{"id":21582,"date":"2021-05-17T14:09:07","date_gmt":"2021-05-17T12:09:07","guid":{"rendered":"https:\/\/www.icalps.com\/?post_type=blog_post&p=21582"},"modified":"2024-02-07T18:08:38","modified_gmt":"2024-02-07T17:08:38","slug":"embedded-security-iot","status":"publish","type":"post","link":"https:\/\/www.icalps.com\/fr\/embedded-security-iot\/","title":{"rendered":"Protect your IoT device with hardware-based Secure Elements"},"content":{"rendered":"
\n
\n

Have you ever tried to count how many IoT devices you encounter in a day: 1? 10? 20?<\/h2>\n

 <\/p>\n<\/div>\n<\/div>\n

\n
\n

Internet of Things<\/strong> (IoT) is already revolutionizing our personal and professional lives. It provides us with smart toothbrushes, connected cars, smart TVs, mobile devices & wearables, infant monitors, asset trackers and even a personalized healthcare.<\/p>\n

And this is just a start: Statistica, provider of market and consumer data, expects the number of IoT<\/a> devices<\/strong> worldwide to almost triple from 8.74 billion in 2020 to more than 25.4 billion in 2030<\/strong>!<\/p>\n<\/div>\n

\"IoT<\/p>\n<\/div>\n

 <\/p>\n

\n
\n

With IoT applications relying on cloud connected devices and on the transmission of huge amount of confidential information, security<\/strong> has become a vital concern to prevent hackers from cloning<\/strong>, counterfeiting<\/strong>or stealing<\/strong> information.<\/p>\n

This is where hardware-based Secure Elements<\/strong> (SE) come in: a security chip\/IP that stores sensitive data, runs secured apps and performs secure connectivity to protect an IoT device from cyberattacks.<\/p>\n

<\/h3>\n

But, what do these security chips really do and what are their applications?<\/strong><\/h3>\n

 <\/p>\n<\/div>\n<\/div>\n

\n
\n

What is a Secure Element (SE)<\/h2>\n<\/div>\n<\/div>\n
\n
\n

Secure Element<\/strong> is an industry term used to describe a tamper-proof<\/strong> hardware platform. It acts as an enclave that hosts apps and ensures that confidential data is securely stored and is only accessible to authorized apps and people.<\/p>\n

Secure Elements can store a large range of authentication and identification data such as PIN codes, private keys, signatures, payment information, or e-ID documents. You are using them when you unlock your banking app with your PIN code to book the perfect weekend from your smartphone and then authenticate yourself using Face ID to validate the transfer.<\/p>\n

SEs can be found in different packages:<\/p>\n

\u25cb SIM\/UICC, microSD cards and smart cards<\/strong> that can be removed from the device,<\/p>\n

\u25cb Embedded and integrated SEs<\/strong> that can be embedded with a dedicated chip or integrated directly into the host System on Chip (SoC).<\/p>\n

In this blog post, I will focus on the embedded hardware-based Secure Element approach that provides cost savings and a strong physical security including secure communication between the host IoT device and the SE.<\/p>\n<\/div>\n<\/div>\n

<\/div>\n
<\/div>\n

Application Areas<\/h2>\n
\n
\n

Secure Elements have been used for years by government and banking applications for authentication and secure payments.<\/p>\n

Today, the SE market is mainly driven by IoT protection demands, with a large range of security-related use cases such as:<\/p>\n

\u25cb Smart home<\/strong> (home appliance control, HVAC control, etc.)<\/p>\n

\u25cb Smart grid<\/strong> (smart metering, thermostat control etc.)<\/p>\n

\u25cb Smart healthcare<\/strong> (vital signs control, smart drug delivery, etc.)<\/p>\n

\u25cb Smart manufacturing<\/strong> (access control, asset tracking, Industry 4.0, etc.)<\/p>\n

