INTERNET OF THINGS
Connected Systems Require
Hardware Based Security
Juergen Spaenkuch is
division vice president,
chip card and security, at
Infineon Technologies AG
Fig. 1: The IoT and various
other connected applications
require secure communication,
data and IP protection as well
as system integrity
42 November 2015 | Electronics For You
M
odern applications like con-
nected industrial systems,
smartgrids, connected cars and
autonomous driving widely summarised
under the term the Internet of Things
(IoT), see Fig. 1, have a high demand
for reliable security. There are some typi-
cal use cases such as authentication of
components and their unique identities,
monitoring and safeguarding of system
integrity and protection of data and com-
munication. To build trust in new servic-
es and technologies, intellectual property
(IP) protection is key, and data security
and system integrity are a prerequisite
for successful implementation of new
services and applications.
To establish new solutions, we need
integrated system solutions based on
secured hardware that protects infra-
structure and components from attacks,
fraud and sabotage; in brief, hardware that
enables to store, run and update software
in a protected way.
Purely software based security
is not enough
Several attempts have been made in
the past to apply purely software based
solutions for device authentication. Un-
fortunately, software, due to its nature,
bears several significant weaknesses. It
is written in code, and code can be read
and analysed. And once it is analysed, it
can be modified as per the requirements
of an attacker. And once the device is re-
programmed with the modified software,
the authentication process and system
integrity can be broken.
Another severe weakness of software
based solutions can be the inappropri-
ate storage of secret keys via all relevant
processes and production steps. Typically,
in software based protection systems, at-
tackers can identify secret keys from the
software in a very simple way; keys usually
behave like random numbers, in total con-
trast to the program code itself. So-called
entropy analysers can scan the software
and identify parts with high randomness
(these parts typically contain the keys).
Such a scan is done in seconds, and the
keys found could directly be used to gener-
ate falsified products in masses.
Software-only solutions allow protection
only in the case when none of the
components used are
physically accessible to
an attacker. In real life, this
exception would render such
solutions unpractical. So soft-
ware is usually not seen as a valid
alternative for product authentication,
system integrity and IP protection today.
www.efymag.com

However, software can be pro-
tected by hardware; secured hard-
ware protects the processing and
storage of code using encryption,
fault and manipulation detection,
and secure code and data storage.
Software becomes trustworthy by
combining it with secured hardware.
This has been proven by extensive
experience from areas of trusted
computing and the use of secure ele-
ments in mobile phones and protec-
tive functions of smartgrids.
Hardware based solutions
provide more security
A typical embedded control architec-
ture with a standard microcontroller
(MCU) on which a real-time operat-
ing system (OS) and applications
are running can currently be found
in the majority of installed systems.
Usually, security functionality is im-
plemented using software based en-
cryption mechanisms. What is miss-
ing is an efficient and secured trust
anchor (Hardware Roots of Trust, or
HRoT) with dedicated encryption
functionality for increased security.
This is why modern MCUs are
an ideal solution to respond to in-
creasing security demands. On one
hand, available standalone security
controllers are usually implemented
with MCUs; on the other, there are
application-optimised MCUs with
integrated security functions.
Use of a standalone security
element (security processor or co-
processor) that acts as an HRoT
has proven itself for years in other
industries such as personal comput-
ers, servers, chip cards and identity
documents.
The concept is also recommend-
ed for industrial applications. For
example, a trusted platform module
(TPM) (Fig. 2) can be used as an
HRoT in conjunction with other se-
curity elements in order to provide
an industrial controller with com-
prehensive security functions such
as integrated crypto-processors,
encrypted storage, buses and periph-
eral functions as well as integrated
www.efymag.com
INTERNET OF THINGS
addition, TPMs include a
comprehensive software
stack enabling a secure
upgrade.
Automotive is also an
upcoming field of appli-
cation, as there are many
features and functions
already widely based
on hardware security,
designed in response
to the level of security
required by the specific
Fig. 2: OPTIGA TPMs are special MCUs that provide computer
systems with comprehensive protection from unauthorised access application.
and attacks MCUs of the AURIX
family, for example, pro-
error detection. Network end points vide special function blocks such
can be efficiently protected using this as security hardware extensions
hardware based approach. (SHEs) or hardware security modules
(HSMs). HSMs take care of secured
Hardware based security communication with other MCUs by
is proven in the field signing messages or even using full
Coming back to the initial point encryption. Further, these can be used
of discussion about new business to securely boot the MCU in order to
models and opportunities in the prevent attacks from viruses and tro-
context of the IoT, there are already jans and prevent unauthorised access.
numerous use cases and examples With regards to the fact that
demonstrating how hardware based the car is becoming an increasingly
security solutions add real value in connected computing device com-
terms of integrity and reliability of municating with other vehicles and
connected devices. infrastructure, TPMs will become in-
For example, Infineon has been dispensable to protect the car’s com-
shipping TPMs for devices running munication interfaces from hacker
Google’s Chrome based OS since attackers or malware during software
2011 and it is an integral part of updates.
the security architecture of Google
Chromebooks, which were designed Conclusion
to provide a fast, simple and secured It will only be possible to implement
experience for people who use com- new connected technologies like the
puting devices primarily to access the IoT by making comprehensive use of
Internet and use Web based applica- powerful safety and security technol-
tions. One key part of their design ogy in order to protect infrastructure
is called defence in depth, which and components that are used from
provides multiple levels of protection manipulation, attacks and malfunc-
against malware. tions. Secured hardware is an im-
Meanwhile, structure of the TPM portant prerequisite, since maximum
standard was enhanced with some security requires secured hardware
specific functions and interfaces and cannot be achieved with soft-
added to support new applications. ware based concepts alone.
New profiles of TPMs can address Infineon provides MCUs with
security-relevant applications not integrated security functions and of-
only in the IT industry but also in fers efficient and secured solutions
embedded systems, smartphones, tailored to the applications’ needs,
communications equipment, indus- whether industrial, automotive or
trial automation or automotive. In consumer-oriented. 
Electronics For You | November 2015 43