Summary:As the automation and interconnection revolution in the automotive and industrial markets advances, edge nodes are rapidly becoming the target of cyberattacks. Software updates, remote capture of diagnostic data, and communications between remote endpoints and infrastructure are becoming more common, making them vulnerable to cyber-attacks and other security threats.

As semiconductor technology advances, process dimensions continue to shrink, embedding flash memory into a hardware security Module (HSM) containing MCU It is also becoming more difficult to use, so the demand for external flash memory is increasing. When flash memory is external to the MCU, the stored code and data are more vulnerable, so devices must design secure boot processes and other infrastructure to ensure that what is stored and retrieved can be trusted.

This article explores the challenges and security requirements for the design of next-generation security devices when flash memory is external to the MCU with the HSM module, while still maintaining the hardware root of trust. Other topics covered in this article include: encrypted secure storage, fast secure boot, secure firmware remote updates, and management compliance.

Key words– cHardware Security Module, Secure Flash, Smart Flash, Root of Trust, Trusted Execution Environment

I. Introduction

In an increasingly embedded and connected world, security concerns are becoming more important. Every embedded system expands the attack surface, making everything from devices and vehicles to offices and factories more vulnerable. In applications such as automotive electronics and industrial systems, functional safety has risen to a critical position.

Design engineers know that growing concerns about security and privacy have become a major factor in purchasing decisions. Gone are the days when consumers and businesses easily adopted new technologies. Today, deliberation has replaced trust, making every vendor some level of assurance that its products and services are secure. The government shared the same concerns and introduced regulations requiring suppliers to enforce various safety regulations, sometimes with penalties for failing to do so.

Design engineers are also realizing that it will become increasingly difficult to secure embedded systems. The reason is that, as SOCs/MCUs become more powerful for complex real-time applications, they are beginning to transition to smaller form factor CMOS technologies (eg 16nm or 7nm) for faster speed and lower power consumption. But at the smaller size, there is currently no reprogrammable non-volatile memory (NVM) technology available. This has led to the de-integration of eFlash (the MCU’s embedded flash memory), which requires a naturally secure architecture and supports external flash memory. This requires special rules to ensure its safe operation.

Chapters II and III of this paper also analyze the challenges of designing secure embedded systems, including the challenges posed by the de-integration of embedded flash memory. Chapter 4 discusses next-generation architectures for securing embedded systems with secure flash memory.

II. Embedded flash memory faces de-integration

In response to growing security concerns, chip vendors have integrated hardware security module (HSM) functions into MCUs. The HSM resides in a secure processing environment with a hardware-based root of trust that protects sensitive data, processor state, bootloaders, encryption keys, and application security service code. Embedded storage (eFlash and RAM) is also an important part of the trusted perimeter of a secure processing environment and thus is sufficient to defend against common threats.

Off-chip storage (eg: external flash) is not inherently trusted and is vulnerable to persistent attacks. The countermeasure is generally to encrypt the data in the external flash memory, and then download it from the external flash memory to the RAM built into the MCU for decryption and verification before executing the code. This approach, while robust enough to defend against most attacks, leads to performance degradation (potential problems at startup) and cost (requires more built-in RAM and higher power), and may even still be vulnerable to Sustained attack (eg: rollback attack).

As MCUs are gradually applied to advanced technology nodes to improve performance, improve cost performance and reduce power consumption, the de-integration of flash memory may pose a greater threat, and some trusted storage challenges previously overcome in whole or in part by eFlash may Comeback. In addition, the threat environment created by the proliferation of embedded systems brings new challenges that are made even more difficult to overcome by the use of external flash memory.

The main threats that need to be addressed in order to secure external flash memory include:

• Emulate authorized data access for flash memory chips

• Tampering with what the flash chip stores

• Replay communication commands to parse the contents of the flash chip

• Setting up in an insecure environment to obtain keys

• Snooping (man-in-the-middle) attack on flash chip communication

• Expose (obtain or observe) the contents and keys of the flash chip via side-channel attacks or fault injection

• Electronically compromise the integrity of flash memory chips

• clone flash chip

To address these and other threats to external flash memory, effectively making it part of the trusted perimeter of a secure processing environment, the device must provide the following three capabilities:

Hardware-based root of trust that prevents modification, manipulation, duplication or other potential impact of attacks on stored code and/or data

Provides secure updates via the MCU or the cloud, using a combination of measures for end-to-end protection, including cryptographic authentication over the bus, secure enclave via read/write access methods, secure key storage space, and non-volatile anti-backup roll counter

Low cost, no additional security devices (eg: Trusted Platform Module), no board changes, including support for x4 SPI and x8 HyperBus standards .

