Atmel START Development Tool
advertisement
Interview with Paul Pickle – President of Microsemi ARM Delivers the Future of Authentication › Atmel START Development Tool › Safeguarding the NOVEMBER, 2105 IoT Microsemi Secures the World’s Embedded Systems CONTENTS Embedded Developer EDITORIAL STAFF Content Editor Alex Maddalena amaddalena@aspencore.com Digital Content Manager Heather Hamilton hhamilton@aspencore.com Tel | 208-639-6485 Global Creative Director Nicolas Perner nperner@aspencore.com Graphic Designer Carol Smiley csmiley@aspencore.com Audience Development Claire Hellar chellar@aspencore.com Register at EEWeb http://www.eeweb.com/register/ 4 6 10 12 16 28 Your Guide to Embedded MCUs and Development Tools. Published by AspenCore 950 West Bannock Suite 450 Boise, Idaho 83702 Tel | 208-639-6464 Victor Alejandro Gao General Manager Executive Publisher 34 NEWSWIRE On the Floor: The 2015 Altera SoC Developers Forum TECH TRENDS Tap Tap Tech: Screen Technology PRODUCT WATCH Inside the Lab Overview: DragonBoard 410c Atmel START Development Tool TECH REPORT ARM Delivers the Future of Secure Authentication INDUSTRY INTERVIEW Safeguarding the IoT Interview with Paul Pickle – President of Microsemi EEWEB FEATURE Littelfuse Helps Circuit Designers Protect Small Devices from Big ESDs 10 12 28 34 Cody Miller Global Media Director Group Publisher Glenn ImObersteg Publisher Embedded Developer, LLC embeddeddev Everything you’re looking for in one place. w w w. e m b e d d e d d e v e l o p e r. c o m EEWeb 3 3 NEWSWIRE Embedded Developer Newswire The Altera SoC Developers Forum (ASDF) is a place for developers to connect and discuss the future of SoC FPGA technology. 2015 Altera SoC Developers Forum With the rising demands of new, complex applications that drive technological advancements, the face of the industry is undergoing a transformation. Data-driven applications are sustaining Moore’s Law at a healthy rate, but the development costs are soaring, preventing many from developing their own silicon. To combat these costs, heterogeneous computing—a combination of embedding processing accelerated by FPGA fabrics—is proving to be the best solutions in many different markets. This year’s ASDF event offered developers a chance to sit in on keynote addresses and lectures on the latest industry challenges and trends. From the computing systems behind selfdriving vehicles to high-end, wireless audio equipment systems—the event offered engineers a chance to see, first hand, the types of new and exciting applications that are directly benefiting from SoC FPGA systems. Audi A7 Sportback piloted driving concept 550 mile piloted drive from Silicon Valley to Las Vegas —Photo courtesy Audi 4 Bradley Howe, Senior VP of Altera, was at the event and spoke to EEWeb about some of the unique demonstrations he saw. “Audi’s keynote gave an overview of their prototype self-driving A8, which drove from the Bay Area to Las Vegas recently,” Howe explained. “[The car] aggressively employed auto-parking, lane changing, and auto-stop…the automotive industry has been a lot of fun to watch, especially if you are interested in cars.” Click the image below to watch the full interview with Bradley Howe: CLICK To learn more about the 2015 ASDF Event, visit: https://www.altera. https://www.altera.com/events/ com/events/northamerica/alteranorthamerica/altera-socsoc-developers-forum/overview. developers-forum/overview. highResolutionDisplay.html highResolutionDisplay.html 5 TECH TRENDS Embedded Developer TapTapTech SCREEN Technology I n this edition of Tap Tap Tech, we’re going to discuss screen technology. In my own, personal claim to fame, the first all electronic television was invented by a family member – my great grandfather’s cousin, Philo T Farnsworth. In 1927, at the age of 21, Philo successfully demonstrated the basic underpinnings of the cathode ray tube television, which begs the question—what have I done with my life? Sponsored by By Josh Bishop 6 7 Embedded Developer Anyway, cathode ray tube displays have been slowly fading out of use over the last decade but it had been the undisputed leader for over eighty years, though with many improvements in that time. Now, though, flat screens have dropped significantly in price and are everywhere as computer monitors, television screens, phones, watches— basically everything that needs to display information. But the new flat screens operate on a significantly different principle than the old style CRT and there is even quite a bit of difference how the flat screens work among themselves. CRT screens basically shot an electron gun at a phosphor-coated screen. The electron gun shoots the electrons, an electromagnet around the gun steers the electrons to hit the appropriate place on the screen, causing the phosphor to glow. LCD screens, on the other hand, are simply a matrix of red, green, and blue dots that, depending on whether or not a voltage is flowing through them, allows light through them. Now, I’ve noticed a lot of confusion between LCD displays, LED displays, and OLED displays. So, let’s get this straight. LCD displays, in all their forms, are backlit. The LCD portion simply allows 8 the backlight through or blocks it—it doesn’t create any light. When you hear about LED displays, they’re talking about switching the backlight from fluorescent bulbs to LED. This, in general, gives a more even lighting and is more energy efficient, but that’s about it. OLEDs, on the other hand, are completely different. The sources of color are the same sources, they’re basically grids of incredibly small, colored LEDs. This means that when you want black, you turn off the light source instead of trying to block it, meaning much darker blacks. They’re also more energy efficient, allow thinner screens, feature fantastic viewing angles, have orders of magnitude faster refresh rates than LCDs, are easier to flex, and have actually dropped in price to merely extremely expensive levels instead of insanely expensive. This may be an incredibly brief overview of screens, but it’s obvious that screens have come an incredibly long way from their inception and that both size and resolution are not everything. And while I am currently highly impressed with OLED displays, I will admit that in twenty years, I’ll probably laugh at this clunky, outdated technology compared to the incredible images our overlords transmit directly into our brains. Your Circuit Starts Here. Sign up to design, share, and collaborate on your next project—big or small. Schematics.com Click Here to Sign Up PRODUCT WATCH Embedded Developer INSIDE THE LAB Inside the LAB DragonBoard 410c Inside the Lab is a webseries sponsored by