Hardware-Based Trust Provides Key to IoT Security
2016年11月9日byMark Patrick, MouserSecurity is more important than ever for IoT designs.
Security is more important than ever for IoT designs.
As the internet of things (IoT) develops, the issue of security is taking center stage. The connectivity and protocol standardization that the IoT entails increases the threat to devices and, through them, the service-networks to which they provide access. A number of threats have already become apparent, such as the hacking of motor vehicles through their互联网连接的信息娱乐系统and a variety of attacks on industrial as well as home devices and甚至玩具.
在许多情况下,由于制造商采取的预防措施较弱,这些骇客是相对基础的。设备通常使用标准且易于猜测的密码发货。用于编程IoT设备的应用程序通常包含有关其内部数据结构的信息,从而为黑客提供有用的弹药。
通过关注IoT端点和设备,黑客可以启用许多攻击类型,从简单的观察到获得对较大基础设施攻击有用的信息到直接操纵设备或网络的信息。需要的是建立在真正信任根源的物联网设备的体系结构。
Root of Trust
Aroot of trust提供了一种仅与认证用户和应用程序建立安全通信的方法,从而降低了黑客将消息发送到可能损害其安全性的设备的能力。信任的根源还为网络本身提供了一种验证设备以防止黑客使用自己的硬件来通过模仿批准的设备破坏系统的手段。
“信任的根”过程。图像提供Mentor Graphics
The keys and certificates used by secure protocols need to be stored in memory. But this needs to be a memory area that is separate from that used for application data. To be trusted, those keys and certificates need to not only be valid but be protected from inspection by secure circuits in the hardware that prevent readout by any unauthorised user.
Cryptographic processors complete the implementation by providing direct support for the protocols needed to securely authenticate and communicate with the device without risking the exposure of the full secret keys and certificates to other software running within the device.
尽管人们对早期物联网产品的安全性不佳,但基于信任根概念的基础设施已经存在并且正在大规模生产中。一个示例是旨在支持GSM和后来3GPP标准的数字手机的例子,该标准将强大的安全性作为其化妆的关键部分。
为了使其能够访问蜂窝无线网络,每个手机都必须包括一个订户身份模块(SIM),该模块为操作员提供了与手机或设备进行身份验证和通信的手段。类似的硬件结构是最初是为个人计算机开发的,可信赖的处理器模块(TPM),现在用于嵌入式产品(例如销售点(POS)终端)。
公钥基础架构
这些模块的核心是公共密钥基础架构(PKI)架构。它是一种提供许多设施来支持物联网设备的安全需求的设施,并且不仅开始出现在为手机和PC开发的设备中,而且还出现在更精简的嵌入式系统中。
PKI revolves around the concept of asymmetric cryptography, in which documents and other software objects are signed and checked using a combination of private and public keys. The mathematics of PKI relies on the inability to easily derive a private key from an associated public key. The public key may be disseminated freely. The private key needs to be protected.
在嵌入式设备中,具有保护内存的安全性加密处理器提供了理想的基板。一个例子是PIC24FJ128GB204具有128KB的片上RAM和硬件加密支持。它是Microchip Technology制造的MicroControllers的PIC24F GB2家族的成员。
A key facility of a hardware trust module processor is to ensure that when the device boots, it is running only authorized code and that an unknown outsider has not compromised it. This is known as a secure boot. When the device starts up and reads the code from onboard read-only memory (ROM), it checks that each major segment has been signed by an authorized supplier.
供应商使用私钥签署代码块。此签名过程创建了代码本身的单向哈希,并结合了私钥。硬件信任组件检查了哈希以检查真实性。需要使用适当的键签名,以在安装或更新之前进行信任模块检查。
如果该设备遇到了错误签名的代码块,则通常会阻止受影响软件的加载,并可能进入恢复状态,该状态试图从原始供应商那里获取授权代码 - 可能会恢复为ROM中存储的工厂代码 -并将警报发送到服务器。
尽管可以在没有硬件信任模块的情况下实现某些形式的安全启动,但如果黑客已经渗透到固件中,则很难确保启动过程正确停止。硬件信任模块中的处理器可以通过代表主机处理器对固件的关键部分进行解密来实施安全性。它还可以将解密服务拒绝为没有正确的哈希或密钥的任何软件组件。
With the ability to protect on-chip keys and prevent them being changed or read out by an attacker, Microsemi’s range of flash-based FPGAs, such as theSmartFusion 2, can be used to support secure-boot and other security functions.
Microsemi的SmartFusion 2的框图2
Trust Model Certificates
Once the device has booted correctly, it can authenticate itself to the network using PKI mechanisms. Typically, the device will set up secure communications using a protocol such as Transport Layer Security (TLS), an adjunct to the commonly used HyperText Transfer Protocol (HTTP).
硬件信任模块中存储的数字签名证书提供了远程服务器,并确信他们正在与已知资源通信。实际证书存储在信任模块中,因此仅通过网络和设备自己的内部总线提供可公开访问的数据,以防止黑客能够利用窃听技术。
Without a hardware trust module, the hacker may be able to use a logic analyzer or other instrument to probe the memory of the device and obtain the secret keys and certificates that can then be used to spoof the network servers.
相反,IoT设备需要确保仅从其他可以信任的设备或服务器中获取命令。通过让硬件信任模块检查这些其他设备的证书,以保护存储在受保护内存中的键,该设备可以确保仅使用授权系统进行通信。
随着服务配置文件的变化,PKI交换的使用允许添加或删除证书。这不仅可以随着时间的流逝而增强服务,而且可以从不再属于网络的一部分或已知被妥协的其他系统被删除。
By taking advantage of the experience and technological infrastructure that has been developed for mobile telephones and computing, IoT manufacturers can gain a head start in providing a secure base for their products. The availability of devices such as members of Microchip’s PIC24 GB2 family and the flash-based FPGAs from Microsemi provides IoT manufacturers with easy access to those technologies, giving them a solid foundation for the secure IoT.
行业文章是一种内容的一种形式,可让行业合作伙伴与所有有关电路读者的新闻,消息和技术分享有用的新闻,并不适合编辑内容。所有行业文章都遵守严格的编辑准则,目的是为读者提供有用的新闻,技术专长或故事。行业文章中表达的观点和观点是合作伙伴的观点和观点,而不一定是巡回演出或其作家的观点和观点。
