Protect your IoT device with hardware-based Secure Elements

Internet of Things (IoT) is already revolutionizing our personal and professional lives. It provides us with smart toothbrushes, connected cars, smart TVs, mobile devices & wearables, infant monitors, asset trackers and even a personalized healthcare.

And this is just a start: Statistica, provider of market and consumer data, expects the number of IoT devices worldwide to almost triple from 8.74 billion in 2020 to more than 25.4 billion in 2030!

Secure Element is an industry term used to describe a tamper-proof hardware platform. It acts as an enclave that hosts apps and ensures that confidential data is securely stored and is only accessible to authorized apps and people.

Secure Elements can store a large range of authentication and identification data such as PIN codes, private keys, signatures, payment information, or e-ID documents. You are using them when you unlock your banking app with your PIN code to book the perfect weekend from your smartphone and then authenticate yourself using Face ID to validate the transfer.

SEs can be found in different packages:

○ SIM/UICC, microSD cards and smart cards that can be removed from the device,

○ Embedded and integrated SEs that can be embedded with a dedicated chip or integrated directly into the host System on Chip (SoC).

In this blog post, I will focus on the embedded hardware-based Secure Element approach that provides cost savings and a strong physical security including secure communication between the host IoT device and the SE.

Secure Elements have been used for years by government and banking applications for authentication and secure payments.

Today, the SE market is mainly driven by IoT protection demands, with a large range of security-related use cases such as:

○ Smart home (home appliance control, HVAC control, etc.)

○ Smart grid (smart metering, thermostat control etc.)

○ Smart healthcare (vital signs control, smart drug delivery, etc.)

○ Smart manufacturing (access control, asset tracking, Industry 4.0, etc.)

○ Smartphone (Mobile payment, eSIM, etc.)

○ Connected cars (virtual car keys, etc.)

According to a market study published by Growth Market Reports, titled “Embedded Secure Element Market”, the global embedded Secure Element market was valued at USD 313.2 million in 2019 and is expected to reach USD 667.9 million by 2027 with a CAGR of 10.1%.

The four fundamental principles of the IoT device security are:

○ The ability to make sure data is fully available at the right time, the “Availability”

○ The ability to make sure device only communicates with an authorized partner, the “Authenticity”

○ The ability to make sure that data is accurate and has not been inappropriately modified, the “Integrity”

○ The ability to ensure that private information remains private and protected from unauthorized access, the “Confidentiality”

To achieve the above principles, an embedded SE may employ several of the following tamper resistant secure services:

○ Data Encryption (masking)

Data masking is a widely used approach for data protection in both software and hardware levels. It protects a given data set by hiding its original content through modifications but allows to recover the original data set by an authenticated user.  In that way, the application can propagate and store sensitive data “in plain sight”, giving an extra layer of protection for both unsecured and secured networks.

Among the data masking techniques, data encryption is one of the most used, commercially speaking. In fact, state-of-the-art IoT devices rely on complex cryptographic operations for secure communication. Cryptographic algorithms can be performed by a software solution. The alternative is to add a Secure Element equipped with hardware accelerators into the device. With this approach, the SE supports the host SoC by executing cryptographic algorithms, such as Advance Encryption Standard (AES), using a key (possibly stored and generated by the SE itself). This hardware method allows to perform cryptographic operations faster and to consume less energy compared to a software approach.

○ Device identification & authentication

A Secure Element has a unique tamper-proof identifier. It provides security credentials by which the secure chip will be identified by the host SoC. In hardware level, a SE can employ a Physical Unclonable Function (PUF), which provides a unique “digital fingerprint” for each fabricated device by taking advantage of the intrinsic process variations of semiconductor manufacturing.

○ Key generation

Cryptographic (private) keys are used to prove the authenticity of a device’s identity before it can communicate and exchange data. Depending on the application, cryptographic keysare either generated inside the Secure Element, using a True Random Number Generator (TRNG), or embedded at manufacturer site – in which the latter requires specific manufacturing steps from key generation to key storage.

○ Random number generation

A Secure Element embedding a TRNG provides a reliable random entropy source, thus avoiding any bias in generating the cryptographic key. The entropy source consists of the use of a single or multiple “noisy” signals that contains no recognizable patterns or regularities (e.g. thermal noise, atmospheric noise, electromagnetic noise).

○ Secure storage of sensitive data

A Secure Element can have a tamper proof memory providing a secured storage for the cryptographic key of a public key pair. The memory protects the host SoC against software or physical attacks such as fault injection. Access to the stored data is only granted after authentication by the host chip.

○ Secure boot

The objective of a secure boot is to detect and prevent attacks on the SoC or on the Secure Element by checking the integrity and the authenticity of the firmware. This fundamental process is defined as a boot sequence. It is usually based on the verification of the digital signatures of the SoC and the SE components which form a chain-of-trust. It means that each component is validated before it is allowed to run. A strong implementation for secure boot consists in storing the key dedicated to authentication within a ROM, itself contained in the SE as the root of trust (first component in the chain).

○ Side-Channel Protection

It is already known SoCs can “leak” data not only from traditional ways but also from electrical traces (i.e. side-channels) generated by the circuit. For instance, side-channel attacks such as Simple Power Analysis (SPA) and Differential Power Analysis (DPA) extract power traces from cryptographic operations in order to extract secured data.  To prevent these kind of attacks, countermeasure strategies can take two main approaches: (1) flat/balance the side-channel signal, making it as constant as possible independently of the circuit operation; or (2) add any kind of noise that difficult pattern recognition in the side channel. Of course, this can be done in algorithm level, where the algorithm itself is modified to prevent side-channel leak, but designers can take a hardware approach by varying supply voltages, clock frequencies or even employing special encoding and dummy circuitry.