Arrow Electronics dedicated to exploring the latest in technology and electronics. In this episode we’ll introduce you to Arrow’s DragonBoard 410c, a development board for Qualcomm’s Snapdragon 400 series of SoCs. Sponsored by Arrow Electronics 10 THE DRAGONBOARD 410C OPERATES ON ANDROID AND LINUX, WITH PLANNED SUPPORT FOR WINDOWS 10, SO THE USER CAN DEVELOP FOR ALL THREE PLATFORMS USING A SINGLE HARDWARE PLATFORM. The DragonBoard complies with the 96boards consumer edition specification and is based on the Snapdragon 410, which features a quad-core ARM Cortex A53 running at up to 1.2 GHz and a Qualcomm Adreno 306 MHz GPU. The Cortex A53 is capable of running 64- and 32-bit code, and the Adreno GPU offers support for OpenGL 3.0 ES, OpenCL, and DirectX. Additional features include an integrated ISP supporting up to 13MP cameras, and playback and capture of 1080p/30fps video. The SanDisk eMCP supplies 8GB of eMMC for storage and 1GB of DDR3L memory, and the Qualcomm WCN3620 and onboard antennas provide GPS, Bluetooth, and WiFi connectivity. Expansion options include a high-speed connector, a low-speed expansion connector, and an analog expansion connector. Connectivity includes a microSD slot for storage, USB on-the-go, USB, and HDMI, with connectors from FCI. The DragonBoard 410c operates on Android and Linux, with support for Windows 10, so the user can develop for all three platforms using a single hardware platform. Arrow’s DragonBoard 410c brings a tremendous amount of processing power and integrated connectivity in a tiny footprint and is great for developing nearly any embedded or maker project you can imagine. For more information, as well as video demonstration of the DragonBoard 410c, visit “arrow. com”: https://www.arrow.com/en/ research-and-events/videos/insidethe-lab-dragonboard-410c. CLICK CLICK 11 Embedded Developer PRODUCT WATCH Atmel START Intuitive Online Tool for Embedded Software Projects Atmel START is a web-based, code configuration engine that helps users graphically configure and deploy embedded software, low-level drivers, middleware example applications, and reference designs. 12 13 PRODUCT WATCH Embedded Developer Atmel developed this tool to help users configure their MCU projects that take the foundational code that typically takes up so much of the development time. With this web-based tool the user can choose an MCU and select I/Os, choose clock parameters, and add potential peripherals, and it will automatically create the code. This will jumpstart the process for developers by eliminating the arduous code generation process at the beginning of most MCU projects. Through the Atmel START tool, you can go through three steps in the project creation process. First, you can select a pre-existing or custom board from Atmel’s catalog. In this step, Atmel offers detailed information for each board so the user can familiarize themselves with the different parameters and ideal uses. Atmel START also offers example projects for the user to see a project in its final stages to see the process from start to finish. These sample projects can also be reconfigured for other boards, so the user can see how a similar project would turn out with a different board selection. Once Atmel START project loads the pads, pins, and modules, it will appear on a graphic user interface for further editing. By using the dashboard, the user can select different aspects of the MCU operation for more detailed editing. The tool also allows you to add a software component to look at code generation and peripheral setup. Virtually every aspect of the project can be edited through an advanced GUI interface, such as pin designation and component add-on functionality. Once all the parameters are selected, the user can export the software components in a pack. Since the Atmel START is an online tool, each step of the process can be added to the cloud, which allows for remote teams to work on the same project no matter where they are. It also saves the project at every step of the process so the engineer can retrace their steps and find the source of any problems that may arise. Atmel painstakingly researched, tested, and 14 Click the image below to watch a video demonstration of the Atmel http://www.eeweb.com/blog/ START Tool: http://www.eeweb.com/ eeweb/atmel-start-overview blog/eeweb/atmel-start-overview CLICK VIRTUALLY EVERY ASPECT OF THE PROJECT CAN BE EDITED THROUGH AN ADVANCED GUI INTERFACE, SUCH AS PIN DESIGNATION AND COMPONENT ADD-ON FUNCTIONALITY. Code generator Clock configurator Pin configuration developed ways to ensure the MCU development process is streamlined, so engineers can get an easier start to the project and boost time to market for any type of design. Add software components 15 TECH REPORT Embedded Developer In 2014 ARM’s silicon partners shipped more than 2-billion ARM® Cortex®-A processor based applications into phones, tablets, DTV and other smart connected devices. These devices are increasingly being used to access cloud-based services and for highvalue use cases such as payment and Securing the Future of Authentication ARM delivers the hardware foundations for simple and strong authentication handling of corporate or government information. To protect system assets from attack, modern ARM platforms use a combination of technologies: from the Cortex core Hypervisor mode, to the ARM TrustZone®-based TEE and tamper proof security processors or secure elements protected with ARM SecurCore® processor IP. This multilayered or compartmentalized approach increases overall system security and provides the right level of protection that goes beyond the operating system to the By Rob Coombs, ARM 16 different assets within a mobile device. 