Developing a secure, connected device that can also operate efficiently requires that developers select a microcontroller that includes specific hardware and software features. These features can range from true random number generators through secure libraries. Let’s examine several tips for the hardware and software that developers should consider having in their secure microcontroller.
Tip #1 – Include a True Random Number Generator (TRNG)
Many encryption and communication processes require that a developer include a random number as an initial vector for the encryption. In the past, developers relied on pseudo random numbers and other techniques to generate these values. Having a TRNG helps a developer eliminate complex methods to generate a random number and utilize hardware that is fast, efficient and can provide a truly random number.
Tip #2 – Use a Cryptographic Accelerator (AES, SHA, etc)
Running cryptographic software libraries can be extremely processing intensive on a resource constrained device. Looking for a microcontroller that includes a hardware cryptographic accelerator has several advantages such as speeding up encryption and decryption along with decreasing code space. If you are adding security to a real-time microcontroller, cryptographic accelerators are a must.
Tip #3 – Consider Arm TrustZone for Cortex-M
Arm TrustZone is a new hardware feature (new for real-time processors) that is being included in the Cortex-M23 and Cortex-M33 processors. TrustZone helps a developer separate their software into secure and non-secure worlds. TrustZone can be used to create a Root of Trust, secure updates, secure boot among many other use cases. TrustZone essentially creates and internal firewall for secure processing.
Tip #4 – Utilize Secure Internal Storage
A secure microcontroller needs to include secure internal storage. Internal storage is used to store public and private keys and ensure that mission critical data cannot be accessed by application components that shouldn’t use them.
Tip #5 – Don’t Skip the Memory Protection Unit (MPU)
The memory protection unit can be used to isolate threads and keep them operating in their own memory spaces. If a thread tries to access a memory location outside it’s own space or another thread tries to access its space, an exception will be thrown. Having MCU’s to protect memory can make sure that rogue code isn’t able to get access to the system.
Tip #6 – Investigate if the MCU is Secure Element Ready
Secure elements can be very useful to developers interested in creating a secure device. Make sure that either a secure element is integrated into the processor or that a secure element can easily be added to the system.
Tip #7 – Review the Available Secure Libraries
So far we have looked at several different hardware features we want to include in the microcontroller. We also need to make sure that with a fancy secure microcontroller, there is software to run all the secure features. This means that for a selected secure processor, make sure that there are secure boot libraries, secure firmware update libraries and other cryptographic libraries available.
Including all these different hardware components won’t necessarily guarantee that you will have a secure system. However, they do ensure that the right tools are available to properly secure a microcontroller in an efficient and effective manner.