EN 
DE 
In a highly interconnected world, it is advisable to effectively protect applications against cyberattacks. This requires optimal encryption of data and communication channels. However, the cryptographic algorithms used in software do not always reliably protect devices directly exposed to attacks. A turnkey solution offers a potential way to better protect information.
The increasing interconnectedness of our world, for example in smart homes and industry, also steadily increases the risk of attacks from the internet. Unlike end devices such as computers and laptops, which are protected by security updates and software, IoT devices are still largely neglected in this regard.
But securing IoT devices and connections is crucial. Malware like Mirai, which manipulates unsecured IoT devices and uses them for DDoS attacks, is one example. And in early 2016, internet access in Liberia was temporarily interrupted. But attacks on internet infrastructure are not the only threats.
Cyberattacks can not only cause material and financial damage, but also threaten life and limb due to the widespread use of IoT devices in sensitive sectors such as healthcare (medical technology) and transportation (connected cars). Recent ransomware attacks on hospital IT systems have made headlines, highlighting these vulnerable targets.
Software security does not protect against hardware tampering.
To securely transmit data in communication networks, preventing unauthorized access or manipulation, secure connections are essential. However, not only are the connections between devices vulnerable, but also the devices themselves. Several approaches exist to ensure this security. These include the use of software-based cryptographic algorithms and hardware security modules (HSMs).
A purely software-based solution carries the risk of manipulation occurring directly on the device. Using modern attack techniques, an attacker could read parts of the memory or perform software manipulations. HSMs can also protect devices from such direct access. They possess tamper protection that safeguards them against hardware attacks. Direct manipulation of the hardware is detected, whereupon the HSM locks itself and prevents the internal memory from being read (Figure 1).
Image 1Connecting an HSM to a smart home sensor. The external HSM is connected to the microcontroller via a bus supported by the HSM. The HSM can be used to store sensitive information, such as keys and certificates, and to establish a secure connection to a server.
To detect these manipulations, the HSM uses various sensors that can detect, for example, changes in pressure or light, extreme temperature fluctuations, or X-rays. This allows sensitive data, such as keys and certificates, to be stored securely within the HSM. HSMs also have the advantage of being specifically designed for cryptographic algorithms. The cryptographic functions are executed faster than on a standard application microcontroller. Only the bus connection can limit the speed.
For expanding existing systems with HSMs, elements that use SPI or I are suitable.2The HSM can be connected via C. This eliminates the need to replace the system's microcontroller, but simply extends it with the external element. This requires adjustments to the application software and a firmware update for the system. When developing a new system, an HSM should be incorporated directly into the design phase (security by design).
From a simple distribution network to a secure and environmentally friendly smart grid
As part of the EU research project CONNECT, in which the company Mixed Mode As a member of the Infineon Security Circle Partner Network, the OPTIGA Trust X was used as an HSM to secure a smart grid (Image 2The transformation of the energy grid from a pure distribution network to a smart grid is an essential step to achieve climate protection goals and significantly reduce the need for fossil fuels.
Key elements of this transformation include the expansion of the energy supply network for real-time condition monitoring, secure communication methods for the exchange of condition, control and monitoring data, and the efficient conversion of electrical energy to link consumers, storage facilities and energy sources.
Image 2: Smart grid communication infrastructure in the CONNECT research project. The wireless sensor network measures the power consumption of individual devices and transmits this data to the gateway via an encrypted connection. The gateway configures the sensor network and forwards the received data to the communication hub. The communication hub processes the data and sends it to the backend infrastructure via a power line communication interface.
A key issue here is secure wireless and wired communication for the exchange of the aforementioned data between the sensors and actuators involved in a property, as well as with an underlying backend infrastructure, consisting of the communication network structures from the sensor or actuator via central communication nodes to the consumer and the supplier.
