Supplier eBooks

attacker has to get access to the network before an attack on the device can start, but it also needs to be protected against external access and not become the entryway to the closed network. Finally, a device with direct connection to the internet demands the highest amount of security implementation as the number of potential attackers is no longer limited to local connectivity but can be done globally and with nearly endless computing power. Also, this kind of attack will increase to get access to data stored inside the device. Example Application and Security Demands To make the complete topic more concrete, let us consider an example application, which is fully artificial, but realistic enough to reflect the security demand for real applications. As an example, we have a door lock with a fingerprint sensor to give access to restricted areas of a company building. This sensor has a very clever algorithm to store the fingerprints of the 50 most common users inside the device with a very low memory size. This feature makes it most attractive for customers in the market. For other users, the device connects via a company Wi-Fi network to a server and makes the comparison with stored fingerprints, as this takes more time to grant access, the internal stored data is at a real advantage. The Wi-Fi network also has access to the internet to be ready for over-the-air updates to the device from the manufacturer. As a device manufacturer, you have to devise a plan to implement security for your application. In this white paper, we will just focus on the data stored in the device and ignore the data that will be exchanged via operation or program update (data in flight). The first kind of data to secure is the IP of the fingerprint algorithm. This is the value of the device itself and should be protected against any access an attacker can get to the device, either direct or via a data connection. As the device is connected to a network, it is not enough just to protect the MCU in the device from read out, copy, or reprogramming. In addition, you must secure the IP to be dumped from the memory via the connection to the attacker. The second kind of data you must keep in mind is the user data, the stored fingerprints, and the network access data in our example. As explained above, the physical access to the device will become more difficult for an attacker to get user data. The access via an internet connection is more likely, and therefore needs better security protection against attacks. This is partially in the hand of the user and their protection of the network; however, inside the device the security must be implemented to complete the security setup. Secure Your IP Based on the given example, several security parts are necessary to protect stored data. To focus on data security, we assume that we are using a device with a secure device identity and can be trusted. The next white paper in this series will explain what kind of MCU is necessary. Regarding protection of the IP, several levels of protection are to be implemented that depend on the security plan you've selected, and your defined scope of protection. As a first step toward implementation, the MCU you choose has to offer protection against unwanted debugger access and reprogramming. There are a variety of ways to achieve this crucial protection and you have to judge by comparing the different ways of implementation. Different vendors use various protection methods, which also have varying security capabilities. You must make sure that this implementation is recommended for security and not just for preventing unintended modification of the device. The next level is to use an MCU with implementation to support different access | 4 | | 9 | Headline Headline Learn More 4 Learn More 4 • 48MHz Arm Cortex-M4F Core • 256kB Flash Memory and 32kB SRAM • 8kB DataFlash to Store Data in EEPROM • Ecosystem and System Control Access • MCU Native Pin Access • Debug on-board (Segger J-Link ® ) RA4M1 32-Bit Microcontroller Group EK-RA4M1 Evaluation Kit for RA4M1 MCU Group

• Cover