Design Article
Anti tamper real time clock (RTC) - make your embedded system secure
Mohit Arora, Prashant Bhargava, Stephen Pickering, Freescale Semiconductor
9/10/2009 1:27 PM EDT
1. Introduction " Need
for Anti Tamper RTC
Applications like utility metering, HVAC, point of sale terminals, security alarms, vending machines, security related equipments and systems are prone to hacking where the hacker may want to extract information and/or modify the internal settings. Most of these methods include tweaking the time so as to fool the system.
Specific to power and energy metering, electricity distribution companies may have different billing rates depending on time of the day, maximum demand, load, etc, thus making Real Time Clock (RTC) an essential part of the electronic meter to provide time reference. One may tamper with the clock or manipulate the time to fool the system and charge differently, e.g., changing PM to AM such that metering firmware charges less due to non-peak load during that time.
A hacker can change the RTC crystal so as to count less as RTC usually relies on a 32.768 kHz external crystal oscillator. This introduces inaccuracies in measurement and thus billing.
Still today, lot of software licenses are time based. Before the license is about to get expired, one may reverse the time back thus providing additional time software license is available to the user.
Most of you may have experience changing the old PC BIOS clock to reset system settings. Have you ever forgotten the BIOS password or have you wondered to log into your friend's computer that has BIOS security password during the system boot? Most common way is reset the password is to physically remove the power from the computer by disconnecting the power plug and then removing battery for few minutes from the motherboard.
There are endless examples based on time related hacks. For consumer products, avoiding the above may not matter much without any significant loss to the customer or product manufacturer but for applications like point of sale, power distribution, etc, the above may compromise the whole security network causing chaos and huge loss of revenue.
Taking care of above may require additional hardware changes in board along with additional components and yet may not be completely secure; however these can be easily taken care during RTC design.
Next section focus on some of the techniques that can be implemented in RTC to make system secure and avoid time related hacks.
2. Techniques for Secure Real Time Clock
RTC with Independent Power Domain:
In order to be tamper proof, an RTC needs to be working independent of the CPU. Hence a secure RTC would need to be enabled at all the times. This is achieved by running the RTC off a battery supply (as shown in Figure 1). To optimize the battery life, RTC can be powered from the main supply and switches to battery supply in the event of main power failure.
Figure 1: Independent RTC
This allows all the associated logic along with tamper detection (described later) to work in the event of power failure unless the battery is removed or gets drained out.
Detecting tampers external to the System:
There can be several attacks that a system may have to face from external world. These may include damaging the casing of the system, alteration of certain signals, etc. These intrusions can be monitored by Anti-Tamper Switches in the System. Since these anti-tamper switches need to be monitored at all the time, they need to be powered by battery (RTC) supply.
These anti-tamper switches can be prone to noise and can cause false tamper conditions. Thus it is important to filter out these noises to prevent incorrect triggering.
Figure 2: External Tamper Detection
The tamper event should be one of the sources of interrupt to the CPU. CPU on the event of tamper can take necessary actions like erasing any secure information, generating system reset, storing the tamper event in EEPROM or battery backed registers and finally clearing the interrupt flag. CPU response to a tamper event is generally application specific.
It is important to note that once tamper signal is asserted, it should not be cleared unless both the main(VDD) as well battery supply(VBAT) is removed. When supply is reconnected tamper should be the default condition and should only be reset by code within the processor. For example in electricity meter, this is normally done during meter calibration.
An inherent disadvantage of using open or passive anti-tamper switches is that with passage of time these switches tend to get oxidized and when a tamper occurs these switches remain open due to the oxidation and thus a tamper event may never be indicated to the system. This is overcome by the Active Tamper Detection Technique described in next section.
Active Tamper Detection:
Active Tamper detection introduces a feedback loop providing more advanced method of monitoring external tampers and also ensuring extended life of anti-tamper switches. Unlike passive tampers that are input, active tamper mechanism includes pair of one of more input/output switches. Chip outputs a known sequence (fixed or generated by Linear Feedback Shift Register) on the output anti-tamper switch while monitoring the input tamper switches for the same sequence (as shown in Figure 3) As long as the sequence matches, no tamper is indicated. When the sequence skips a value or is incorrect, either due to an external tamper event or fault in switch, tamper is activated.
