Page 18 - 23_EETE

Page 18 - 23_EETE_03

P. 18

18 EE|Times EUROPE

Hardware-Based Design Approach for Smart-Home IoT Security

and originality before installation, decrypting
the new firmware and checking for the version
of the update.
Cryptography is also critical in ensuring
data or code confidentiality, integrity and
authentication. ST uses two types of embed-
ded cryptographic accelerators on the STM32
microcontroller board. The random-number
generator creates session keys for secured
communication but can add latency, which
can have consequences in mission-critical
applications. To prevent delays during data
encryption and decryption, the STM32 MCUs
also come with cryptographic accelerators,
which ensure faster hashing and running of
symmetric algorithms.
“Hence, two accelerators are present
onboard—one to protect the master keys and
one to facilitate faster key exchange,” Crespo
said.
STM32Trust is compatible with firmware
in applications ranging from industries to
Twelve functions of STM32Trust (Source: STMicroelectronics) smart homes. Numerous security applications
fall under what STMicroelectronics calls
the “trust umbrella,” and as an application
The root-of-trust concept can be extended To facilitate secure firmware updating, a becomes more critical, more security features
to form a chain of trust so that the security of secure server sends the encrypted and signed are added to the device. ■
each connected device in an IoT ecosystem is firmware to the authenticated device only.
ensured by another connected device. In this The SFU application on the owner’s device is Saumitra Jagdale is a contributing writer for
case, the RoT ensures that the system boots then responsible for checking the integrity EE Times Europe.
securely, after which the chain of trust moni-
tors all the connected devices on the network.

MULTILEVEL SECURITY STRATEGY
The STM32Trust is a multilevel security
strategy developed by STMicroelectronics
to provide 12 security functions for IoT- and
other connected-device manufacturers. “The
benefit of the STM32Trust is that it lists the
different security functions that are needed by
the IoT devices, and these lists are extracted
from different certifications bodies like PSA
and SESIP, which helps designers meet their
requirements of pre-defined security assur-
ance levels,” Crespo said.
Under the hardware RoT ecosystem for
smart-home systems, the proprietary Secure
Boot and Secure Firmware Update (SBSFU)
features offered by STMicroelectronics ensure
that only authenticated software runs on the
devices, preventing attacks. The Secure Boot
(SB) function authenticates the firmware
during the initial boot, after which it is
responsible for forming a chain of trust in
the connected devices. The Secure Firmware
Update (SFU) function ensures secure updates
of the firmware installed onto the chip.
The firmware update process is a critical
activity and involves risk for the owner of the
IoT device and for the firmware provider. The
owner’s device is at risk of wrong and cor-
rupted firmware installation, while the OEM
needs to protect the firmware from getting
cloned or loaded into an unauthorized device. The secure firmware update process (Source: STMicroelectronics)

MARCH 2023 | www.eetimes.eu

13 14 15 16 17 18 19 20 21 22 23