New cryptographic coprocessor, integrated with physically unclonable function technology, enables end-to-end encryption
While the IoT continues to bring greater conveniences into our lives, left unprotected, smart devices could also open the door to malicious attacks that burrow into networks and attempt to access sensitive data. With its newest cryptographic coprocessor featuring ChipDNA™ physically unclonable function (PUF) technology, Maxim Integrated Products, Inc. (NASDAQ: MXIM) is simplifying the process of protecting these designs from security threats.
Safeguarding designs that could trigger more harmful breaches is particularly critical. For example, when a smart medical device, such as a pacemaker, is hacked, this could lead to dire or even deadly consequences. Designers of these medical applications would be wise to be able to guarantee that the sensors inside their designs are genuine and to protect them from aftermarket clones; to verify that the data collected by the sensors is genuine; and to enforce usage control and expirations in the case of single- or limited-use disposable peripherals.
Another area where security is important is the industrial IoT, where an attack on automated factory equipment, for example, could disrupt the manufacturing line and lead to lost revenue. Here, it’s imperative to ensure that OEM modules are genuine and to establish point-to-point security. Feature control is another consideration. In the production world, it’s economical to manufacture, say, one board that supports multiple versions and levels of features. Enabling secure end user feature upgrades protects the integrity of those upgrades.
In summary, securing IoT designs involves meeting these challenges:
- Safety and reliability: Prevent counterfeit components that could pose safety risks to customers.
- Key management: A weak security scheme can expose keys for protecting and encrypting sensitive data.
- Secure boot: Invalid firmware can create opportunities for malware attacks.
- Endpoint security: Secure communication and authenticity of end points must be addressed.
- Feature control: Find a way to securely enable and disable various factory-based options.
Cryptographic Coprocessor Makes It Easier to Protect the IoT
Hardware-based security provides the most robust protection for IoT designs. Compared to its more easily infiltrated software-based counterpart, hardware security provides layers of advanced physical security, cryptographic algorithms, secure boot, encryption, secure key storage, and digital signature generation and verification to fend off malicious attacks. Maxim Integrated’s newest DeepCover® secure coprocessor with hardware-based cryptography, the DS28S60, provides robust countermeasures that make it easier to protect against security attacks. The device includes:
- A high-speed 20MHz SPI interface for fast throughput of security operations.
- A fixed-function ECC/SHA-256/AES cryptographic toolbox.
- ChipDNA PUF technology.
- A simple way to implement end-to-end encryption via its built-in key exchange capability, in which the part uses an asymmetric key algorithm to exchange a symmetric key. The symmetric key can then be used to encrypt/decrypt data between two IoT nodes or a sensor node and the cloud.
ChipDNA PUF technology provides strong protection against invasive and reverse-engineering attacks. The PUF circuit relies on the naturally occurring random analog characteristics of fundamental MOSFET devices to produce cryptographic keys. The key is generated only when needed and is then deleted rather than stored on the chip. Any attempt to probe or observe the ChipDNA operation actually modifies the underlying circuit characteristics, which prevents discovery of the secret key.
Here’s how the DS28S60 addresses the key design challenges discussed earlier:
- Safety and reliability: Counterfeit components are blocked from operating in the system.
- Secure storage: ChipDNA PUF technology is used to encrypt keys, secrets, and all device-stored data.
- Secure boot: Its SHA-256 and ECDSA crypto toolbox features support secure boot of a host processor.
- Endpoint security: The device addresses concerns over secure communication and authenticity of end points.
- Feature control: Securely enable and disable various factory-based options.