17 TECH REPORT Embedded Developer The TrustZone based TEE was designed to deliver enhanced security from scalable software attacks and common hardware attacks (so called shack attacks) at a lower cost to the market. Its architecture provides isolation between the normal world (Rich Operating System and Applications) and a hidden secure world that can be used for sensitive operations such as crypto, key management and integrity checking. It has become an important hardware security layer for device manufacturers that they have been developing and standardizing over the last ten years to protect valuable system assets. The TEE is standardized by GlobalPlatform, click here for linkwho have created a compliance and certification program so that independent test labs can check that platforms are protecting against the threats identified in the protection profile. GlobalPlatform have white papers click here for link discussing the TEE: this white paper has been written to add information to their documents covering the FIDO use case and ARM TrustZone technology. The move to password-less login using biometric authenticators is being accelerated through standardization by the FIDO Alliance. FIDO protocols such as Universal Authentication Framework (UAF) enable local user verification with multiple authenticators such as fingerprint sensors, iris scanners or PIN entry replacing the traditional username and password. It is often said that security is a chain where security relies on a sequence of 18 linked processes. Using this analogy, the first link is secure hardware that can be isolated using TrustZone technology from the normal world rich execution environment and be the basis for trusted boot. Trusted boot initializes the Trusted OS and therefore the TEE before booting the normal world OS. With the TEE established, a FIDO Trusted App can be provisioned to look after key material, crypto and other sensitive operations. This document looks at why the TrustZone based TEE architecture is an excellent fit to the FIDO security requirements and its role as the de facto base-line security technology used in smart devices with integrated authenticators. The FIDO UAF Password-less Experience The consumer with a FIDO enabled smart device can register once with their favorite online shopping site or bank. During the registration process the device creates a public and a private key that is specific to the combination of user, his/her device and the relying party. Subsequent visits to the online store then become much easier for the consumer as they can replace the usual username/password authentication step or confirmation of purchase with a quick swipe of a finger or entering a simple and memorable PIN code [Fig 1]. No common user information is shared by the FIDO protocol as its implementation cannot leak private user information. As the relying party only holds the public key it cannot be used directly by hackers to take over accounts if the website’s servers are hacked (currently a major problem in the industry). Overview of FIDO and the FIDO Alliance The FIDO alliance comprises more than 180 members covering the whole value chain from major silicon partners (such as Qualcomm), device manufacturers (such as Samsung and Lenovo), operating system companies (such as Microsoft and Google), FIDO server providers (such as Nok Nok Labs) and relying parties (such as Bank of America and PayPal). It develops technical specifications and certification programs to fulfill its mission to enable simpler, stronger authentication. FIDO protocol design is driven from a desire to improve the ease of use of authenticators, built-in privacy, security by design and drive standardization so that relying parties can use any FIDO compliant authenticator. Final FIDO 1.0 specifications are availableclick online here and comprise of two alternative user experiences: Universal Authenticator Framework (UAF) provides a passwordless experience for devices such as smartphones with built-in authenticators and Universal 2nd Factor (U2F) for a dongle that helps protect traditional username/password against phishing attacks. Work is ongoing to have a unified standard for FIDO 2.0. Relying parties have been using username and passwords for years but it has proven to be unsatisfactory to both consumers and businesses as passwords have many problems. Consumers like to choose weak passwords or reuse them across websites making it easier for hackers to take over accounts. If they are forced to choose complex passwords, they forget them and transactions may be abandoned. Worse still, passwords are easily phished by scam emails allowing financial fraud on a massive scale: to take one example, Kaspersky click here estimates that a phishing gang stole $1B from a number of banks last year. Businesses sometimes require use of a second factor such as a One Time Password (OTP) token that typically provides a code to be used alongside the username/password. The often proprietary nature of these tokens has filled consumer’s pockets and drawers with hardware: you might have one OTP token for your bank, another for your work email and others for other service providers. Another issue for relying No common user information is shared by the FIDO protocol as its implementation cannot leak private user information. Fig. 1. A simple FIDO user experience 19 TECH REPORT Embedded Developer The TrustZone security extensions work by providing the processor with an additional ‘secure state’ that allows secure application code and data to be isolated from normal operations. 20 parties using traditional authentication is the need to hold private keys for each customer. These massive databases of credentials create a “honeypot” for hackers who can steal millions of consumer’s individual credentials with a single well designed attack. This creates reputational risk for big brand companies who may have to admit to a security breach and ask its customers to quickly reset their passwords. is generated on the device for every combination of user/device/relying party. For an overview of the FIDO 1.0 specifications please seeclick here.here FIDO mitigates the problems with traditional usernames and passwords and creates a more delightful consumer experience at the same time. For example, on a modern Samsung Galaxy device it is possible to log onto websites or pay for things using your fingerprint. This simple user experience is enabled by FIDO UAF protocol replacing the username/password with a built-in authenticator such as a fingerprint sensor that unlocks a private key on the device that is used in a crypto challenge with the remote server (which holds the public key). The relying party also gains metadata providing some basic information such as the type of authenticator, key protection mechanism used and model of device that can be used in back-end risk analysis. However, no biometric, PIN information or private key is exchanged with the online server. This “Privacy by design” aspect of the FIDO protocols provides added protection to the consumer who is less likely to be troubled by security breaches of the stores’ server. The crypto challenge is based on well-established Public Key Cryptography principles involving the use of a public/private key pair that 3. To maintain the confidentiality and integrity of sensitive processes The FIDO security requirements can be summarized as: 1. To ensure the integrity of the device 2. To keep key material confidential from unauthorized access Threat Landscape Attacks on devices can come in many forms, from malware to social engineering, theft or physical loss of the