Figure 1 shows how a specially designed secure flash memory (see Chapter IV) provides the three functions described above. In effect, Secure Flash externally extends the HSM functionality integrated in the MCU’s embedded flash memory via a standard bus. Note also that Figure 1 also shows how secure flash can replace normal NOR flash, thus continuing to use existing boards.

It’s worth mentioning that there are a few other advantages to using external flash, the first being that it can more easily accommodate increasing code lengths. Standard flash memory capacity specifications commonly used in embedded systems can support 1Gbit or even larger storage space, much higher than eFlash. External flash can also accommodate more CPU cores/load for the more intensive, real-time processing required by complex technologies such as machine learning, artificial intelligence, etc. These changes help simplify design and speed time-to-market, offering different models to better meet price, performance or other criteria.

III. Designing secure embedded systems with external flash memory

Whether using eFlash or external flash, designing secure embedded systems is an increasingly demanding task. This chapter highlights some important considerations to help guide design and development efforts.

Generally, a system designed for end-to-end security must have three main elements:

• Protection mechanisms to protect the integrity of code and critical data against deletion, alteration or destruction in any way

• Detection mechanisms to reveal when code and/or critical data have been altered in some unauthorized way

• Recovery mechanisms to restore the integrity of code and/or critical data that have been altered in some unauthorized way

Engineers design systems that are capable of addressing all threats that the STRIDE model has validated. The following table outlines this model, which provides a practical approach to understanding the various potential threats and how to use various security measures to counter them.

Security product design needs to establish a Trusted Execution Environment (TEE) based on the root of trust. TEE provides a means of verifying authenticity and integrity before using all components and subsystems. Some of the best ways to create this secure design are as follows:

• Implement a hardware root of trust to create a secure foundation

• Strengthen this foundation with authentication and encryption

• Securing the end-to-end value chain of all connectivity, network and cloud components

• Provides protection against side-channel attacks and fault injection techniques

• Conduct independent vulnerability and risk assessments of systems

• Continuous real-time monitoring of abnormal conditions

• Implement a response process (eg: security updates)

Figure 2 shows how the risk and cost are weighed when implementing a root of trust in a system. Software-based designs are expected to have the lowest cost and lowest security. Figure 2 does not show the indirect costs of insecure embedded systems, and these very real costs can easily demonstrate that a hardware-based design can maximize security.

The National Institute of Standards and Technology’s Computer Security Resource Center explains the advantages of implementing a root of trust in hardware: “A root of trust is a highly reliable hardware, firmware, and software component that performs certain critical security functions. Because a root of trust is inherently trusted, it must be They are kept secure by design. To this end, many roots of trust are implemented in hardware so that malware cannot tamper with the functionality they provide.”

Advances in technology continue to drive down the cost of ICs, and with it the cost of systems integrating new generations of ICs. This is also the case with external flash, where the advent of secure “smart flash” reduces the effort required to implement a root of trust in hardware and incorporate other necessary functions.

IV. Secure Flash: The Next Generation of Smart Storage .

Semiconductor manufacturers are trying to find embedded flash memory in small size, but no feasible solution has emerged. Small form factor RRAM and MRAM technologies have been extensively studied as alternatives to eFlash, but neither is currently feasible due to data integrity and cost challenges, especially for mission-critical applications requiring high temperature and high reliability. As of this writing, it is uncertain when (or if) these or other related technologies will deliver mass-produced embedded storage.

Changes are inevitable due to shrinking size, thus creating the need for new types of secure channels. In this channel, information exchange occurs between the HSM inside the MCU and the encrypted secure area of ​​the external storage device. A promising solution is to abandon the current practice of not integrating various types of storage into the processor, but integrating the processor into the storage IC, which is smart storage. Figure 3 shows how Secure Flash establishes an authenticated and encrypted secure processing environment with the host MCU.

This development of a new generation of smart storage has the potential to revolutionize the electronics industry. As far as embedded systems are concerned, technological development will be concentrated on NOR flash memory. NOR flash is ideal for non-volatile storage, storing code with persistence and fast random read performance.

Secure NOR flash, or simpler secure flash, provides hardware-protected secure storage of security keys, certificates, hashed passwords, application-specific data, configuration data, code version information, and biometric sensor data for authentication. Secure Flash also supports authenticated and encrypted transactions to prevent unauthorized access and other security threats.

In contrast, current state machine-based memory architectures cannot provide the same versatility and performance as embedded processors. For example, strong security requires strong encryption, which in turn requires strong processing power. The embedded processor also supports other security requirements, including HMAC key generation and storage and anti-rollback counters, and protects firmware, boot images, and system parameters from attacks.

