Introduction

As embedded devices become more connected, there is a growing demand for implementing security measures. Isn't it possible that device manufacturers are lagging behind in their countermeasures against the daily advances in hacker attack methods? Dedicated components such as secure elements and high-end system-on-chips (SoCs) that implement advanced cryptography, secure on-chip key storage, power analysis attack countermeasures, and other security features are easy to find. Properly integrated into the system design, these components provide powerful defenses to the devices that host them.

So if security components are readily available, why are attacks against connected embedded devices routinely successful? After all, there are countless examples of cyberattacks on electronic systems. According to an independent study, the number of cyberattacks against IoT devices in the U.S. soared 300 % year-over-year in 2019. At the same time, approximately 57% of IoT devices in the US are vulnerable to moderate-to-high severity attacks, with an estimated average cost of $ 9 million per compromise of an IoT endpoint.

Lost revenue due to service outages is not the only cost of a successful cyberattack. Other damages include damage to the brand image of product manufacturers, the possibility of punishment by government authorities for violating security regulations, and the need to urgently restore and repair highly skilled and expensive technical resources that had been under development. is mentioned. Regulations in this area continue to tighten, requiring IoT device manufacturers to pay attention to compliance requirements. EU cybersecurity law and Chinese cybersecurity law impose broad requirements requiring independent verification of device vulnerabilities, and California consumer privacy law provides one-time penalties for violating companies. A fine of $ 2,500 has been imposed.

But despite these costs and regulations, compromised endpoints remain vulnerable. It can also be caused by vulnerabilities in parts of the system beyond the secure element or secure SoC. Such vulnerabilities are most commonly found in standard external flash memory that contains sensitive code and data.

In other cases, the system lacks a secure element or secure SoC and lacks advanced protection, leaving the device open to cyberattacks.

In either case, the investment cost and difficulty are usually the barriers to implementing hardware-level security. It is also true that advanced payment-grade security components for financial products such as payment terminals and mobile phones are technically complex and difficult to implement by engineers who are not security experts.

Now, however, a new generation of secure flash memory products has entered the market, providing a secure hardware foundation for embedded devices that do not require the security-grade protection of electronic payments. Employing the footprint and pinout of commonly used standard flash memory packages and controlled by the standard SPI NOR flash instruction set, these secure flash memories are easy to implement for typical embedded device designers. Not only is it easy, it offers comprehensive security features that protect connected devices from attacks on system integrity and data privacy.

Reasons to implement security on memory devices

Traditionally, non-volatile memory has been thought of as a simple device. A bit is written and then the same bit is read. It is usually thought of as storage rather than processor.

In fact, all NOR flash memories used for storage of code and application data naturally contain logic that controls memory operations and communication with the host via a serial peripheral interface. Secure flash devices build on and extend this logic block to provide security features in addition to memory control functions.

Winbond and other flash memory manufacturers have developed this new generation of secure flash products due to the limitation of embedding flash memory technology in microcontrollers (MCUs) and SoCs. Advanced microcontrollers and SoCs are moving to wafer fabrication processes at sub-20nm nodes, but the scaling of embedded NOR flash has not kept pace. This means that modern MCUs and SoCs cannot embed processes in floating gate flash and do not have enough capacity to store critical software code for execution.

Therefore, today's embedded device designs commonly store application code in external flash memory devices. However, in a connected environment, especially for Internet-connected IoT devices, bootcode stored in external flash is vulnerable to attack, unless the memory device itself is protected by comprehensive security features. Risk of theft or break-in. This is the value of secure flash devices that complement SoC/MCU security.

Key Features of Secure Flash

The reason for replacing standard external NOR flash with secure flash in IoT endpoints is to protect the integrity of boot code and application data. Various secure flash devices on the market offer some form of secure storage. At its most basic, this security feature provides secure, encrypted authentication. In other words, the flash device only allows read and write operations to authorized hosts and protects the data from being accessed by devices other than the host SoC.

Figure 1: The W77Q can establish a secure channel with a remote authentication service on the cloud​and update software wirelessly even if the host SoC is compromised (Image source: Winbond)

However, this provides only a limited form of security protection. Protects against various cyber-attacks, EU In order to comply with regulations such as Basic Level and Sufficient Level Security Capabilities of the Cyber Security Act, Winbond TrustME ^® Family-friendly and secure NOR flash memory, W77Q was developed and added. In addition to secure authentication, W77Q provides the following features:

● Resiliency: Through protection, detection, and recovery,
　　 IoT Allow the device to automatically reboot to a known safe code
● Root of trust allows hosts SoCs and cloud computing services
Enable authenticated communication with external systems
● Secure data storage
● Through a secure channel between flash memory and a trusted remote authentication service on the cloud,
Wireless firmware update is possible. This channel is SoCs even if it is infringed
　　 SoCs means that the memory can be updated to a newer version of the bootcode independently of the 1 reference)

again, W77Q has been evaluated by an external accredited lab. EU of GDPR complies with the requirements of privacy laws and EU provides an “adequate” level of protection as specified by the Cybersecurity Act of CC EAL2 (VAN.2), IEC62443, SESIP,and Arm Platform Security Architecture (PSA) certification has already been obtained.

Resilience is IoT A feature that is particularly important for devices and missing in most secure flash products on the market. Some devices, such as utility meters, require protection against physical intrusion (tampering), which is a common form of attack. Large, highly valuable assets such as power plants and military bases can be subject to physical intrusion into local area networks.

but, IoT For devices, the main threat is a scalable cyber-attack that exploits remote connections over the internet and attacks the entire installed device. National Institute of Standards and Technology (NIST)of SP 800-193 The standard specifies mechanisms to protect firmware and configuration data from such attacks and to detect and recover from successful attacks. W77Q provides the fault tolerance required for compliance with this standard. For fault tolerance 3 There are two elements. from the attack protection, of the attack Detection, and from attacks recovery (Fig. 2 reference).

Figure 2: W77Q constantly maintains platform health through protection, detection and recovery (Image source: Winbond)

Features such as encrypted authentication to prevent unauthorized devices from accessing data can help protect IoT devices from attacks. However, since an attack may succeed on the host-side SoC, W77Q has a function to detect when an attack has occurred. For example, it automatically checks the stored code for corruption whenever the code is updated or accessed. You can also scan the code with host device instructions.

If the attack is successful and the W77Q detects, for example, that a compromised authenticated SoC has corrupted its boot code, it will automatically perform the appropriate verifications on its own and recover the platform's firmware. This is done via a "safe fallback" feature that restores the bootcode to a known safe version. This safe fallback feature is supported by an authentication watchdog timer that can force the host SoC into a clean boot with known safe code.

Security features for everyone

Winbond is W77Q In developing , we aimed to provide an off-the-shelf multi-layer security feature set that customers can easily deploy (Fig. 3 reference). W77Q At Winbond we offer:

● End-to-end out-of-the-box security that requires no prior security expertise
● Rapid deployment
● It is possible to build a total solution by combining products provided by security software partners.
● Simple security authentication
● Affordable price

Winbond is a familiar SPI NOR By providing this comprehensive set of security features in a flash package, cyber-attack unprepared IoT We will contribute to prevent the device from appearing on the market.

Figure 3: Comprehensive protection against cyberattacks requires implementing multiple layers of security features (Image source: Winbond)

Inquiry / Quotation

If you have any questions about this product, or would like to request a sample or estimate, please contact us using the form below.