WP_Term Object
(
    [term_id] => 49
    [name] => Intrinsix
    [slug] => intrinsix
    [term_group] => 0
    [term_taxonomy_id] => 49
    [taxonomy] => category
    [description] => 
    [parent] => 14433
    [count] => 7
    [filter] => raw
    [cat_ID] => 49
    [category_count] => 7
    [category_description] => 
    [cat_name] => Intrinsix
    [category_nicename] => intrinsix
    [category_parent] => 14433
)

Drop-In Security for IoT Edge Devices

Drop-In Security for IoT Edge Devices
by Bernard Murphy on 07-10-2018 at 7:00 am

You’re excited about the business potential for your cool new baby monitor, geo-fenced kid’s watch, home security system or whatever breakthrough app you want to build. You want to focus on the capabilities of the system, connecting it to the cloud and your marketing rollout plan. Then someone asks whether your system is architected to be secure. Do you really need to worry about this in your low-cost consumer product? They keep on pushing, bringing up the Mirai botnet attack on the Dyn domain name server in 2016, which DDOS-bombed many major sites. Notably, that botnet was launched through cameras and baby-monitors, among other devices.

21909-mirai-impact-min.jpeg

Much of the problem was traced back to webcams made by Hangzhou XiongMai Technology, widely and publicly revealed to have weak security. That company made an attempt to correct the problem by recalling up to 10,000 of their devices. Add to that cost the reputational damage from worldwide publication of the discovery (if their devices are easy to hack, maybe creeps can watch my family at home?), likely industry moves to self-preservation and/or regulatory control to shut-out unsafe devices, and you start to see that ignoring security may not be a wise move.

OK, you get it, you’d better add security. But this is not a domain for amateurs. Security is hard – very hard. Software-only security may seem an easy solution but is the most attractive target for hackers; a whole industry (q.v. BlackHat) and hordes of enthusiastic amateurs are dedicated to finding obscure holes in software and building exploits to attack them; hardware-based solutions are generally more robust. Since you’re building hardware anyway, maybe you can throw in a crypto core and TrustZone control on the bus? I’ll say again – security is hard. Your crypto core can be hacked through power side-channels and TrustZone works only if you don’t make mistakes in what and when you connect. Then there are issues with over-the-air (OTA) software updates, secure boot, etc, etc. The list seems endless – and is always growing.

21909-mirai-impact-min.jpeg

An increasingly attractive solution is to use a security sub-system IP rather than scattering security defenses around your device; put all your security eggs in one basket and watch that basket carefully. In part this reduces the attack surface – the number of different ways an attacker can get at the secret stuff – so there are less places to check. And in part, if a single organization, expert in security, builds the secure subsystem IP, they will be better able to anticipate and more completely defend that subsystem against attacks that are still possible through that reduced attack surface. What happens outside in application-space compute and memory – that’s still up to you. But you can be much more confident that what should be secure will remain secure.

Intrinsix now provide an IoT SoC Solution with drop-in NSA Suite B Security to meet this need. This subsystem provides a Root of Trust – a set of core functions from secure boot and key-store though encryption functions, true random number generator (TRNG) and secure memory. The hardware is also designed for side-channel resistance with methods to defend against timing attacks (through fixed-time operations) and differential power analysis attacks (perhaps through added power noise, though there are other methods). The subsystem runs to just 20k gates and sits on the system bus (e.g. AXI); you interact with it through a set of APIs, for example to convert encrypted data to plaintext and vice-versa.

21909-mirai-impact-min.jpeg

This comes with a complete stack on top of the hardware, from APIs through boot and provisioning support, tunneling and encryption through multiple methods, and authentication. This truly is a turnkey system. It also comes with a complete development environment: emulator, models and a UVM verification suite.

How good is it? This subsystem has been (self-) certified to FIPS 140-2 compliance (covering to my knowledge the AES, SHA, public key infrastructure and TRNG) and particularly meets the NSA Suite-B secure standard, which is required for US DoD secret-level security. Since it is now in its 3[SUP]rd[/SUP] generation, in production and is being used by the DoD, I guess we can assume it is both production-worthy and meeting DoD expectations. You learn more about this secure subsystem from this webinar, presented by Chuck Gershman and Mark Beal of Intrinsix.

Share this post via:

Comments

There are no comments yet.

You must register or log in to view/post comments.