Fig 1. The Trusted Computing Group’s trusted platform module (TPM) is a specification and a module designed to provide secure devices. TPM sockets can be found on laptop and desktop PCs.
Fig 2. Secure processors can augment a host processor’s security depending upon how the two interact.
Security breaches and counterfeit devices are two major issues that developers encounter these days. Preventing these problems eventually comes down to the same solution: starting with a secure root.
In counterfeit deterrence, the idea is to be able to easily identify an object. For example, those expensive ink cartridges for that inexpensive ink jet printer only work together because of this support. Simple tricks initially were used to handshake between the cartridge and the printer. The printer typically had a micro but the cartridge often had something much simpler, like a serial memory chip that provided a way to identify the cartridge.
Secure serial memory from companies like Atmel, Maxim, NXP, Renesas, and STMicroelectronics provided a solution that includes encryption support on the memory so the memory can only be worked with if the proper keys are supplied. With ink cartridges, it’s even possible to timestamp the creation and first use so the printer could prevent use after some fixed amount of time. These days, the size and cost of secure micros has shrunk to that of the serial memories allowing more sophisticated key manipulation and encryption support.
Securing The System
The ability to identify the source of a program and guarantee its state as it starts running is key to secure applications. Compromise the boot process, operating system, or runtime and all applications are then suspect.
In a sense, even the typical flash-based microcontroller is secure, assuming the program memory cannot be read by external means. Cracking open the chip is usually an extreme method, and this is where the anti-tamper support of a secure micro comes into play.
Secure micros are more expensive than larger micros because building anti-tampering mechanisms is harder as more hardware must be protected. Still, the layered approach applies, allowing these small micros to provide the root of security within a system.
For example, the boot code for many processors can come from a serial memory. Insert a secure micro into this loop, an8d secure boot code can be provided. This in turn can load the next stage and use similar authentication techniques.
The Trusted Computing Group’s (TCG) trusted platform module (TPM) is a specification and a module designed for this approach (Fig. 1). TPM sockets can be found on laptop and desktop PCs, and many corporations deploy their computers with TPM modules. Combine this with secure drives, and losing a laptop would not be an issue, assuming the keys weren’t compromised.
Secure micro configurations vary when mixed with other hosts’ processors (Fig. 2). They may simply be used as a source of keys and identification for a potentially insecure processor, because the application only needs to identify the secure chip mounted on the motherboard.
Inside Secure’s VaultIC family can provide this kind of support. The six-pin dual flat no-lead (DFN) VaultIC100 chip is only 2 by 3 mm. It has an I2C interface and supports FIPS-recommended elliptic encryption keys up to 303 bits, in addition to other encryption methods.
Atmel’s CryptoRF chips have a secure micro for RFID applications that runs off RF supplied power. Typical applications simply use the chips to physically identify objects rather than control applications that may be running on the object.
Secure platforms don’t have to be simple, though. NXP’s au10tic family runs JavaOS. These kinds of platforms were originally designed for smart-card applications. However, they’re now being considered for operation in other electronic devices because of their processing power.
Maxim’s Zatara Secure Transactional processor is a 32-bit ARM-based microcontroller. It has an ARM922T core and the typical microcontroller peripheral complement. The security and encryption hardware are the only things that make working with the chip different.
The type of security technology used in smart cards is now making its way into common application areas. Developers need to understand that simply incorporating these technologies is only the first step of securing an application.
Atmel
www.atmel.com
Inside Secure
www.insidesecure.com
Maxim Integrated Products
www.maxim-ic.com