February 2016
11
C
hips
& C
omponents
Firmware protection for MCUs
enables security in IoT applications
By Marco Blume,
Wibu-Systems
, and Dirk Heinen,
Infineon Technologies
Microcontroller-based systems in IoT
applications require a high level of
data security and functional safety.
The solution presented here ensures
both a secure firmware update as
well as secure functional upgrades for
XMC4000 microcontrollers. Also, it
supports the simple implementation
of functional safety.
The outlook for IoT applications is impres-
sive. The Internet of Things should make
roughly a 15 trillion US dollar contribution
to the global gross social product in the next
twenty years (source: General Electric), with
an installed base of 28.1 billion units by 2020
(source: IDC). But these figures are not only
impressive, but simultaneously alarming
when one considers the security aspects asso-
ciated with the IoT revolution. It is important
to take advantage of these developments while
still ensuring both functional safety and data
security. Security aspects affect all the systems
involved, from PCs, IPCs, embedded systems,
mobile devices, and PLCs to the microcon-
trollers used. Wibu-Systems, working with
Infineon, has now introduced the CodeMeter
μEmbedded, an efficient firmware protection
for systems based on the XMC4000 micro-
controller, in particular in applications such
as IoT or Industry 4.0.
The Internet of Things (IoT), with its differ-
ent variants such as Industry 4.0, informa-
tion and communications technology, smart
homes, and networked automobiles, requires
a high level of security. Typical application
cases include the authentication or licensing
of components based on their unique iden-
tity, monitoring and securing system integrity,
the protection of data and communications,
as well as secure updates and upgrades. To
build trust in new services and technologies,
IP protection is also essential. Corresponding
solution concepts require embedded system
solutions based on secure hardware that pro-
tects the infrastructure and components from
attacks, fraud, and sabotage. Since essentially
all embedded systems integrated into IoT
concepts are based on microcontrollers, this
is the first level on which the corresponding
protective functions must rely.
The general challenge in the implementa-
tion of maximum security in microcontroller
applications lies in the fact that the solution
must also be usable under harsh industrial
conditions and easy to integrate. CodeMe-
ter μEmbedded was developed based on the
proven CodeMeter solution for the protec-
tion, licensing, and security of systems. It
particularly addresses the security aspects of
firmware updates and functional extensions
of microcontroller-based systems. The cor-
responding keywords here are code integ-
rity, license monitoring, and protection from
reverse engineering and copying of program
code. The implementation of CodeMeter
μEmbedded was carried out in collaboration
with Infineon and is based on the 32-bit
microcontroller family XMC4000. CodeMe-
ter μEmbedded extends the standard devel-
opment tools to provide secure firmware
updates and functional extensions in embed-
ded systems based on the XMC4000. Micro-
controllers are increasingly used in frequently
networked applications such as pumps, motor
drives, sensors with field bus connections,
and similar systems. In these applications, the
secure loading of updates and/or functional
upgrades is a significant security-critical
aspect. The task of CodeMeter μEmbedded is
to ensure secure loading of updates into the
XMC4000 microcontroller and to introduce
new functionality even in insecure environ-
ments. In highly networked and intelligent
systems such as those in IoT, these import-
ant following aspects must be considered.
Only trustworthy code may be loaded into
the controller. The code must be encrypted
during transmission and loading. This is done
using a unique key stored in the boot ROM
of the controller. Traceable, reliable licensing
must also be guaranteed while loading the
code onto the controller. It should be possi-
ble to block or activate additional function-
ality of the microcontroller. The code may
only be loaded and decrypted on authorized
(licensed) controllers. It is essential to ensure
that use on an unlicensed controller or emula-
tor is prevented.
CodeMeter μEmbedded protects the firmware
of the controller against manipulation, reverse
engineering, and copying during updates.
OEMs that develop software for controllers
Figure 1. Networked systems
in IoT designs have numerous
points of exposure for attacks
and manipulation. Secure
firmware updates and functi-
onal extensions to microcont-
roller-based systems are a basic
requirement for ensuring data
security in IoT applications.
