Issue link: https://resources.mouser.com/i/1437738
areas, which are either trusted or non-trusted. This will avoid the MCU core from having direct access to the IP and therefore an easy dump of data cannot be performed. Here you will also find different solutions. Most common is the implementation of a Memory Protection Unit (MPU), which could be used for purposes described above, or the TrustZone ® implementation of an ARM ® -based microcontroller. Finally, you can store the IP in an encrypted way on the device. This will make it much more resistant against physical attacks as there is no non-volatile memory where the IP is stored as readable data and cannot be read out via encapsulation or analysis with an electron microscope. Consequently, the key for the encryption, which is stored in the MCU, must also protect against readout, direct access from CPU, and must be stored securely to avoid the readout of the key and the encrypted IP to get access to the secret information. If you store the algorithm encrypted, you have to decrypt it in the RAM of the device and execute from there. This is the most secure way to store the IP, but it will also be mandatory to include the RAM portion where the algorithm is stored into the trusted area of the MPU. Secure the Data at Rest In the second step, you must decide on the data the end customer will store in the device. In our example, the fingerprint data was stored to have fast access to the area, and also the access to the network of the customer to allow connection to the server where all fingerprint data is stored. This will also allow the manufacturer to make future firmware updates. Basically, the same security measures can be applied as this action was performed for the IP stored in the device. We want to have a closer look and decide on the mandatory level of security implementation in the operation. The device should be protected against read out or reprogramming, even partially, to avoid the installation of any kind of malware that could provide data over the network to the attacker. Also, the implementation of trusted and non-trusted memory areas is very meaningful, as this will limit the possibility of the MCU to access the stored data. This will make any attack more difficult and provides improved protection with limited performance degradation. Finally, the encryption of the data is a mandatory measure, as this will give a negative effect on the performance. All stored fingerprints must be decrypted before the algorithm can start its operation, so this add-on in performance has to be considered in advance. On the other hand, the physical access to the device inside the customers' building might be rather difficult and therefore needs to be considered if this add-on becomes mandatory. What can an attacker do with the stored fingerprint data as long as the algorithm of making the comparison is not accessible? For the network access data, this is different. Here, the negative impact for the performance is almost zero, as this needs to be done once or twice a day, but if somebody can get ahold of a device and can read out the network access code as unencrypted data, they will have the full access to the customer network and this might become more dangerous and unpredictable. Again, it needs to be highlighted that the storage of the key for the encryption has to be done with more security than the data itself to avoid any unwanted access to the encrypted data. A very effective way to do so is a uniquely wrapped key on each MCU, but the topic Key Management will be discussed in one of the following white papers in this series. | 4 | | 10 | V I D E O Securing your IP and Protecting Sensitive Data The decision of how, and to which level, to implement security always depends on the application, the expected attackers, and their access to the device or data to be secured. This means that for each security implementation, the development team has to consider this at the start of the project to make the important decision for the MCU, which is fitting to all needs of the security implementation. The example here shows the wide variety of security for local stored data and it will increase with additional functions for data in flight, or secure programming over the air. Further white papers of this series will provide you this information and support your design of a secure product for the connected world. Renesas offers multiple MCUs that address the concerns discussed in this white paper. Please visit our website to learn more. Conclusion