Securing High-Value Embedded Targets

Embedded devices are becoming lucrative targets for attackers.


Understanding security threats and building solutions to protect against them is a relatively new concept for embedded developers. As an example, many early IoT devices were focused purely on cost. Designers spent very little time architecting robust security solutions. Today, these devices are more involved in users’ daily routines, processing sensitive data such as personal medical information or financial transactions. These types of “high-value” applications become lucrative targets for hackers and thieves.

A high-value target example: Embedded SIM (eSIM) / Integrated SIM (iSIM)
Most mobile devices still support a small Subscriber Identity Module (SIM) card in a dedicated tray. This card can be physically swapped out to change providers, but must be done manually. GSMA is supporting a new standard for integrating the SIM functionality within the applications IC (or modem chip) itself. This will facilitate smaller mobile devices by removing the SIM card and the tray from the bill of materials. This integration allows users to seamlessly switch operators without physically changing a card. The embedded or integrated SIM functionality will be accessible by multiple operators and can be updated, or provisioned over the air (OTA). Many popular mobile devices such as LTE enabled tablets and smart watches are now deploying this type of integrated SIM solution.

The SIM card for a specific user contains personal information such as PIN numbers, unique device identifiers and text messages. Protecting this data and preventing unauthorized access to services are a high priority for carriers. To adequately protect this information, several security features are required – including strong cryptography on data, processor instructions and communication protocols, countermeasures to repel side channel attacks such as differential power analysis (DPA), and mechanisms to partition system resources (memory, peripherals, etc) as known secure vs. untrusted or non-secure.

Fig. 1: Embedded SIM architecture example.

An optimized secure subsystem solution
Synopsys has developed an ARC Secure IP Subsystem targeting applications requiring a programmable hardware based trusted execution environment. This subsystem was architected to specifically address the types of attacks likely to be waged against high-value targets such as mobile devices supporting embedded SIM functionality.

Fig. 2: Secure IP subsystem.

The subsystem is fully configurable and is built around security processors, which incorporate advanced side channel and tamper-resistant features to protect against ever evolving threats. These features include error detection and parity on memories and registers, uniform instruction timing, power and timing randomization and an integrated watchdog timer to detect system failures and tamper events. The processor also leverages SecureShield technology, providing isolated execution contexts with a secure MPU and support for AHB5.

Outside the core, additional system level features are provided to insure the confidentiality and authenticity of non-trusted memory. The secure external memory controller provides cryptographically strong algorithms, decrypting both instructions and data on the fly. This is especially critical for external memory shared with the application processor. The partitioned (secure) code and data is always stored encrypted, and only decrypted within the secure subsystem when accessed. Latencies are hidden by caching with the subsystem’s secure perimeter.

Cryptography options within the subsystem accelerate encryption for a range of algorithms including AES, 3DES, SHA-256, RSA and ECC. To provide customers flexibility, the subsystem supports many cryptography implementation options. A National Institute of Standards and Technology (NIST) validated software crypto library and APEX crypto acceleration are included with the subsystem. Optional support for dedicated symmetric and asymmetric hardware crypto engines is also supported.

To ease application development, the subsystem includes a rich software offering, including secure boot software, NIST validated crypto library and peripheral drivers. A code signing firmware tool allows users to encrypt their code to leverage the subsystem’s external memory controller.

To provide complete system level solutions, third-party software has been ported to the subsystem. The combination of Synopsys software and third-party titles provide a strong proof of concept. As an example, secure javaCard OS and eSIM/UICC stacks have been integrated, validated and benchmarked to provide an eSIM application reference.

Fig. 3: Secure subsystem software architecture.

Security breaches are becoming much more common and more expensive to repair. Historically, for many embedded developers, other factors such as cost and functional integration were much more important than providing protection against security threats. As more functionality is built into embedded devices, they are becoming high-value targets in the eyes of a would-be attacker. Addressing the wide and constantly evolving array of threats requires that IC design teams invest in understanding these attacks and delivering solutions.

The integrated hardware and software features of Synopsys’ ARC Secure IP Subsystem provide a trusted solution that protects against attacks targeting these high-value embedded applications in IoT, mobile, automotive and industrial markets.

Leave a Reply