When we talk about internet of things (IoT) security to any chip vendor, there’s invariably a complaint that designers and manufacturers are not taking security seriously. A common reason is that it adds to the cost of a product, and why would anyone add it if it wasn’t really essential? Or the other remark is security is often not designed in from the start, so when it’s added as an afterthought, a device could still be easily compromised.
But government agencies around the world are gradually introducing legislation about the security of electronic systems. These measures include California’s SB-327, which came into effect in January 2020; Europe’s ETSI standard covering cyber security for consumer IoT; and the UK government’s proposed new law on consumer IoT security. Vendors, meanwhile, are upping the game in creating awareness about IoT security.
One such announcement this week was from Silicon Labs, announcing new hardware-based security features for its wireless systems on chip (SoCs) for IoT devices. Its Secure Vault technology is a new suite of advanced security features designed to help connected device manufacturers address escalating IoT security threats and regulatory pressures. It has implemented these in its Wireless Gecko Series 2 platform, which combines security software features with physically unclonable function (PUF) hardware technology to reduce the risk of IoT security breaches and compromised intellectual property.
According to Silicon Labs, Secure Vault’s hardware features provide an optimized level of security implemented in a cost-effective, wireless SoC solution. The security subsystem, including a dedicated core, bus and memory, is separate from the host processor. This hardware separation isolates critical features, such as secure key store management and cryptography, into their own functional areas, making the overall device more secure. The new combination of security features is ideal for companies working to address emerging regulatory measures, such as GDPR in Europe and SB-327 in California.
We were curious how this is different to other security features on the market, including trusted execution environments (TEE). Gregory Guez, senior director of product marketing for IoT security at Silicon Labs told EE Times, “The architecture of Secure Vault indeed provides a layer of isolation between the secure element and the customer application that resembles a TEE but is actually achieved in hardware and not in software. In addition, the Arm Cortex M33 (with TrustZone) application core enables the device to be PSA-compliant. While we agree that other companies may offer key management (often with limited storage area), the Secure Vault implementation is based on PUF technology, delivering secure key storage via encryption and available in the whole memory space.”
In addition, he explained, the encrypted keys are protected against tampering through a complete set of configurable detectors and responses. “Secure Vault provides secure key storage that is leveraged by our wireless stacks, providing an added layer of protection on top of the standardized protocols. Secure Vault comes with secure identity in the form of certificates that can be checked to prove the authenticity of the device, a much-needed feature in the IoT market and a requirement to authenticate everything,” he said.
While hardware-based security is often considered the most appropriate approach to IoT security, there’s more to the issue. According to Tanner Johnson, senior cybersecurity analyst at Omdia, “Embedded security is a key requirement for IoT products, and software updates alone cannot address all vulnerabilities present in insecure hardware. As a result, hardware components can comprise the front line of defense for device security, especially with new legislation targeting IoT product security.”
Silicon Labs said Secure Vault advances IoT security through a combination of hardware and software features that make it easier for product manufacturers to protect their brand, design and consumer data. Integrating a security system within the wireless SoC helps designers simplify development and makes it possible to securely update connected devices over-the-air (OTA) throughout the product lifecycle. The delivery of genuine, trusted software or firmware to connected products serves to mitigate unforeseen exploits, threats and regulatory measures.
Silicon Labs is hoping Secure Vault will address the four pillars of IoT security – confidentiality (ensure data can only be read by the proposed destination), authentication (ensure the supposed sender is the real sender), integrity (ensure the information in the original message is kept intact) and privacy. Key security features it now provides include provision of secure device identity, secure key management and storage and advanced tamper detection.
Secure device identity addresses one of the biggest challenges for connected devices: post-deployment authentication. Silicon Labs’ factory-based trust provisioning service with optional secure programming provides a secure device identity certificate during IC manufacturing, analogous to a birth certificate, for each individual silicon die, enabling post-deployment security, authenticity and attestation-based health checks. The device certificate guarantees the authenticity of the chip for its lifetime.
Secondly, the effectiveness of a security scheme for device and data access directly depends on key secrecy. With Secure Vault, keys are encrypted and isolated from the application code. Virtually unlimited secure key storage is offered as all keys are encrypted using a master encryption key generated using a PUF. The power-up signatures are unique to a single device, and master keys are created during the power up phase to eliminate master key storage, further reducing attack vectors.
With regard to tamper detection, the company said this feature offers a wide range of capabilities from easy-to-implement product enclosure tamper-resistance to sophisticated tamper detection of silicon through voltage, frequency and temperature manipulations. Hackers use these changes to force hardware or software to behave unexpectedly, creating vulnerabilities for glitch attacks. Configurable tamper-response features enable developers to set-up appropriate response actions with interrupts, resets, or in extreme cases, secret key deletion.
Other features within Secure Vault include anti-rollback prevention and secure link. The former prevents older digitally signed firmware from being re-loaded into a device to re-expose patched flaws; this could happen if an attacker has knowledge of a security flaw in an older firmware version. The latter encrypts the interface between a microcontroller and a Wi-Fi chip to prevent an attacker from analyzing the interface to learn network SSIDs and passkeys to gain access to the network. The encrypted interface uses Diffie-Hellman algorithm key exchanges on a per session, per device basis, with the link secured uniquely on a given device, and keys regenerated on each power cycle; exploiting the link is hence more complex as the keys are frequently reset and non-transferrable. In addition, the keys have to be mutually authenticated before activating secure communication, hence preventing communication with a non-trusted party.
Silicon Labs is currently sampling new Secure Vault-enabled wireless SoCs, which are planned to be released in late Q2 2020.