Page 49 - EE Times Europe November 2021 final
P. 49
EE|Times EUROPE 49
IoT & 5G
Securing the IoT: Technical Approaches to
Defend and Protect IoT Nodes
By Don Loomis, Stephane di Vito, and Robert Muchsel, Maxim Integrated, now part of Analog Devices
en billion IoT nodes are connected today, 10× more than just a decade
ago, and the trend is continuing unabated. With this growth comes an
equal growth of opportunities for attackers. The estimated annual cost
Tof cyberattacks ranges from tens of billions of dollars to more than
a trillion dollars, and this number, too, keeps rising. Therefore, security con-
siderations are now essential to continue the successful scaling of the IoT. IoT
security begins with the security of the IoT nodes.
No company wants to see its name in the same sentence as “breached, and
customer data was stolen.” What’s more, connected devices are also subject
to government regulations, such as FDA rules for medical devices, U.S./EU
cybersecurity requirements for Industry 4.0 critical infrastructure, and several
emerging standards for the automotive industry. Those requirements push for
high-level security while not explicitly mandating the use of hardware-based
security. However, IoT nodes are often large-volume, cost-optimized appliances,
creating challenges to balance security and cost.
CREATING SECURE NODES USING is to ensure that the secret keys used for data microcontrollers (i.e., E PROM or flash) are
2
A ROOT OF TRUST encryption or digital signatures are protected not secure. An attacker can directly observe
How can we design a cost-efficient yet secure against disclosure. the memory contents at a relatively modest
IoT node? Creating a secure IoT node begins The biggest challenge for root-of-trust cost using scanning electron microscopy.
with a root of trust (also known as a secure security ICs is resistance against physical The semiconductor industry has developed
element), a small, affordable integrated cir- attacks, such as direct probing and so-called physically unclonable function (PUF) technol-
cuit designed to offer security-related services side-channel attacks. ogy to mitigate this risk (Figure 2). The PUF is
to the node (Figure 1). Examples of these used to derive a unique key from the intrinsic
functions are data encryption for preserv- PHYSICALLY UNCLONABLE FUNCTION physical properties of the chip. Those prop-
ing confidentiality and digital signatures to Because direct probing attempts to observe erties are far more difficult to probe directly,
ensure authenticity and the integrity of infor- the internals of microcircuits, memory tech- making it impractical to extract the resulting
mation. The ultimate goal of the root of trust nologies typically used in general-purpose key via direct probing. In some instances, the
PUF-derived key encrypts the rest of the inter-
nal memory of the root of trust and, therefore,
protects all other keys and credentials stored
on the device.
Side-channel attacks are even cheaper and
less intrusive. They leverage the fact that
electronic circuits tend to leak a signature of
the data they are manipulating, for exam-
ple, over the power supply, radio, or thermal
emissions. The subtle correlation between
measured signals and the processed data can
lead to successfully guessing the value of a
secret key after a moderately complex statis-
tical analysis when the circuit uses that key
(for example, to decrypt data). A root of trust
is explicitly designed to prevent such data
leakage using various countermeasures.
APPLICATION EXAMPLE USING IMAGE: SHUTTERSTOCK
A SECURITY IC
Figure 1: The “root of trust” concept ensures authenticity and integrity for security- The benefits of a hardware-based root of trust
related services. (Source: Analog Devices) become evident in the types of secure
www.eetimes.eu | NOVEMBER 2021
