February 2015
14
S
afety
& S
ecurity
Connected systems require
hardware-based security
By Juergen Spaenkuch,
Infineon
New connected technologies
like IoT can only be implemented
with strong safety and security
technology to protect the infrastructure
and components from manipulation,
attacks and malfunctions. Secured
hardware is essential since the
maximum of security cannot
be achieved with software-based
concepts alone.
Modern applications like connected indus-
trial systems, smart grids, connected cars and
autonomous driving, widely summarized
under the term “Internet of Things” (IoT),
have a high demand for reliable security. Typ-
ical use cases are authentication of compo-
nents and their unique identity, monitoring
and safeguarding of system integrity and pro-
tection of data and communication. To build
trust in new services and technologies, IP
protection is key and data security and system
integrity are a prerequisite for the successful
implementation of new services and appli-
cations. To establish new solutions we need
integrated system solutions based on secured
hardware which protects infrastructure and
components from attacks, fraud and sabotage.
In brief, hardware which enables to store, run
and update software in a protected way.
Several attempts have been made in the past
to apply purely software-based solutions for
device authentication. Unfortunately, software
– due to its nature – bears several significant
weaknesses. Software is written code, and code
can be read and analyzed. And once it is ana-
lyzed, it can be modified to the requirements
of an attacker. And finally, once the device is
re-programmed with the modified software,
the authentication process and system integ-
rity can be broken. Another severe weakness
of software-based solutions can be the inap-
propriate storage of secret keys via all relevant
process and production steps. Typically, in
software-based protection systems, attackers
can identify secret keys from software in a very
simple way: keys usually behave like random
numbers – in total contrast to the program
code itself. So-called entropy analyzers are able
to scan software and identify parts with high
randomness - these parts typically contain the
keys. Such a scan is done in seconds, and the
keys found could directly be used to generate
falsified products in masses.
Software-only solutions allow protection only
in the case that none of the components used
are physically accessible to an attacker. In real
life, this exception would render such solutions
unpractical. All in all, software is usually not
seen as a valid alternative for product authenti-
cation, system integrity and IP protection today.
However, software can be protected by hard-
ware: secured hardware protects the processing
and storage of code using encryption, fault and
manipulation detection, and secure code and
data storage. Software becomes trustworthy
by combining it with secured hardware. This
has been proven by extensive experience from
the areas of trusted computing and the use
of secure elements in mobile phones and the
protective functions of smart grids. A typical
embedded control architecture with a stan-
dard microcontroller on which a real-time
operating system and the applications are
running can currently be found in themajority
of installed systems. Usually the security func-
tionality is implemented using software-based
encryption mechanisms. What is missing is
an efficient, secured trust anchor (Hardware
Rout of Trust, HRoT) with dedicated encryp-
tion functionality for increased security. This
is why modern microcontrollers are an ideal
solution to respond to increasing security
demands. On the one hand, available stand-
alone security controllers are usually imple-
mented with microcontrollers. On the other
hand there are application-optimized micro-
controllers (MCUs) with integrated security
functions.
The use of a stand-alone security element
(security processor or co-processor) that acts
as a HRoT has proven itself for years in other
industries such as personal computers, serv-
ers, chip cards and identity documents. The
concept is also recommended for industrial
applications. For example, a trusted platform
module (TPM) can be used as a HRoT in con-
junction with other security elements in order
to provide an industrial controller with com-
prehensive security functions such as inte-
grated crypto-processors, encrypted storage,
buses and peripheral functions as well as inte-
grated error detection. Network end points
Figure 1. The Internet of Things
and various other connected
applications require secure
communication, data and
IP protection as well system
integrity.
