fbpx

How the Security Mechanism of Microcontrollers Secure IoT Devices

The coming of IoT era brings a huge amount of data in the cloud and edge. With the growth of cloud-based information, Statista has expected more than 7 million data centers in 2021 and Global Market Insights has projected USD 45 billion dollars of the market revenue by 2026. On the other hand, with the growth of end devices, IDC has projected 489.1 million wearable shipments in 2023.

In the meantime, cyber attacks have become serious crimes. From McAfee Labs, 25 threats happened in the cyberspace per day 10 years ago; now, more than 500,000 threats happen per day in each architecture layer. The above shows how desperately it is to protect the data from cloud and edge; to solve the problems, TEEs (Trusted Execution Environments) and TPMs (Trusted Platform Modules) are the well-known technological approaches. In this article, it will be shown that ARM TrustZone, which provides TEEs, is especially suitable for IoT applications.

 

Technological Approaches for Cryptographic Purpose: TEE and TPM

A TEE is an isolated processing environment which provides a place for data and software running within it execute securely and not able to be accessed from outside; a TPM is a chip which encrypts data, stores digital keys, and provides a physical root of trust. Both of TEE and TPM are approaches that use different methods to secure the confidential running data from being hacked or taken away.

TechnologyProcessing capabilitiesComplexityCost
TEEGeneralHighNone (Built-in)
TPMLimitedAverageLow (Chip)

Table 1. Comparison of TEE and TPM

(Source: https://next.redhat.com/2019/12/02/current-trusted-execution-environment-landscape/)

 

For edge protection, a TEE is a better choice comparing to a TPM since IoT devices are all area-sensitive and TEE supports built-in security without any additional chip. Intel SGX (Software Guard eXtension), AMD SEV (Secure Encrypted Virtualization), and ARM TrustZone are the most popular technologies that realize trusted execution environments.

 

TEE Realization: Intel SGX, AMD SEV, and ARM TrustZone

For Intel SGX, a secure enclave would be created by the running application in order to protect the confidentiality of the executed code and its related data. The data which belong to this enclave is encrypted in the memory and a remote attestation protocol would be executed for confirming the enclave runs on an SGX-enabled processor. From Fig. 1, it is shown that after an enclave is created and a trusted function is executed, the program which is running would go through the SGX call gate and be executed inside the enclave with trusted function enabled. The encrypted result would then be sent back to the normal environment.

AMD SEV is implemented with a totally different idea that the application with protected data directly runs on a virtual machine. Some ephemeral keys would be generated to encrypt the memory pages (in the virtual machines) and these keys are confidential to any software which runs on the CPU. The virtual machines create a trusted environment for code and data, so the operating process of a program is the same as an ordinary program.

 

Fig. 1 Intel SGX and AMD SEV operating concepts (Source: 2018 IEEE; Security, Performance and Energy Trade-offs of Hardware-assisted Memory Protection Mechanisms)
Fig. 1 Intel SGX and AMD SEV operating concepts
(Source: 2018 IEEE; Security, Performance and Energy Trade-offs of Hardware-assisted Memory Protection Mechanisms)

 

The basic concept of ARM TrustZone is to separate secure and non-secure worlds. In the secure world, trusted software (Trusted OS) would be developed with a trusted boot implemented by code. For any Cortex-A processor, there is a Non-Secure (NS) bit determining which world the processor runs in and a secure monitor to manage the communications between the two worlds. Applications running in non-secure world would not be access anything within the secure world, which is being controlled by the Trusted OS.

Fig. 2 TrustZone technology for Cortex-A microcontrollers (Source: arm)
Fig. 2 TrustZone technology for Cortex-A microcontrollers (Source: arm)

 

For any Cortex-M microcontroller, the design of TrustZone technology is different from that for Cortex-A processors; and in order to meet the IoT applications, it is with faster switch and lower power consumption. TrustZone for Cortex-M microcontrollers is without the secure monitor and its related software in order to save more transition time. The memory space is divided into secure and non-secure states; the processor state would follow the memory state, i.e., if the code runs in the secure memory state, then the processor state is secure, and vice versa. The memory partition could also define the peripherals as secure or non-secure.

Fig. 3 TrustZone technology for Cortex-M microcontrollers (Source: arm)
Fig. 3 TrustZone technology for Cortex-M microcontrollers (Source: arm)

Unlike TrustZone in Cortex-A microcontroller which the secure monitor manages the context switch, TrustZone for Cortex-M microcontroller only allows the processor to be either in secure or non-secure state and there is only one TrustZone in the microcontroller. However, for Intel SGX, there might be multiple enclaves for various targets in a processor. Hence, Cortex-M microcontrollers with small sizes and power efficiency are suitable for IoT applications which have a specific function such as wearables.

 

Nuvoton M23 Series Microcontrollers

The NuMicro® Cortex-M23 microcontrollers from Nuvoton is based on ARM Cortex-M23 with TrustZone enabled. As previously mentioned, memory space and peripherals could be divided into secure and non-secure states to achieve data integrity, firmware update, and operation security. Furthermore, the fast transition between two states and power efficiency would be realized by TrustZone.

Other than that, developers who use NuMicro® Cortex-M23 microcontrollers could achieve the secure services such as Trusted Boot (Root of Trust), Secure OTA (Over-The-Air) firmware update (including secure software download), Power management APIs for non-secure world with the NuSMP, Nuvoton Secure Microcontroller Platform. The NuSMP is a mixture of hardware and software technology for users to complete the security requirements, and it supports ARM PSA (Platform Security Architecture) as well.

 

Fig. 4 Nuvoton NuMicro® Cortex-M23 microcontrollers (Source: Nuvoton)
Fig. 4 Nuvoton NuMicro® Cortex-M23 microcontrollers (Source: Nuvoton)

 

The NuMicro® Cortex-M23 microcontrollers include M261/M262/M263 series, M251/M252 series, M2351 series, and all of them are low power platforms.

The NuMicro® M261/M262/M263 series run up to 64 MHz with 512 Kbytes embedded Flash memory in dual bank mode and 96 Kbytes embedded SRAM; they support low supply voltage from 1.8~3.6V. M251/M252 series run up to 48 MHz with 32~256 Kbytes embedded Flash memory and 8~32 Kbytes embedded SRAM; they support wide supply voltage from 1.75~5.5V. M2351 series operate at up to 64 MHz frequency, with up to 512 Kbytes embedded Flash memory in dual bank mode and up to 96 Kbytes embedded SRAM.

To search for more information of NuMicro® Cortex-M23 microcontrollers, please visit the website of TechDesign.

 

Conclusion

Security concern becomes extremely essential in IoT era. TEE is a great choice for edge protection comparing to TPM since IoT devices are all area-sensitive and TEE supports built-in security without any additional chip. In this article, Intel SGX, AMD SEV and ARM TrustZone are introduced. Different from AMD SEV, Intel SGX and ARM TrustZone use the idea of secure and non-secure state separation.

For any ARM Cortex-M microcontroller, there is only one TrustZone. It suits products with a specific IoT application. With TrustZone enabled, the NuMicro® Cortex-M23 microcontrollers from Nuvoton, which include M261/M262/M263 series, M251/M252 series, M2351 series, are the microcontrollers that could be used in a lot of secure-related IoT applications. If you want to realize your secure design, come visit TechDesign now to start!

 

 

Leave a Reply

Your email address will not be published. Required fields are marked *