device, or improperly secured devices either through misuse or by users jail-breaking their devices. Attacks can be performed by many different methods, and malicious software can be installed by conventional means such as through a rogue app store, via social engineering, trojan or by other attack vectors such as via the browser. When malware is present on a device it has the potential to escape its sandbox or process permissions and any data held or input into the device can then become compromised. Alternatively, if an attacker can gain physical access to the device, further attacks become possible. If the attacker can access the file system of the device, they can potentially steal data. If the data is encrypted, the attacker could copy the data off the device and perform an offline attack on the encryption. Whilst software attacks are often the main threat, it is important to remember that physical attacks such as opening the device and probing the board become possible if the attacker possesses the phone. The design of security architecture conventionally relies on two basic concepts: the principle of least privilege, and the partitioning of the system into protected compartments. For example, the TrustZone based TEE is normally designed to maintain its isolation even if the Normal World has been compromised. A malicious hacker may take over the Normal World and spy on communications to the TEE, but the Trusted World will retain its integrity and confidentiality. TrustZone and the Trusted Execution Environment GlobalPlatform standardizes the TEE [Fig. 2] and generates specifications, compliance programs and certification schemes. They have created white papers providing an insight into the TEE and how it can provide confidentiality and integrity for services such as payment, content protection and dual- persona devices. For the purposes of brevity, only a short description is provided here. A TEE provides a secure enclave to protect sensitive code and data with the security promises of integrity and confidentiality, for example, a malicious application should not be able to read the private keys stored on the device. The TEE is designed to protect against scalable software attacks and if someone has stolen your device, from common hardware attacks sometimes referred to as “shack attacks” (attacks from a knowledgeable attacker with access to normal electronic enthusiast type of equipment). The TrustZone-based TEE provides a “Secure World“ where the security boundary is small enough to offer a route to certification and provable security. It is typically used for securing cryptographic keys, credentials and other secure assets. TrustZone offers a number of system security features not available to the hypervisor: it can support secure debug, offer secure bus transactions and take secure interrupts directly into the Trusted World (useful for trusted input). There is an argument to restrict the amount of security functionality in the trusted world to limit the attack surface and make certification a practical proposition. The TrustZone security extensions work by providing the processor with an additional ‘secure state’ that allows secure application code and data to be isolated from normal operations. This partitioning enables a protected execution environment where trusted code can run and have access to secure hardware resources such as memory or peripherals. Conventionally, the Trusted World is used with its own dedicated secure operating system and a trusted boot flow to form a TEE that works together with the conventional operating system, such as Linux® or Android™, to provide secure services. 21 TECH REPORT Embedded Developer Fig. 2. TrustZone can provide the hardware partitioning for a TEE and access to secure resources Security is as strong as the weakest link in a chain of trust. The starting point of the chain is the Root of Trust (ROT) that is normally implemented in hardware to protect it from modification. Mobile device integrity starts by resetting into Secure World and booting from immutable hardware in the form of a Read-Only Memory and accessing trusted hardware resources such as hardware unique key, random number generators, counters, timers and trusted memory. A carefully designed authenticated trusted boot flow is the basis for device integrity. The Trusted OS is started as part of the trusted boot flow before the Normal World Rich OS is booted. Specific Role of the TrustZonebased TEE in FIDO Implementations The TrustZone (Secure World) based authenticated trusted boot flow and hardware ROT provides the basis for device integrity (a reference implementation of trusted boot can be found here). The Trusted OS can provide click here trusted services for the FIDO protocol, for example, handling cryptography and user matching algorithms in a hardware protected execution environment. In a typical implementation, nearly all of the FIDO stack will reside in the normal world and only small security sensitive functions are moved into the TEE. The code moved to the TEE is referred to as a Trusted App as it benefits from the security promises of confidentiality and integrity. This partitioning builds in resistance to scalable attacks. A major use case of the TEE is to provide a secure key store. Since nonvolatile memory is rarely found on an applications processor, FIDO keys are encrypted in the TEE with a hardware unique key burned into the chip. This encrypted and wrapped key is then stored in external memory for storage between boots. Keys would only be decrypted and used within the TEE and never accessible to the Normal World. A FIDO Trusted App could include the functionality for biometric template storage and matching. This could be handled in a similar way to the storage of crypto keys i.e., encrypted and wrapped within the TEE and stored in external non-volatile storage. The TrustZone-based TEE provides solutions to the FIDO security requirements: 1. To ensure the integrity of the device: This is achieved using hardware roots of trust and a TrustZone isolated authenticated trusted boot process. 2. To keep key material confidential from unauthorized access: 3. The system-wide hardware isolation provided by the 22 TrustZone architecture extensions enables a small, security certifiable TEE to handle key materials. FIDO keys can themselves be encrypted using strong cryptography and fused Hardware Unique Keys. 4. To maintain the confidentiality and integrity of sensitive processes: The TEE provides the security promises of integrity and confidentiality. Typically, small parts of the FIDO process will be statically partitioned into the Trusted World and run as a Trusted Application. Please see the Future enhancements section for future devices with a Trusted User Interface (TUI). 