Embedding processing power in the memory facilitates the integration of logic to add specific functionality and/or offload the system’s main SOC/MCU. For example, embedded processing enables the creation of a hardware root of trust that prevents modification, manipulation, and other security attacks on stored code and data. Alternatively, the processor can run various algorithms, including machine learning algorithms, on the raw data, and then store the results needed for other functions of the system.

In addition, new systems can be more easily certified against safety regulations that can be fully or partially certified by running code through smartly stored embedded processors. In this way, by simplifying the required design and development efforts, we can greatly accelerate the time-to-market of new products.

Figure 4 shows how flash memory with intelligent security built in meets the performance, reliability, security, and functional safety required by embedded systems. By using standard bus protocols including x4 SPI (QSPI) and x8 HyperBus, Smart Secure Flash can work with master chips to achieve the level of security required for demanding connected applications, while still being fully compatible with existing masters. control chip memory controller.

For mission-critical applications that do not tolerate failure, Secure Flash can ensure a safe boot of the system, record critical information, and expand working storage for critical functions. Examples of such “fail safe” applications include: advanced driver assistance systems (ADAS), portable medical equipment, factory automation, defense-grade sensors, and advanced wireless communication systems.

An important aspect of trouble-free is that stored code and data are encrypted to prevent alteration or destruction. With an integrated cryptographic engine and embedded processor, data can be stored in a secure manner. Implementing encryption and other advanced functions at relatively low incremental cost in smart secure flash is more feasible, given that the added logic gate count for storage is far less than that required for CPUs and specialized compute engines.

A hardware root of trust created by secure flash that provides a secure environment or integrates with the TEE provided by the secure MCU. A root of trust has a crucial role in ensuring that the system boots properly, ideally based on the Trusted Computing Working Group’s Device Identifier Composition Engine (DICE) standard. The secure boot process provides end-to-end protection by mutual authentication of the flash memory and the main SOC/MCU to ensure the confidentiality of all transactions traversing the bus. And because flash is smart, a proven boot process can be achieved in the less than 100 milliseconds required by some application areas.

The ability to safely update code to the latest version is another important aspect of the secure boot process. This requires ensuring that FOTA or other forms of updates are done without any tampering or damage, whether intentional or accidental. If any tampering is detected through version certification or otherwise, the backup feature can be used to restore code from a previously known valid (albeit downgraded) version. The same functionality can be used to protect any equipment configuration that may exist in a non-secure production facility or service center.

Embedded intelligence enables secure flash to handle other tasks in addition to protecting stored code and data. For example, support for the XIP function enables secure flash as a trusted environment to directly execute code, thereby reducing the load on the host MCU. This also reduces the amount of on-chip RAM required by the MCU, helping to reduce cost and power consumption.

The automotive and industrial automation markets are the first to adopt secure storage, driven by the most stringent safety and functional safety requirements. Because potential vulnerabilities in embedded systems can lead to remote attacks and ultimately threaten the safety of passengers or staff, the functional safety of a system cannot be achieved without ensuring strong security. Therefore, all semiconductor components for safety-critical applications, including external flash memory devices, must comply with the ISO26262 Advanced Driver Assistance Systems (ADAS) standard and the IEC 61508 Industrial Systems standard.

It is also important to continuously monitor the condition of field equipment, perform remote diagnostics and preventative maintenance. Flash memory devices are prone to several failure modes, including flash cell failures due to charge depletion or cosmic radiation, latency, power loss failures, etc., which must be addressed immediately to ensure better performance over a 20+ year lifespan. High reliability.

V. in conclusion

As an alternative to eFlash, smart and secure flash memory has been gradually accepted by people. As its process size shrinks below 28nm, the use of eFlash will become increasingly rare until it disappears completely. The chip can integrate eFlash, but the secure flash memory solution that integrates the HSM function is more advantageous. In both designs, Secure Flash can transfer code and data between the protected area and the HSM of the host MCU in a cryptographically secure manner over an industry standard bus.

It can be expected that designs with secure flash will become more common and even essential to meet evolving security needs. Today’s attacks are becoming more widespread and sophisticated, regulations are expected to become more stringent, and increased automation will further increase the importance of security and functional safety. To meet these evolving needs while maximizing time-to-market for new features, design engineers will increasingly rely on the convenience that only smart secure flash can provide.

About the author

Sandeep Krishnegowda is the product director of Cypress Semiconductor’s Flash Memory Business Unit. He has worked in Cypress’s Memory Products Group for over a decade in various engineering, management and marketing roles. He holds a master’s degree in electronics and communications from Rensselaer Polytechnic Institute, and a bachelor’s degree in electronics and communications from Wess Tech University.