The Internet of Things (IoT) now touches nearly every pillar of modern technology, including electromechanical, processor, communication, infrastructure, sensor and cloud tech. In a standard IoT architecture, there are four primary divisions that enable the functionality of the system.
- Stage 1: “Things” like Sensors and Actuators
- Stage 2: Gateways and Data Acquisition
- Stage 3: Devices for Edge Data Processing (to minimize what is sent to the cloud)
- Stage 4: The Cloud (Public & Private) and Remote Applications
At each of these four stages, the security of the physical device or its cyber security must be considered. Each stage can expose critical information amongst the other stages if end-to-end security measures are not taken. In the last decade, a groundbreaking approach to ensuring end-to-end security across all IoT stages has emerged. Secure Elements and Trusted Platform Modules, commonly referred to as TPMs, are physical cryptographic microcontrollers explicitly designed to secure all system hardware via integrated cryptographic keys. This article looks at the stages of IoT security, how TPM security technology emerged, and how it can be used in conjunction with built-in processor security.
Stage 1 to stage 2 of the IoT
The first stage of IoT consists of the “things,” such as smart lights, sensors, actuators, wearables, and even appliances. Each of these end-point devices is connected to the web, either wirelessly or wired, via internet gateways or hubs (stage 2 of the IoT). The two-way connection between these devices can consist of collected information from the device, commands from the gateway to the device, and even software updates for the endpoint. Regardless of the data exchanged, the security of this information can be critically important to the end user and the system that supports it.
For example, a residential wireless security camera system may contain sensitive information about its users or its surroundings, such as when people are typically home or not. If this information is intercepted between the device and the internet hub, the cyber security of the entire architecture is considered compromised. Alternatively, if a gateway is prompted to connect to a ‘counterfeit’ or malicious endpoint, proprietary software can be intercepted, or malicious information can be shared. Likewise, previous versions of software with known issues or potential back doors can be sent to a compromised device during an unprotected over-the-air (OTA) update in a roll back attack.
Secure elements and TPMs can enable device-to-device authentication via secure cryptographic keys and certificate authority, to ensure the Stage 1 to Stage 2 connection (the connected “thing” to the gateway device) is constantly secure from cyber threats. This hardware-based security approach ensures that each device is securely authenticated with its expected connection points.
In the first of the two examples above, a TPM can protect against authentication violations, as the endpoint connects to the expected gateway, and that the information is secured upon receipt. In the second example, a secure element on the endpoint can verify that the secure gateway is connected to an authenticated endpoint device. Secure elements and TPMs can provide unique device identity and native authentication of other connected devices, making the system less prone to cyberattacks.
It is also worth noting that advances in secure elements have created ways to authenticate a direct cloud connection without a gateway. Some edge devices now connect directly to the cloud without a gateway, consolidating the Stage 1 to Stage 2 connection.
In an effort to globally standardized TPM specifications and provide authenticated security across a spectrum of devices, the Trusted Computing Group (TCG) organization was established in 2003.
“The Trusted Computing Group (TCG) is a not-for-profit organization formed to develop, define and promote open, vendor-neutral, global industry specifications and standards, supportive of a hardware-based root of trust, for interoperable trusted computing platforms. TCG’s core technologies include specifications and standards for the Trusted Platform Module (TPM), Trusted Network Communications (TNC), and network security and self-encrypting drives. TCG also has work groups to extend core concepts of trust into cloud security, virtualization, and other platforms and computing services from the enterprise to the Internet of Things."
Stage 2: IoT gateways and DAQs
In a traditional IoT system, the Stage 2 device — such as gateways and data acquisition systems — are then connected to Stage 3 Edge IT devices like analytics, pre-processing, and data aggregation systems. Personal computers and local servers are considered Stage 3 devices, as they contain data acquisition and processing systems that can be used to locally manage Stage 1 and Stage 2 devices. They can make decisions based on multiple data points from different sensors and take real-time action without needing to go to the cloud for processing. This allows much smaller amounts of data (and in some cases metadata) to be sent to the cloud for data tracking or higher-level system management. Cyber security between the gateway and local data processing devices can take on many forms. Depending on the industry, this data can range from very simple to highly complex and can even contain personal information, intellectual property, or other critically important information.
TPMs are often used at this edge processing stage for the protection of a more complex embedded system than what is seen between devices and the gateway or hub. There is often a higher-level operating system running on a microprocessor that can take advantage of a TPM. For example, TPMs can authenticate secure software updates and encryption, detect faults or manipulation in the code, prevent rollback attacks, enable secure boot, and handle device management. To achieve this advanced level of security, TPMs used in Stage 2 and Stage 3 devices generally secure operating systems such as Linux, Embedded Windows, Windows, or proprietary embedded OS’s.
Stage 3 to stage 4 of the IoT
Stage 3 to Stage 4 security is the most complex and can benefit from TPM cyber security. Communication from Edge IT, computers, and local servers with data centers and cloud services requires advanced integration via cloud hosts like Amazon Web Services. These advanced TPMs are primarily used for secure boot, OTA updates, secure data encryption, supply chain support, device management, firmware security, device identity, and device authentication.
Additionally, TPMs can prevent local attacks, side-channel attacks, fault injection, and even invasive hardware attacks. These TPMs may feature dedicated double computation, encryption, digital signature processing, IP protection, and can even be tamper resistant. A TPM may also be used at this stage to validate if commands coming from the cloud are legitimate and to confirm that information submitted to the cloud from the Edge IT node is secure and communicated to the correct server.
TPMs are generally seen on personal computers and IoT management systems and are commonly used in modern-day computing applications. For example, if the start-up or boot time of a computer is considered outside of a normal range it could be a sign of unexpected changes to firmware or system configuration. If the TPM deems this behavior unacceptable, highly secure applications and system settings can be blocked. The actions that the TPM can take can be fully customized by the OEM or system manager, so long as the necessary cryptographic keys and authentication criteria are met.
On-chip security can result in overdesign
In bespoke embedded solutions, hardware design best practices dictate that hardware overhead should be minimized. It’s critical to ensure that all hardware used in an embedded design serves a purpose and is not overdesigned. For example, remote health monitoring devices often need very little native processing power but require enough security to prevent cyberattacks on the network these devices are used within. In order to secure confidential patient information and meet local regulations, an engineer designing a remote health monitor to protect from possible cyberattacks with an on-chip security system (rather than a TPM) may consequently overdesign the rest of the embedded MCU. A more efficient alternative would be to pair a simple MCU with a TPM to minimize overdesign and significantly reduce BOM cost.
TPMs offer profoundly higher security at a lower cost than alternative on-chip embedded security solutions and offer engineers more flexibility in their designs.
Secure element and TPM security
At its foundation, Trusted Platform Module technology is standardized to ensure the highest quality of cyber security at an efficient price point in IoT solutions. While secure elements and TPMs have been used for over a decade in mission-critical security and encryption applications, the foundations of TPM are now implemented across the entire IoT stack to ensure necessary security at every stage.
IoT OEMs utilize secure elements and TPMs to protect from counterfeiting, cyberattacks, and non-authenticated connections, which indirectly protects them against IP loss and helps maintain brand confidence and market share. Secure elements and TPMs can be used to validate authenticity, integrity, and confidentiality in your devices and IoT infrastructure, and can simultaneously help OEMs reduce costs.
To learn more about security solutions, download the Arrow embedded security solutions eBook today.