TruePERSPECTIVES_logo.png

What IoT developers need to know

Posted by Magnus Unemyr on Mar 28, 2015 10:32:00 AM

No-one has missed the media frenzy around Internet of things (IoT). As embedded developers start to ship all those IoT devices that are about to make our lives easier and better (or at least, more connected), security will become a major problem onwards.

The close cooperation between Atollic and SEGGER leads to a common goal here: supporting your IoT initiative! But IoT must be safe and secure for all, for industry applications as well as for consumers. And herein lies an important obstacle for many IoT developers in the future, I think. 

 iot

The only way is to lock all backside entries to your system, which is most easily done by using an easy but genius system. SEGGER calls it emSecure. The software was nominated at Embedded World 2015 as a breakthrough innovation.

Actually emSecure is based on the well-known RSA principle. It allows to secure customer´s H/W and firmware with an easy and very efficient software mechanism. Right away: this principle has nothing to do with encryption! We talk about authentication by signature, not encryption, here.

There are two independent levels of security customers can implement in their new or even existing target applications:

Level 1: Stop hacking of your Firmware

What you need to do:

  • You generate two sorts of keys, a private key and public key
  • The public key will be saved in your application board - i.e. embedded in the firmware
  • The private key you need to keep very private

What you do next:

  • Any firmware update will be completed with a signature, generated using a message digest and the private key
  • You send your signed firmware to your application
  • The boot loader will verify with the local public key the authenticity of the firmware
  • If ok, the firmware will be accepted and the update process will start

Level 2: Prevent Cloning your H/W

What you need to do:

  • Your application board does have a device with a unique ID
  • At your factory, you generate a signature for your board, built out of Private Key, Unique ID and serial number.
  • This signature and the public key will be saved on your board - maybe again as part of the firmware
  • Again, the private key you keep very private of course

What you do next:

  • You apply all steps out of Level 1 if you like
  • The updated firmware will verify the on-board signature at any time, not necessarily during the boot process, if it match with all criterias which are public key, unique ID and serial number – and this takes less than 20msec to verify according to SEGGER.
  • If everything is ok, you can be sure you have the right firmware on the right H/W running
  • In case the verification fails: it is your decision what to do next - send an alert to your office or stop the application (fail-safe of course)

This is a security package for everybody - no need for a special security expert to run this easy to work package. While Atollic do not sell SEGGER’s emSecure solution, it works well with our Atollic TrueSTUDIO C/C++ development tools for ARM Cortex devices like STM32, Kinetis, EFM32, etc. In my opinion, emSecure is the best solution available right now for securing IoT applications.

For more information on development tools suitable for ARM-based IoT development, read this white paper:

Read our ARM development whitepaper!

 

 

Topics: Atollic TrueSTUDIO, Embedded Software Development