Embedded security rises and falls with crypto key management

Embedded systems face ongoing threats of penetration by persistent individuals and organizations armed with increasingly sophisticated tools. On-chip security features do serve as fundamental enablers for secure systems but can provide a false sense of security without a broader view of security policies. Consequently, the trend toward enterprise-level security lifecycle management emerges as the most promising solution for hardened security in embedded systems underlying the explosive growth of interconnected applications.

Over 130 years ago, Dutch linguist and cryptographer Auguste Kerckhoffs stated that a cipher system should not require secrecy and could even fall into enemy hands without causing a problem — a rule that has come to be known as Kerckhoffs's Principle. Claude Shannon, the father of information theory and electronic communications, reformulated this simply as “The enemy knows the system,” now known as Shannon's Maxim.

Commercial embedded systems promise to test these fundamental principles beyond that seen in any other application area. In marked contrast to more conventional secure systems, these systems can be openly acquired by potential attackers, who at their leisure can work to tease out literally every bit of secret information using readily accessible tools.

Semiconductor manufacturers have made great strides in providing strong hardware-based foundations for security. More and more MCUs and specialized processors now include on-chip hardware accelerators for crypto operations, allowing secure real-time communications without loss of performance or increased communications latency. The trend continues in 2015 for inclusion of even more comprehensive hardware support for security. For example, the PIC24F GB2 MCU announced this year by Microchip combines a hardware crypto accelerator with secure on-chip key storage (Figure 1 ). Although trusted computing and trusted platform modules are beyond the scope of this article, these concepts rely fundamentally on persistent, secure key storage for enabling hardware root-of-trust platforms required for secure boot, trusted software execution, and secure communications in production environments.

Figure 1 The Microchip PIC24F GB2 MCU family combines on-chip crypto acceleration with on-chip secure key storage.

Growing hardware support for security does not necessarily translate into greater assurance of continued security. According to Kerckhoffs and Shannon, companies should assume that the algorithms and, in the present context, the physical circuits used to execute cipher operations are compromised from inception. Basic security policies including layered security and compartmentalization do provide important benefits in complicating the task of would-be attackers. Yet, the notion of security by obscurity has repeatedly been proven inadequate. Current events show that the secrets contained in any system can be exposed by an insider, by a persistent individual, or by organizations with national resources behind them.

Ultimately, the complex formulations of most security policies boil down to a simple underlying notion of Kerckhoffs's Principle — that the most important secret in a cipher system is the key used for cryptographic operations. In silicon-based systems, this policy extends to the device itself where differential power analysis (DPA) attacks have been used to reveal keys and other protected secrets accessed during normal circuit operation. When bad actors can so easily acquire and analyze seemingly secure embedded system products, the importance of DPA countermeasures and other underlying circuit protection methods becomes evident.

Inevitably, however, application and system security depend on preserving the secrecy of the all-important cipher key. Indeed, key protection is as old as cipher systems themselves. For protecting national security and military communications, security organizations have long relied on hardware key fill devices (Figure 2 ) — portable units containing encryption keys and protected through physical security.

Figure 2 A decades-old KYK-13 fill device designed to transport secure keys for loading into secure crypto systems. Source : Wikimedia Commons

For an embedded design organization, the industry is redefining the physical fill device through enterprise-level security lifecycle capabilities. Typically offered on a proprietary basis by individual semiconductor manufacturers these services provide key generation and protected storage in a secure environment. For example, NXP provides a trust provisioning service along with its A710x secure MCUs. With this service, NXP delivers the MCU with pre-programmed, die-specific keys and certificates that are generated in a secure, Common-Core certified NXP internal environment and stored securely in hardware security modules. 

Join over 2,000 technical professionals and embedded systems hardware, software, and firmware developers at ESC Boston May 6-7, 2015, and learn about the latest techniques and tips for reducing time, cost, and complexity in the development process.

Passes for the ESC Boston 2015 Technical Conference are available at the conference's official site, with discounted advance pricing until May 1, 2015. Make sure to follow updates about ESC Boston's other talks, programs, and announcements via the Destination ESC blog on Embedded.com and social media accounts Twitter, Facebook, LinkedIn, and Google+.

The Embedded Systems Conference, EE Times, and Embedded.com are owned by UBM Canon.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.