\u25cb Smartphone<\/strong> (Mobile payment, eSIM, etc.)<\/p>\n

\u25cb Connected cars<\/strong> (virtual car keys, etc.)<\/p>\n

According to a market study published by Growth Market Reports, titled \u201cEmbedded Secure Element Market<\/a>\u201d, the global embedded Secure Element market<\/strong> was valued at USD 313.2 million in 2019 and is expected to reach USD 667.9 million by 2027<\/strong> with a CAGR of 10.1%.<\/p>\n

 <\/p>\n<\/div>\n

\"\"<\/p>\n<\/div>\n

 <\/p>\n

\n
\n

Securing an IoT Device<\/h2>\n

 <\/p>\n<\/div>\n<\/div>\n

\n
\n

The four fundamental principles of the IoT device security are:<\/p>\n

\u25cb The ability to make sure data is fully available at the right time, the \u201cAvailability<\/strong>\u201d<\/p>\n

\u25cb The ability to make sure device only communicates with an authorized partner, the \u201cAuthenticity<\/strong>\u201d<\/p>\n

\u25cb The ability to make sure that data is accurate and has not been inappropriately modified, the \u201cIntegrity<\/strong>\u201d<\/p>\n

\u25cb The ability to ensure that private information remains private and protected from unauthorized access, the \u201cConfidentialit<\/strong>y\u201d<\/p>\n

 <\/p>\n

To achieve the above principles, an embedded SE<\/strong> may employ several of the following tamper resistant secure services<\/strong>:<\/p>\n

 <\/p>\n

\u25cb Data Encryption (masking)
\n<\/strong><\/h3>\n

Data masking is a widely used approach for data protection in both software and hardware levels. It protects a given data set by hiding its original content through modifications but allows to recover the original data set by an authenticated user. \u00a0In that way, the application can propagate and store sensitive data \u201cin plain sight\u201d, giving an extra layer of protection for both unsecured and secured networks.<\/p>\n

Among the data masking techniques, data encryption is one of the most used, commercially speaking. In fact, state-of-the-art IoT devices rely on complex cryptographic operations for secure communication. Cryptographic algorithms can be performed by a software solution. The alternative is to add a Secure Element equipped with hardware accelerators<\/strong> into the device. With this approach, the SE supports the host SoC by executing cryptographic algorithms<\/strong>, such as Advance Encryption Standard (AES), using a key (possibly stored and generated by the SE itself). This hardware method allows to perform cryptographic operations faster and to consume less energy compared to a software approach.<\/p>\n

 <\/p>\n

\u25cb Device identification & authentication<\/strong><\/h3>\n

A Secure Element has a unique tamper-proof identifier<\/strong>. It provides security credentials by which the secure chip will be identified by the host SoC. In hardware level, a SE can employ a Physical Unclonable Function<\/strong> (PUF), which provides a unique \u201cdigital fingerprint\u201d for each fabricated device by taking advantage of the intrinsic process variations of semiconductor manufacturing.<\/p>\n

 <\/p>\n

\u25cb Key generation<\/strong><\/h3>\n

Cryptographic (private) keys are used to prove the authenticity of a device\u2019s identity before it can communicate and exchange data. Depending on the application, cryptographic keys<\/strong>are either generated inside the Secure Element, using a True Random Number Generator (TRNG)<\/strong>, or embedded at manufacturer site \u2013 in which the latter requires specific manufacturing steps from key generation to key storage.<\/p>\n

 <\/p>\n

\u25cb Random number generation<\/strong><\/h3>\n

A Secure Element embedding a TRNG provides a reliable random entropy source, thus avoiding any bias in generating the cryptographic key. The entropy source consists of the use of a single or multiple \u201cnoisy\u201d signals that contains no recognizable patterns or regularities (e.g. thermal noise, atmospheric noise, electromagnetic noise).<\/p>\n

 <\/p>\n

\u25cb Secure storage of sensitive data<\/strong><\/h3>\n

A Secure Element can have a tamper proof memory<\/strong> providing a secured storage for the cryptographic key of a public key pair. The memory protects the host SoC against software or physical attacks such as fault injection. Access to the stored data is only granted after authentication by the host chip.<\/p>\n

