Security goes embedded

As more embedded applications use Internet Protocol, the need for security using encryption/decryption and authentication is trickling down to embedded devices, and vendors are rising up to meet the need with chips and firmware.

Next month, the Department of Homeland Security will conduct Cyber Storm 2 to test the nation's readiness to weather electronic attacks on U.S. information infrastructures, transportation lines and utilities. During the first Cyber Storm, in 2006, hackers successfully attacked the very computers being used to conduct the test. Technology vendors worldwide have been working since then to plug security holes.

"Security threats used to [come from] hackers just trying to make a name for themselves. But today the bad guys are keeping their security breaches quiet until they set themselves up on a private island somewhere," said Geoff Waters, a systems engineer specializing in security at Freescale Semiconductor Inc.

Today, IT departments at some major corporations employ whole staffs of security experts--as well as the occasional hacker, hired to try to break whatever the security experts build. But embedded designers have been slow to recognize the need for security, according to Peter Middleton, a principal analyst specializing in security at Gartner Inc. (Stamford, Conn.).

"About four years ago, hardware acceleration chips for encryption and decryption became available, but there's been a time lag--first with equipment vendors' actually starting to use these new capabilities, then with enterprise users' actually exploiting them. Now they are finally percolating down to smaller embedded systems," said Middleton. "We estimate the standalone encryption acceleration chip market to be about $75 million today, but all the communications chip makers are getting into the act now, and all segments of these markets are growing rapidly."

Any embedded processor that uses the Internet to communicate with the outside world needs to implement encryption to ensure security, according to Middleton. That includes all applications that use embedded communications processors--from routers and gateways to cell phones, medical gear, point-of-sale devices, voice-over-IP handsets and the IP cameras used in digital video surveillance systems.

For embedded systems designers, the biggest excuse for not moving on security is the cost. Implementing sophisticated encryption algorithms, such as the 128-bit Advanced Encryption Standard, can require a microcontroller upgrade. "When used properly, encryption is practically undefeatable," said Freescale's Waters, but "encryption is serious heavy lifting for a general-purpose processor. It requires a CPU that is 10 to 40 times faster than you needed without encryption."

Some embedded applications require dedicated encryption chips, offered by vendors such as Broadcom Corp., Cavium Networks Inc., Hifn Inc., Infineon Technologies AG and NXP Semiconductors. But vendors are also adding dedicated blocks on their communications processors to handle the task. Freescale, for instance, has added hardware encryption acceleration to its PowerQuicc processors.

"Companies have begun to embed encryption hardware . . . because the cost point you have to reach to enable an OEM to build hardware encryption and decryption capabilities into their smaller devices could not be met by a standalone chip," said Gartner's Middleton.

Low-end apps can still get by with encryption algorithms running on firm- ware on their microcontrollers. Both Texas Instruments and Analog Devices Inc. make it easy for designers to execute crypto and authentication tasks from firmware located on the same microcontroller that handles application code.

"At ADI, we have libraries of encryption algorithms for Blackfin so you can run your crypto code using the DSP, which works well for many applications, especially since then you can run your control code and your application code on the same chip," said Wassim Bassalee, a senior applications engineer.

Blackfin also helps with the chicken-or-egg problem of exchanging encryption keys: How do you securely send someone a private encryption key before they have a key to make a secure connection? For the future, quantum encryption algorithms offer the ultimate in secure-key exchange; but until then, embedded systems either will rely on public keys (such as a secure Web server) or use lock-box modes, such as that offered on the Blackfin. Users enter a secure operating mode by authenticating code using an elliptic-curve digital signature protocol that yields access to secret information (such as encryption keys) on the chip.

For systems that handle multiple data streams, such as routers or security video encoders that service a half-dozen cameras simultaneously, hardware acceleration may be necessary. Here, ADI is expected to follow the lead of companies such as Freescale with hardware acceleration blocks on select Blackfin models.

Once encryption is implemented for communication among embedded de- vices, designers can be virtually assured that data streams are eavesdrop-free; it takes too much time and computing power to guess at 128-bit keys. Instead, hackers will turn to finding weaknesses in the protocols and configuration options used to implement the encryption routines.

If embedded systems designers have a staff of crack security specialists on hand, then their protocols and configurations may be uncrackable. But that is often not the case, especially for startups running on a lean budget. That's where a security framework software specialist such as Mocana Corp. can help.

"Mocana provides all of the security service routines an embedded designer needs, including making use of on-chip accelerators so that the main core is free to execute application code," said CEO Adrian Turner. "All our routines execute asynchronously, so they are easy for OEMs to integrate with their own code."

Mocana's suite runs on 15 operating systems and includes all standard en- cryption, decryption and authentication tasks, Turner said.

Beyond traditional control applications, IP apps are an area in need of embedded security software. When "IP phones" meant downloading free software from Skype Technologies S.A. and using the microphone and speaker in a computer to make free, albeit poor-quality, calls, users had no reasonable expectation of privacy. But users who shell out hard-earned cash to companies such as Vonage Holdings Corp. expect the kind of privacy achieved with standard security protocols.

The IP camera is another embedded app requiring the strong crypto and authentication that is only possible with robust security protocols. The advent of the IP camera--which often shares the same Ethernet cable with a company's Web-surfing employees--greatly lowered the price of video surveillance, but at the expense of exposing the system to hackers anywhere in the world.

Vendors that provided interface chips for legacy analog security cameras now provide the chips that interface an IP camera to Ethernet.

"We have had to design much smaller chips that use less power for IP camera applications," said Sanjay Gajendra, product marketing manager with National Semiconductor Corp.'s Interface Division. "We also came up with power-over- Ethernet [PoE] chips that allow the Ethernet cable to supply the power to IP cameras so you can put them in places where there are no power outlets. We have a new chip that adds a time stamp to video frames before they are sent over Ethernet, so even if packets get out of order during transmission, they can easily be se- quenced correctly at the receiving end."

Ultimately, the only way to secure all-digital video surveillance systems based on IP cameras is to implement the same suite of security protocols that protect Internet transactions. The microcontrollers used for traditional embedded apps, such as PowerQuicc and Blackfin, can also be used in IP cameras, video encoders and video servers.

TI claims its DaVinci processors are well-adapted for IP cameras and the other components of modern video security systems by virtue of having multiple, heterogeneous cores on the same chip.

"Different [DaVinci] models have different combinations of an ARM microcontroller, a DSP and a programmable image processor that performs all of the common functions," said Danny Petkevich, video security business manger at Texas Instruments.

The other big risk in modern system security is malware--viruses, worms, Trojan horses, root kits, spyware and other dishonest software modules that hackers hide in data packets. Scanning for malware signatures is the first line of defense, but there are thousands of signatures to watch for, and the list grows every day. The task can hog the bandwidth of even the fastest processors. Thus microcontroller vendors are quickly moving to add hardware acceleration blocks to their chips so as not to load down the main processor core.

At last week's Mobile World Congress in Barcelona, Spain, Freescale detailed its work with Qosmos (Paris), a spin-off of Laboratoire d'Informatique de Paris, to harness the pattern-matching hardware on Freescale's multicore Power- Quicc processors in the service of deep-packet inspection. DPI quickly scans data packets for known malware signatures without slowing the speed of communications handled by the embedded de- vices using PowerQuicc.

ADI has said it is looking to add a similar solution for the Blackfin microcontroller but has not announced formal plans for such development.