Hacking is a perpetual fear, but there's a more prosaic need for safety: preventing device counterfeiting.
The internet of things (IoT) brings together billions of devices every day, with exponential growth that is changing the way we carry out our daily activities. Smart homes reduce overall energy consumption. New developments will allow cars to be connected with smart-city infrastructure to create an entirely different ecosystem for the driver. And connected health devices can represent a new, more economical business model for the health care industry, with a strong — and positive — impact on health. With all these advantages, the devices are strongly at risk for hacker attacks such as compromises to information and customizations.
“Why would a medical tool need security? The answer is fairly straightforward. It’s because there are a lot of counterfeit products and misused products in the marketplace,” said Scott Jones, managing director for embedded security at Maxim Integrated. “According to the World Health Organization, roughly 10% of products in developing countries can be substandard or falsified. What we experience in the United States and other countries with well-established medical markets is that this problem exists — and it’s just not something that shows up in very many public articles, as the impacted companies don’t really like to expose the issue.
“We know that it’s a problem, and of course, if we’ve got such a product that’s counterfeit or maybe one that has been harvested from medical waste and reintroduced into the supply chain, then it’s a problem for patient safety.”
Performance and safety requirements vary significantly from one application to another. The success of any medical application depends on the trust of users through robust and easy-to-use solutions, as well as security features that offer reliable protection. Secure authenticators are relatively simple products that are easy to use and relatively low-cost. They are used for the protection of intellectual property, to prevent counterfeiting, and to securely manage medical tools and sensors so that the medical products’ use is restricted to authorized applications and parties (Figure 1).
Security features are based on some fundamental elements, including stable cryptographic ciphers, such as the Advanced Encryption Standard (AES), Secure Hash Algorithm (SHA), and the public-key figures Rivest–Shamir–Adleman (RSA) and elliptic-curve cryptography (ECC).
There are two classes of algorithms within the world of cryptography: symmetric and asymmetric. Symmetric algorithms include AES, commonly used for encryption and decryption, and secure hashing algorithms, which Maxim uses in several of its products to perform these authentication implementations. Industry-standard algorithms including SHA-1, SHA-2, and now SHA-3 are used extensively in cryptographic systems.
“SHA-2 and SHA-3 are two very commonly used and very secure symmetric-based algorithms, both of which we use in our products,” said Jones. “We recently moved to SHA-3 for a few reasons. Released as a standard in 2015, it is the latest secure hashing algorithm, and as a cryptographic solution provider, staying current with standards is critical. A second reason is that, from an IC product design perspective, SHA-3 is optimized for implementation in hardware. Third, SHA-3 natively provides enhanced performance against side-channel analysis as compared to other secure hash algorithms.”
In the asymmetric-algorithm class, also known as public-key cryptography, RSA is a very commonly used algorithm in the computer realm for securely connecting to shopping sites such as Amazon or to other internet-based services. The ECC algorithm was introduced in the mid-1980s and is becoming more of a factor in the security sector. The elliptical curve uses fewer computational resources than the other versions available on the market. Its key sizes are much smaller, thus reducing the memory footprint. ECC has not yet seen wide adoption, but this promises to change with the growth of IoT, as the algorithm allows devices with limited processing power to achieve a high level of security without sacrificing expensive processing cycles and with a minimal effect on application performance.
There are several ECC schemes:
- Elliptic Curve Digital Signature Algorithm (ECDSA) is a digitally signed algorithm that is mainly used to authenticate digital content and identify the author of that content.
- Elliptic Curve Integrated Encryption Scheme (ECIES) is a hybrid encryption scheme that provides semantic security. System security is based on the Diffie-Hellman problem.
- Elliptic Curve Diffie-Hellman (ECDH) allows two parties, each with pairs of public-private keys, to share confidential data on an insecure channel.
Maxim uses ECDSA, Jones said. “Similarly to SHA-3 symmetric, ECDSA can be used for authenticating messages. For example, if we send a challenge to our part that is located in a medical tool, we can use ECDSA to perform a computation and return an answer that a host instrument can then validate.”
Embedded systems continue to be attacked by increasingly sophisticated hackers. Designers must protect the integrity of the product from counterfeits after the sale, thus reinforcing the guarantee that the sensors inside the devices are original and not substandard clones.
Maxim has developed several solutions, in particular a new data protection offering based on physically unclonable function (PUF) ChipDNA technology. DeepCover security integrated circuits with ChipDNA technology offer effective protection against invasive physical attacks. In addition to silicon, Maxim offers drivers, middleware, communication, and support stacks to speed embedded developers’ time to market.
The DS28E50 DeepCover SHA-3 Authenticator offers embedded-system developers an advanced ability to prevent counterfeiting, post-sales cloning, and unauthorized use of intelligent, connected medical and consumer devices (Figure 2).
In addition to providing the industry’s first authentication IC with the SHA-3 algorithm, the DS28E50 incorporates Maxim’s patented PUF ChipDNA technology. With ChipDNA, the secret keys that protect all the data stored in DS28E50 are generated only when necessary and are never stored on the chip.
In the ChipDNA authenticators, the PUF circuit leverages the random analog features of the MOSFET devices to produce cryptographic keys, making the PUF circuit immune to all known invasive-attack tools and capabilities. In addition to the protection advantages, the ChipDNA simplifies or eliminates the need for secure management of the IC keys (Figure 3).
Any attempt to probe or observe ChipDNA modifies the characteristics of the underlying circuit, preventing the discovery of the unique value used by the chip’s cryptographic functions. In the same way, more-exhaustive reverse-engineering attempts are canceled due to the factory conditioning necessary to make the ChipDNA circuit operational.
The unique key is generated by the ChipDNA circuit only when it is necessary for the various cryptographic operations and is therefore eliminated instantly. More importantly, the ChipDNA key never statically resides in registers or memory.
Security is a fundamental issue that opposes increasingly determined aggressors and protects assets from attack. Sophisticated algorithms and keys of considerable length, which only a few years ago seemed to be inviolable, can now be easily neutralized with attacks based on brute force because of the incredible amount of computing power available at low cost. It is therefore necessary to erect ever-higher cryptographic barriers, using longer keys and more-sophisticated algorithms.
Sophisticated invasive attacks are often launched to obtain cryptographic keys from secure ICs. If the keys are obtained, the security provided by the IC is completely compromised, with consequences on the identity of the data that can involve different markets, such as IoT and the automotive sector (self-driving vehicles). A key derived from PUF provides an unprecedented level of protection against invasive attacks because the key does not exist in memory or another static state.