4. To maintain the confidentiality of sensitive input data: TrustZone enables interrupts from input devices (such as authenticators) to be steered directly to the Trusted World where trusted device drivers can handle them. For example, the TEE can handle touch events from a touchscreen during PIN capture or interrupts from a fingerprint sensor and separate it from malware in the normal world that would not be able to intercept it. When the PIN capture or other input is complete the interrupts can be switched back to the normal world. A FIDO Trusted App could include the functionality for biometric template storage and matching. 23 TECH REPORT Embedded Developer 5. Protection of sensitive display data: TrustZone can be used to protect a Trusted World frame-buffer and its composition. This enables a “what you see is what you sign/buy” feature since the frame-buffer cannot be intercepted, modified or obscured. Future Enhancements GlobalPlatform has developed a protection profile for the TEE that is being used as the basis for a security certification program. Multiple test labs are establishing programs to test platforms and evaluate the effectiveness of the TEE they contain. Independent testing will assure device manufacturers of the quality of solutions that may be beneficial to the whole value chain. Security certification is expected to be available from the second half of 2015. Modern ARM-based chips are making increasingly sophisticated use of TrustZone technology. One example is the use of a TUI to protect touchscreen inputs and the display of protected frame buffers [Fig. 3]. It is possible to have peripherals that can switch between normal world and secure world: the touchscreen and display are examples where this might be beneficial. In PIN capture mode the TEE may want exclusive trusted access to the touchscreen which can be returned to the normal world when PIN capture is finished. The Display Processor may be acting as a compositor for the various graphics layers and required to display trusted data from the Secure World to ensure “what you see is what you get/sign”. Trusted display data can be generated in a (TrustZone) protected frame buffer and composed as a secure layer with protection against overlay. Adoption of the TUI is expected to increase when standardization from GlobalPlatform is completed. system integrity checks. As secure elements do not have access to an input method or display it can be beneficial to establish secure communications with the secure element from the TEE. GlobalPlatform is working on the standardization of communication between a secure element and the TEE. Conclusion In the future we can expect further improvements. Device manufacturers and silicon partners will have the option to have their TEE’s security certified by independent test labs. We can also expect TrustZone technology to be extended to cover touchscreen input (for protecting PIN entry) and display output providing a “what you see is what you sign/buy” capability. The TrustZone-based TEE delivers effective system security at low cost for FIDO implementations. A well-designed TEE provides a suitable level of security for FIDO based implementations and is a huge improvement over the username/password normal world methods it is replacing. FIDO based authentication is already deployed at scale and looks set to become an industry success story by helping consumers move beyond passwords. The TrustZone-based TEE demonstrates that when security is well architected it can deliver delightful user experiences. It is possible to have peripherals that can switch between normal world and secure world: the touchscreen and display are examples where this might be beneficial. In addition to the TrustZone-based TEE, a modern mobile device may have a number of secure elements owned by different parts of the value chain. The SIM card may be owned by the operator, the OEM may have its own SE and the OS may require access to a SE for holding keys or performing Fig. 3. TrustZone-based TEE with FIDO Trusted App, Trusted User Interface & encrypted channel to a secure element. 24 25 MYLINK MYLINK Embedded Developer INDUSTRY INTERVIEW Microsemi Secures World’s Embedded Systems New Security Solutions Safeguard IoT Vulnerabilities Interview with Paul Pickle – President of Microsemi Microsemi is a global, broadline supplier of semiconductor solutions. The company has roots in the aerospace and defense markets—areas that require high-reliability solutions. Recently, the company has made significant strides leveraging their core competencies in the communications sector, as more and more devices become interconnected. Microsemi’s value proposition of low power, security, reliability, and performance has proven to be beneficial for securing the Internet of Things (IoT), which has been widely overlooked in its development stages. EEWeb spoke with Paul Pickle of Microsemi about some of the key security hazards and vulnerabilities within the IoT and what the company is doing to secure it. 28 29 INDUSTRY INTERVIEW Embedded Developer We were investing in security knowing that it was going to become critically important in the future. As we become more dependent on the IoT, the liability of these security issues grow exponentially. How does Microsemi’s experience working in the military and defense industries help in the migration towards the IoT to help stop data breaches? Even if companies begin to focus solely on security when developing IoT, do you think they can ever be completely secure? Security is a big-picture view that we value. If you think in terms of threat mitigation, it doesn’t come down to one particular aspect like encryption, software, or hardware. It really comes down to taking a holistic view—security has been a big issue the past five years, but there hasn’t been a real appreciation for what exactly that means. We were investing in security knowing that it was going to become critically important in the future. The military and defense contractors certainly understand the importance of security and our work with government agencies in terms of cryptographic techniques and countermeasures gives us a great knowledge base to apply to IoT. Physical, software, and encryption capabilities were imperative to our operations in the military fields, and then we began looking at component exploits and we realized there was work that needed to be done in terms of making sure there were fewer attack vectors. We previously built all of these tools that our customers could use as one-offs, but we started