Don’t Be Afraid to Challenge Your CPU Vendor’s Security Claims

Datasheets can be a funny thing. I’ve often done comparisons between the claims made on competitors’ datasheets, and frankly it’s sometimes hard to make valid comparisons. In some cases, the specs only work under specific conditions. In other cases, the manufacturer cites a best-case specification verses someone else’s “average.”

When it comes to security, it’s not really any different. It’s hard to find an MCU vendor today that doesn’t make the claim that his products are “secure.” But what does that really mean? It could be that there’s some kind of encryption built in; it could mean that a third party is employed to handle the security; or it could rely on a technology like Arm’s TrustZone (Figure 1).

Figure 1: TrustZone is designed into MCUs based on Arm’s Cortex processor IP. It represents a system-wide approach to embedded security by separating mission-critical code from the OS. (Image source: Embedded Computing Design)

TrustZone, which has become a popular means of adding MCU-based security, separates mission-critical code and protocol stacks from the operating system (OS), thereby preventing firmware backdoors into security key storage areas. And it creates multiple software security domains to restrict access to the specific memory, peripherals, and I/O components inside the microcontroller.

Over-the-Air Updates

Another method that MCU manufacturers employ to maintain security is to offer over-the-air (OTA) updates. Using this technology—in theory at least—your system is always up to date in terms of its security protocols. For example, Renesas’ RX651 microcontrollers integrate Trusted Secure IP (TSIP) and trusted flash area protection, which allows flash firmware updates in the field through secure network communications.

The TSIP enables robust key management, encrypted communication, and tampering detection to ensure strong security against various external threats. Through a partnership with Secure Thingz, an embedded systems security expert, the 32-bit RX MCUs can be secured across the complete design and manufacturing value chains.

A similar collaboration occurs between MCU supplier STMicroelectronics and Arilou Information Security Technologies. The two companies have teamed up to create a multi-layer security arrangement in which hardware and software can complement each other to monitor the data streams and detect communication anomalies.

ST has added Arilou's Intrusion Detection and Prevention System (IDPS) software to its SPC58 Chorus series of 32-bit automotive microcontrollers to detect traffic anomalies and form an extra layer of protection against cyberattacks. IDPS is a software solution designed to monitor the controller area network (CAN) bus and detect anomalies in the communication patterns of electronic control units (ECUs) in automotive designs.

The Secure Co-processor

Secure elements, also known as security co-processors, sole purpose is to secure a system that’s been designed without a secure MCU by acting as a companion chip to that main CPU. The secure element provides a security framework against an array of threats. It can be a simple and inexpensive device that offloads the main MCU or CPU from security-related tasks such as key storage, cryptographic acceleration, etc.

An example of a secure element is Microchip’s ATECC608A (Figure 2), which features a random number generator (RNG) for unique key generation while complying with the latest requirements from the National Institute of Standards and Technology (NIST). It also features cryptographic accelerators like AES-128, SHA-256, and ECC P-256 for mutual authentication. The ATECC608A offers OTA validation and secure boot to ensure that key storage and transfer for the IoT and cloud service authentication is handled through a secure means.

Figure 2: Microchip’s ATECC608A is an example of a secure element, which can be viewed as a security co-processor. (Image source: Microchip)

The bottom line is that you need security, and it’s definitely possible that it’s already designed into the MCU that you’ve embedded into your end system. However, never assume, and read between the lines when you’re analyzing those datasheets. For more information on this important topic, see the article The Anatomy of Security Microcontrollers for IoT Applications.