FEATURE EMBEDDED IoT security embedded in memory cards
Hubertus Grobbel, vice president security solutions, Swissbit presents a flexible, hardware-based security approach that includes TPM (Trusted Platform Module) and data encryption
F
or IT- and data-security, systems communicating over the Internet or
via their gateways in the IoT (Internet of Things), need to have a unique and non-cloneable identity. Systems must also be able to send, receive and store cryptographically and heavily secured data. Solutions involving only the use of software rarely offer sufficient protection. This presents developers and manufacturers with great challenges. Swissbit, the storage and security
expert, offers a new hardware-based approach. Developers of embedded systems for industrial applications know Swissbit as an independent European manufacturer of flash memory products. Many see the Swiss company, producing in Germany, as a top choice for robust, durable SSDs with PCIs and SATA-interfaces, CompactFlash, USB- flash drives, SD and microSD memory cards and managed NAND BGAs. Swissbit has now developed a new
advanced approach to security for embedded IoT devices. The thought process behind the development is that every device needs memory to act as a boot medium for log files, and data cache memory in case of network failures. These memory interfaces can and should have security features.
SECURITY IN MEMORY CARD FORMAT Swissbit’s new security solution consists of a flash memory chip, produced and tested for industrial requirements. This chip is run using a special version of the durabit firmware with integrated AES 256-bit encryptor. The DP (Data Protection) version encrypts and protects all data in various ways (CD- ROM mode, PIN protection, hidden memory, WORM mode). For the hardware-based protection of the communication in the IoT, another security anchor is required. Swissbit’s security modules come with solutions such as an Infineon/NXP Smart Card Chip CC EAL 5+/6+. An API, a SDK and a PKCS#11 library are available for application development. Security experts trust in microSD cards with a secure element for encrypting
20 DECEMBER/JANUARY 2021 | ELECTRONICS
mobile phone communications. Similar to the communication between people, the communication of the things in the Internet also needs to employ identification, authentication and authorisation. In other words, how does a “thing” know that the data or data queries received from another “thing” are correct and that the source of a message is truly the system component that it claims to be? Swissbit security memory media, with
secure element, provides applications and systems with a unique identity. “Things” get a counterfeit-proof ID and as such, networked systems can be protected from misuse, “identity theft” and data access can be restricted. Smart cards, that are integrated onto memory cards, provide systems with non-cloneable identities, transforming them into uniquely identifiable M2M (machine-to-machine) communication participants, that can authenticate themselves and send and receive cryptographically, heavily secured data. Another important device-specific
application for these Swissbit solutions is Trusted Boot. Trusted Boot ensures that software can only be run on specific hardware or hardware classes. A secure flash memory card can be used to manage software licensing and feature activation. Access control, code encryption or digital signature allow the definition and management of different software configurations for products.
Figure 1:
Memory interfaces, such as USB, can be used to retrofit a TPM function
RETROFITTABLE AND FUTURE-PROOF In comparison to a soldered TPM, the idea of a pluggable security module might at first seem unusual. However, older machinery and systems generally have a USB interface or interfaces for memory cards. Therefore, the big advantage of using pluggable security modules is that existing devices can easily be retrofitted and secured using Swissbit security memory. This ability to retrofit devices offers
Figure 2:
Hubertus Grobbel, vice president security solutions, Swissbi
t Figure 3:
The structure of a microSD card with security features
another advantage in the constant race to keep up with cyber security. Attack and defence methods develop cyclically and harmonising them with for example the project lifecycle of an industrial plant is challenging. A situation could arise where it is necessary to allocate a new ID with improved cryptography technologies to the M2M communication participants. Swissbit’s retrofittable solution makes this possible. In response to the rapidly increasing
market demand for embedded IoT, Swissbit opened its new factory in October 2019, located in Berlin, Germany. This factory is equipped with state-of- the-art advanced 3D chip scale packaging technology, developing and producing customised system-in-package and multi-chip module designs for its customers. This technology facilitates not only the integration of microcontrollers, NAND chips and crypto chips, but also sensors, wireless chips and antennas. Using memory interfaces with TPM and encryption components for security solutions might only be the beginning, with the scope for the addition of further functionalities that can be miniaturised and integrated.
Swissbit
www.swissbit.com
/ ELECTRONICS
Page 1 |
Page 2 |
Page 3 |
Page 4 |
Page 5 |
Page 6 |
Page 7 |
Page 8 |
Page 9 |
Page 10 |
Page 11 |
Page 12 |
Page 13 |
Page 14 |
Page 15 |
Page 16 |
Page 17 |
Page 18 |
Page 19 |
Page 20 |
Page 21 |
Page 22 |
Page 23 |
Page 24 |
Page 25 |
Page 26 |
Page 27 |
Page 28 |
Page 29 |
Page 30 |
Page 31 |
Page 32 |
Page 33 |
Page 34 |
Page 35 |
Page 36 |
Page 37 |
Page 38 |
Page 39 |
Page 40 |
Page 41 |
Page 42 |
Page 43 |
Page 44 |
Page 45 |
Page 46
