By Cheong Wei Chua, Program Manager, Advanced Engineering Group, Future Electronics
Read this article to find out about:
- The three main functions of hardware security components
- The key features of a Secure Element
- Requirements for secure authentication of cloud-connected devices
Security is emerging as an important issue, especially with more counterfeit products appearing in the market and more edge node devices connecting to the cloud. Here, Future Electronics introduces three categories of hardware security solutions to address this market:
- Cloud authentication
- Trusted Platform Module (TPM)
While security can be implemented in software, it is at higher risk of falling victim to a hacking attack. By contrast, a security system based on Secure Element hardware oﬀers anti-tamper protection and trust provisioning. Secure MCUs also oﬀer hardware-based crypto engines, but they are not necessarily tamper-resistant nor are they always recommended for trust provisioning, as shown in Figure 1.
In order to achieve a high level of security, private keys never leave the boundary of a Secure Element.
Furthermore, a Secure Element is recommended even if a microcontroller with Arm® TrustZone capability is used. Future Electronics can advise on the way that a TrustZone MCU will be provisioned, and help designers to evaluate the tamper resistance and ease of implementation.
Fig. 1: Architecture of a Secure Element (left) and a secure microcontroller (right)
Benefits of Hardware Security
Without a Secure Element, developers need to introduce bug-free firmware and may need to consider a shield to strengthen security. This means that a Secure Element oﬀers ease of implementation in addition to a range of other beneﬁts, as shown in Figure 2.
Certain secure MCUs oﬀer some level of tamper resistance, but generally not as strong as that of a Secure Element.
Fig. 2: The main benefits of security systems implemented in hardware
Brand owners care about three factors in particular:
- Brand protection
- Revenue protection
- Customer safety
The availability of counterfeit products and accessories is a threat on all three counts. To counter the threat from counterfeiting, OEMs can integrate a Secure Element into their products. These low-power co-processors are usually tamper-resistant. They resist logical and physical attacks. The reason that they work is that they make it prohibitively expensive to extract their secret keys.
An OEM can use a relatively inexpensive Secure Element to prevent their customers from using counterfeit products. This could not only be a revenue concern but a safety issue as well. For example, counterfeit lithium batteries might not include the high-quality safety circuitry that branded batteries contain, and thus be at higher risk of exploding due to thermal run-away. Suppliers also oﬀer asymmetric-based anti-counterfeit Secure Elements.
- Printer cartridges
- Batteries for portable devices
- Disposable medical devices
- Disposables cosmetic products
- Maxim Integrated DeepCover DS28E15
- Microchip ATSHA204
- NXP Semiconductors A1006
- Inﬁneon Optiga™ Trust B
Cloud Authentication Systems
The second use case for hardware security systems is in cloud authentication. Edge node devices such as baby monitors, ﬁeld sensors and consumer entertainment devices are in widespread use. As more devices get connected, the threat of malware injection or eavesdropping increases.
A secure connection to the cloud relies on Transport Layer Security (TLS), which uses public-key cryptography. To minimize the exposure of the private key to hacking or other attack, two factors need to be considered, with the aim of ensuring that keys do not fall into the wrong hands.
- Tamper resistance: keys must resist physical attack
- Trusted Provisioning: keys and certiﬁcates have to be provisioned in a secure manufacturing process. Manufacturers can also provide customer-speciﬁc production certiﬁcates to cloud providers to ensure that they will recognize the device as a valid entity.
For encryption, a secure MCU can do the heavy lifting. But in order to minimize the risk of exposing private keys, they are stored in a Secure Element which oﬀers both optimal tamper resistance and Trust Provisioning.
Edge nodes can be found in:
- Any device wanting to connect to the cloud with an IP address
- Maxim Integrated MAXQ1061/MAXQ1062
- NXP A71CH / SE050
- Inﬁneon Optiga Trust X
- Microchip ATECC608A
Trusted Platform Module
The ﬁnal category of hardware security systems is the Trusted Platform Module (TPM). The TPM speciﬁcation was written by the Trusted Computing Group, which was formed by computing companies AMD, HP, Intel and Microsoft. This means that the original intended use case for a TPM was in PCs, tablets, servers and networking equipment.
Computer programs can use a TPM to authenticate hardware devices because each TPM chip has a unique and secret RSA key burned in it in the factory. Pushing the security down to the hardware level provides more protection than a software-only solution.
TPMs typically conform to Common Criteria specifications, certiﬁed with EAL4+ and FIPS 140-2. Systems which run on a Linux® or Windows® operating system might be able to take advantage of drivers which work with TPM devices to speed-up development time.
- Networked devices
- Cellular base stations
- Multi-function printers
- Gambling/gaming machines
- Internet access points
- Smart appliances with network connectivity
- Test and measurement devices
- Mobile payment terminals
- Inventory control terminals
- Inﬁneon Optiga TPMs
- SLB 9670 TPM2.0
- SLI 9670AQ20 - world’s first automotive-qualiﬁed TPM
- SLM9670AQ20 - IEC 62443 industrial TPM
- Microchip ATTPM20P
Advice Worth Noting
Finally, it is helpful to remember this advice from security technology guru Bruce Schneier: ‘Security is a process, not a product.’ 
Security is about more than designing strong cryptography into a system; it also calls for the design of the fail-safe system which ensures that all security measures, including cryptography, work together effectively.
 From www.schneier.com/essays/archives/2000/04/the_process_of_secur.html