June 2015
30
I
NTERNET
-O
F
-T
HINGS
– S
ECURITY
Security squared: system board
featuring encryption technology
By Harald Maier,
TQ-Systems
In the age of the Internet of Things,
protecting embedded systems
has become more crucial than ever. In
response,TQ-Systems has integrated
an encryption chip into its new
embedded computer boards which
provides reliable protection against
software manipulation and IP theft.
n
At present, a vast number of new applica-
tions for networked IoT systems are being
created for private and professional consum-
ers – be it for smart home or smart factory
systems, for digital signage players in shop-
ping malls, for outdoor areas, buses and trains
or other networked devices, and for all sorts
of machines and equipment. To their users,
these applications all open up new realms of
experience and deliver the added bene ts pro-
vided through networking.
e new applications, however, do not neces-
sarily always have to be killer-apps, as o en
described in cyber-virtual industry 4.0 applica-
tions. In most cases, continuous system moni-
toring o en su ces for users and OEMs. is
big data on status and usage enables them to
improve maintenance cycles and increase avail-
abilities. License and warranty management
can also be planned according to usage times
or frequency. For virtually any application with
an intelligent embedded system, completely
new sales and service concepts are possible.
e advantages of networking, however, also
bring risks. Previously, embedded systems
in machinery and equipment were basically
inaccessible from outside. Potentially, only
someone could tap or manipulate the code by
connecting locally via proprietary interfaces.
Today, IoT connected systems have an IP
address, which theoretically can be accessed
from anywhere in the world and, conse-
quently, the risks of code piracy or malware
implementation are mounting progressively.
Increased protection is therefore mandatory.
Various methods of protection are available.
Hardware solutions o er a particularly e -
cient and safe method of protection for so -
ware and IP (Intellectual Property). is is why
TQ-Systems opted for Gemalto encryption
technologies, which are also available as com-
ponents. is company is one of the leading
global suppliers in this eld. In the IT world,
its solutions protect anything so ware-oper-
ated: from ERP systems on (cloud)-servers
to mobile client solutions, right up to ATM
machines. e Sentinel HL components are
also an ideal protection and licensing solution
for embedded system so ware.
In particular, the Gemalto Sentinel HL chip
convinces embedded developers with its
Secure Element chip, which presently o ers
the highest level of protection against mal-
ware attacks on hardware and includes, for
example, di erential power analysis (DPA)
and reverse engineering via electron micros-
copy. In addition, it supports deployment in
industrial applications with its temperature
range of -25˚C to +85˚C. Sentinel HL also
o ers the function AppOnChip which enables
a non-separable connection of the application
to the hardware key. e code is only avail-
able encrypted in the processor cache and, if
accessed, is thus useless for IP thieves.
Integrating the AppOnChip into the applica-
tion is a simple procedure requiring no engi-
neering e ort. An automated routine delivers
blocks of code to the application functions
which are compatible with the AppOnChip
feature. ese code blocks are encrypted and
signed and can only be run on the hardware
key. erefore, without a hardware key, the
application cannot be run. e protected code
blocks do not occupy any of the hardware
key memory so that so ware manufacturers
have maximum memory capacity for license
storage. AppOnChip is applicable on x86
Windows-based 32-bit systems.EXE les and
further extensions for additional OS and pro-
cessor platforms are in preparation.
e AppOnChip function makes Gemalto
Sentinel one of the most secure solutions
available in the market today. Apart from re-
walls, VPNs and encrypted communication,
the Sentinel HL carries out extremely import-
ant core functions to protect IoT-connected
intelligent embedded devices. Plus, as it is
not even necessary to update the so ware on
the keys deployed in the eld parallel to the
release of a new version, the solution is suited
Figure 1. Proprietary module
QSys with Intel Atom E3800
