Building a security-optimized embedded design using protected key storage
Editor’s Note: In this Product How-To article, Todd Whitford and Kerry Maletsky of Atmel Corporation describe the many ways in which the security of an embedded microcontroller design can be compromised and how to use the company’s ATSHA204 authentication device to protect critical system IP.
How much security can you afford to add to your next design? In many cases, equipping an embedded system to protect its proprietary intellectual property (IP) and the data it’s entrusted with represents only a small fraction of the unit’s overall cost. But can you afford even this small increase and still remain competitive in the unforgiving global technology market?
Or, is it better to ask if you can afford not to include it? Many incidents occurring throughout the high-tech economy illustrate some of the challenges embedded systems designers face in defending their products and the customers who use them against sophisticated attacks. Many of these are various forms of cyber-theft that seek to extract the information stored or transported by an embedded system. Once limited to simply pirating copyrighted movies, audio, and other multimedia, IP theft has evolved rapidly over the last decade as industrial spies and other cyber criminals have learned to extract the firmware, FPGA code, and other details of a product’s design for their own use or sale to the highest bidder.
Some of the most common ways that stolen IP can undermine both the immediate profits and long-term success of legitimate manufacturers include:
Hardware cloning A time-honored tradition in black-market electronics whereby a product’s circuit boards, components, and often even its mechanical design are copied and used to produce unlicensed knock-offs. Modern cloning practices usually include use of pirated firmware and FPGA code. When grey-market manufacturers begin selling unauthorized knock-offs of propriety peripherals and accessories (ink cartridges, cables, batteries, and other consumables), the OEM loses a reliable revenue stream.
Overbuilding A relatively recent variant of cloning in which an authorized third-party assembly facility deliberately builds more units than a client has ordered with the intent of selling them through alternate channels. Unless a product was designed with provisions to secure it against this practice, overbuilding is nearly undetectable.
Reverse engineering Even if a competitor does not produce a copy of your product, stolen IP can allow them to inexpensively acquire proprietary technologies and features which give your products market differentiation.
Shortened design cycles Pirated designs allow would-be competitors to bring their products to market quickly, reducing the time an innovative company gets to enjoy the marketing advantages and premium pricing that a product’s unique features make possible.
Developing a complete security strategy
A complete security strategy must address traditional security concerns about securing the system’s wired and wireless network connections. Authentication of network nodes, encryption of network data, message integrity protection, secure key management, and other traditional (but often overlooked) security measures are necessary. After all, your customers won’t buy products unless they know their data, services, and infrastructure will be protected against intrusion, theft, and sabotage.
A number of techniques are available to inject malicious code during routine software upgrades. Once inside your system, the new code can turn into a convenient point of entry to your customer’s (or your) network that can be used to gain access to sensitive consumer and corporate data.
The same techniques can be also used by those with more sinister intent to do physical harm. Several Pentagon studies and recent real-world incidents such as the Flame and Stuxnet viruses should serve as clear warnings that cyber-terrorism is a real possibility – especially in applications involving public infrastructure (utilities, communication, transportation) or mission-critical systems (medical, industrial control).
Part of the design process is to decide which of the issues listed above apply to your product and whether they are a primary or secondary requirement. Once the product’s security requirements are defined, they can be used to develop a security strategy which serves as a tool for selecting the technologies and products best-suited to meet the application’s unique combination of threats, performance requirements, and cost constraints. The security strategy should also consider whether the security solutions must be capable of being updated to deal with new threats as they emerge.
Depending on the level of security and performance required by your application, you can protect your system using a strategy based on software, hardware, or a mixture of both. Each of these strategies has its own unique advantages and drawbacks.
No security The simplest strategy is to not include any security in a design. In certain cases, the lower bill of material (BOM) and manufacturing costs, faster time-to-market, and lighter microcontroller (MCU) workload in the absence of security-related software outweigh the hidden costs of leaving a product vulnerable to hacking. But since some basic security measures can be implemented at little or no cost, few, if any, applications can afford to ignore security altogether.
Software-only solutions If the existing MCU has sufficient memory and processing cycles to support it, a security algorithm can be implemented in software. In most software-only security solutions, critical items such as secret keys are stored in the MCU’s existing memory resources (EEPROM, Flash).
- Advantages: These solutions are often perceived to be free, although they may have hidden costs due to additional development time and cost.
- Disadvantages: Storing keys in unsecured memory resources puts them at risk of exposure. In addition, many firmware or software implementations of cryptographic algorithms are vulnerable to attack due to performance tradoffs, code size reduction efforts, use of general purpose hardware, and/or errors in the code.
Software/hardware hybrid solution (e.g. hardware on client, software on host) A client-side system’s MCU can be augmented with a hardware security device that provides secure key storage and implements some, or all, of the security algorithm in hardware.
- Advantages: Lower overall solution cost because no security device is required on host.
- Disadvantages: In this solution, the host-side system’s keys are stored in an unsecured resource, putting them at risk for interception, theft, or alteration. In addition, the software for the host-side algorithm may contain flaws in its implementation which leave it vulnerable to hacking techniques.
Defendable hardware-based solution An all-hardware solution includes tamper-resistant secure key storage devices used at all critical points in the system.
- Advantages: With its keys securely stored in a hardened device specifically designed for the purpose and its security algorithm implemented in hardware, the resulting system is much more resistant to hacking without burdening the host processor. In addition, the development time required to bring a fully tested verified product to market is dramatically shortened.
- Disadvantages: Many designers avoid all-hardware solutions because they are perceived as adding potentially unnecessary cost to a design.
Implementing security strategy
Protecting a system against intrusion and data theft requires providing appropriate levels of both design security (protecting a system’s software and other critical details about its design) and data security (protecting the information stored in or transported by the system).
Failing to do so can expose your system to various types of attacks which seek to extract the information stored or transported by an embedded system. In many cases, the information contained in leading-edge products is pilfered by hackers serving second-tier manufacturers (often located offshore) who are employed to produce copycat products--or as an inexpensive alternative to doing their own R&D. The resulting over-builds, cloned products, and unauthorized knock-offs of propriety peripherals and accessories can erode or eliminate a manufacturer’s profits.
Secure key storage is a highly cost-effective approach to security that provides many of the same attributes of a fully-hardened system at a much lower solution cost. These systems use an inexpensive key management and storage device which can be paired with virtually any MCU to create an embedded system that is highly-resistant to the attacks commonly used to steal sensitive data, software, and other types of IP.
A closer look at secure key storage One example of an advanced secure key storage solutions is the Atmel ATSHA204, an authentication device that includes a 4.5Kb EEPROM. Its secure memory can be used to store encryption keys, perform miscellaneous read/write or read-only memory operations for managing passwords or secret data and consumption tracking information.
Access to the various sections of memory can be restricted in a variety of ways and then the configuration can be locked to prevent changes. The device features a wide array of defensive mechanisms specifically designed to prevent physical attacks on the device itself or logical attacks on the data transmitted between the device and the system.
Each ATSHA204 ships with a guaranteed unique 72-bit serial number. Using the cryptographic protocols supported by the device, a host system or remote server can prove that the serial number is both authentic and not a copy. The ATSHA204 can also generate high-quality random numbers and employ them for any purpose, including use by the device’s own crypto protocols. Its flexible command set makes it easy and cost-effective to use in many applications, including anti-counterfeiting, protection for firmware or media, secure data storage, user password checking, and session key exchange.