Issue link: https://resources.mouser.com/i/1442760
However, 33 percent of embedded engineers and 22 percent of IoT developers still don't see security as a crucial design consideration. This is extremely counterintuitive as IoT devices are constantly exposing new vulnerabilities in embedded system designs. A closer look at the survey reveals two major reasons for the low priority of secure embedded designs. First and foremost, there is a lack of basic understanding about embedded security, and this is tied to a number of myths: For instance, there is a belief that the incorporation of hardware-based security into embedded systems is complicated, expensive, and time-consuming. A closer look at the major building blocks of hardware-based embedded security shows how security coprocessors or authenticator chips allow developers to quickly design security in products and, thus, cost-effectively protect the endpoints of a network. Moreover, these inexpensive solutions help designers safeguard code and data to prevent theft or malicious activities. It also allows them to simplify embedded designs by merely linking these security coprocessors to the host microcontroller via the serial peripheral interface (SPI) or inter-integrated circuit (I2C) interface, thus offloading the host processor from security-centric tasks. Security Coprocessor Building Blocks Security coprocessors run a public and private key-based authentication model that encompasses tasks such as secure boot, clone prevention, device identification, and message integrity. They guarantee the integrity and authenticity of a peripheral, module, or subsystem by generating unique cryptographic keys. The MAXREFDES155#, (Figure 2) subsystem reference design secures an authenticated data link between IoT devices and the web using the DS2476 DeepCover ® secure coprocessor. This process includes authentication of trusted nodes within a network as well as protection of intellectual property (IP) and communication links between the IoT hardware and cloud infrastructure. Here it's worth noting that the host microcontroller (MCU) or microprocessor may not have sufficient computing resources to run cryptographic algorithms or provide storage space for public or private security keys. These hardware-implemented engines run cryptographic algorithms to generate both asymmetric and symmetric security functions. Subsequently, these crypto engines create public and private keys to establish "a root of trust" for securing the embedded designs. The cryptographic algorithms supported by these security coprocessors include the Advanced Encryption Standard (AES), elliptic curve cryptography (ECC), the Elliptic Curve Digital Signature Algorithm (ECDSA), and the Secure Hash Algorithm (SHA). In addition to the security services provided by the hardware implemented crypto engines, devices like Maxim's DS28C36 (Figure 3), also integrate FIPS/NIST true random number generator (RNG), secured EEPROM, and a unique 64-bit ROM identification number (ROM ID). Security coprocessors implement these cryptographic algorithms as hardware engines to facilitate low-cost IP protection, clone prevention, and peripheral authentication. For example, identification and authentication occurs for consumables such as print cartridges, medical disposables, and battery packs. Likewise, these cryptographic hardware engines are effective at keeping hackers away from point-of-sale (POS) terminals, ATM keyboards, and EVM (Europay, MasterCard, and Visa) card readers. 12 | 12 | Figure 2: A thermal sensor uses a security coprocessor to authenticate and control notifications from a web server. (Source: Maxim Integrated) Figure 3: This is a block diagram of an authenticator that integrates various levels of cryptographic functionalities to secure data storage, communication, and device firmware. (Source: Maxim Integrated) 3.3V SCL PIOA PIOB SDA V CC GND µC IO IO R P I 2 C PORT DS28C36