Electronic Design

Embedded Systems Security Mandates on-MCU Hardware Encryption

Embedded control systems are increasingly connected to complex local area networks, such as controller area networks (CAN) with up to 100 nodes, ZigBee wireless control networks with thousands of interlinked nodes, and even Ethernet networks with theoretically limitless nodes. These localized embedded networks are, in turn, often connected to other networks and to the outside world via corporate intranets, extranets, and, most significantly, the Internet.

As embedded systems become more networked, security requirements become more complex. Controlling a geographically dispersed array of embedded systems over a public network opens up access to those systems. You would not want an outsider hacking your building security or HVAC systems. And you really wouldn’t want anyone shutting down the power grid, or releasing all the water from a dam on short notice, or opening a valve on a gas pipeline. Therefore, access to embedded networks must be controlled and data must be encrypted at the node level using advanced algorithms such as Advanced Encryption Standard (AES), Data Encryption Standard (DES) or Triple Data Encryption Standard (TDES).

The AES algorithm is a symmetric block cipher that uses cryptographic keys of 128 bits to encrypt and decrypt data in blocks of 128 bits. The DES standard uses a 64-bit encryption/decryption key to operate on 64-bit blocks of data. Triple DES uses a two- or a three-key algorithm. In three-key triple DES mode, the data is first encrypted with Key 1, then decrypted using Key 2 and then encrypted with Key 3, then de-/encrypted in reverse order. In two-key mode, the data are first encrypted with Key 1, then decrypted using Key 2 and then encrypted with Key 1.

When you consider the sizes of the various encryption keys and/or the number of steps involved in the encryption/decryption process, it is clear that encryption is computationally intensive and will substantially add to system processing overhead. Frequently an entire processor must be dedicated to the task. Unfortunately, including a dedicated security processor in a cost- and/or space-constrained embedded system is often not an option.

This poses a problem for applications using lower cost MCUs, such as the ARM7, because they do not have the horsepower to get the job done. For example, at 50 MHz, the ARM7 can execute software AES encryption at 4.3 Mbits/s. This data rate is not fast enough to keep up with many common communications protocols, such as full-speed USB (12 Mbits/s) or high speed SPI (25 Mbits/s). Encrypting Ethernet transfers at 100 Mbits/s is out of the question,

Even at 4.3 Mbits/s, the ARM7 essentially becomes a software co-processor. It cannot do anything but encryption. The control functions, for which it was originally included in the system, must be completely ignored during the encryption process.

Based on the data rates of common communications protocols, it becomes clear that the ARM7, on its own, cannot keep up. A more powerful ARM9 or ARM11 that might be able to keep up may be too expensive for the application’s cost constraints.

The only practical solution is to embed a hardware encryption engine directly on the microcontroller that executes encryption algorithms independently of the ARM7 CPU. This co-processor needs to accommodate a variety of algorithms (AES, DES, TDES) that allow the designer to balance security versus throughput requirements.

An ARM7 with an embedded encryption engine can achieve AES data rates as high as 20 Mbits/s. It also allows DES and triple DES encryption at 12.8 and 11.2 Mbits/s respectively. However, although the hardware AES encryption rate is nearly four times faster than a software implementation, the encryption rate still may not be fast enough for higher-data-rate Ethernet or high-speed SPI applications.

More is needed. MCU architectures must be further augmented with DMA schemes that increase their overall bandwidth. DMA is not native to the ARM7 architecture, but adding it to the ARM7 results in impressive bandwidth increases. For example, adding a peripheral DMA controller to the ARM7 architecture allows data to be shifted between the on-chip encryption engine and memory with minimal processor intervention, thereby increasing ARM7 encryption bandwidth sufficiently to support to higher-data-rate protocols. Benchmarks suggest that a peripheral data controller can increase the AES encryption rate to a respectable 80 Mbits/s. DES can be done at 32.8 Mbits/s and TDES can be executed at 20 Mbits/s.

As the networking of embedded control systems forces embedded MCUs to tackle encryption and decryption functions, MCU architectures will have to evolve to accommodate much higher processing and data transfer requirements. Without adding both hardware encryption and peripheral DMA control, ARM7 MCUs will not able to execute the higher levels of security at the data rates required to support today’s high bandwidth networking protocols.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.