Page 50 - EE Times Europe November 2021 final
P. 50
50 EE|Times EUROPE
Securing the IoT: Technical Approaches to Defend and Protect IoT Nodes
the attacker. The benefits of an architec-
ture relying on a dedicated security IC
are numerous:
• IoT security is an endless battle. Attack
techniques keep improving, but at the
same time, security IC vendors continue
to enhance their countermeasures so that
security ICs remain extremely costly to
attack. The security of a connected device
can be increased by upgrading the secu-
rity IC with little impact on the overall
device design and cost.
There are many
components in a typical
connected system, and
security must be designed
Figure 2: PUF technology mitigates the risk from direct probing of microcircuits.
(Source: Analog Devices) in from the beginning.
While securing IoT nodes
is not the only step, it is a
necessary step.
• Concentrating the critical functions in
a strong, tamperproof physical environ-
ment separated from the application
processor allows for an easier “proof of
security” when evaluating regulatory
compliance. Isolation also makes it harder
to leverage weaknesses in the device’s
application processor, which are very
difficult to detect and remove entirely.
• Ensuring the security of an IoT node
across its life cycle is easier when the
security IC is commissioned early by
the security IC vendor. This approach
Figure 3: Insulin pump authentication is a simplified example of root of trust. eliminates the need for sharing critical
(Source: Analog Devices) information with contract manufacturers,
and a secure personalization flow and
secure OTA updates are made possible.
applications depicted in Figure 3. The In addition to the fact that every new Overbuilding and cloning become much
protocol used is a simple challenge/response attempt at sending a command requires a new harder as well.
authentication protocol: random number, the security of this protocol There are many components in a typi-
1. The meter requests a challenge from relies on the secrecy of the private key used to cal connected system, and security must
the pump in preparation for sending authorize commands and the integrity of the be designed in from the beginning. While
a command. public key used to verify the authorizations. securing IoT nodes is not the only step, it is a
2. The pump challenges the requestor If these keys were stored inside common necessary step. ■
with a random number R. microcontrollers, they could be extracted or
3. The meter uses its private key to sign manipulated, and fake meters or pumps could This article is adapted from a keynote presented
the command, the random number R, be manufactured, potentially endangering at the IoT & 5G World virtual event in June.
and some fixed padding. This oper- the patients’ safety. In this case, root-of-trust
ation is deferred to the root of trust ICs make it much more difficult to counterfeit Don Loomis is vice president of the Micros,
of the meter. meters or pumps, manipulate the credentials, Security, and Software Business Unit;
4. The pump verifies that the signature or tamper with the communication protocol. Stephane di Vito is senior principal MTS
is correct and that the random number of the Micros, Security, and Software Business
is the same number it sent out earlier BENEFITS OF DEDICATED SECURITY ICs Unit; and Robert Muchsel is a fellow of
to avoid the trivial resending of a valid Overall, a sound node device design will the Micros, Security, and Software Business
command. This operation is deferred to cause the cost of breaking a device to be Unit, all at Maxim Integrated, now part of
the root-of-trust IC of the pump. much higher than the potential rewards for Analog Devices.
NOVEMBER 2021 | www.eetimes.eu
