Skip to main content

How to Secure the IoT? Lots and Lots of Math...

Published Date

by Warren Miller, Mouser Electronics

The Internet of Things opens up a new universe of connected and intelligent devices that can work together to provide virtually unlimited capabilities, and most of these new capabilities will be personalized. Much of the value of the IoT comes from the ability to customize products and services to a customer's individual, and immediate, needs. The greatest challenges to the IoT will come in securing confidential information from unauthorized access as well as authorizing access to only the information we're comfortable divulging.

Fortunately, a method exists for securing our confidential information and communications while also authenticating the senders and receivers of the information with whom we wish to securely share. However, this method involves a great deal of mathematics, with complex cryptographic algorithms at the core. Lucky for us, these mathematical algorithms can be buried inside the electronic devices we use within the IoT so that we need not understand the details of "how" this cryptography is accomplished. However, it does help to have a bit of background on "what" these cryptographic algorithms do for us as well as the types of devices that can provide the security we need to protect us in the brave new IoT world.

How to Secure the IoT? Lots and Lots of Math... Figure 1

Figure 1: The Internet of Things requires advanced security to protect our privacy. (Source: gettyimages.com)

Secure Communications

One of the earlier uses of cryptography involved a familiar substitution code where one letter was substituted for another throughout a short message. If the receiver knew the substitution formula, perhaps a simple shift cypher where the "A" in the message turned into a "B" and the "B" in the message turned into a "C," it was easy to decode the message. Anyone seeing the encrypted message wouldn't know the contents unless they also knew the secret key. Unfortunately, these simple types of cyphers proved very easy to decode with just a few trial-and-error attempts.

In the modern digital world, it turns out we can use much more complex methods to encrypt messages— methods that use the powerful processing capabilities of computers, or even MCUs. These methods still use the familiar concept of a secret key and a cryptographic algorithm for encrypting messages, but can also use digital processing techniques (cryptographic mathematics functions) to make it very difficult to decrypt the message without the secret key. Unfortunately, the processing capabilities available using modern computers can also make it easier to break codes that are too simplistic. Thus, a need has risen to create codes that are too complex for even powerful digital computers to break using "brute-force" (trial-and-error) approaches.

A common method for using mathematics to create difficult-to-break cryptographic functions is to find a math problem that is very difficult to solve, but one that can be solved much more easily with a "hint." As an example, consider the product of two very large prime numbers. It can be proven that if you only know the product, it is time consuming to determine the two prime factors computationally. It also can be proven that the message can be encrypted using this product in such a way that it can only be decrypted quickly if the two prime factors (that is, the hint) are known. Moreover, these facts allow you to publish the product openly as your "public" key and anyone wishing to send you a secure message can use it with the knowledge that only someone who knows the prime factors can decrypt the message. If that person also has a public key you can respond to their message using their public key to encrypt your message, resulting in a secure communications channel! A common use of this secure channel is to send keys that can be used as shared secrets for other cryptographic algorithms that are still very robust, but require less computing power than the public key system.

How to Secure the IoT? Lots and Lots of Math... Figure 2

Figure 2: Public and private security keys will be used to protect our privacy in the virtual IoT world (Source: IStockPhoto.com)

Message Authentication

Since virtually anyone can send an encrypted message, one concern surrounding the process of encryption is verifying that the sender is who they say they are. Luckily there is a way to authenticate who the sender is using public keys. You can include, in an encrypted message back to a sender, a random number and ask that they send you that number back in an encrypted message. If the random number is received and is correct, the sender has proven they know how to decrypt messages using the secret keys associated with their public key, something only they would be able to do. As such, you can be now be sure messages are authentic and from the indicated sender.

Message Integrity

It is also critical to ensure that messages are not intercepted and modified by a third party. If the message is sent as text in an e-mail message, flipping a few bits will usually make the text unreadable, so you might think all such activity would be obvious. However, consider an example involving a code update to an embedded MCU. Flipping some bits would end up changing the code dramatically, keeping the MCU from doing its job. If its job is to regulate the temperature in a large communications switch, you can imagine the trouble that might occur. Thus, it is imperative to find a way to guarantee the integrity of a message so tampering can be detected immediately.

A common approach to doing this involves generating a tag (commonly called a Message Authentication Code, or MAC) that depends, in a complex way, on all the bits in the message body. Think of it as a more involved version of a parity check, which detects if a single bit has been flipped. This tag is added and encrypted along with the message body. The receiver can decrypt the message (along with the tag) and then regenerate the tag from the decrypted message body. If the regenerated tag matches the one embedded in the message there has been no tampering. Note that the MAC requires a shared secret to ensure no one else can generate the MAC.

