ChipDNA PUF technology provides strong protection against invasive and reverse-engineering attacks. The PUF circuit relies on the naturally occurring random analog characteristics of fundamental MOSFET devices to produce cryptographic keys. The key is generated only when needed and is then deleted rather than stored on the chip. Any attempt to probe or observe the ChipDNA operation actually modifies the underlying circuit characteristics, which prevents discovery of the secret key.
Here's how the DS28S60 addresses the key design challenges discussed earlier:
- Safety and reliability: Counterfeit components are blocked from operating in the system
- Secure storage: ChipDNA PUF technology is used to encrypt keys, secrets, and all device-stored data
- Secure boot: Its SHA-256 and ECDSA crypto toolbox features support secure boot of a host processor
- Endpoint security: The device addresses concerns over secure communication and authenticity of end points
- Feature control: You can securely enable and disable various factory-based options
Since the DS28S60 offloads complex cryptography and secure key storage from a non-secure host microcontroller, while providing 1.62V-3.63V operation and a 100nA power-down mode, it works well for battery-powered IoT applications. Its cryptographic accelerators support ECDHE key establishment and are designed for client/server communication applications to prevent eavesdropping, tampering, and message forgery. The device also features a fixed-function command set and requires no device-level firmware, simplifying the process for integrating it into designs. While the device doesn't have built-in counter functionality for limited-use peripherals, a counter can be implemented through a user page and some programming.
Evaluate the secure coprocessor by buying the DS28S60EVKIT evaluation kit, which consists of five DS28S60Q+ devices in a 12-pin TDFN package along with a USB-connected evaluation board and software.