Security of the internet-of-things needs safe hardware and software

Kamran Shah

“Software provides secure access control and hardware provides secure storage and system boot functions,” Shah tells Electronics Weekly.

“But security in the software domain in particular is a moving target and it is necessary for designs to track software vulnerabilities and provide patches,” says Shah.

“It’s a moving target,” says Shah.

Designers cannot effectively secure the software systems running on their IoT devices without also making the hardware secure.

“This means tamper-proofing the hardware, implementing secure processing domains such as ARM TrustZone, secure boot and secure storage,” says Shah.

One example of hardware security messages is to use trusted boot-up code held in an FPGA to securely boot a processor-based system. The intention is to ensure that processor code can be trusted during execution.

Shah says that the proliferation of cloud-computing services is reducing the cost of entry for IoT system design, which makes the need for securing the system more imperative.

The internet-of-things is typically defined as anything that uses internet protocol to communicate. Version 6 (IPv6) uses 128 bit internet protocol (IP) addresses and allows a very large number of “things” (2 to the power 128) to have their own address on the internet.

One of the reasons IP is being employed is to speed product development because: there is no need home-brew a proprietary protocol, the protocols stacks are already available, 32-bit microcontrollers that can run the stacks are now cheap and consume little power, and smart devices like phones already speak the language.

One way of securing embedded hardware is by using a hypervisor.

A hypervisor software architecture is a way of partitioning an embedded multicore processor hardware platform. In the ARM environment it makes use of the ARM Trust Zone.

This includes hardware-based partitioning of resources such as memory, crypto blocks, and keyboard/screens creating a completely separate secure world operating environment.

Mentor’s Embedded Hypervisor provides support for the ARM TrustZone in the development of safety-critical automotive systems such as advanced driver assistance systems (ADAS) and instrumentation.

On the same hardware platform designers can combine Yocto Project-compatible Linux, AUTOSAR, real time, and bare-metal applications.

It supports Android and Mentor’s own embedded RTOS, called Nucleus.

“The Hypervisor enables IoT designs to take advantage of multicore processors to provide more functionality and connectivity in a single hardware unit while maintaining isolation and separation for critical functionality,” says Shah.

But flexibility is important for IoT designs, says Shah, and the hypervisor will run on single-core or multi-core processor architectures supporting asymmetric multi-processing (AMP), symmetric multiprocessing (SMP), or a combination of both.

Developed by ARM a decade ago, the TrustZone architecture allows trusted tasks to run in secure mode, limiting attacks on private keys and digital certificates.

The intention was to allow designers to develop ARM-based hardware with in-built levels of security against attacks on secret keys and certificates.

The move was originally driven by the increasing need for security in mobile phone design to control software and application upgrades and signed transactions with digital signatures. But inevitably any system using an embedded operating system needs security.

TrustZone creates two modes of operation, one for standard operating systems, the other for the trusted tasks, including booting the system. Technology is now applied to all ARM processor architectures.

“Support for the ARM TrustZone secure system architecture makes it possible to provide normal and secure operations, such as secure boot and secure PIN access, within a single embedded application, and partition devices and memory to prevent unauthorised access to resources,” said Shah.