 

Industry standards have been used to create a series of standards for securing information. The Advanced Encryption Standard (AES) established by the U.S. National Institute of Standards and Technology (NIST) is one of the most pervasive and is commonly implemented with block sizes of 128, 192, and 256 bits. The same key is used by both sender and receiver— a so-called symmetric cypher, as opposed to the public key system which uses different keys by the sender and receiver— so it is usually established using a public key message exchange, often for just a single session.

MCU manufacturers have made it easy to implement AES security functions, by including dedicated hardware inside the MCU. For example, the Texas Instruments MSP430FR5969 MCU Family includes dedicated hardware AES acceleration peripheral that implements the required encryption and decryption functions. The peripheral also includes storage for the state memory used during the encryption or decryption operations (a long series of shifts, substitutions, swaps, and XORs all controlled by the Security Key), and the Security Key. Design engineers simply load the 128-bit block into the state memory and the specified function— encryption or decryption— starts automatically. The resulting encryption or decryption output is read out from the state memory.

How to Secure the IoT? Lots and Lots of Math... Figure 3

Figure 3: AES Hardware Accelerator in Texas Instruments MSP430FR59xx MCU. (Source: Texas Instruments)

Similar hardware accelerators can be found for other common cryptographic functions such as the MAC function used to generate authentication digests. The most common MAC algorithm is the Secure Hash Function (SHA) standard established by NIST. Hardware accelerators are available for SHA in MCUs as well. For example, the Freescale Kinetis K6x Family of devices provides a hardware acceleration coprocessor for a variety of standards, including AES and SHA. This coprocessor can run independently from the CPU and uses a memory-mapped interface so that commands and data can be buffered for the Cryptographic Accelerator Unit (CAU). Because this unit is architected as a coprocessor, it can operate without CPU intervention and can considerably improve efficiency if cryptographic functions make up a significant percentage of the processing requirements.

How to Secure the IoT? Lots and Lots of Math... Figure 4

Figure 4: Freescale Kinetis K60 MCU Cryptographic Accelerator Peripheral (Source: Freescale Semiconductor)

Other approaches to implementing security capabilities

Besides providing hardware acceleration peripherals and coprocessors, manufacturers also deliver other security capabilities to help protect our privacy in the expanding IoT universe. For example, Atmel provides a special security memory device, like the AT88SC0204CA. It uses symmetric mutual authentication, data encryption, and MAC operations to provide a secure place for storage of sensitive information within a system accessed via a standard MCU serial interface. With additional tamper-detection circuits, this information remains safe from hardware attacks attempting to access secure information.

Another approach is to implement security functions in a more dedicated form that can operate in conjunction with an MCU. Maxim produces a series of devices that use a hardware implementation of SHA-256 to transfer data securely across a standard 1-wire interface. An MCU peripheral authenticator, like the Maxim DS24L65, converts a standard I2C interface into the secure 1-wire interface that can then connect to a variety of secure 1-wire peripherals, like the Maxim DS28EL22, a 2Kbit EEPROM with on-chip SHA-256-based MAC hardware and a guaranteed unique 64-bit ROM ID code. Host-to-slave authentication is used to protect DS28EL22 user memory from being modified by a nonauthentic host. The SHA-256 MAC, which the DS28EL22 generates, is computed from data in the user memory, an on-chip secret, a host random challenge, and the 64-bit ROM ID for very robust security. Note that these devices can be included in a standard peripheral set that uses an I2C connection, like smart sensors, to authenticate the sensors are from the expected manufacturer and they haven't been tampered with. This is particularly important when the sensor readings are used to generate revenue for utilities and similar "pay as you go" businesses.

Conclusion

Whatever approach used to protect confidential data— MCUs with dedicated cryptographic support for common security algorithms, off-chip cryptographic memories to store sensitive information, or hardware level authentication to insure peripherals are authentic— it is certain that data will be protected by math... lots and lots of math.
 

Warren Miller has more than 30 years of experience in electronics and has held a variety of positions in engineering, applications, strategic marketing, and product planning with large electronics companies like Advanced Micro Devices, Actel, and Avnet, as well as with a variety of smaller startups. He has in-depth experience of programmable devices (PLDs, FPGAs, MCUs, and ASICs) in industrial, networking, and consumer applications and holds several device patents.