recognizing that the rest of the world needed somebody to bring a more holistic view to security—it couldn’t be an afterthought, which is typically how it had been done in the past. 30 Do you believe the IoT has brought these security issues to the forefront? It definitely has. People view the IoT as a new emerging trend, but connected devices have been out there for quite awhile. While we haven’t always called it IoT, when you look at the number of deployed connected devices in the industrial space, it is a staggering amount. Our security issue is that we have been designing systems for intended functionality for years, but we are just now starting to become fully aware of what happens if we purposefully command a system to do something that was not intended. For example, putting an assisted “Park” function in a car sounds like a great idea, but when they were designing those systems for the car, they never really thought about someone maliciously using the assisted “Park” function in order to make the car to do an abrupt left turn traveling down the highway. While there are lots of protection mechanisms to make sure the system doesn’t malfunction like that under normal operation, nobody ever really thought about a scenario where someone intentionally circumvented the protections in order to make something unintentional happen; if they did, they would have designed things differently. We don’t know what we don’t know. Hacking is an innovative process at the heart of it—you can design a system and someone will find a way around that system. Theoretically there are elements of security that seem completely secure like some cryptographic schemes because the numbers are so large it would take computers forever to find a key by brute force, but they are meaningless if the key can be easily extracted by other means. For example, we had a researcher in England who claimed to have found a backdoor in one of our devices using a form of a technique called side-channel analysis to extract a cryptographic key. The device had been on the market for about ten years and was frequently used in military systems and missiles because of its security features. In this device Microsemi utilizes two keys—one is a key that the user chooses, and the other is set at our factory. While it wasn’t really a backdoor that could be used by any one entity to circumvent a user’s device that was accessed, if a user had both keys they could gain access to a test facility on the chip. Obviously we never intended for an unauthorized user to gain access to the factory key, but the researcher found that he could extract it given enough time and physical access to the device using a newly developed piece of technology. In reality there were other security modes that the device could be put in to thwart the hack, but he did demonstrate that newer technology could circumvent older technology. The point is that ten years ago we didn’t envision side-channel analysis as a possible method to extract keys, and while our latest devices are protected against this type of attack it demonstrates that Cyber security and cyber threats will end up progressing and become sophisticated enough so that what we develop today can be circumvented down the road, so it is really hard to say that something will be 100-percent secure. In addition, IoT devices have inherent security disadvantages: they have power budgets, computing budgets, and cost budgets. If a device is on the very edge of the network that is taking sensor input, they do not have a whole lot of computing power that can be dedicated to security functions. If they are a sensor function, they have to be cheap, meaning that the budget allocation won’t all go to security features. It is impractical to think that a device Cyber security and cyber threats will end up progressing and become sophisticated enough that what we develop today can be circumvented down the road... 31 INDUSTRY INTERVIEW Embedded Developer One glaring problem with standards is that once you define one, people will know how you approach security and start looking for ways around it. like that will be completely secure and unhackable, which means that the mesh network connected to it will always have to test the messages that are being sent back from whatever is connected to it. Could you tell us about the Security Center of Excellence (SCoE) and its initiatives? It is a daunting task to approach security, and if we are going to drive secure solutions going forward, we have to bring everybody together to look at the problem a little differently. An ideal goal should be to build devices with security as one of the goals as opposed to just intended functionality. The other part of threat mitigation is we have to think in terms of assuming that somebody can get into the system or onto your network. Given that, we have to take the approach mitigating threats on a real-time basis. We want to approach the problem a little bit differently. The SCoE is about taking all of the tools we have developed over the years in all different areas— software, hardware, and system—and provide a service that is essential to implementing security standards. One glaring problem with standards is that once you define one, people will know how you approach security and start looking for ways around it. We are putting together sets of standards with 32 the services that we provide in order to drive security in the right direction. It is tough to convince people that they need to pay for a preventative measure, but I think it will soon become obvious that this is something we need. As we engage with customers, we end up making better products and offering better services. More importantly, it will push IoT devices past the threats that are already becoming apparent. We offer threat penetration testing to determine if a client’s product is vulnerable and work with data engineers to make sure the client’s devices are as safe as possible. Threat mitigation is something we already do, so it is really a matter of taking what we have learned, commercializing it, and making it cost effective enough to bring to a broader market. Customers have to understand that they need security and I stress that because there is a cost component, which can be a deterrent at first. Security is a capability that we have, not necessarily a product, so we have to engage with our customers to understand what solution is right for them. our own R&D efforts to build better products with security built into them. To make security threats mitigation better. I expect that through the SCoE, we will have recommendations that will include Microsemi products, but remember that