Modern automotive and industrial products, from cars and trains to servo drives and server power supply units, have grown in complexity, requiring real-time control solutions with higher performance. At the same time, these products have become highly connected, requiring strong cybersecurity solutions to maintain the confidentiality, integrity, authenticity and availability of hardware and software assets and the systems built around them. Additionally, the security of the application during runtime has come into greater focus, with larger and more complex software stacks leading to increased attack surfaces for potential threat actors.

To effectively defend against increasingly sophisticated modern attacks on embedded hardware and software, a comprehensive multi-layered approach is required, effectively establishing a root of trust, providing secure storage for critical assets such as cryptographic keys, creating trusted execution environments for performing security-sensitive operations, secure key and code provisioning, and run-time context isolation and memory protection to mitigate the potential reach of malware in the system. This white paper examines these subjects, and how secure microcontroller architectures can maximize these cybersecurity objectives without compromising performance.

Cybersecurity in embedded microcontrollers is directly connected to the safety and functionality of the systems they are deployed in. These systems are often used for critical applications, such as automotive systems, medical devices and industrial control systems. These devices can be vulnerable to various types of attacks, such as data and intellectual property theft, denial-of-service, malware injection, remote control, and physical tampering. Even devices not directly connected to the internet can be exploited by these types of attacks, as evidenced by high-profile exploits such as Stuxnet and Rowhammer. In the automotive market, vehicle thefts accomplished using man-in-the-middle attacks and CAN injection exploits have risen in prominence and frequency, highlighting the need for stronger run-time security protections.

The increased complexity of embedded software in these systems also provides more opportunities for attackers to gain a foothold. For instance, while secure debug (“JTAG Lock”) can provide a reasonably strong protection for the boundary of the chip, communication interfaces such as CAN, SPI and I2C can provide potential entry points for malware or malicious input. Additionally, side-channel analysis and fault injection attacks can be used to bypass existing security protections, or even extract secrets and encryption keys. A cryptographically authentic root of trust, known as secure boot, is necessary to defend against malware that can be potentially introduced into the system through unauthorized firmware updates. A wide variety of embedded devices today feature some form of secure boot to ensure firmware integrity before execution, whether code is stored in external or internal Flash memory.

However, even in embedded flash microcontrollers, secure boot alone is not sufficient. Effective context isolation and memory protection serves to protect critical system code from malware introduced through vulnerable external interfaces, such as communication ports.

Additionally, software implementations of cryptographic algorithms have been the subject of many side-channel attacks, such as timing attacks, resulting in exposed secrets. Software cryptographic algorithms may also fail to meet system performance requirements due to their computational complexity. Hardware cryptographic accelerators can significantly improve the performance of these algorithms, and provide built-in protections against common attacks.

Cryptography is at the heart of embedded security, and is the fundamental means by which cybersecurity properties such as confidentiality, integrity and authenticity can be protected. Confidentiality requires encryption using strong algorithms that cannot be deciphered or broken by unauthorized parties. The sender converts the data to be transmitted into undecipherable ciphertext using a cryptographic algorithm and an encryption key, and the receiver must subsequently use the corresponding decryption algorithm and a decryption key to convert the ciphertext back into the original data. Integrity and authenticity are related cybersecurity properties that focus on establishing trust. Integrity ensures that data has not been altered or corrupted during transmission or storage, while authenticity ensures that the data comes from a legitimate and trusted source. Hashing functions and digital signatures are needed to establish the integrity and authenticity of code or data. To achieve cybersecurity goals and effectively protect the confidentiality, integrity and availability of secured assets, one or more of these cryptographic functions can be used to build an embedded cybersecurity solution.