 <\/p>\n

\u25cb Secure boot<\/strong><\/h3>\n

The objective of a secure boot is to detect and prevent attacks on the SoC or on the Secure Element by checking the integrity and the authenticity of the firmware. This fundamental process is defined as a boot sequence. It is usually based on the verification of the digital signatures of the SoC and the SE components which form a chain-of-trust<\/strong>. It means that each component is validated before it is allowed to run. A strong implementation for secure boot consists in storing the key dedicated to authentication within a ROM, itself contained in the SE as the root of trust (first component in the chain).<\/p>\n

 <\/p>\n

\u25cb Side-Channel Protection<\/strong><\/h3>\n

It is already known SoCs can \u201cleak\u201d data not only from traditional ways but also from electrical traces (i.e. side-channels) generated by the circuit. For instance, side-channel attacks such as Simple Power Analysis (SPA) and Differential Power Analysis (DPA) extract power traces from cryptographic operations in order to extract secured data.\u00a0 To prevent these kind of attacks, countermeasure strategies can take two main approaches: (1) flat\/balance the side-channel signal, making it as constant as possible independently of the circuit operation; or (2) add any kind of noise that difficult pattern recognition in the side channel. Of course, this can be done in algorithm level, where the algorithm itself is modified to prevent side-channel leak, but designers can take a hardware approach by varying supply voltages, clock frequencies or even employing special encoding and dummy circuitry.<\/p>\n<\/div>\n<\/div>\n

<\/div>\n
\n
\n

Secure Elements definitely have a key role to play in securing today\u2019s IoT devices.<\/h4>\n

However, you must bear in mind that absolute security is utopian. The main challenge for IoT device manufacturers is then to find the right security level for a given application as a balance between deployment effort, deployment cost, power consumption and data sensitivity.<\/p>\n

 <\/p>\n

Let us know your thoughts!<\/p>\n

 <\/p>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"

This blog post outlines the basic concept of Secure Elements and the challenges faced by IoT device manufacturers.<\/p>\n","protected":false},"author":8,"featured_media":21589,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_seopress_robots_primary_cat":"none","_seopress_titles_title":"","_seopress_titles_desc":"With IoT applications relying on cloud connected devices and on the transmission of huge amount of confidential information, security has become a vital concern to prevent hackers from cloning, counterfeiting or stealing information. This is where hardware-based Secure Elements (SE) come in: a security chip\/IP that stores sensitive data, runs secured apps and performs secure connectivity to protect an IoT device from cyberattacks.","_seopress_robots_index":"","footnotes":""},"categories":[91,137],"tags":[],"applications":[],"expertises":[],"services":[],"class_list":{"0":"post-21582","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-application-spotlights","8":"category-blog"},"_links":{"self":[{"href":"https:\/\/www.icalps.com\/fr\/wp-json\/wp\/v2\/posts\/21582","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.icalps.com\/fr\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.icalps.com\/fr\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.icalps.com\/fr\/wp-json\/wp\/v2\/users\/8"}],"replies":[{"embeddable":true,"href":"https:\/\/www.icalps.com\/fr\/wp-json\/wp\/v2\/comments?post=21582"}],"version-history":[{"count":0,"href":"https:\/\/www.icalps.com\/fr\/wp-json\/wp\/v2\/posts\/21582\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.icalps.com\/fr\/wp-json\/wp\/v2\/media\/21589"}],"wp:attachment":[{"href":"https:\/\/www.icalps.com\/fr\/wp-json\/wp\/v2\/media?parent=21582"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.icalps.com\/fr\/wp-json\/wp\/v2\/categories?post=21582"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.icalps.com\/fr\/wp-json\/wp\/v2\/tags?post=21582"},{"taxonomy":"applications","embeddable":true,"href":"https:\/\/www.icalps.com\/fr\/wp-json\/wp\/v2\/applications?post=21582"},{"taxonomy":"expertises","embeddable":true,"href":"https:\/\/www.icalps.com\/fr\/wp-json\/wp\/v2\/expertises?post=21582"},{"taxonomy":"services","embeddable":true,"href":"https:\/\/www.icalps.com\/fr\/wp-json\/wp\/v2\/services?post=21582"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}