security solutions is an independent service that we provide. If participants want us to tell them how to make someone else’s components or systems better, we will absolutely do that. There are even certain techniques that they can employ to implement security without adding additional components. A critical thing to mention is Root of Trust, which is something that not a lot of people address very well. We are going off and looking specifically at physical uncloneable function (PUF) or similar techniques that would give systems a unique fingerprint. This is something that we should be able to develop cheaply enough in high-volume components. With that, we can enable systems to be recognized as trustworthy. Trusting the identity of connected systems would go a long way for security, though we still have to make sure that the software is not compromised. If it is not an afterthought, I think we can continue to drive in a direction where we economically provide solutions at the right level of security. We offer threat penetration testing to determine if a client’s product is vulnerable and work with data engineers to make the client’s devices are as safe as possible. Do you have any plans in the future to expand the SCoE? The SCoE serves primarily as an educational center for customers. However, we will absolutely continue 33 EEWeb FEATURE Embedded Developer Littelfuse Helps Circuit Designers Protect Small Devices from Big ESDs 34 T hough the value of good protection is becoming a more common consideration in the minds of circuit designers these days, it wasn’t long ago that the circuit protection industry still had a lot of work to do in proving its worth. Thankfully, things have certainly improved, and much of the progress has been led by major protection component providers like Chicago’s Littelfuse, Inc. But, as the company’s representatives imply, there’s still a lot for the field to accomplish in making devices more reliable through better protection from a host of unpredictable electrical forces. 35 EEWeb FEATURE Embedded Developer WE THINK IT’S VERY IMPORTANT TO HAVE OUR SIGHTS ON FUTURE TECHNOLOGIES THAT WILL BE APPLICABLE TEN TO FIFTEEN YEARS OUT SO WE ARE BEST PREPARED TO SERVE OUR CUSTOMERS’ CIRCUIT PROTECTION AND POWER CONTROL NEEDS. Today, when stalwart companies like Littelfuse define themselves by a focus on circuit protection, most engineers still think only of basic protection components like fuses and breakers. But the company’s advanced approach to the technology of protection has taken them surprisingly far, not only in standing at the top of the traditional protection component market but in developing and marketing advanced, semiconductor-based protection devices for the complex and demanding standards of a world run by an increasing variety of microprocessors, systems-onchips (SoCs) and other delicate chipsets. With more than a decade in circuit protection and five patents to his name, Chad Marak, Director of Semiconductor Business Development at Littelfuse, clearly thinks a little bit differently than the average engineer. Joining Littelfuse as an analog design engineer in 2007, Marak’s current responsibilities include strategizing the growth of some of the company’s protection product lines and seeking out new technologies to invest in for future growth. He received his BSEE at Texas A&M University before continuing his education. Marak has been involved with introducing the details of circuit protection, still a field that is not covered extensively in traditional electrical engineering programs, to a whole new generation of engineers through a series of educational engagements including one at his alma mater. “As the microprocessor chipsets become smaller and faster, it’s important for engineers to understand the critical value 36 and importance of circuit protection, specifically at the board level to protect more sensitive systems,” company representatives outline. Marak echoes this, saying that “around fifteen years ago, it was much more difficult to convince people that circuit protection from things like electrostatic discharge was an important priority. As processors have become more complex in the era of SoCs, and as the undesirable results of marketing unprotected circuits have certainly made themselves known, the obvious importance of circuit protection has become much more widely known and now stands as a big concern for designers.” With next-generation protection now taking a bigger role in the design process, Littelfuse five to ten years out continues to develop an impressively thoughtful approach to making the most of what the circuit protection industry has to offer. Being an engineer himself, Marak also feels that he brings a knowledge of products and the state of current developments in the field to the table, which allows some unique insight into where the company’s efforts might best be invested to keep them at the forefront of protection. “We think it’s very important to have our sights on future technologies that will be applicable ten to fifteen years out so we are best prepared to serve our customers’ circuit protection and power control needs,” he explains. It may seem like a particularly new technology on the rise, but in fact, Littelfuse first entered the semiconductor protection market in the late 1990s. Today, the company continues to look at the future of circuit protection increasingly on the silicon device level, as well as on keeping pace on the level of familiar passive protection components. Providing a host of what Marak refers to as advanced “overvoltage protection components,” the main product lines at Littelfuse are all differentiated by application, by the level or type of transient they are meant to protect against, and by some other basic design aspects, giving the company an unusually diverse roster of options from which designers can choose. First, Marak details, is the company’s updated take on the TVS diode, which provides essential surge protection for almost any kind of electronic device that consumes power. “As a transient comes down the line, the possibility of an overvoltage event is mediated by the diode, which is triggered and shunts any excess power to ground,” he explains, pointing out that “these components are a bit bigger relatively speaking and ultimately designed to handle a general variety of threats that electronic equipment experiences on a daily basis.” TVS diode arrays, on the other hand, which represent the next distinct line of components from Littelfuse, are “very small form-factor designs, on the order of tenths of millimeters, which allows Littelfuse to offer devices as small as 0.45x0.25mm.” These