Page 49 - EE|Times Europe Magazine - December 2020
P. 49
EE|Times EUROPE 49
SECURITY
Protecting the Endpoint in IIoT: A Snapshot of
Chip-Level Security
By Nitin Dahad
ost people we speak to about IoT security tell us two things:
First, establish a root of trust (RoT) as a foundation for secu-
rity, and second, don’t just focus on the device — think about
Mthe security throughout the ecosystem and product life cycle.
Nevertheless, there has to be a focus on endpoint devices, as they
are an important part of the defense against cyberattacks. Whether
we’re talking cloud servers or edge sensors, it’s ultimately the endpoint
device on that node that must be secure in order to protect the entire
system — or at least reduce vulnerability to attacks.
Hence, this article intentionally focuses on device security, while ➔ 1 Changes in hardware components and configuration
➔ 2 and ➔ 3 Intercepts or overrides of the system boot process
acknowledging that security must be considered more holistically: ➔ 4 and ➔ 5 Compromises to the guest OS, hypervisors, and separation kernels
as a wider security framework for the entire factory or an environment ➔ 6, ➔ 7, ➔ 8, and ➔ 9 Illicit changes to application software or exposed application
where connected devices play a part in enabling greater productivity programming interface (API)
➔ 10 Vulnerabilities of the deployment process
and efficiency. ➔ 11 Unwanted changes to endpoint data
As the Industrial Internet Consortium’s security framework states, ➔ 12 Breach of the monitoring and analysis system
endpoint protection helps implement defensive capabilities on devices ➔ 13 Vulnerabilities in configuration and management
➔ 14 Uncontrolled changes to security policy and model
at the edge and in the cloud (Figure 1). Endpoints are any element ➔ 15 Vulnerabilities in the development environment
of a system for the industrial internet of things (IIoT) that has both
computation and communications capabilities and that can potentially Figure 1: Threats and vulnerabilities in various parts of the IIoT
expose its own functional capabilities to anyone outside the firewall. endpoint, as identified in the Industrial Internet Consortium’s
These endpoints can be edge devices, communications infrastructure, Industrial Internet Security Framework
cloud servers, or anything in between, each with different hardware (Source: Industrial Internet Consortium)
constraints that affect the achievable level of protection.
This endpoint protection enables communications and connectivity
to be defended based on whatever authoritative identity capability to enable certified protection and ensure access to secure loading of
— typically the RoT — is credentials, for example, to provide mass registration of IoT devices
Whether we’re talking implemented in the endpoint. and ensure that only authorized devices can access the system or cloud
cloud servers or edge Hence, security mechanisms services. Most chip vendors provide some form of secure element as
part of a microcontroller, plus a link to some kind of provisioning and
and techniques should be
sensors, it’s ultimately applied to endpoints depend- identity management system.
STMicroelectronics’ STSAFE-A110 can be integrated into IoT devices
ing on their specific function
the endpoint device on and security requirements. for authentication and secure data management services to a local or
But the endpoint itself has
that node that must many vulnerabilities, from remote host. The device features an embedded secure OS and is based
on hardware certified to Common Criteria Evaluation Assurance Level
be secure in order bare metal to a guest OS 5+ (EAL5+). Each unit comes with unique identification and X.509
certificates that aid secure device connection. The secure element is
running in a virtual machine
to protect the entire on a hypervisor that isolates integrated with the STM32Cube development ecosystem to be quickly
system. applications in their respec- incorporated into new STM32 MCU designs requiring an authentication
tive containers.
and secure-connection capability.
Within this context, the Another ready-to-use secure element for IoT devices, NXP Semi-
next question that’s often asked is whether the system should be conductors’ EdgeLock SE050 Plug and Trust Secure Element Family,
secured through hardware or software. Most experts consider hardware provides a root of trust at the chip level for end-to-end security
preferable to software for many reasons, but mainly because hardware without the need to write security code. Delivered as a ready-to-use
is considered more tamper-resistant and can therefore provide greater solution, this device offers enhanced security based on Common
levels of trust and security than software can. Criteria EAL 6+ and includes a complete product support package that
Most of the big chip vendors provide some form of hardware-level simplifies design-in.
security from hardware security modules in the form of a trusted In addition to libraries for different MCUs and MPUs, NXP’s support
platform module (TPM) or secure element (SE) to various other forms package offers integration with common operating systems, including
of embedded security in the system-on-chip. The main objective is to Linux, Windows, RTOS, and Android. The package includes sample
enable strong user authentication and attestation to protect against code for major use cases, extensive application notes, and compatible
attacks and prevent unwarranted access to confidential or sensitive development kits for i.MX and Kinetis MCUs to accelerate final system
information. integration. Its product configurations support IoT security use cases
such as sensor data protection, secure access to IoT services, and IoT
SECURE ELEMENTS device commissioning. These are in addition to secure cloud onboard-
A key part of the hardware security solution is the secure element, ing, device-to-device authentication, device integrity protection, and
which stores confidential and cryptographic unique identifier data attestation, as well as device traceability and proof of origin.
www.eetimes.eu | DECEMBER 2020
