While today's cryptographic algorithms can be implemented using dedicated cryptographic hardware or software running on general-purpose hardware, the hardware-based approach is better. Table 1 shows why.
Table 1. Hardware vs. Software Cryptography Comparison
|Hardware-Based Cryptography||Software-Based Cryptography|
|1. Uses dedicated hardware, thus much faster to execute.||1. Uses shared hardware, thus slower to execute.|
|2. Not dependent on the operating system. Supported by dedicated software for operating the hardware.||2. Dependent on the security levels and features of the operating system and supported software.|
|3. Can use factory provisioning and securely store keys and other data in dedicated secure memory locations.||3. No dedicated secure memory locations available. Thus, susceptible to stealing or manipulation of keys and data.|
|4. Maxim's hardware implementations have protections built in against reverse engineering, such as ChipDNA physically unclonable function (PUF) technology.||4. Software implementations can be easier to reverse engineer.|
|5. In a hardware system, special care is taken to hide and protect the vital information such as private keys to make it much more difficult to access.||5. In a general-purpose system where software cryptography is implemented, there are more ways to snoop and access vital information. An example would be intercepting the private key in transit within the computer's system.|
Almost all IoT devices utilizing embedded hardware (see Figure 1) contain boot firmware or downloadable data that access the internet, so they can be vulnerable to security threats. Boot firmware is saved in nonvolatile memory inside the device and is updated periodically to correct and enhance certain features.
Because IoT devices must be trustworthy, the device firmware and critical data must be verified to be genuine. In a perfect world, boot firmware and configuration data would be locked down at the factory. However, the reality is, customers expect firmware updates and reconfiguration to be available over the internet. This creates an opening for malicious actors to use these network interfaces as a conduit for malware. If someone gains control of an IoT device, they may take control of the device for malicious purposes. For this reason, any code that purports to come from an authorized source must be authenticated before it's allowed to be used.
Malware can be introduced into an IoT device by various means:
- By physically accessing a device, an attacker can introduce malware via USB, Ethernet, or some other physical connection.
- An attacker can introduce malware by accessing an unpatched system.
- An attacker can intercept a DNS request and redirect the IoT device to a malicious source that hosts the malware or corrupt configuration data.
- An authentic website can be misconfigured in such a way to allow an attacker to take control of the website and replace authentic firmware with one that contains the attacker's malware.
Secure boot and secure download can protect against malware. Both measures enable an IoT device to trust the updates being received from the command/control center. And if a command/control center wants to fully trust the IoT device, the IoT device's data should be authenticated.
With authentication and integrity, the firmware and configuration data are loaded during the manufacturing phase and all subsequent updates are digitally signed. This way, the digital signature enables trust during the device's entire lifetime. To be effective, a digital signature must be computed by a cryptographic algorithm and the algorithms need to be public and well proven.
For embedded devices that do not have a secure microcontroller with the computational capacity to perform the required calculations to verify the authenticity and integrity of downloaded firmware or data, the DS28C36 DeepCover secure authenticator is a cost-effective hardware-based IC solution. The DS28C36 provides a core set of cryptographic tools derived from integrated asymmetric (ECC-P256) and symmetric (SHA-256) security functions. The device also includes a FIPS/NIST true random number generator (TRNG), 8Kb of secured EEPROM, a decrement-only counter, two pins of configurable GPIO, and a unique 64-bit ROM identification number. Learn more by reading the tutorial, "Cryptography: Is a Hardware or Software Implementation More Effective?"