devices, Marak says, are more specifically geared toward protection from the specific threat of electrostatic discharge (ESD), and designed to meet some of the most demanding form-factor requirements in the market. “ESD is a very short-lived transient with a very high voltage,” he describes, “and can be very damaging to the common integrated circuit (IC) in an increasing number of everyday devices.” iDesign Tool HELPING SAVVY DESIGNERS PROTECT AGAINST ESD Most electronic devices include ESD protection circuitry to guard against ESD events the device can be expected to encounter. Typically, the design engineer selects these ESD protection devices based on the rated protection voltage listed on the data sheet, includes the part in the design, and everything is fine. But sometimes a device will fail ESD testing at a voltage lower than it is rated for, or maybe a customer experiences an ESD failure. This often leads to frustration and confusion with little or no answers to the question: “Why did the ESD protection fail?” The answer is not always simple, but Littelfuse has incorporated comprehensive simulation capability into their iDesign ESD selection tool. The data presented is not based simply on data sheet specifications. Rather, it is based on the selected protection device paired with the user-supplied system and device information to provide a true protection rating; in essence creating a dynamic data sheet for each part in any given situation. By partnering with Pragma Design to ensure the quality and accuracy of its ESD device models, Littelfuse provides designers with a platform to quickly determine, compare, and select the appropriate ESD protection device for their design. Click the image below to watch an overview of the Littelfuse iDesign Tool. CLICK 37 EEWeb FEATURE Embedded Developer Littelfuse also leads in the supply of what are known as protection thyristors, or SIDACtor® devices, which are generally associated with telephone and communication lines. These products help protect telecommunication networks from the threat of nearby lightning strikes, which can induce surges or transients into the wiring. The company also backs those silicon device lines up with a comparably wide selection of traditional, passive overcurrent protection components, like fuses. Naturally, these components have to be there, not only to protect the electronics themselves but also to protect the consumer from potential electrical events with Li-ion batteries, which are found in an increasing number of devices in the era of the Internet of Things. With the future situated demonstrably well in their sights so far, Littelfuse seem to have a successful formula for looking ahead at every turn. “More recently, Littelfuse is also putting some effort into what we’re calling ‘power control,’” Marak reveals, “which we mean to differentiate from the idea of power management in the familiar sense.” When they say “power control,” he distinguishes, “we mean the switching of currents or the controlling of power flow one way or another, inside of a piece of equipment, motor, etc.” It’s not circuit protection at its core, he admits, but, it is an area where Littelfuse has expertise by virtue of their thyristor product line and looks to expand in this market over the coming years. 38 Beyond their many component innovations, Littelfuse also offers designers the use of a unique online design platform called iDesign, in which engineers can enter key parameters of their own designs and be conveniently guided through the process of identifying the best protection options for their products, including live simulation and detailed data analysis. As Marak describes it, iDesign definitely offers a level of both attention and independence otherwise unavailable in the circuit protection market. Ultimately, it’s precisely that willingness to provide service at every level that defines Marak’s impression of the Littelfuse ethos. “We had an international customer that was struggling to achieve the proper level of ESD protection for a very delicate chipset, something that required some very specific attention to detail,” he recalls. By applying their unique talents, Marak describes, “we ultimately worked with them to build an entirely custom part and were able to solve an issue that otherwise had no readily available solution in the market.” their own designs.” The company also offers sample kits that include advice and options geared toward certain applications for all of their product lines, developed to help engineers streamline the process of choosing from among thousands of possible components. All in all, it’s precisely this kind of outlook that has undoubtedly brought Littelfuse to the leading edge of today’s newest protection technologies, Marak suggests. “We think it’s fair to present ourselves to our customers as knowledgeable in an unusually wide variety of products, applications, and processes, and we believe we can help customers to make the most informed decision about which protection component is best for their products,” he sums up. With the experience to make the call and the evidence at hand, it’s certainly not hard to believe him. C Electrostati c Suppressio Discharge (ESD) n Design Gui de “IN ADDITION TO BASIC APPLICATION GUIDES AVAILABLE ON OUR WEBSITE... LITTELFUSE OFFERS WHAT WE CALL THE ESD GUIDE ESD SUPPRESSION SUPPRESSIONDESIGN DESIGN GUIDE...” Considering that, it’s no surprise to find that Littelfuse offers individual service to just about any kind of customer, even to those inclined to do their own independent research. “In addition to basic application guides available on our website,” Marak highlights, “Littelfuse offers what we call the ESD Suppression Design Guide, which is just one of a number of design guides that we offer to those interested in learning some of the basics of circuit protection in regard to applying them to 39 M o v i n g To w a r d s a David Elien VP of Marketing & Business Development, Cree, Inc. Clean Energy Let There Be LIGHT FUTURE How Cree reinvented the light bulb — Hugo van Nispen, COO of DNV KEMA Cutting Edge SPICE Modeling MCU Wars 32-bit MCU Comparison + Cutting Edge Flatscreen Technologies + New LED Filament Tower View more EEWeb magazines— Click Here Click here Power Developer O ct o b er 201 3 From Concept to Reality Sierra Circuits: Designing for Durability A Complete PCB Resource Wolfgang Heinz-Fischer Head of Marketing & PR, TQ-Group TQ-Group’s Comprehensive Design Process Freescale and TI Embedded Modules + Ken Bahl CEO of Sierra Circuits PLUS: The “ Ground ” Myth in Printed Circuits + + PCB Resin Reactor ARM Cortex Programming Low-Power Design Techniques
