The Security MCU for IoT Applications

As IoT technology continues to make our lives more comfortable by networking smart devices to achieve greater intelligence, protecting the information stored and transmitted by these devices is becoming increasingly important. Embedded MCUs are at the heart of IoT-based products, and choosing the right MCU is key to meeting our customers' needs today and in the future.

MCUs designed specifically for IoT applications need sufficient processing power, hardware-based security and software algorithms to provide a secure and reliable solution.

Secure MCUs should provide multi-level security elements to support various security algorithms such as Advanced Encryption Standard (AES), Data Encryption Standard (DES), and Secure Hash Algorithm (SHA). MCUs must provide a complete security chain, secure boot process, hardware-based root of trust, true random number generation capabilities in hardware, and user application code authentication. Developers also need to consider that when implementing security features in hardware, less time and effort are required compared to an equivalent firmware implementation.

This paper highlights the key security features required for MCUs to provide developers with a solid foundation for designing secure IoT systems.

Security Layer

Secure Boot

The secure boot process is the most critical element of secure embedded MCU support. It is a boot process that ensures that only authenticated code is executed on the device. The secure boot helps prevent malicious and unauthorized code from being loaded into the device during the system boot process.

Embedded MCUs that use flash memory to store firmware can utilize a secure boot process to ensure that unauthorized users cannot modify the firmware code. The secure boot protects the system by adding cryptographic checks to the boot process and can be implemented in various ways, including digital signatures, trusted flash loaders, encryption of boot files, etc. Application firmware authentication is an important part of Secure Boot.

The secure boot uses a chain-of-trust approach. It starts with a secure root, such as unmodifiable code in ROM or flash memory trusted by the device. This code then authenticates against another piece of code. The newly authenticated code authenticates against any subsequent code, and so on, creating a chain of trust. How it works is simple: you trust A, A trusts B, so you trust B.

Secure Implementation Chain 

To illustrate the concept of building a chain of trust, consider the following sequence for implementing a chain of trust using a PSoC 6 BLE, an embedded MCU from Cypress, designed for IoT applications.

The root of the trust code is in the ROM code and, therefore, cannot be modified. The root uses AES-CMAC message authentication to authenticate the flash boot code stored in the Supervisory Flash Memory (SFlash).

Upon successful authentication, control is passed to the Flash boot code. Flash boot is now part of the chain of trust in the secure boot process.

The Flash boot code uses a digital signature to authenticate the user application stored in the main flash memory.

Upon successful verification of the digital signature, control is transferred to the application.

The secure boot uses ROM routines to authenticate user data in the flash memory. Secure boot is a process involving encryption that allows IoT devices to begin executing authenticated and therefore trusted software. This ensures that the system is powered on from a known trusted state.

The secure boot process takes place in two steps. In the first step, ROM boot verifies the flash boot by comparing the encryption code stored in eFuse to calculate the encryption value. In the second step, the flash boot verifies the application's digital signature using the public key stored in SFLASH.

Hardware-Based Security

For many IoT applications, security is just one consideration that must be balanced with energy efficiency, reliability and low cost. In many cases, a hardware-based approach provides the most efficient, reliable and cost-effective way to ensure security.

Hardware consumes less power than the equivalent software approach using a host processor. Another issue with software-based security is that by using integrated circuits to protect the system without hardware-based security, IP can be stolen. This is just one reason MCUs for IoT applications have sophisticated integrated hardware security features such as encryption blocks, code protection IP and other hardware-based mechanisms.

Hardware-based security also eliminates the need for application software patches to continuously protect the system. Hardware-based security also has the added benefit of providing faster performance at lower power consumption than firmware implementations.

Programmable SoC architectures with encrypted hardware and secure boot 

For example, IoT processors have an encryption block that provides hardware implementation and acceleration of encryption functions. The data to be transmitted is encrypted using an encryption algorithm before transmission. Access to this encryption block is only allowed using interprocessor calls, and direct access at the register level is not allowed for security purposes. This encryption hardware block performs important functions, such as

    Symmetric key encryption and decryption

    Disconnector

    Message Authentication Code (MAC) functions

    True random number and pseudo-random number

    Cyclic redundancy checks

    Various utility functions include enabling/disabling, interrupting settings, flags, etc.