Security requirements primarily concern
- embedded, energy-efficient systems
- the smart grid itself
- The wireless networking of intelligent sensor nodes in the application case of the Wireless Sensor Network
Interception and manipulation of data in the wireless sensor network must be prevented between the sensor nodes and the gateway, which is a critical link. This task is handled by the OPTIGA Trust X, which detects and prevents any hardware tampering and serves as a secure repository for keys and certificates. Communication between the gateway and the energy grid is implemented via a communication hub based on a Linux platform. The security of this hub is ensured by an HSM from NXP. The sensor data is encrypted and transmitted from the gateway to the energy grid via the communication hub, with the encryption keys themselves stored on the HSM and therefore inaccessible to attackers.
The modular operating system RIOT can be easily expanded with different IoT devices.
The OPTIGA Trust X from Infineon, used in the wireless sensor network, is certified according to Common Criteria EAL6+ (high) and is therefore the company's most suitable security controller. It supports ECC256, AES128, and SHA-256 and has four memory locations for keys and two for trust anchor certificates. As a turnkey solution, it offers the possibility of establishing a secure connection via TLS/DTLS with minimal effort.
The security controller is used in conjunction with the RIOT operating system (Image 3), which was specifically developed for IoT devices. Its modularity allows it to be used with various microcontrollers and peripherals, and it can be expanded relatively easily with new components.
Image 3: Standard structure of the RIOT operating system with kernel, drivers, modules and network stack
To use the HSM, the library supplied by Infineon was integrated as a new module. The controller software works directly with the I2C and Ethernet drivers. Therefore, no further data handling by the application is necessary. Only changes to the Physical Abstraction Layer (PAL) of the OPTIGA library were required. Infineon delivered the PAL functions adapted for their demonstration. Here, the driver functions had to be replaced with those specified by RIOT. Furthermore, the OPTIGA library functions were used in the application to utilize the HSM's cryptographic algorithms (Image 4).
Image 4: RIOT operating system structure extended to include OPTIGA Trust-X functions
DTLS is used as the encryption technology because it enables connectionless secure communication based on UDP (Image 5The sensor nodes and the gateway receive their key pairs and certificates based on the same root of trust. The keys, certificates, and root of trust are stored on the secure element by the administrator during initial setup. This ensures that only devices authorized by the administrator can communicate within the network. As a result, communication across the entire wireless network is protected, and eavesdropping or manipulation of the data is impossible.
Figure 5: How a DTLS connection works. The server authenticates itself to the sensor using its certificate. The sensor can verify the certificate's validity via a trust anchor stored on the HSM. Optionally, the sensor can also authenticate itself to the server. A shared key is then negotiated, which is used for further secure communication.
The methods described so far represent the first approach to securing data and devices. Tests and evaluations revealed a vulnerability in the HSM's connectivity: A potential attacker could potentially access information from the SPI or I.2Reading the C-Bus is possible. If the data is not transmitted encrypted, it could even be read in plaintext. Therefore, the bus's security must be guaranteed. This requires storing a key on the microcontroller, which must be equipped with a memory area that cannot be read or modified via any interface after programming. Such a solution must also be supported by the HSM and is currently being integrated into a new HSM by Infineon.
A microcontroller with a built-in HSM, which protects the entire controller against tampering, would be significantly more advantageous. The disadvantage, besides the higher cost, is that such microcontrollers are usually difficult, if not impossible, to retrofit into existing systems.
Securing data and devices always involves weighing costs against benefits. However, one thing is clear: IoT devices must be protected from attacks.
Partners on equal terms: Cooperation between Mixed Mode and MicroConsult in the training sector
As one of the largest training providers in and around Munich, MicroConsult offers a perfect platform for the embedded know-how of Mixed Mode. The cooperation between the two companies includes joint multi-day events. Workshops in the field of the Internet of Things (IoT). Through this cooperation, the two partners combine their IoT project experience, decades of embedded software engineering expertise, and methodological and didactic professionalism.
The MicroConsult Seminars and Workshops They provide you with the necessary tools to develop and implement efficient solutions for protecting your systems.
Further information
MicroConsult Training & Coaching on the topic of IoT
MicroConsult expertise on the topic of IoT
MicroConsult Training & Coaching on the topic of Safety & Security
MicroConsult expertise on the topic of safety & quality
Source of images 1-5: Mixed Mode
