Counterfeiting happens, and it’s always bad news for consumers and businesses alike. Consumers pay good money for products that may be lacking in quality, while businesses lose out on revenue. Putting in hours of effort and ingenuity into designing a product, only to find cheaper copycats on the market is frustrating at best. This is why it’s important to design security into your products right from the start - especially if your products are internet-connected and smart. According to NETSCOUT’s Threat Intelligence Report, it takes only an average of five minutes for an IoT device to be attacked once it is connected to the internet. By including robust security in your designs, you can prevent:
- Revenue and intellectual property loss
- Subpar counterfeits and clones
- Breaches into your customers’ networks, where sensitive information may become accessible
- Theft of data in transmission between, say, the connected device and the cloud
- And even physical harm in the case of smart medical devices
Various techniques are available to protect your designs, and hardware-based security is one of the most robust methods. Unlike its software-based counterpart, hardware security provides the advantages of a physical layer that’s difficult to alter as well as support for key management. Secret keys are an integral part of cryptography, helping to ensure that the two sides that must exchange a message or piece of data are valid.
The emergence of secure ICs makes it easier to protect your designs from the ground up, or even to add security to an existing design. However, through sophisticated invasive attacks, hackers can attempt to steal cryptographic keys from secure ICs, compromising these ICs. Fortunately, here’s where chip designers may have an upper hand, thanks to their ingenuity in creating physically unclonable function (PUF) technology. PUF technology is virtually impossible to clone or duplicate because it stems from the complex and variable physical as well as electrical properties of ICs. These properties are random and unpredictable. PUF technology natively generates a digital fingerprint for its associated IC; this fingerprint can be utilized as a unique secret key for algorithms used in identification, authentication, encryption/decryption, anti-counterfeiting, and hardware-software binding. An ideal implementation of PUF technology requires no battery or other permanent power source; features circuitry that is resistant to physical inspection; and generates the secret key only when it is needed for a cryptographic operation.
Secure microcontrollers can prevent hackers from attacking remote IoT sensors, such as those inside this wireless weather monitoring station.
When You Can’t Steal a Key That Isn’t There
Maxim’s PUF implementation, called ChipDNA™ technology, was designed to deliver strengthened protection against invasive and reverse engineering attacks. A ChipDNA PUF circuit is based on the naturally occurring random analog characteristics of fundamental MOSFET devices to produce the cryptographic keys. The key is generated only when needed and is never stored on the chip. The unique binary value generated by each PUF circuit can be repeated over temperature and voltage and as the device ages. If someone attempts to hack a ChipDNA device, the invasive attack itself would change the electrical characteristics of the PUF circuit, thwarting the attack.
The newest device in the ChipDNA portfolio is the DeepCover® MAX32520 secure Arm® Cortex®-M4 microcontroller with secure boot for IoT applications, the industry’s first secure microcontroller with PUF technology. The MAX32520 received a Best in Show Award by Embedded Computing Design at this year’s embedded world Conference. The device:
- Prevents tampering via voltage and temperature monitoring for out-of-range values, along with die shield integration to thwart probing
- Prevents side-channel attacks
- Verifies flash integrity before code execution and authenticates source before secure flash upload via secure bootloader
- Provides advanced encryption with FIPS SP-800-90B and SP-800-90A compliant TRNG and hardware accelerators for AES-256, ECDSA-512, and SHA-512
- Features 2MB of secure memory, enough to extend protection beyond encryption keys to include application code
With features like PUF technology, advanced cryptographic engines, code encryption, and secure bootloader, the MAX32520 can be used to address threats including cloning, physical inspection, code alteration, IP theft, and subscription fraud, as well as concerns such as data privacy, network protection, and supply chain control. An evaluation kit, MAX32520-KIT, as well as a feather board, MAX32520FTHR, are available. Test-drive the MAX32520 for applications such as embedded communication equipment, embedded connected systems, IoT nodes and gateways, secure industrial appliances and sensors, and set-top boxes.
A similar version of this blog post originally appeared on Maxim Integrated’s mgineer blog.