What is Security in the Information Age?

Today, new industries and businesses that make full use of ICT technology are being born, so-called the 4th Industrial Revolution. High availability of enterprise server environment, high performance and cost reduction of microprocessors/microcontrollers, rich software development environment, advancement/standardization of network environment, development of practical algorithms represented by 3rd generation A/I boom. With the flowering, it has become an era in which various service models are developed and operated. We are in an age where the conventional vertical service model has evolved into a horizontal service model that spans segments, and smart supply chains have enabled the automatic production of goods without human intervention.

On the other hand, the market for vulnerability diagnosis tools and countermeasure technologies is blooming for cyber security attacks that attempt to gain unauthorized access over networks and steal or tamper with information. In ICT product development, there is a trend toward open source communication protocols and embedded control programs (OS, driver software, middleware, etc.). Because we are in an environment where anyone can collect necessary information, the implementation of security functions has become an issue.

Increased device software code size

The advanced functionality of ICT equipment is realized by running rich software on high-performance hardware, and the code size tends to increase. Figure 1 is a reference from Codebases – Millions of lines of code from the information is beautiful site (https://informationisbeautiful.net/visualizations/million-lines-of-code/).

 

Click image to enlarge

Figure 1. Codebases – Millions of lines of code

 

Such an increase in software code size increases the probability of existence of security holes, and many actual hacking cases have been reported. It is well known that in the world of personal computers, anti-virus software runs on the back end, virus definition files are regularly updated, and application software itself is also upgraded for security measures.

 

Built-in electronic systems such as ICT equipment, especially systems such as industrial systems and in-vehicle equipment, will be used for more than 10 years, so the concept of software maintenance after product shipment until disposal is similar. is needed. Hacking techniques are evolving day by day.

 

Specifically, the microprocessor (MPU), which is the brain of the system, and the flash memory, which loads the boot code and setting data (hereafter referred to as firmware), form the basis of the embedded electronic system. . In this article, we will explain the embedded electronic system lifecycle management and robust service platform using the newly developed secure flash memory W77Q.

 

The Role of Secure Flash Memory in the Lifecycle

Lifecycle management starts with semiconductor/system design, shipping of semiconductor chips, installation of keys and firmware, settings, board mounting, assembly, product shipment, handing over to end users via the supply chain, and start of use. This article defines the maintenance of soundness of ICT equipment products (embedded electronic systems) in a series of processes from operation to disposal (Fig. 2).

Figure 2. Lifecycle management of embedded electronic systems.

Lifecycle management consists of appropriately monitoring that the system is operating as expected, accurately recognizing any abnormalities, and recovering from them (resilient security management). For example, in the event of a product recall, securely update configuration data and firmware.

“How to implement trust anchors as the foundation of lifecycle management”

We see products that implement a series of such lifecycle management functions in high-spec ICT equipment such as enterprise servers and edge computing. However, there is a limit to the cost that can be invested in ICT equipment on the scale of several thousand yen to several tens of thousands of yen.

 

Now, I will explain how the W77Q secure flash memory can contribute to life cycle management as a component of ICT equipment with strict cost. From the perspective of trust anchor implementation around the MPU and boot memory, there are three possible design methods shown in Figure 3.

 

"Figure 3. Implementation example of trust anchor"

 

The secure element in Figure 3-1 is a dedicated security chip with tamper resistanceNote ^1. Its main functions are key generation and key storage. stores the underlying key that builds the secure channel of However, although the secure element has a secure data memory area, it cannot contain firmware.

 

Therefore, it becomes an additional semiconductor component, which increases the cost. However, it is an essential component for applications that require high security, such as financial applications. In contrast, the example in Figure 3-2 is a solution that has the trust anchor function on the MPU side. Build the minimum necessary keys for building a platform and a secure channel with OTP (One-Time-Program) or e-Fuse, and use the built-in security coprocessor for authentication, authenticity check, encryption and decryption. will do.

 

However, since the flash memory used for firmware storage is not secure, the security functions of the MPU are used to check the authenticity of the firmware (is it tampered with? Is it the official code issued by the manufacturer?) need to convert. The same applies to the application software to be executed. In other words, processing overhead other than the original application execution increases.

 

In system product development, this method affects not only the cost of the MPU main chip, but also the development for the security firmware, which affects the total cost increase. Also, since software is combined, the code size increases as explained at the beginning, and there is a possibility that a security hole will occur there.

 

Finally, Figure 3-3 is for our secure flash memory W77Q. W77Q maintains the authenticity of the firmware by itself (Is it tampered with? Is it the official code issued by the manufacturer?) and can perform the update by forming an end-to-end secure channel. SPI NOR flash memory with built-in functions.

 

In addition, the Root-Of-Trust engine, which can automatically generate an authenticator that can identify a device by the uniqueness of hardware and firmware even in a complicated wired or wireless network environment, is installed in a form that does not depend on the MPU, so it can be installed on the service platform. to securely identify W77Q. In other words, in the example of Figure 3-2, some of the security functions performed by the MPU can be delegated to the memory side.

Consistent and secure lifecycle management

In case the MPU is hacked, there is also a mechanism to clean boot the MPU at the platform level (between the cloud service and W77Q) (platform resiliency). These security functions are independent of the MPU and implemented 100% in hardware, making them more resistant to attacks. These built-in security functions of the W77Q make it possible to consistently and securely manage the life cycle of embedded electronic systems as shown in Figure 4.

Figure 4. Embedded electronic system lifecycle management with secure flash memory W77Q

Here, the device master key and firmware are installed, and at the same time, a device master key list linked with a unique ID is created. This information is managed and operated by trusted partners, service providers, and maintenance companies to manage the system lifecycle. Once a device master key is set in a secure environment, a secure channel can be established on the service platform. It is possible to upgrade functions. As a result, the burden and cost of infrastructure preparation on the customer side can be reduced, and the life cycle management of robust ICT equipment products (embedded electronic systems) can be realized.

W77Q not only protects against hacking and attacks from remote attacks on cost-sensitive embedded electronic systems, but also protects against illegal modifications by the end-users themselves, and builds secure channels at the platform level, secure FOTA and security feature upgrades. By supporting , you can keep your remote service healthy as a result.

W77Q does not completely replace the MPU built-in security function shown in Figure 3-2. "Security-By-Design" combined with an MPU equipped with an appropriate security coprocessor functionNote ² contributes to system design that considers the balance between required performance and cost.

In 2016, we developed the world's first secure flash memory W75F and obtained CC EAL5+ certification. The W75F targets high security applications against proximity attacks with physical approaches. W77Q, on the other hand, targets medium-to-low security applications that assume remote attacks via networks, and is pending CC EAL2-3 certification. These two families of secure flash memory, W75F and W77Q, will meet a wide range of security needs for ICT equipment.

Note 1: Tamper resistance: The difficulty of analyzing the internal structure of a system and the difficulty of detecting it.

Note 2: For example, block encryption/decryption of data used by applications for network communication, key generation, etc. use the hardware security coprocessor and software algorithms built into the MPU.

Inquiry

If you have any questions regarding this article, please contact us below.