Proving the Business Case for the Internet of Things

How Maxim is ruining the lives of IoT hackers

Steve Rogerson
March 3, 2010



Kris Ardis (pictured) wants to ruin hackers’ lives. That was how the executive director of Maxim Integrated opened up the launch of the company’s latest secure microcontroller for IoT applications at last week’s Embedded World in Nuremberg.
 
“We are turning our attention to the IoT,” he said. “The IoT has become a target.”
 
As IoT applications continue to proliferate, large numbers of devices are being deployed in uncontrolled and hostile areas that make them more vulnerable to physical attacks. These are more sophisticated than software threats such as poor crypto implementations or default password attacks.
 
“If you think about the IoT, these devices go anywhere,” said Ardis. “Hacking them is low risk as they are often in remote areas and hackers can get actual physical access. But the potential reward is high.”
 
He said it was time to learn from the financial sector where the dangers of hackers getting their hands on remote credit-card readers, as used in retail, are well known. That is why the Max 32520 ChipDNA secure Arm Cortex-M4 microcontroller has built-in physically unclonable function (PUF) technology for financial- and government-grade security. The PUF technology allows for multiple layers of protection to provide the key-protection technology in a cost-effective format for use in IoT, healthcare, industrial and computing systems.
 
 
 
Designers want enhanced system defences for their mission-critical applications where exposing secret encryption keys can bring down networks, ruin reputations, end companies and even negatively affect people’s lives.
 
The device has multiple layers of protection through its PUF technology, claimed to be the industry’s most advanced key-protection technology for safeguarding secrets used in cryptographic operations. It uses a tamper-proof PUF key for flash encryption, secure boot for root-of-trust and serial flash emulation. Additionally, the physical security inherent in the PUF key eliminates the need for a battery to destroy secret-key materials when under attack. Until now, the most-sensitive applications have always required a battery to provide this highest level of secret-key protection.
 
“The threats to IoT systems are getting more advanced all the time, and tools to attack systems move from the realm of academia to the realm of open source every day,” said Ardis. “The Max 32520 with ChipDNA is a step forward. Built around the most advanced key security technology and targeting IoT applications, it will protect your data and IP, and has the technology to future-proof designs against tomorrow’s system threats.”
 
Features include:

  • Tamper-proof: Secret keys generated by the ChipDNA PUF circuitry are highly resistant to physical attacks, ensuring the keys that protect data and systems are out of the reach of attackers.
  • IP protection: Flash-encryption using PUF protects sensitive information with encryption keys that withstand even physical inspection and prying, as well as provides robust IP security.
  • Encryption: The DeepCover secure microcontroller can protect all user data, as it is equipped with SP 800-90A and SP 800-90B compliant TRNG and hardware accelerators for AES-256, ECDSA P-521 and SHA-512.
  • Memory: Delivers up to 2Mbyte of secure flash memory, enabling applications to run in a highly secure environment.
  • Cost effective: Built on a process node, this secure microcontroller provides security features, a 120MHz Arm Cortex-M4 processor and plenty of memory. It eliminates several components such as a battery, tamper monitor IC and system management micros that are often found in security-sensitive applications.
“IoT developers are eager to add security to their designs but they are hard-pressed to find the expertise needed to get them to market with advanced protection,” said Tanner Johnson, senior analyst for IoT cyber security at Omdia. “Enabling developers to incorporate PUF-encrypted flash and secure boot loading without system redesign or in-house code development will help them reduce time to market dramatically.”