As the debate rages on whether last year’s massive power outage in the city of Mumbai was the result of a cyber-attack, the issue of addressing cybersecurity is, as is becoming the norm in recent years, a prominent part of embedded world 2021.
Last October, Mumbai, the Indian city of 20 million people and the financial capital of the country, was significantly paralyzed from a power outage for several hours during peak working time. According to a new report from intelligence firm Recorded Future, its analysis of network traffic analytics suggest cyber intrusion activity by attackers had occurred. Ten Indian power sector organizations including a number of centers responsible for operation of the power grid were attack targets in a concerted campaign against India’s critical infrastructure.
In the internet of things (IoT) era, if this was a cyberattack as suggested, this is just one example of the potential outcomes of being complacent on security policies and compliance.
In this article, we look at some of the hardware and software security announcements around embedded world 2021, ranging from hardware root of trust to security suites, ongoing device management and compliance.
Compliance is a challenge for every organization working in the IoT domain, especially given that most applications are unique, and that formal certification methodologies are both costly and time consuming. This is why the IoT Security Foundation, a non-profit industry association, developed an IoT Security Compliance Framework, enabling organizations to build a self-certification methodology that meshes with the 13 best practices captured in UK and European secure by design guidelines.
Compliance Suite from Secure Thingz/IAR Systems
To address this, Secure Thingz, an IAR Systems group company, announced its Compliance Suite, a set of tools and training specifically targeted to provide embedded developers with a simplified path to building applications that are compliant with the European EN 303645, UK and Australian 13 best practices, and the evolving US Cybersecurity Improvement Act (NISTIR 8259).
The suite includes a set of development tools and preconfigured security contexts that enables developers to rapidly implement core aspects of the guidelines, such as the use of advanced device specific security enclaves to protect provisioned information. Coupled with these tools is a set of training and support resources linking the functional requirements with the certification requirements identified in the IoT Security Foundation compliance questionnaire, ensuring a rapid implementation that meets international requirements.
Compliance is a step towards formal third party certification, such as global platform Security Evaluation Standard for IoT Platforms (SESIP), and the Arm PSA requirements. By implementing the IoT Security Foundation Compliance Framework, developers are aligning their organizations with the best-in-class methodologies, enabling them to achieve and surpass the evolving industry requirements. The Compliance Suite delivers a set of security development tools to extend the development toolchain IAR Embedded Workbench; it includes a security development tool, C-Trust, plus a set of preconfigured security contexts for both mainstream microcontrollers and advanced security devices. It also includes a suite of training covering secure implementation to achieve compliance and organizational vulnerability disclosure.
Next generation hardware RoT: Lattice Sentry Stack 2.0
In a whitepaper jointly authored whitepaper by the Cloud Security Industry Summit (CSIS) with the Open Compute Project (OCP), CSIS said, “Firmware represents a significant threat vector for computer systems, appliances, and associated infrastructure. If the first code that executes on a device when it powers on were to become compromised, then the entire system can and should no longer be trusted as secure. Firmware can be compromised through malicious attacks or unintentionally.”
To address this, Lattice Semiconductor announced a new version of its Lattice Sentry that addresses the rapidly evolving security requirements of current and emerging server platforms, by providing an efficient and secure way for developers to quickly implement enhanced system and cryptographic applications. The new Lattice Sentry 2.0 stack supports firmware security by enabling next-generation hardware root-of-trust (RoT) solutions compliant with NIST Platform Firmware Resiliency (PFR) Guidelines (NIST SP-800-193) and supporting 384-bit encryption. With the Sentry stack, developers can add support for strong firmware security to system control applications based on Lattice secure control PLDs, creating a platform to establish a hardware RoT to validate the legitimacy of all firmware instances in a system.
Key features of Sentry 2.0 include:
Heightened security – the Sentry solutions stack supports the Lattice Mach-NX secure control FPGA and a secure enclave IP block that enable 384-bit cryptography (ECC-256/384 and HMAC-SHA-384) to better secure Sentry-protected firmware against unauthorized access. Support for 384-bit crypto is a requirement for many next-generation server platforms.
4x faster pre-boot authentication – Sentry 2.0 supports faster ECDSA (40 ms), SHA (up to 70 Mbps), and QSPI performance (64 MHz). These features enable Sentry 2.0 to deliver faster boot times that help minimize system down time and reduce exposure to attempted attacks on firmware during the boot process.
Ability to monitor up to five firmware images in real-time – to extend the PFR-compliant hardware RoT enabled by Lattice Sentry, the stack is capable of real-time monitoring of up to five mainboard components in a system at boot and during ongoing operation. Competing MCU-based security solutions, as an example, lack the processing performance to properly monitor that many components in real-time.
EmSPARK from Sequitur: focused on Arm TrustZone device level security
Enabling device protection on devices based on Arm TrustZone architecture, Sequitur Labs’ EmSPARK Security Suite is aimed at enabling IoT hardware manufacturers to easily embed device-level security by addressing technical, supply chain and business process challenges. Supporting security functions for encryption, storage, data transmission and key/certificate management are delivered by EmSPARK and housed in the secure environment.
Supporting Microchip, NXP Semiconductors, STMicroelectronics and Nvidia, Sequitur Labs has announced new deployment option pacakages for EmSPARK – a base package and an advanced package. The “base” package provides essential security defenses for IoT applications in a turnkey solution that is easy to install, integrate and manage; key features in this package include secure boot, firmware updates, device failure recovery and software provisioning.
