Why Embedded Systems Designers Should Care About OpenSSL

Cryptography expertise isn’t necessarily common in the embedded design world. While it’s good to know some basics, the availability of robust security ICs means that you don’t have to be a cryptography expert in order to protect your products from hackers.

First, some basics. Like OpenSSL. While the commonly used Secure Sockets Layer (SSL) provides the technology for an encrypted link between a web server and a browser, OpenSSL provides the cryptography library for applications that secure communications over networks. It can handle message digests, random numbers, digital certificates and signatures, and encryption and decryption of files. It also serves as a command-line tool. OpenSSL carries many benefits:

• It is comprehensive enough to cover most security needs, providing keys and certificate management and cryptographic operations
• It provides an open-source approach, which means it is free and supported by a community. It is also quite widely used, making it a de facto reference.
• It is platform agnostic, so it works for PCs and servers. It also works well for embedded systems, though in these cases, it does require a significant amount of memory. It can be implemented purely via software, or through dedicated hardware, such as a secure IC or a secure module.

For embedded systems, such as the digital thermostat pictured here, OpenSSL provides the keys, cryptographic functions, and certificate management to keep your design secure.

OpenSSL essentially implements the SSL and Transport Layer Security (TLS) protocols. SSL keeps an internet connection secure and also protects sensitive data that’s sent between two systems. Having emerged after SLL to provide privacy and data integrity, TLS is considered an improvement in terms of security. When a connection between a client and a server is secured by TLS, this entails that the connection is private because the data transmitted is encrypted via symmetric cryptography; public-key cryptography is used to authenticate the identities of the communicating parties; and the connection can be trusted because a message integrity check is applied to each transmitted message. For a deeper dive into TLS, read the application note 6436, “Using Secure Companion ICs to Protect a TLS Implementation.”

Secure IC Meets Three Key Requirements
Implementing OpenSSL can be challenging as there isn’t an extensive amount of documentation available on the API. Some designers opt to run cryptographic algorithms on a standard microcontroller. Software-based cryptography is generally considered to be relatively easy to implement. However, since modern cryptography relies on public algorithms, keys have become very valuable assets—and they’re simply not well protected when implemented on a standard microcontroller. Most standard microcontrollers are sensitive to side-channel attacks, where attackers monitor power consumption or electromagnetic emissions in their attempt to retrieve keys. The use of strong random numbers in secure transactions is another important element for preventing replay attacks. With standard microcontrollers, however, the entropy offered is typically not sufficient to support strong random numbers.

For connected, embedded devices, three fundamental security requirements are secure communications, secure storage, and trusted devices and firmware. For many embedded designers, these fundamentals also represent challenges. Secure communications requires a significant R&D effort to develop the communication stack. Secure storage entails applying a security policy to access keys and certificates. The keys need to be protected physically, and you would also need to define the stage of the product lifecycle where the keys can be programmed, read, or deleted. There may be cases where the key must be programmed before the device is in the field and cannot be changed, as well as situations where the key must be changed every six months or every year. And providing a trusted platform means that you need to find a solution to distribute and store certificates, which are essential for functions such as remote authentication. Dedicated security ICs offer an easier and more robust way to implement OpenSSL and other protective measures. These ICs, which include secure microcontrollers, integrate features that achieve the three fundamental security requirements.

A new secure microcontroller that supports OpenSSL is Maxim’s MAXQ1062 DeepCover cryptographic controller. The device can be used as a companion IC to the embedded design’s main microprocessor, offloading that microprocessor from security-related tasks, many of which are quite computing intensive. The MAXQ1062 includes features that enable:

• Secure communications: full TLS communication stack, Advanced Encryption Standard (AES) bulk encryption and decryption up to 20Mbps. With the MAXQ1062 and similar solutions on the market, the TLS implementation is split between the secure coprocessor and the software stack running on the design’s main processor. However, MAXQ1062 fully handles the critical steps of TLS, while the other solutions leave more to the software stack on the main processor. MAXQ1062 is also the only secure coprocessor supporting bulk encryption through a dedicated engine.
• Secure storage: protection against invasive attacks, customizable and flexible file system that eases security policy implementation
• Trusted platform: only solution featuring integrated support for secure boot that includes hashing of the code, while competitive solutions provide only the building blocks. The device also includes root certificates that can be loaded by Maxim on your behalf.

The MAXQ1062 has its own embedded firmware and host software library, providing a turnkey solution that eliminates the need for you to write your own firmware or even to have cryptography implementation expertise. Its TLS command set interpreter provides a set of pre-coded commands. The host processor can call these commands (consisting of cryptographic, TLS, and storage services) through an I²C or SPI interface, which supports faster throughput. The device’s 8kB of EEPROM is encrypted with a key deeply buried in silicon, so keys stored in the EEPROM are strongly protected against attacks, including the most intrusive. The EEPROM also stores multiple keys and certificates, making it easier to distribute certificates for connecting devices. Another important point about keys: the strength of a crypto algorithm depends on the key length. With 521 bits Elliptic Curve Digital Signature Algorithm (ECDSA), the MAXQ1062 provides a higher level of security than competitive offerings.

A Hardware Crypto Engine is Not Enough
The market is offering more and more high-end generic microcontrollers with hardware crypto engines. However, just because a microcontroller has a hardware crypto engine doesn’t mean that it is secure. Most of these microcontrollers lack strong key protection and are also vulnerable to side-channel attacks. A secure coprocessor such as the MAXQ1062, with its secure key storage capability and advanced protections, can offer the safeguarding needed for your embedded design.