The Internet of Things (IoT) can link islands of functionality – think street lights, electricity meters, HVAC systems – so that they can be better managed for their users’ benefit. In being linked in this way, IoT devices also create and route data that can be aggregated and analysed to reveal usage patterns, underlying behaviours, and opportunities for systemic optimisations.
The challenge of the IoT is that securing a large number of, possibly low-cost and limited functionality, devices as they communicate across open networks isn’t easy – especially for teams whose previous designs have had limited connectivity. To use the jargon, an IoT device, or group of devices, presents a large ‘attack surface’ to hackers. This surface isn’t defined by the number of devices in a particular IoT implementation alone. The IoT devices (known as edge nodes, for their position on the network), the gateways that connect them and the cloud servers that enable them, also present opportunities for hackers.
Think about a simple piece of hardware, with an SoC, memory, peripherals, interfaces and more – all of these are vulnerable to a variety of threats and so need to be secured to protect the overall IoT implementation.
As you continue the thought experiment up from the chip level, it’s clear that IoT devices and networks face myriad other threats – from attacks on their communications channels to vulnerabilities in the application software running on everything from the edge nodes to the cloud servers. Securing just one aspect of an IoT offering doesn’t help - hackers will always look for the weakest link in the chain.
Why does this matter? Insecure IoT networks can lead to issues such as data losses; privacy breaches; identity theft and impersonation; counterfeiting and device cloning; and denial-of-service attacks. Even hacking something as simple as a home thermostat can threaten a user’s security if it means a third party can infer when homes are empty from usage patterns.
Designing secure IoT devices and systems demands an end-to-end approach that recognises that each link in the chain must be secured to secure the whole. It’s easy to think of this as a stepwise process – secure the device, secure the network, secure the back end – but IoT security needs to be handled holistically to succeed. Although specific protection mechanisms vary throughout the chain – a low-power sensor-fusion edge node has different characteristics to a high-end cloud server – their similarities enable them to benefit from solutions developed from a holistic point of view.
For the software in use throughout the chain, tools such as those available under the Coverity brand can perform static checks on code to identify issues ranging from vulnerabilities to cross-site scripting through to illegal memory accesses. Coverity’s Seeker, and Codenomicon’s Defensics and AbuseSA, go beyond static analysis into dynamic, interactive security testing, in which the tools undertake a form of automated hacking using common (and not-so-common) attacks such as buffer overflows and SQL injection.
A secure IoT implementation requires secure nodes. One of the foundations of a secure node is a ‘hardware root of trust’, such as Synopsys’ tRoot Embedded Security Modules. This IP enables connected devices to boot securely and then uniquely identify and authenticate themselves, and to protect application data from tampering. In effect, the root of trust gives designers confidence that they can establish a secure connection with a particular device, protecting against counterfeiting and cloning.
Synopsys also has IP that can help designers strengthen the security of their IoT SoCs – at the edge node, the gateway or the cloud. This includes hardware implementations of functions such as cryptography cores, true random number generators, accelerators for protocols such as IPSec for VPN and TLS for HTTPS, as well as content-protection IP and cryptography middleware.
As always, finalising an SoC design means making a series of trade-offs between die area (and hence cost), performance and power consumption. For example, it’s probably not worth using a high-throughput hardware crypto accelerator to protect intermittent data from one of many strain gauges monitoring a bridge. On the other hand, the same approach may make perfect sense for protecting the digital distribution of blockbuster movies to media platforms ranging from cinemas to smartphones. Figure 1 shows how implementations can vary depending on these trade-offs. It begins (at left) with a basic implementation using virtualisation on a CPU core to run security functions as software in a closed, trusted execution environment which can reference a small area of trusted hardware to access, for example, keys. The next approach (centre) separates the secure functions more strongly by substituting the virtualisation strategy with another core, running a separate, secure OS. The third approach, shown at right, casts all the security functions into dedicated hardware, at the cost of lower flexibility and greater area.
Figure 1 Three ways to trade off cost vs security in IoT SoC design (Source: Synopsys)
Flexible processor cores can make it easier to manage power, performance and area trade-offs in the implementation of IoT security features. The DesignWare ARC EM family of processors, for example, are highly configurable and optimized for IoT edge-node applications in both control and signal processing. And for enhanced security, Synopsys offers an optional security package that includes SecureShield technology to isolate secure application code inside a trusted execution environment, separating it from normal application code even on a single-core, ultra-low power processor.
SecureShield does this by protecting critical processor registers, such as the stack and instruction pointer registers as well as secure bus accesses. It has a secure memory protection unit to protect instruction and data memory, with up to 16 configurable memory regions and the option to use different scrambling and encryption for each region.
The Enhanced Security Package also has an encrypted, tamper-resistant pipeline and other protection features such as data- and instruction-path integrity checks and watchdog timers to help prevent IP theft and system attacks.
The ARC EM core is supported by software libraries for cryptography functions, such as SHA, AES, RSA and others, which run on the standard processor. Applying the CryptoPack option to the core adds custom instructions and extra registers, via APEX technology, the processor extension capability, which accelerate these libraries by up to seven times, for a 5 to 20% increase in gate count. If this doesn’t provide enough data throughput, the next step is to use a full crypto engine, as described earlier.
Synopsys adds another piece of the IoT puzzle through the embARC open software platform, an initiative to accelerate the development of embedded systems on ARC processors. This is complemented by partnerships with other vendors for operating systems, software and tools, some of which have a particular focus on security.
Synopsys has built its portfolio of technology and expertise to secure the IoT nodes end-to-end through the development of its own hardware IP and the acquisition of secure IP company Elliptic Technologies, and through the acquisition of software quality, security and testing companies Coverity, Quotium, and Codenomicon. The tools and insights that these acquisitions bring are being applied synergistically, for example, to enhance the way that standalone security IP interacts with CPU cores. It’s an end-to-end approach to an end-to-end issue.
- The DesignWare ARC Processors are highly configurable so they can be tailored to meet the performance, power and area requirements of each target application.
- Synopsys’ security IP solutions include a range of cryptography cores, security protocol accelerators and processors, embedded security IP modules, secure boot and cryptography middleware as well as content protection IP for integration into system-on-chips.
- The ARC Access Program expands the choice of embedded software and hardware solutions available for DesignWare ARC processor cores
- The embARC Open Software Platform consists of software and documentation to accelerate the development of embedded systems based on DesignWare ARC processors.
Angela Raucher is product line manager for Synopsys’ ARC EM processors. She has more than 20 years of experience in the semiconductor industry and has held a number of leadership positions in product line management, technical support, software development and marketing across embedded processing and mixed-signal semiconductor businesses serving consumer, industrial, communications and automotive markets. Angela holds a Bachelor of Science degree in electrical engineering from Virginia Tech.