Figure 3: Active Tamper Detection
(Click on image to enlarge)
Prevent Malicious Code from Changing Register Settings:
A hacker may introduce unauthorized firmware into the system so as to take control or change register settings. One of the common software tamper is to move back the time in order to allow, for example, music protected by Digital Rights Management to be played again and again by moving back the time.
RTC should have the capability to lock the time so that it cannot be moved back unless the system is reset. Critical register access should be secured by a write protection mechanism such that any write from a malicious or runaway code cannot change the register settings unless it goes through a pre-specified sequence.
Figure 4 shows the recommended write protection on the RTC registers. The registers are locked by default and to program them a specific sequence needs to written which would be known to the valid/secure program only.
Figure 4: Write Protection Sequence
(Click on image to enlarge)
Additional advantage of having this write sequence is to protect the registers against an ESD or external noise that can trigger changes in register settings. Since any write to the register has to go through a fixed sequence, it is highly unlikely that an ESD/noise can corrupt the registers.
It is also essential to separate critical registers from the user registers by providing different access permissions to the critical registers. For example, RTC registers can be divided into Secure and non-Secure registers and time & date registers can be kept in the secure portion which can only be accessed by the secure code. This provides additional layer of protection to the RTC registers.
Protecting against a Power Glitch on external lines:
For the systems that boot from external memory, a unique way of tampering a secure system is to introduce noise on the memory interface or a glitch on the power lines of the SoC. This random noise can cause changes to registers settings. In some of the systems that boot securely, this can cause to bypass entire security process thereby making the SoC vulnerable to hacks and tampers.
RTC can prevent this from happening by maintain a hard-coded security code that needs to be programmed in its registers during boot. RTC, on a code mismatch can generate a security alarm indicating that external boot sequence has been manipulated by random noise or otherwise generated by the hacker to unsecure the system. This code once programmed is monitored at all times. Hence noise generated at any point in time which alters the programmed code will be detected.
Figure 5: Power Glitch Detection
(Click on image to enlarge)
Protection against Battery Removal:
One of the common ways of tampering a system is to remove the battery when the main supply is not available. This allows hacker to manipulate the system and then connect the battery back as if nothing has happened. In a secure system, the RTC should be independent in all ways, including its power source. Removal of this independent power source i.e. the battery can have detrimental effect on the system and can make it vulnerable to attacks. Hence a secure system must ensure battery is not easily removable and if removed must be detectable.
It is important to note that RTC should have a separate "Power on Reset (POR)" than the SoC POR. RTC should reset (RTC POR asserted) only for the case where both main as well as battery supply is removed or battery is connected for the first time. RTC should have the capability to detect removal of battery and thus generate an internal tamper interrupt to the CPU. During initial calibration, this tamper can be ignored as system would in diagnostic mode.
Time Stamping a Tamper Event:
RTC should be able to record the time of a tamper event. This can let the system know when an attack has happened and the number of times it occurred since installation. Good example to understand this is a digital electricity meter. A hacker can reverse the neutral and the live wire so as to make the current flow in opposite direction thus counting the energy backwards. If the RTC has the capability to detect this and store the time when the event has occurred, energy distribution company can know when this happened and can bill/fine the user accordingly.
Invalidating the Time:
It is a good idea to invalidate the time when a tamper occurs and this action is completely application dependent. For example, in a Point of Sale terminal, it would be good to invalidate a time so as to indicate that device has been tampered while for an electricity meter, it should just record the time stamp without invalidating the time as all the billing calculation may be time dependent. Energy companies also want to know subsequent tamper events after the first tamper and would like to keep running the clock all the time, no matter what. They can later bill user differently based on time and number of tampers.
Erasing Critical Information:
Generally any critical data like Security keys, passwords are retained in battery backed up memory within a SoC or RTC registers since they are available all the time even in the event of main power failure. It is important that this should not go into the hands of a hacker. Hence during any tamper detection, RTC should erase all the secure keys stored in its registers and the contents of any associated secure memory.
Fail Safe Mechanism:
A hacker may remove the main power and then remove the RTC crystal so as to stall the time. When the main supply is connected back, a secure system should be able to detect missing clock for the RTC and should switch the system to alternate clock source, indicating crystal failure. Based on application, firmware may choose to indicate user about the failure so as to take necessary action.
