• • • SMART BUILDINGS & IOT • • •
when the circuit uses that key, for example, to decrypt data. A root of trust is explicitly designed to prevent such data leakage using various countermeasures.
Application example using
a security IC The benefits of a hardware-based “root of trust” become evident in the type of secure applications depicted in Figure 3. The protocol used is a simple challenge/response authentication protocol:
1. The meter requests a challenge from the pump in preparation for sending a command.
2.1. The pump challenges the requestor with a random number R.
3.1. The meter uses its private key to sign the command, the random number R, and some fixed padding. This operation is deferred to the “root of trust” of the meter.
4.1. The pump verifies that the signature is correct and that the random number is the same number it sent out earlier to avoid the trivial re- sending of a valid command. This operation is deferred to the “root of trust” IC of the pump.
In addition to the fact that every new attempt at
sending a command requires a new random number, the security of this protocol relies on the secrecy of the private key used to authorise commands and the integrity of the public key used to verify the authorisations. If these keys were stored inside common
microcontrollers, they could be extracted or manipulated, and fake meters or pumps could be manufactured, potentially endangering the patients’ safety. In this case, “root of trust” ICs make it much more difficult to counterfeit meters or pumps, manipulate the credentials, or tamper with the communication protocol.
Insulin pump authentication is a simplified example of root of trust Benefits of dedicated
security ICs Overall, a sound node device design will cause the cost of breaking a device to be much higher than the potential rewards for the attacker. The benefits of an architecture relying on a dedicated security IC are numerous: IoT security is an endless battle. Attack
techniques keep improving but, at the same time, security IC vendors continue to enhance their countermeasures so that security ICs remain extremely costly to attack. The security of a connected device can be increased by upgrading the security IC with little impact on the overall device design and cost. Concentrating the critical functions in a strong,
tamper-proof physical environment separated from the application processor allows for an easier “proof of security” when evaluating regulatory
compliance. Isolation also makes it harder to leverage weaknesses in the device’s application processor, which are very difficult to detect and remove entirely. Ensuring the security of an IoT node across all
its life cycle is easier when the security IC is commissioned early by the security IC vendor. This approach eliminates the need for sharing critical information with contract manufacturers, and a secure personalisation flow and secure OTA updates are made possible. Overbuilding and cloning become much harder as well.
Conclusion There are many components in a typical connected system, and security must be designed in from the beginning. While securing IoT nodes is not the only step, it is a necessary step.
electricalengineeringmagazine.co.uk
ELECTRICAL ENGINEERING • DECEMBER 2022/JANUARY 2023 23
Page 1 |
Page 2 |
Page 3 |
Page 4 |
Page 5 |
Page 6 |
Page 7 |
Page 8 |
Page 9 |
Page 10 |
Page 11 |
Page 12 |
Page 13 |
Page 14 |
Page 15 |
Page 16 |
Page 17 |
Page 18 |
Page 19 |
Page 20 |
Page 21 |
Page 22 |
Page 23 |
Page 24 |
Page 25 |
Page 26 |
Page 27 |
Page 28 |
Page 29 |
Page 30 |
Page 31 |
Page 32 |
Page 33 |
Page 34 |
Page 35 |
Page 36 |
Page 37 |
Page 38 |
Page 39 |
Page 40 |
Page 41 |
Page 42 |
Page 43 |
Page 44 |
Page 45 |
Page 46 |
Page 47 |
Page 48
