Company: Silicon Labs
Category: Internet of Things Product of the Year
Historically, hackers attached remotely via the cloud and focused solely on data servers. In recent years, this has shifted towards hands-on access or ‘pivot attacks’. In this form of attack, end nodes are attached locally and used to target higher-level servers for their more valuable data.
This, paired with significant legislation across the USA and Europe means that the security of IoT devices can no longer be seen as an afterthought to design.
There are no standard defence tools for IoT – meaning end devices are easy targets for hackers. Without security designed in from the start, IoT devices become easy targets – indeed, there was been a 2000% increase in targets attached between 2018 and 2019. Currently, healthcare, manufacturing and energy are the primary targets.
Poor supply chain management also plays a part with ~10-12% of electronic components estimated to be fake or substituted – leaving end devices vulnerable.
Secure Vault advances IoT security through a unique combination of hardware and software features that make it easier for product manufacturers to protect their brand, design and consumer data. Integrating a security system with a wireless SoC helps designers simplify development and makes it possible to securely update connected devices over-the-air (OTA) throughout the product lifecycle and unforeseen exploits, threats and regulatory measures.
One of the biggest challenges for connected devices is post-deployment authentication. Silicon Labs’ factory trust provisioning service with optional secure programming provides a secure device identity certificate during IC manufacturing, analogous to a birth certificate, for each individual silicon die, enabling post-deployment security, authenticity and attestation-based health checks. The device certificate guarantees the authenticity of the chip for its lifetime.
Secure Vault’s hardware features provide an optimised level of security implemented in a cost-effective, wireless SoC solution. The security subsystem, including a dedicated core, bus and memory, is separate from the host processor. This unique design of hardware separation isolates critical features, such as secure key store management and cryptography, into their own functional areas. With Secure Vault, keys are encrypted and isolated from the application code. Virtually unlimited secure key storage is offered as all keys are encrypted using a master encryption key generated using a PUF. The new combination of security features is ideal for companies working to address emerging regulatory measures, such as GDPR in Europe and SB-327 in California.
Advanced Tamper Detection offers a wide range of capabilities from easy-to-implement product enclosure tamper resistance to sophisticated tamper detection of silicon through voltage, frequency and temperature manipulations. Configurable tamper-response features enable developers to set up appropriate response actions with interrupts, resets, or in extreme cases, secret key deletion.
Other key features include:
– Anti-Rollback Prevention which blocks older digitally signed firmware from being re-loaded into a device to re-expose patched flaws.
– Secure Boot with RTSL (Root-of-Trust & Secure Loader) ensuring only trusted application code against immutable memory and through a full chain of trust
– Secure Debug locks the emulation port and uses optional cryptographic tokens to unlock it allowing memory to remain intact
– Secure Link Encrypts employs selected bus messages using a Diffie-Hellman key exchange meaning no fleet-wide keys and new keys on each power-cycle
– DPA Countermeasures adding masks and random timings to internal operations and distorts DPA snooping
With the security landscape is changing rapidly, IoT developers face increasing pressure to step up device security and meet evolving regulatory requirements. Secure Vault simplifies development, accelerates time-to-market and helps device makers future-proof products by taking advantage of the most advanced integrated hardware and software security protection available today for IoT wireless SoCs.
Embedded security is a key requirement for IoT products, and software updates alone cannot address all vulnerabilities present in insecure hardware. As a result, hardware components can comprise the front line of defence for device security, especially with new legislation targeting IoT product security.