This article was first published on Embedded Beat (oct. 2014) by Donnie Garcia, Freescale Kinetis New Products Team
I don’t have a home security system, but my second hand experience from family and friends is that they can be a real hassle. In addition to the cost of the system and having it physically installed, there are constant headaches with remembering to set the alarm, false alarms, and having to remember yet another password. When deciding to bring such a device into the home, home owners must balance cost and inconvenience with the benefits of peace of mind and crime deterrence. In the embedded world, as more “Things” get connected, a similar choice has to be made: accessibility via connectivity has opened up a new range of “Things” which are vulnerable to attacks. Embedded developers of home automation nodes, energy metering and payment solutions all have to deal with numerous and aggressive threats.
Protecting embedded assets is not a new problem, and for Freescale, a semiconductor company who can provide a solution for virtually all points within the Internet of Things (IoT) continuum, there is a strong legacy of excellence in security. As a Kinetis MCU product marketer, I have had the opportunity to collaborate with security experts from across the company who work on our numerous product lines to ensure that the best possible security is being implemented in our embedded solutions. Kinetis MCUs contain features to help improve reliance of end applications and have a type of embedded trust architecture that can be used to provide security in the age of increasing connectedness.
Kinetis devices provide an advantage that most other higher end applications processors do not typically have. Kinetis MCUs are architected to only boot up from internal memory. This protects against the threat of hijacking an embedded application by changing an external memory device.
In addition, Kinetis devices have several levels of embedded protection that can be selected using non-volatile control bits. The protection, when enabled, restricts access to all internal resources (Flash, SRAM and peripheral registers) from the debug port. As well, to facilitate a safe firmware update via a serial peripheral, Kinetis devices have a 64-bit key, which can be set so that only authorized firmware updates are allowed.
The highest levels of Kinetis security can also lock the embedded memory by disabling Flash erase capabilities, forever locking the application code in the end device. This security level creates a secure ‘Read Only Memory’ version of the embedded application, essentially avoiding the threat of cloning of a device.
Some Kinetis devices have an additional external memory interface (for SRAM or NOR Flash). On these devices, when security is enabled, the attributes of this external memory are controlled by system level configuration bits. So, even in higher end embedded applications which rely on external memory expansion, the reliable Kinetis MCU security architecture has the capability of restricting execution from the external memory to protect against attacks.
Many Kinetis devices also contain a system level Memory Protection Unit (MPU). This peripheral can be used to define memory spaces with certain access rights, creating another layer of system checking to ensure that the execution of firmware is controlled.
Besides the standard features mentioned above, cryptographic acceleration hardware is available on a number of Kinetis sub-families. This hardware, which is enabled by a library, greatly speeds up cryptographic algorithms that can be used in firmware updates or in the protection of data as it passes from device to device.
On a sub-set of Kinetis devices there are advanced anti-tamper capabilities. The features of this peripheral include a tamper protected memory space for a master key. The security of a system depends on keeping the master key a secret. The tamper protected memory space is automatically erased if a tamper event is detected. This erasure of the master key happens without any software intervention, and so can be depended upon to protect the most sensitive data. Tamper events are not only physical attacks, and so the advanced security peripheral also protects against temperature, voltage or clock speed attacks.
One of the newest features on the Kinetis devices is the Flash Access Control (FAC). This feature was made to support the growing need of protection of software intellectual property (for example, proprietary sensor algorithms, or connectivity stacks). The FAC allows the use of software libraries while not allowing them to be read or downloaded from the device. This feature works in conjunction with the embedded security levels of the Kinetis MCUs to provide developers a platform to use to promote their innovations in a safe and reliable way. Being able to protect software property will be a key enabler to the propagation of embedded technology expected by the Internet of Things.
What will the future bring in regards to embedded security features? To support the expansion of Kinetis edge nodes, more advanced encryption acceleration and new algorithms are on the roadmap.
Finally, as a product definer, I am always looking for new requirements. What aspect of embedded security threat are you concerned with? Leave a comment.
Donnie Garcia is on the Kinetis New Products Team