HUNTSVILLE, Ala. — Microsemi has unveiled its new FPGA-based reference design for embedded microprocessors that may act as a secure way to boot up a system.
It may be that I'm looking at the past through rose-colored glasses, but it seems to me that things were a lot simpler when I was a younger man. When I first started designing with microcontrollers, the trick was to get one's program working at all -- I don't recall anyone ever worrying about security in the context of someone else's application taking over your processor.
Of course, now I come to think about it, the world wasn't connected in the same was as it is today. We could never have conceived anything like today's wired and wireless networks, and a concept like the Internet of Things (IoT) would simply never have struck us.
The problem is that, with the way the world is today, we do have to think about this sort of thing. We're rapidly approaching a time where our homes will be fully automated, and the roads populated by autonomous vehicles. Current estimates from industry analysts like the Aberdeen Group are for around 50 billion entities on the IoT by 2020 -- that's approximately seven connected devices for every human being on the planet.
All of this automation is wonderful, just as long as you are in charge of your own destiny. It's great for me to be able to control the functions in my house using my smartphone, but I'm less than thrilled that someone else might be able to do the same. At a Black Hat convention in 2011, one of the attendees explained how he had managed to hack his own insulin pump. He then proceeded to inform the other attendees that he had used the wireless network to identify some other members of the audience who were equipped with the same type of device, and he asked if they would like him to modify their dosage for them. Needless to say, the answer was a resounding, Nay!
SHODAN (Sentient Hyper-Optimized Data Access Network) is a fictional artificial intelligence and the main antagonist of some cyberpunk/horror-themed computer games. It's also the name of a website that has been described as "Google for hackers." The real purpose of SHODAN is to allow security experts to test the security of their own networks. In reality, however, it can be used by anyone to expose online devices, including webcams and routers, iPhones and VoIP phones, wind turbines and power plants… You name it and SHODAN can find it for you. In fact, someone could be using the camera on your computer at this very moment to observe you while you're reading this column. Be afraid, be very afraid.
The reason I'm talking about all of this is that Microsemi has just unveiled its new FPGA-based Secure Boot Reference Design for embedded microprocessors. This solution is based on one of their flash-based SmartFusion2 SoC FPGAs, which combines a hard core ARM Cortex-M3 microcontroller subsystem with programmable FPGA fabric. It also boasts a suite of advanced security features, including hard core accelerators for cryptographic functions, on-chip oscillators, secure key storage, a true random number generator, and on-chip boot code storage in secure embedded flash memory (eNVM).
In a typical system, the CPU would boot up and load the application code from something like SPI flash memory. But how does the CPU know that the application code has not been infiltrated? The last thing you want is for someone to subvert your CPU for their nefarious purposes. The solution Microsemi suggests is to have a SmartFusion2 SoC FPGA between the SPI flash memory containing the application code and the target CPU as illustrated below:
Microsemi's FPGA-based secure boot solution for embedded systems.
The clever part is that the target CPU doesn’t even know that the FPGA is there -- the SmartFusion2 SoC FPGA is so fast that the target CPU thinks it's talking directly to the SPI flash memory. The first thing to note is that the SmartFusion2 SoC FPGA performs its own secure boot, after which it helps the target CPU to perform its secure boot. After this, the SmartFusion2 SoC FPGA verifies that the application (which is itself encrypted) is secure before handing it over to the target CPU.
One very important point to note is that just because you are using encryption algorithms, that doesn’t necessarily mean that your system is secure. In some cases, it's possible for people to use a differential power analysis (DPA) side channel attack to extract your cryptographic keys from a single power-up cycle. My contacts at Microsemi tell me that their solution is resistant to such attacks.
I could go on for hours here about things like encryption algorithms (RSA, AES, DES, ECC…), CEKs (code encryption keys), and CSKs (code signing keys) and we'd all be sorry. The point is that Microsemi have taken all of this complexity and bundled it into its Secure Boot Reference Design (click here for more information on this reference design).
Security, or the lack thereof, in our embedded systems is a perfect storm that's just biding its time waiting to happen. Many FPGA and MCU manufacturers are starting to take this very seriously indeed. I would rate Microsemi as being at the forefront of this movement. What do you think? Are you as worried about security as me?
— Max Maxfield, Editor of All Things Fun & Interesting