iWave Japan      Welcome to iWave Systems

Security IP Suite

The Embedded systems targeted and designed for a specific application need, gets connected to internet. Many of the tasks, computations and applications accomplished in Desktop PC are achieved through embedded device as well. Thus, leaving the devices vulnerable to attacks, which leads to the necessity to address the issues of design constraints and limitations in hardware to provide a cost-effective solution. Secured systems are-

  • Protected from external threats
  • Should be confidential
  • Only authenticated program should able to run in the system

iWave offers Services and IP for secure OS / IoT:

  • Secure Boot
  • Secure OS – TrustZone Technology
    • OPTEE OS Porting
    • OPTEE Driver Development: PINPAD, GPIO, I2C, SPI, LCDIF
    • Trusted Application (TA), PTA and OPTEE-Client: Development and Porting  
  • Image Authentication and Verification (Cryptography)
  • Tamper Detection & Data Protection
  • Secure Transaction (IoT and Payment)

Why Security is Important ….??!

The immense need to address this security in Embedded Systems, invades following protection of data:

  • Private Data: If security is compromised, end user is impacted directly. For example, in case of internet banking passwords.
  • Restricted Data: If security is compromised, the content provider is impacted heavily. For example, digital multimedia content such as copyrighted digital photos, audio and video contents.

In connected devices, this secure data is transferred through public networks. So, it is important to ensure that secure data is protected from unauthorized access thus ensuring security.

Security in Embedded System:

Security in Embedded System is mostly combination of Hardware, Software and Mechanical solutions. Hardware solution is like Secure SoC, Secure ROM, TrustZone, Hardware Cryptography, Tamper Detection etc. Software solution includes software encryption algorithms, Trusted Software. In most of the cases it will be a combination of Hardware and Software solution to ensure highest security.

Tamper Detection:

Tamper Detection module will provide the physical protection for the devices. In case of any tampering, the Tamper detection modules informs the SoC of the corresponding events as below

  • External Tamper
    • External PIN
  • Internal Tamper
    • Voltage
    • Temperature
    • Clock

When the SoC detects the tampering event, a security violation alarm is asserted for

  • Software Action
  • Security hardware present in SoC does the following
    • Will deny access to any of the modules (data transfer)

        

    • All secure memory contents (Eg: Secured Keys) stored in the Internal RAM will be erased

Secure Boot:

Many SOC manufacturers provide “Secure Boot” option which adds cryptographic checks to each stage of the Secure boot process. The firmware code is signed using the device manufacturer’s code verification private key. The Secure Bootloader, on boot up checks the validity of the code by verifying the signature using the code verification public-key.

Cryptographic signature algorithms:

Cryptographic algorithms are used to encrypt and decrypt the data. Most famously used Cryptographic algorithms are public key- private key cryptographic algorithms. This algorithm uses two different but mathematically linked keys.

  • Before sending to other device, Private key is used to encrypt the data and generate the encrypted data.
  • Public key is shared with everyone. Decryption algorithm uses this public key to decrypt the encrypted data and obtain the original data.

        

Similar Cryptographic algorithms approach is used in secure boot with few enhancements. Here along with cryptographic algorithms, certain measures are taken so that the system cannot be hacked.

In Secure Boot, Public key is encrypted and stored in one-time programmable registers.

ROM code contains a signature verification module and the code verification public-key to verify the firmware code.

  • Generate private key and public key using device manufacturer’s code.
  • The image is signed with the device manufacturer’s private key using signature algorithm. This signed image is programmed to storage device.
  • Public key is encrypted and burned to fuses.
  • The ROM code, on boot up checks the validity of the signed image by verifying the signature using the public-key.
  • If signature is valid, then image will boot. Otherwise board will fail to boot.

Why it is Secure…!!!

  • ROM code resides in a write protected ROM. This ensures that the Secure Boot loader itself is never modified.
  • The private key is always kept secret by the device manufacturer. Public key does need to be stored within the device in a manner, so that it cannot be replaced by a public key that belongs to an attacker. This is done by writing public key to one-time programmable registers.
  • Public key is also encrypted before writing to one-time programmable registers. This ensures that only device manufacturer’s “signature verification code” can decrypt it and use it to verify the signed image.

Chain of Trust:

A secure boot checks for “authenticated image” in every stage of boot process. This process aims to check the integrity of the “authenticated image”, hence preventing any unauthorized software from running.

The secure boots relies on the idea of “Chain of Trust”. Starting with an implicitly trusted component, every other component can be authenticated before being executed, hence always only authenticated trusted image is running.

  • ROM code verifies & authenticates the signed 1st stage boot loader.
  • The 1st stage boot loader verifies & authenticates the signed 2nd stage boot loader.
  • The 2nd stage boot loader verifies & authenticates the signed OS image followed by file system mounting and launching the application.

ARM TrustZone:

Arm TrustZone technology is a System on Chip (SoC) and CPU system-wide approach for security. TrustZone is hardware-based security built into SoCs by semiconductor chip designers who want to provide secure end points and a device root of trust.

Trusted OS like OPTEE (Open Portable Trusted Execution Environment) runs securely on Trustzone hardware embedded in the SoC. The processor core of SoC has two virtual cores: Secure and Non-Secure

  • Secure world runs Trusted OS like OP-TEE – ARM Trusted Zone
  • Non-Secure world runs Rich OS like Linux (REE) – ARM Cortex A

The Secure Boot loader (ROM) in the SoC ensures that the device boots up with the Secure OS/firmware with right process privileges. The Memory Management Unit (MMU) configured by the OS permits the access to the buffers in the Internal RAM that involves secret key operations only to the secure processes with special OS privileges.

OP-TEE OS running in TrustZone provides key features like isolation from REE, small footprint and portability.

For more details information about OPTEE OS refer: http://www.iwavesystems.com/case-studies/software-design-services/optee-imx6ul-secure-connectivity-solution.html

Secure IoT:

IoT Communication with the cloud over MQTT is secured with SSL/TLS. Every data transfer will be encrypted using TLS protocol. Apart from SSL/TLS, Cloud may have its own authentication methods and policies to allow/restrict the connection.