Figure 6: Detecting Crystal Failure
(Click on image to enlarge)
RTC Clock Compensation:
The RTC crystal may be subjected to changes in pressure, voltage, temperature or may be subjected to certain chemicals so as to change crystal characteristics thus running the clock slower or faster. Hence RTC should be able to compensate for the inaccuracies in the clock and continue to generate accurate clock to the RTC counters thus maintaining accurate time. Compensation can be done by removing pulses so as to skip count if crystal is running faster or adding clock pulses if crystal is running slower. Firmware may choose to indicate a tamper or crystal failure if compensation that needs to be done is more than acceptable range.
3. Conclusion
Security is becoming increasingly important in embedded applications so as to protect company revenue and protection of critical data. This article has described several anti-tamper techniques that can be easily implemented in a RTC design.
It is important to note that techniques described may vary based on application requirements. For example, in a Point of Sale terminal, it would be good to invalidate a time so as to indicate that device has been tampered making the device un-usable while for while for an electricity meter, it is necessary to keep the clock running.
Implementing these features in RTC is cheaper and more secure as RTC operates on an independent power supply along with independent clock source thus assuring any tampers from the external sources get monitored and recorded even when the main system supply is not available.
About the authors:
Mohit Arora is a Systems Engineer in Freescale Semiconductors. His current focus is on Energy/Utility Metering Market. He has been involved in product definition and specification for ColdFire/PowerPC based products for Mid-high end Industrial Market space. He earned a Bachelor's degree in Electronics and Communication Engineering from Netaji Subhas Institute of Technology(NSIT), India. He can be reached at: mohit.arora@freescale.com.
Prashant Bhargava is a Design Lead in Freescale Semiconductors and has worked in Design & Architecture of microcontrollers for different applications like VoIP, Display Controllers and Utility Metering. He holds a Bachelor of Engineering degree in Electronics & Communication from Punjab Engineering College, Chandigarh, India. He can be reached at: prashantb@freescale.com.
Stephen Pickering is a Systems Engineer in Freescale Semiconductors. His work involves the architectural definition of micro-controllers for various application, in particular he has spent the last 2-3 years defining solutions for utility meters and has visited over 40 different meter manufactures world-wide during the definition of current and future micro-controllers. He can be reached at: stephen.pickering@freescale.com.
Applications like utility metering, HVAC, point of sale terminals, security alarms, vending machines, security related equipments and systems are prone to hacking where the hacker may want to extract information and/or modify the internal settings. Most of these methods include tweaking the time so as to fool the system.
Specific to power and energy metering, electricity distribution companies may have different billing rates depending on time of the day, maximum demand, load, etc, thus making Real Time Clock (RTC) an essential part of the electronic meter to provide time reference. One may tamper with the clock or manipulate the time to fool the system and charge differently, e.g., changing PM to AM such that metering firmware charges less due to non-peak load during that time.
A hacker can change the RTC crystal so as to count less as RTC usually relies on a 32.768 kHz external crystal oscillator. This introduces inaccuracies in measurement and thus billing.
Still today, lot of software licenses are time based. Before the license is about to get expired, one may reverse the time back thus providing additional time software license is available to the user.
Most of you may have experience changing the old PC BIOS clock to reset system settings. Have you ever forgotten the BIOS password or have you wondered to log into your friend's computer that has BIOS security password during the system boot? Most common way is reset the password is to physically remove the power from the computer by disconnecting the power plug and then removing battery for few minutes from the motherboard.
There are endless examples based on time related hacks. For consumer products, avoiding the above may not matter much without any significant loss to the customer or product manufacturer but for applications like point of sale, power distribution, etc, the above may compromise the whole security network causing chaos and huge loss of revenue.
Taking care of above may require additional hardware changes in board along with additional components and yet may not be completely secure; however these can be easily taken care during RTC design.
Next section focus on some of the techniques that can be implemented in RTC to make system secure and avoid time related hacks.
2. Techniques for Secure Real Time Clock
RTC with Independent Power Domain:
In order to be tamper proof, an RTC needs to be working independent of the CPU. Hence a secure RTC would need to be enabled at all the times. This is achieved by running the RTC off a battery supply (as shown in Figure 1). To optimize the battery life, RTC can be powered from the main supply and switches to battery supply in the event of main power failure.