The “advanced” package provides a complete suite of security features and functions for protecting devices at all stages of their lifecycle; this includes a robust suite of API’s and trusted applications for advanced functions including key and certificate management, secure storage, cryptography, cloud integration, and protection of AI/ML models at the network edge.
Sequitur Labs told embedded.com, “Up to now, EmSPARK was only available as what is now the advanced package. The new base package is for entry-level requirements.”
ST boosts STM32MP1 microprocessor security
STMicroelectronics announced new software packages and support for enabling security on its STM32MP1 dual-core microprocessors.
By providing code for security mechanisms such as OP-TEE (Open Portable Trusted Execution Environment) and the TF-A (Trusted Firmware-A) project, ST helps STM32MP1 developers address the key concepts of information security in their applications: confidentiality, integrity, availability, and authenticity verification.
In addition, ST has extended the roster of authorized partners in embedded security with Sequitur Labs. Sequitur Labs’ EmSPARK Security Suite for STM32MP1 streamlines firmware development implementing protective techniques such as secure boot and device authentication. The security suite works with the Arm TrustZone architecture integral to the STM32MP1 and assists with secure provisioning to simplify deploying connected devices while keeping secrets safe. In this, it is optimized for applications such as industrial control, building automation, smart-home equipment, machine vision, automotive communication, and medical devices.
These new resources join the STM32MP1 ecosystem alongside solutions from authorized partners Prove&Run, TimeSys, and Witekio, which provide reliable and field-tested solutions to security-software development challenges. ProvenRun helps STM32MP1 customers integrate security in their design by providing custom security engineering services (secure boot, secure firmware, OP-TEE) and more advanced solutions leveraging on ProvenCore, a secure OS that has been certified.
The TimeSys Vigiles Vulnerability Management Suite is embedded in OpenSTLinux and constantly watches for relevant vulnerabilities that open devices to cyberattacks. Vigiles also provides remediation information for device lifecycle management. Witekio’s FullMetalUpdate open-source over-the-air (OTA) solution helps IoT platform operators manage their own OTA updates, combining security with flexibility and economy.
Infineon tackles counterfeit devices with OPTIGA Authenticate IDoT
Consumer devices, home appliances and industrial machines are constantly exposed to the risk of counterfeit spares and accessories. Fakes can compromise functionality, user safety and – as a result – brand value. To solve this problem, Infineon Technologies has launched the OPTIGA Authenticate IDoT (identity of things) anti-counterfeit turnkey solution which combines enhanced authentication with configuration flexibility. The new embedded security solution delivers enhanced hardware ECC-based security and flexibility to address customer and application requirements.
With an extended temperature range of -40° to +120 °C, the solution is ideal for industrial applications and supports the ever-growing and ubiquitous requirements for authentication. Use cases include single-use disposables for HVAC and water filters, rechargeable batteries for portable devices, light electric vehicles as well as computing and robotic systems in highly complex eMobility, industrial and IoT environments.
OPTIGA Authenticate IDoT is packaged in the proven and robust TSNP SMD housing measuring as little as 1.5 x 1.5 x 0.38 mm3. It supports four ECC authentication modes: one-way, mutual, host binding and host support. Designers can select from three temperature ranges, two communication profiles, three sets of memory and four integrated secured decremental counters with secured lifecycle management, capless LDO and robust ESD protection. OPTIGA Authenticate IDoT also provides unique on-chip turnkey digital certificates and key pairs.
NXP announces EdgeLock secure enclave
NXP Semiconductors has introduced its EdgeLock secure enclave, a pre-configured security subsystem that simplifies implementation of complex security technologies and helps designers avoid costly errors. It enhances protection to an edge device by autonomous management of critical security functions, such as root of trust, run-time attestation, trust provisioning, secure boot, key management, and cryptographic services, while also simplifying the path to industry-standard security certifications. The EdgeLock secure enclave intelligently tracks power transitions when end-user applications are running to help prevent new attack surfaces from emerging.
The secure enclave will be a standard integrated feature across the i.MX 8ULP, i.MX 8ULP-CS with Azure Sphere, and i.MX 9 applications processors, providing developers with a wide range of compute scalability options to easily deploy security on edge applications.
The self-contained, on-die hardware security subsystem has its own dedicated security core, internal ROM, secure RAM, and supports state-of-the art side channel attack resilient symmetric and asymmetric crypto accelerators and hashing functions, providing an array of security services to the other user-programmable cores within the SoC. In essence, the secure enclave functions like a security headquarters or fortress inside the system-on-chip (SoC), storing and protecting key assets, including RoT and crypto keys to protect the system against physical and network attacks.
This subsystem is isolated from the other processor cores that handle applications and real-time processing functions. This physically-siloed architecture supports a well-defined security perimeter within the SoC, and enhances SoC and application security by isolating secure key store management and cryptography.
NXP has also partnered with Microsoft to bring ongoing trusted device management to its customers with Azure Sphere chip-to-cloud security in the i.MX 8ULP-CS (cloud secured) applications processor family. The i.MX 8ULP-CS with Azure Sphere incorporates Microsoft Pluton enabled on EdgeLock secure enclave as the secured root of trust built into the silicon itself, and as a key step toward enabling highly secured devices for a vast range of IoT and industrial applications. In addition to the secured hardware, Azure Sphere includes the secured Azure Sphere OS, the cloud-based Azure Sphere Security Service, and ongoing OS updates and security improvements for over ten years.