For non-volatile storage in IoT devices, there is technology designed to be reprogrammed many times, and technology designed to be programmed once. The many times mode is for application code, while the once mode is for keying and calibration parameters. We are about to enter the IoT rekeying zone, in between these two extremes.
There are at least three circumstances where rekeying an IoT device is called for:
1) Break-ins, or break-ups. After the physical damage of a break-in is repaired, or the emotional damage from a break-up with a significant other is dealt with, most people want to rekey their locks to reestablish a sense of security. In the IoT cloud, it’s not as simple as mechanical keys or access codes. Anyone with an app and the electronic key who was is in is still in, at least until you contact your cloud provider – and maybe, if you’re lucky, they can block app access.
2) Change of ownership.You may want to move entirely someday, and that Nest thermostat you installed on your wall likely doesn’t move with you. Or, you may have just upgraded your set top box, and now want to give the old one to your kid who has just moved into their first place of their own, and you’d like them to have their own account. In a worst-case scenario, someone may have pilfered your device, and you’d like to be sure they can’t use it.
3) Protocol du jour.If there is one thing certain about the IoT right now, it is that everything is in a state of flux. Which versions of which protocols will win? There are some surer bets, notably Wi-Fi being one of the most stable choices for consumer devices, but even it is undergoing version changes. Today’s smart choice of protocol might be tomorrow’s dud in terms of market acceptance, and state-of-the-art in security may evolve new key structures over time.
Many IoT devices, like thermostats and door locks, likely have a longer lifespan than the one-time programmable encryption key burned inside. If the key is ever compromised or obsoleted for any reason like those above, the effective life of a device can be cut short. While that might be good for vendors, it could be a major frustration for users – one more reason for some not to adopt IoT technology where good-old basic stuff works.
Rekeying a value stored in an MCU or SoC with one-time programmable memory, such as NVM IP embedded in a device, only takes a small shift in thinking and a bit extra space. By establishing a block of NVM IP containing multiple sectors, and using tags to keep track of which sector is currently active, IoT encryption keys can be effectively reprogrammed by writing a new sector.
Designed for microcontrollers powering the IoT, Sidense SiPROM is NVM IP architected for just such use in emulated multiple-time programmability (eMTP). With its boot row register, eMTP in the SiPROM macrocell can be initialized at power-up without read access penalties for translation. Given the small footrprint of the Sidense 1T-OTP solution, creating space for rekeying while retaining the benefits of NVM IP is straightforward – see this example authored by Sidense for an 8 sector eMTP implementation.
I know, engineers never miss, and our devices are “absolutely secure.” Right. (Insert laugh track here.) Flash can be relatively expensive in terms of power and real estate, but NVM IP isn’t limited to one and one time only use with a little creativity. Implementing NVM IP with room for future rekeying may be the key to success of a design and security for its users on the IoT.