Path: EDN Asia >> Design Centre >> Communications/Network >> Protect networked embedded systems from intrusion
Communications/Network Share print

Protect networked embedded systems from intrusion

14 May 2013  | Richard Newell, Frank Juliano

Share this page with your friends

In most cases the actual design must be secure as well or an attacker could 'reverse engineer' the design to obtain information that could be used to spawn successful attacks. We must have robust design security features that protect our design by preventing design changes (insertion of Trojan Horses, for example), and controlling the number of copies made throughout the device life cycle. For example, tamper protection will be a useful feature to minimise attackers ability to successfully gain access to secure design data even if the gain possession of an example system. We must secure the design from initial production, including any in-the-field upgrades, and can even decommissioning of the design at the end of its life. Without a secure design it is difficult to adequately protect secure data.

Figure 2: On-chip features in devices such as the SmartFusion2 SoC FPGA enable designers to enhance security in embedded designs.

Implementing security features
Let's take our example design and look at how we can significantly improve security by addressing the security requirements previously described. Figure 2 shows an implementation example using the Microsemi SmartFusion2 SoC FPGA. In this implementation we will combine the three controllers into a single device. The System and Interface Controller can use the hardened MCU within the SmartFusion2 device while the other two controllers can be implemented with the FPGA logic using a few state machines along with I2C and SPI IP Cores.

A single device implementation (since the SmartFusion2 device requires no external configuration device it is a true single chip solution) simplifies security considerably. With all the control functions embedded within a single device only one set of keys and associated algorithms are required to protect data inside the device or transmitted to/from the device. Design protection is also much simpler since only a single device needs to be protected from reverse engineering, cloning, overbuilding, tampering and other similar attacks on the actual design IP.

The SmartFusion2 device can thus act as the Hardware Root of Trust (RoT) critical to implementing secure systems. A Hardware RoT is the most secure portion of the system that stores all security keys, and implements all the security algorithms. The Hardware RoT can then be used to extend the zone of trust to cover other parts of the system, even allowing secure communications across an entire entrusted network. Examples of these types of zones include the execution of secure boot code, signature checking of software stored in external memory and validation of system boards for authenticity to combat cloning.

Using SmartFusion2 SoC FPGAs
A block diagram of the SmartFusion2 SoC FPGA is shown in figure 3. The hardened CPU and associated peripherals is shown in the large blue block at the top of the diagram. The System Controller, shown in the smaller blue block at the top left includes a range of key security related functions that help with our implementation. The FPGA logic is shown in the large purple block in the middle of the diagram.

Figure 3: Devices such as the SmartFusion2 include specific security features designed to mitigate attacks.

Many of the security requirements in our example design can use the security features in the SmartFusion2 devices. The requirement for using standard encryption algorithms to protect data transmitted and received within the system can be addressed via the broad set of encryption algorithms supported on SmartFusion2 devices. The algorithms include DES, 3DES, AES, Pseudo Random Number Generators, Secure Hash Algorithm, RSA, Elliptic Curve Cryptography (ECC), and GCM for 802.1ae.

 First Page Previous Page 1 • 2 • 3 Next Page Last Page

Want to more of this to be delivered to you for FREE?

Subscribe to EDN Asia alerts and receive the latest design ideas and product news in your inbox.

Got to make sure you're not a robot. Please enter the code displayed on the right.

Time to activate your subscription - it's easy!

We have sent an activate request to your registerd e-email. Simply click on the link to activate your subscription.

We're doing this to protect your privacy and ensure you successfully receive your e-mail alerts.

Add New Comment
Visitor (To avoid code verification, simply login or register with us. It is fast and free!)
*Verify code:
Tech Impact

Regional Roundup
Control this smart glass with the blink of an eye
K-Glass 2 detects users' eye movements to point the cursor to recognise computer icons or objects in the Internet, and uses winks for commands. The researchers call this interface the "i-Mouse."

GlobalFoundries extends grants to Singapore students
ARM, Tencent Games team up to improve mobile gaming

News | Products | Design Features | Regional Roundup | Tech Impact