Symmetric Key Encryption and Decryption

Creating and managing keys is an important part of the encryption process. The same key is used for the encryption and decryption of symmetric keys, and AES is an example of a symmetric key encryption method.

According to the AES standard, the AES function consists of a block cypher and a reverse block cipher. The block cipher (AES instruction) encrypts a 128-bit block of plaintext data into a 128-bit block of ciphertext data. The inverse block cipher (AES_INV instruction) decrypts a 128-bit ciphertext data block into a 128-bit plaintext data block.

Secure Hash Algorithm

Hashing is an algorithm that accepts data of any size and converts it to a fixed length. The main difference between hashing and encryption is that hashing is irreversible.

SHA is a series of cryptographic hash functions that are used to secure data. SHA consists of per-bit operations, modular additions, and compression functions. This function takes a message of arbitrary length. It reduces it to a fixed-length residue or message digest after performing a series of mathematically defined operations, which guarantees that any change in the message will change the hash value.

It is used for message authentication by transmitting the message with the hash value appended and recalculating the message hash value at the recipient's end using the same algorithm. If the hash value is different, the message is corrupted. These algorithms use the Digital Signature Algorithm (DSA) or Digital Signature Standard (DSS).

SHA Example

Message Authentication Code Function

The MAC scheme uses the key with the message. The recipient must know the key in order to calculate the MAC value. This helps the receiver of the message verify that the sender of the message has a shared key and that anyone without the key has sent or changed the message.

First, the sender calculates the MAC value and appends it to the transmitted message. The MAC is calculated and checked against the MAC values transmitted when the message is received. The receiver knows that the message has been changed if they do not match.

An example of a hashing algorithm is SHA, which can be used to generate MAC values. Even packet ciphers like AES can be used to generate MAC values. The MAC method ensures both data integrity and authenticity.

MAC Example

True Random Number Generation

True Random Number Generation (TRNG) is an important cryptographic feature; TRNG blocks generate a statistically random number and are based on several random physical variations that cannot be replicated by running the process again. Compare this with pseudo-random number generation (PSRNG), which is not a true random number because it relies on the initial seed value. If the seed can be replicated, the resulting sequence can be replicated as well.

A highly secure system will utilize true random numbers rather than pseudo-random number generation. Currently, few MCUs offer hardware-based TRNG. in some applications, PSRNG may be preferred, so MCUs with both TRNG and PSRNG offer the greatest flexibility.

External Memory Security

IoT systems require more and more memory to support better intelligence and applications. MCU vendors are careful to provide the optimal level of internal memory because chip size increases based on memory, driving up costs. MCU suppliers offer the option to expand memory from external sources to meet the growing demand for memory size.

This helps IoT designers to design the memory size of their choice based on application requirements. However, this poses the challenge of protecting sensitive code and data stored in external memory and ensuring access only by authenticated users.

MCUs support encryption with an external memory interface to protect external data and code. As a result, data can be encrypted before storing it in an external storage device. Likewise, data is decrypted upon retrieval. A secure MCU, where the serial memory interface (SMIF) has built-in encryption, protects data as it is written to external memory.

Serial Memory Interface (SMIF) Module in MCU Architecture

SMIF Execute in Place (XIP) mode. This is where the encryption component supports dynamic encryption for data writes and dynamic decryption for data reads. This ensures that no sensitive data leakage occurs when data is encrypted before it is stored on an external storage device.

Example of MRI in XIP mode

Communication layer security

Bluetooth Low Energy (BLE) is one of the most popular wireless standards for IoT applications. IoT designers must ensure that data communication over the wireless link is secure.

The latest BLE protocol updates are equipped with various security and privacy features to cover encryption, trust, data integrity, and user data privacy. For example, the BLE link layer offers various encryption algorithms such as CRC and AES for reliable and secure data exchange.

BLE radios must also be designed to support these BLE security features provided by the BLE protocol. Enhanced encryption and authentication will allow only trusted users to track device locations and confidently pair devices.

PSoC 6 Bluetooth - Bluetooth Subsystem Block Diagram

Previous: Everything about N-channel hexfet power mosfet-IRF3205

Next: Millimeter-Wave Antenna in Package (AIP) Technology