Georgios Selimis, Senior Security Engineer |
In Part 1 of this blog series on secure medical wearable devices we identified the problem scenario and motivation for better security. In this concluding installment we’ll walk through the steps to make medical wearable devices secure using SRAM PUF technology.
Recipe for Holistic Device Security Using a Single IP – Intrinsic ID’s BroadKey
Let’s see how Intrinsic ID’s software implementation of SRAM PUF, BroadKey, can realize robust security for medical wearable devices. A significant competitive advantage of BroadKey is that it is a software approach to implementing a hardware-based root of trust (RoT). Therefore, any popular existing microcontroller can accommodate it, without designing, procuring or waiting for a new chip.
BroadKey is a software library that uses tiny variations in the silicon of every individual chip to extract a “silicon fingerprint,” creating an unclonable identity from within. This unclonable identity consists of a secret key, a public key and a certificate. The secret key is derived from inherent randomness in the start-up pattern of SRAM inside the chip. The secret key is never stored, but dynamically generated when needed. This makes the RoT highly secure, without the costs of changing the hardware. Besides the secret key generation and secure storage, BroadKey also offers a complete asymmetric (PKI) crypto library. This allows for key pair generation, creating and verifying signatures, and key agreement functionality.
Device Security: Secure Boot Support & Protection Against Reverse-Engineering
The first and very important step to device security is to support secure boot of the device software. The idea behind secure boot is to eliminate the risk of illicit changes of the software. An original software image will be signed by the developer with approved keys and execute only after signature verification on the device. If software has been modified without authorization (e.g. insertion of malware), the boot process will “break.” To support secure boot, we apply a digital signature to the software image. The main advantage of digital signatures is that they provide both data integrity to prove that the code was not modified, and source authentication to identify who was in control of the code at the time it was signed. Note that the secure boot mechanism is part of the bootloader, which is placed in an unmodifiable device storage such as ROM or write-protected flash.
BroadKey must be initialized during a system secure boot sequence and has to be provided with a dedicated 1KB of SRAM. For this reason, BroadKey is integrated with the secure bootloader, offering device-unique strong security from the boot process onward.
In the INSTET project we extended the role of the BroadKey product and introduced the function of signature verification. BroadKey verifies the data integrity of the application image and authenticates the signer of the application image. A possible extension of this BroadKey-backed secure boot flow is to encrypt/decrypt the firmware in the same process, using BroadKey-derived device-unique keys, to offer ultimate protection of valuable intellectual property against reverse-engineering and cloning as it is presented in Figure 3 and Figure 4.
Device Security: Key Management and Secure Key Storage
Apart from key generation, BroadKey offers functions to authenticate and encrypt, or wrap, external keys, e.g. application keys or user keys, based on device-unique secrets (Figure 5 & Figure 6). This allows the wrapped keys to be stored in low-cost user space memory allocations, rather than in protected memory, or worse, keys stored in plain text.
Since BroadKey is designed to provide strong cryptographic context separation between different keys, based on their type, origin and purpose, there is no risk of misuse. BroadKey will allow only keys with appropriate permissions and usage identification to be used by the functions they were intended for.
End-to-End Security: Data Protection and Data Authentication Mechanisms
In the most common IoT frameworks used for large-scale device connectivity, intermediate stations such as onsite hubs and gateways, or cloud service providers, are trusted by default and hence have access to potentially sensitive data of edge devices. To reduce the security envelope, end-to-end security between end-node and consuming application is the preferred option. In this scenario, the intermediate nodes are trusted to maintain the communication channels between the end-point device and the device owner, but BroadKey’s cryptographic functions offer the cryptographic methods and their required keys to protect the data on the channel, such that only the end-point device and the device owner/consuming application can access this data and ensure its authenticity.
To implement full end-to-end security, we apply application data security on top of existing connectivity infrastructure. More particularly, we sign the application data using an SRAM PUF-derived private key. By sharing the corresponding public key with the application, in the form of a device certificate, the application has the ability to verify the integrity of data and to prove that indeed data is coming from the medical wearable device.
Advanced Device Authentication Methods
Certificates are used to prove identities when communicating with other local devices and with servers in the cloud. A certificate is a statement of identity and authorization that is signed with a secret private key and validated with a known public key. Unlike passwords or other authentication mechanisms that are based on shared secrets, certificates cannot be stolen or forged.
We have adopted a certificate-based authentication in a PKI setting. Device-unique keys derived from the unclonable SRAM PUF fingerprint are an ideal basis for establishing a device identity in the form of a public-key certificate. BroadKey has the proper functions on board to derive public-private key pairs and, in combination with convenient and optional provisioning tools, generate robust device certificates. These certificates form the basis for strong device authentication in networked or IoT environments, e.g. based on TLS with client authentication. In addition, BroadKey also supports the secure and performant cryptographic functions that are used by the communication protocols during the authentication processes.
In conclusion, security by design is strongly required in today’s IoT devices, especially for medical wearable devices. As we have seen having a robust foundation of security based on SRAM PUF need not be complicated nor expensive. But don’t worry, if you happen to have devices already deployed with a less-than-ideal security anchor, BroadKey can also remediate this problem with a retroactive “brownfield” establishment of a hardware-based root of trust.
Georgios Selimis is a Senior Security Engineer at Intrinsic ID, working on embedded security projects and serving as technical leader on a range of R&D projects. His expertise includes applied cryptography, PKI, embedded systems security and IoT secure connectivity. Prior experience includes serving as Research & Development Engineer at the Imec/Holst R&D Centre in Eindhoven, working on IoT projects including lightweight implementations for secure connectivity, PUF and digital signal processing. He studied Electrical & Computer Engineering at the University of Patras in Greece and later obtained his PhD from the same university.