Every time I see a presentation on IoT the forecast for the number of devices in 2020 seems to go up by a few billion. But behind the hype there are clearly going to be a large number of devices on (and even in) our bodies, our homes and cars. Not to mention in factories and workplaces. IoT devices cover a wide spectrum. Realtors like to expand desirable neighborhoods as much as they can to include whatever property they have to sell, so areas like San Jose’s Rose Garden or San Francisco’s Noe Valleygradually grow. In the same way, marketers like to jam everything they can into the IoT category even though we previously had perfectly good categories like automotive or medical. Two things, though, seem to be common to almost every IoT application: low power and security.
Proofpoint found a wonderful example of security problems with IoT:What startled Proofpoint researchers, though, is the fact that 25% of the messages didn’t originate from the usual suspects (i.e., laptops, desktops, or smartphones). Instead, they came from connected devices, such as home-networking routers, televisions—and at least one refrigerator.
Perhaps more worrying than being spammed by our refrigerators is infiltration of our IoT devices. If we are going to have self-driving cars we want to make sure that we decide where our car goes. If we are going to have medical devices that can, say, adjust insulin to match blood sugar levels then we want to be sure that nobody else can take control. This is not just a theoretical issue. At the end of last year, a steel mill in Germany was hacked causing “massive damage” when a blast furnace could not be shut down.
It is increasingly clear that security requires a mixture of hardware and software. The heart of any security scheme is software algorithms along with something secret, typically encryption keys. These need to be kept in the hardware of the device so that:
- the keys cannot be read by examination of the hardware
- the keys are not lost when the device is powered off
- the manufacturing cost of the key storage is minimized
In practice this means using some form of embedded non-volatile memory (eNVM). There are a number of different eNVM technologies commercially available, with different tradeoffs with respect to cost, programmability, compatibility with process technology and so on:
Keys are typically programmed into the device once when it is manufactured (or at most a few times over the life of the device). Antifuse one-time programmable (OTP) memory is a good match for the above requirements. It does not require a special manufacturing process like flash, it cannot be read even using expensive equipment like electron microscopes, and it is, by definition, non-volatile. It is nearly impossible to determine which bits are programmed because it is difficult to locate the oxide breakdown using chemical etching or mechanical polishing and by looking at a cross-section or top view. Kilopass’s XPM OTP memories are security certified not just for commercial use but also military. It could not be successfully attacked by either passive or invasive approaches:
OTP memory provides best-in-class security, can be manufactured in a normal process without extra mask steps, and is low-power. In short, a perfect match for IoT.
The Kilopass product page is here.Share this post via: