Some industries caught on to the need for security before others, like those in the mission-critical space and those that potentially protect lives or money. But widespread adoption has not occurred. And it seems like hacking has almost become a sport for the bad guys.
As we move forward, the amount of critical data that’s at risk is growing exponentially. One major “culprit” here is the IoT or industrial IoT, although we’ve become so dependent on these technologies that there’s no turning back. Ask any plant manager if he would go back to manually monitoring the equipment in his purview and he’ll likely laugh at you.
How and where you protect is a debatable topic, but the real answer is “everywhere to the degree necessary”. From the chip level to the board level to the system level and out to the Cloud, there should be risk analysis and some protection.
The embedded, industrial, automation, and manufacturing industries have been aware of the need for security for quite some time. But that hasn’t made securing their equipment any easier. Now that critical industrial assets are interfacing with more open IoT networks, the requirement for securing electronic systems down to the silicon level has become more immediate.
Several options are available to the developer. For example, the Trusted Computing Group (TCG) has developed and maintains a standard called the Trusted Platform Module (TPM), which can be implemented in firmware, in an SoC, or as a discrete semiconductor that acts as a root of trust (RoT) and cryptographic co-processor for connected systems.
A second example is Arm’s TrustZone technology, which offers a memory protection unit-based scheme to provide secure boot and data protection functionality. And then there’s NXP’s SecureBoot, which provides strong boot-time integrity and run-time identity and privacy capabilities aimed at the popular i.MX family of CPUs. Moving up the stack, technologies like Intel’s Software Guard Extensions (Intel SGX) improve the integrity of application code and data.
Each of these alternatives is available to developers at varying levels of cost, ease of use, and protection. Let’s break them each down a little further, so you have some guidance to which would be best for your application.
The TCG’s TPM standard defines a hardware root of trust (HRoT), which is generally accepted as being more secure than software. The TPM is coupled with the system software to enable certain features. If you choose this path, know that open-source APIs are available and custom software can also be developed.
The most recent version, TPM 2.0, is designed with a “library” approach. This lets developers choose just the aspects of TPM functionality that are needed for their application, varying by the necessary levels of security. The latest additions include algorithm agility, which is the ability to implement new cryptographic algorithms as needed.
Arm TrustZone technology, which is obviously specific to Arm-based hardware, provides system-wide hardware isolation for trusted software. It works by creating an isolated secure world which can provide confidentiality and integrity to the system.
In a nutshell, Arm TrustZone starts at the hardware level by creating two environments that can run simultaneously on the same core. One of those environments is secure, while the other is less so. This protects systems at the lowest levels, including the bootup process.
NXP also starts at the boot level when securing the system, using the high-availability boot (HAB) component of the on-chip ROM. The ROM loads the initial program image from the boot medium. HAB enables that memory to authenticate the program image using digital signatures. This initial program image is usually a bootloader. SecureBoot establishes a root of trust for the remaining software components.
Intel’s SGX protects selected code and data from disclosure or modification. In this scenario, developers can partition their applications into processor-hardened protected memory areas, making it an application-layer trusted execution environment.
We know that not every design requires the highest level of security, and weighing the costs/security/design benefits and trade-offs of a given solution often rests with the designer. So an ounce of preparation is worth a pound of security.