Figure 1: Independent RTC
This allows all the associated logic along with tamper detection (described later) to work in the event of power failure unless the battery is removed or gets drained out.
Detecting tampers external to the System:
There can be several attacks that a system may have to face from external world. These may include damaging the casing of the system, alteration of certain signals, etc. These intrusions can be monitored by Anti-Tamper Switches in the System. Since these anti-tamper switches need to be monitored at all the time, they need to be powered by battery (RTC) supply.
These anti-tamper switches can be prone to noise and can cause false tamper conditions. Thus it is important to filter out these noises to prevent incorrect triggering.
Figure 2: External Tamper Detection
The tamper event should be one of the sources of interrupt to the CPU. CPU on the event of tamper can take necessary actions like erasing any secure information, generating system reset, storing the tamper event in EEPROM or battery backed registers and finally clearing the interrupt flag. CPU response to a tamper event is generally application specific.
It is important to note that once tamper signal is asserted, it should not be cleared unless both the main(VDD) as well battery supply(VBAT) is removed. When supply is reconnected tamper should be the default condition and should only be reset by code within the processor. For example in electricity meter, this is normally done during meter calibration.
An inherent disadvantage of using open or passive anti-tamper switches is that with passage of time these switches tend to get oxidized and when a tamper occurs these switches remain open due to the oxidation and thus a tamper event may never be indicated to the system. This is overcome by the Active Tamper Detection Technique described in next section.
Active Tamper Detection:
Active Tamper detection introduces a feedback loop providing more advanced method of monitoring external tampers and also ensuring extended life of anti-tamper switches. Unlike passive tampers that are input, active tamper mechanism includes pair of one of more input/output switches. Chip outputs a known sequence (fixed or generated by Linear Feedback Shift Register) on the output anti-tamper switch while monitoring the input tamper switches for the same sequence (as shown in Figure 3) As long as the sequence matches, no tamper is indicated. When the sequence skips a value or is incorrect, either due to an external tamper event or fault in switch, tamper is activated.
Figure 3: Active Tamper Detection
(Click on image to enlarge)
Prevent Malicious Code from Changing Register Settings:
A hacker may introduce unauthorized firmware into the system so as to take control or change register settings. One of the common software tamper is to move back the time in order to allow, for example, music protected by Digital Rights Management to be played again and again by moving back the time.
RTC should have the capability to lock the time so that it cannot be moved back unless the system is reset. Critical register access should be secured by a write protection mechanism such that any write from a malicious or runaway code cannot change the register settings unless it goes through a pre-specified sequence.
Figure 4 shows the recommended write protection on the RTC registers. The registers are locked by default and to program them a specific sequence needs to written which would be known to the valid/secure program only.
Figure 4: Write Protection Sequence
(Click on image to enlarge)
Additional advantage of having this write sequence is to protect the registers against an ESD or external noise that can trigger changes in register settings. Since any write to the register has to go through a fixed sequence, it is highly unlikely that an ESD/noise can corrupt the registers.
It is also essential to separate critical registers from the user registers by providing different access permissions to the critical registers. For example, RTC registers can be divided into Secure and non-Secure registers and time & date registers can be kept in the secure portion which can only be accessed by the secure code. This provides additional layer of protection to the RTC registers.
Protecting against a Power Glitch on external lines:
For the systems that boot from external memory, a unique way of tampering a secure system is to introduce noise on the memory interface or a glitch on the power lines of the SoC. This random noise can cause changes to registers settings. In some of the systems that boot securely, this can cause to bypass entire security process thereby making the SoC vulnerable to hacks and tampers.
RTC can prevent this from happening by maintain a hard-coded security code that needs to be programmed in its registers during boot. RTC, on a code mismatch can generate a security alarm indicating that external boot sequence has been manipulated by random noise or otherwise generated by the hacker to unsecure the system. This code once programmed is monitored at all times. Hence noise generated at any point in time which alters the programmed code will be detected.
Figure 5: Power Glitch Detection
(Click on image to enlarge)
Protection against Battery Removal:
One of the common ways of tampering a system is to remove the battery when the main supply is not available. This allows hacker to manipulate the system and then connect the battery back as if nothing has happened. In a secure system, the RTC should be independent in all ways, including its power source. Removal of this independent power source i.e. the battery can have detrimental effect on the system and can make it vulnerable to attacks. Hence a secure system must ensure battery is not easily removable and if removed must be detectable.
