DATA ENCRYPTION & SECURITY
Fig. 3: Anti reverse engineering.
Firmware IP is encrypted with an SRAM
PUF-derived encryption key locked to
the device instance.
Fig. 4: Anti-Cloning. When the firmware
IP tied to a device by SRAM PUF is
copied to other device instances, these
rogue devices fail.
And finally, passwords or other authentication mechanisms
based on shared secrets can be stolen or even forged by the
Validation through INSTET project
One manifestation of enhanced security for medical devices
was a project supported by the European initiative INSTET. The
project sought to demonstrate enhanced security for medical
wearable devices, using the Maastricht Instruments MOX2
physical activity monitor as the platform. The MOX2 uses the
STM32L496QGI6 Cortex M4 microcontroller. In such a scenario,
typical security methods would involve traditional key storage
solutions such as OTP, flash, e-fuse and Secure Element (SE).
Such methods tend to be flawed in terms of cost and reliability
and have two very serious security issues. First, the data in
the memory may be visible, even if the chip is not powered up.
Second, in the case of an external SE chip, an exposed (symmetric)
key has to be transferred to the MCU chip. An embedded
SRAM PUF in the MCU can be a giant step toward cheaper
and more robust security.
As an alternative, this project implemented a security solution
built around SRAM Physical Unclonable Function (PUF),
delivered by Intrinsic ID’s BroadKey product. It uses the unpredictable
start-up behavior of uninitialized SRAM cells in semiconductor
chips to differentiate chips from each other. SRAMs
can be found in any microcontroller (MCU) and are impossible
Recipe for holistic device security
using a single IP
A significant advantage of a solution built on SRAM PUF is
that it is a software approach to implementing a hardwarebased
root of trust (RoT). Therefore,
it’s supported on any popular microcontroller,
without re-designing or
procuring a new chip.
Besides the secret key generation and secure
storage, the approach taken by BroadKey offers
a complete asymmetric (PKI) crypto library.
This allows for key pair generation, creating
and verifying signatures, and key agreement
Secure boot support & protection
The first important step to device security is to
support secure boot of the device software. The
secure boot mechanism is part of the bootloader,
stored in ROM or write-protected flash.
Secure boot can eliminate the risk of illicit changes of the software.
An original software image will be signed by the developer
with approved keys and execute only after digital signature is
verified. Any modification “breaks” the boot process. The main
advantage of digital signatures is that they provide both data
integrity to prove that the code was not modified, and source
authentication to identify who was in control of the code at the
time it was signed.
BroadKey must be initialized during a system secure boot
sequence and works with a dedicated 1KB of SRAM. For this
reason, BroadKey is integrated with the secure bootloader, offering
device-unique strong security from bootup.
In the INSTET project, BroadKey verifies the data integrity of
the application image and authenticates the signer of the application
image. A possible extension of this BroadKey-backed
secure boot flow is to encrypt firmware for ultimate protection
against IP theft, reverse engineering and cloning – see figure 3
and figure 4).
Key management and secure key storage
Apart from key generation, BroadKey offers functions to authenticate
and encrypt (wrap) application or user keys, based
on device-unique secrets (figure 5 and figure 6). This allows the
wrapped keys to be securely stored in off-board memory.
End-to-end security: data protection
and data authentication mechanisms
To reduce the security envelope, end-to-end security between
end-node and consuming application is required. To implement
this, we apply application data security on top of existing connectivity
infrastructure. More particularly, we sign the application
data using an SRAM PUF-derived private key. By sharing
the corresponding public key-based certificate with the application,
it can verify the integrity of data.
Advanced device authentication methods
A certificate is a statement of identity and authorization that
is signed with a secret private key and validated with a known
public key. We have adopted a certificate-based authentication
in a PKI setting. Device-unique keys derived from the unclonable
SRAM PUF fingerprint are an ideal basis for establishing
a device identity in the form of a public-key certificate. These
certificates form the basis for strong TLS-based device authentication
in a device network. In conclusion, security by design is
strongly required in today’s IoT devices, especially for medical
As we have seen, having a robust foundation of security based
on SRAM PUF need not be complicated nor expensive. And
don’t worry, the approach can also remediate insecure deployed
devices with a retroactive “brownfield” establishment of
a hardware-based root of trust.
Fig. 5: No unencrypted secrets are
stored on chip. Secret data and
secret (user) keys are protected/
wrapped with a root key that is not
Fig. 6: Root key is generated
from SRAM PUF when
needed. Using SRAM
PUF’s root key, other keys
(e.g., AES) can be created,
and stored. The process
is reversed to recover the
www.eenewseurope.com eeNews Europe January 2020 News 31