PLEASE ROTATE ME
May 6, 2021
With the ongoing expansion of the IoT, it is critical to continually review and update SoC security features to ensure any device that is connected to the internet is protected from cyberattacks.
Every second, 127 new Internet of Things (IoT) devices are connected to the internet, an astronomical growth rate that will lead to a global network of some 75 billion connected devices by 2025. For as much value as it has already created, this proliferation of IoT devices has also increased security risks at both the consumer and corporate levels. For instance, one Comcast report found that the average household faces 104 threats every month, with personal computers, smartphones, tablets, and networked cameras ranking as some of the most vulnerable devices.
In an effort to strengthen security across the IoT landscape, the federal government recently passed the Cybersecurity Improvement Act. The legislation provides an additional security compliance layer and encompasses issues such as secure development, identity and configuration management, vulnerability reporting, and more. While the Cybersecurity Improvement Act is a promising indicator of broad-based interest in securing the IoT, its impact will be limited by the fact that it only applies to IoT devices used in a federal government conext.
Consequently, responsibility for securing the greater IoT continues to fall to manufacturers and, to a lesser extent, consumers. These stakeholders must address everything from password vulnerabilities and insufficiently secure update mechanisms to insecure data storage and insecure default settings. Ultimately, as more IoT devices come online, it is critical for device manufacturers to make security a top priority. To that end, here are four critical SoC security features that can help manufacturers build devices that are as secure as they are high-performing:
A root of trust is the set of cryptographic functions within an SoC’s security foundation that is always trusted by the operating system. As such, it must be secure by design. Through a variety of components — starting with a security perimeter that determines what needs to be protected on an SoC — a hardware RoT provides software with a trusted execution environment. A RoT must also include a secure processor that runs secure software/firmware, as well as mechanisms for the protection of runtime memory data. (This data contains keys in plain text and other sensitive information.)
Hardware cryptographic accelerators are another important component of an RoT, as they maintain high performance while saving power and memory, which can be particularly beneficial for cost-sensitive applications that require both high performance and security. Finally, a hardware RoT requires a True Random Number Generator (TRNG), a secure clock (also called a secure counter), and secure storage. While a secure clock manages any time-based protocols, secure storage ensures that sensitive information cannot be tampered with.
Secure boot is a security standard developed to ensure the integrity of both software and firmware running on a platform. It is set up in a way that all applications must be authenticated through cryptographic verification of the software’s or firmware’s digital signature. This ensures that the boot and software have not been tampered with and can execute safely on an operating system. In a scenario in which verification fails, the security subsystem may reset the system.
Anyone who owns an iOS or Android smartphone has probably installed secure over-the-air updates on their device. These updates are delivered via wireless connectivity, mobile broadband, and/or other built-in functions in the device’s operating system. Because these updates can be installed without physically connecting devices to each other, they offer a variety of benefits for IoT devices, including remote upgrading and troubleshooting of bugs or security flaws. This tends to deliver cost-efficiency benefits since it eliminates the need for physical technician access.
Reverse engineering involves the examination of a system with the aim of deductively working backward toward the system’s original design. With good intentions, reverse engineering can help a developer understand how to fix certain bugs and enhance product features in both hardware and software. Once a developer understands how their system works from a hacker’s point of view, they are able to introduce artificial bugs to identify — and then close — potential points of vulnerability.
Reverse engineering is a powerful tool for programmers looking to strengthen a program and address an application’s errors, but it is just as powerful in the wrong hands. A bad actor who is skilled in reverse engineering can find vulnerabilities to exploit that may not be obvious from a surface examination of a system. Fortunately, SoC security features like firmware encryption and secure debugging can help manufacturers insulate their IoT devices from reverse engineering attacks.
Firmware is the built-in backbone of a device — its drivers, operating system, and default applications. Encrypting firmware protects these components to prevent unauthorized reverse engineering by competitors and hackers.
A debug port acts as the door to a device’s underlying code and data, so secure debugging is necessary to prevent cyberattackers from gaining control of this door. Debugging helps developers understand why applications are misfiring by generating detailed error pages that include important metadata, so if a hacker manages to commandeer the debugging process, they can get their hands on sensitive data on how to compromise the device.
IoT devices are designed to improve consumers’ lives, and as people become increasingly dependent on these devices, they will also start to demand top-notch security features.
Telink remains committed to providing highly secure SoC solutions that keep IoT devices safe and secure. Our TLSR9 Series includes secure boot and anti-reverse engineering mechanisms in addition to standard Telink security features like embedded Advanced Encryption Standard (AES) hardware, embedded hardware acceleration for elliptical curve cryptography (ECC), and an embedded True Random Number Generator. Our next generation of chips, the TLSR9528, will add RoT and additional secure OTA. All these features will ensure manufacturers and consumers alike will be able to keep the IoT secure even as it expands.
To learn more about Telink’s full product lines and development tools, visit our wiki or ask us a question using our Technical Forum.