It is important to note that RTC should have a separate "Power on Reset (POR)" than the SoC POR. RTC should reset (RTC POR asserted) only for the case where both main as well as battery supply is removed or battery is connected for the first time. RTC should have the capability to detect removal of battery and thus generate an internal tamper interrupt to the CPU. During initial calibration, this tamper can be ignored as system would in diagnostic mode.
Time Stamping a Tamper Event:
RTC should be able to record the time of a tamper event. This can let the system know when an attack has happened and the number of times it occurred since installation. Good example to understand this is a digital electricity meter. A hacker can reverse the neutral and the live wire so as to make the current flow in opposite direction thus counting the energy backwards. If the RTC has the capability to detect this and store the time when the event has occurred, energy distribution company can know when this happened and can bill/fine the user accordingly.
Invalidating the Time:
It is a good idea to invalidate the time when a tamper occurs and this action is completely application dependent. For example, in a Point of Sale terminal, it would be good to invalidate a time so as to indicate that device has been tampered while for an electricity meter, it should just record the time stamp without invalidating the time as all the billing calculation may be time dependent. Energy companies also want to know subsequent tamper events after the first tamper and would like to keep running the clock all the time, no matter what. They can later bill user differently based on time and number of tampers.
Erasing Critical Information:
Generally any critical data like Security keys, passwords are retained in battery backed up memory within a SoC or RTC registers since they are available all the time even in the event of main power failure. It is important that this should not go into the hands of a hacker. Hence during any tamper detection, RTC should erase all the secure keys stored in its registers and the contents of any associated secure memory.
Fail Safe Mechanism:
A hacker may remove the main power and then remove the RTC crystal so as to stall the time. When the main supply is connected back, a secure system should be able to detect missing clock for the RTC and should switch the system to alternate clock source, indicating crystal failure. Based on application, firmware may choose to indicate user about the failure so as to take necessary action.
Figure 6: Detecting Crystal Failure
(Click on image to enlarge)
RTC Clock Compensation:
The RTC crystal may be subjected to changes in pressure, voltage, temperature or may be subjected to certain chemicals so as to change crystal characteristics thus running the clock slower or faster. Hence RTC should be able to compensate for the inaccuracies in the clock and continue to generate accurate clock to the RTC counters thus maintaining accurate time. Compensation can be done by removing pulses so as to skip count if crystal is running faster or adding clock pulses if crystal is running slower. Firmware may choose to indicate a tamper or crystal failure if compensation that needs to be done is more than acceptable range.
3. Conclusion
Security is becoming increasingly important in embedded applications so as to protect company revenue and protection of critical data. This article has described several anti-tamper techniques that can be easily implemented in a RTC design.
It is important to note that techniques described may vary based on application requirements. For example, in a Point of Sale terminal, it would be good to invalidate a time so as to indicate that device has been tampered making the device un-usable while for while for an electricity meter, it is necessary to keep the clock running.
Implementing these features in RTC is cheaper and more secure as RTC operates on an independent power supply along with independent clock source thus assuring any tampers from the external sources get monitored and recorded even when the main system supply is not available.
About the authors:
Mohit Arora is a Systems Engineer in Freescale Semiconductors. His current focus is on Energy/Utility Metering Market. He has been involved in product definition and specification for ColdFire/PowerPC based products for Mid-high end Industrial Market space. He earned a Bachelor's degree in Electronics and Communication Engineering from Netaji Subhas Institute of Technology(NSIT), India. He can be reached at: mohit.arora@freescale.com.
Prashant Bhargava is a Design Lead in Freescale Semiconductors and has worked in Design & Architecture of microcontrollers for different applications like VoIP, Display Controllers and Utility Metering. He holds a Bachelor of Engineering degree in Electronics & Communication from Punjab Engineering College, Chandigarh, India. He can be reached at: prashantb@freescale.com.
Stephen Pickering is a Systems Engineer in Freescale Semiconductors. His work involves the architectural definition of micro-controllers for various application, in particular he has spent the last 2-3 years defining solutions for utility meters and has visited over 40 different meter manufactures world-wide during the definition of current and future micro-controllers. He can be reached at: stephen.pickering@freescale.com.
Navigate to related information
