Security for IoT devices is an important topic in light of the regulations being put in place concerning device manufacturers’ responsibilities.
Security is essentially (list not exhaustive) linked to:
- Ensuring devices are genuine using strong attestation mechanisms
- Protecting data for privacy and application confidentiality
- Implementing secure communication
- Monitoring attacks and being able to react after detection, such as managing the lifecycle of devices, in particular isolating or blocking devices considered as compromised
For both MCUs or MPUs this should start from a robust future proof root of trust. The root of trust is there to ensure that the devices are booting with the right firmware and launch the genuine boot chain. It is also there to provide secure updates, install and verify firmware in terms of authenticity and integrity.
This is achieved using cryptographic functionalities, either through hardware or software implementations. Cryptography is an essential tool in this chain of trust and shall be isolated from the so-called nonsecure application part.
Keys are an additional essential asset to be protected from attackers. If compromised multiple attack threats are made possible. Keys are used for protecting and attesting about the device identity, encrypt application data, protect data privacy, and ensure secure communications. Cryptographic keys must be protected during installation on the device, at rest and during execution.
The installation of keys on the devices, also known as provisioning of secret, is often a pain point for developers and manufacturers. This process requires setting up systems to generate the keys (such as HSM, secure servers, PKI, etc.), installing them within the manufacturing environment, hiring skilled personnel to administer the system and often securing the manufacturing flow.
Implementations from suppliers and solution providers must meet high standards and undergo rigorous external testing, lengthening development and increasing costs. Certifications are essential for market trust but require significant investment. Skilled personnel are scarce, and ongoing security maintenance is mandated by regulations, leading to expensive updates and potential re-certification. Therefore, selecting a secure-by-design solution is crucial.
At STMicroelectronics we analyzed these issues and tried to offer an ecosystem of solutions to reduce these impacts. An example of this implementation is shown with the recently announced STM32H5, called the “Secure Manager.” Here the choice was clearly to simplify the developer’s life. A secure framework is developed by ST, integrated within STM32Cube to provide developers with state-of-the-art turnkey security services as stated earlier (i.e. Root of Trust, Isolation, Key storage, Cryptography, Attestation). The development was hardened by security experts, pen-tested by independent labs, and launched for certification against SESIP3 and PSA level3.
Specifically, for IoT purposes, the STM32H5 devices have been factory-provisioned by ST with certificates and key sets; this allows them to connect seamlessly to clouds or servers, thereby eliminating the need for complex provisioning mechanisms in unsecured production environments.
To prove the solution is effective, we partnered with AVNET IoT Connect proposing their customers full system integrated solutions capable of easily and security connect to a cloud for managing multiple use cases. The objective was to provide a turnkey solution including the MCU hardware, the complete security framework, secure communications, seamless registration to the cloud and preconfigured dashboards.
The solution is available in open source https://github.com/avnet-iotconnect/iotc-azurertos-stm32-h5 and can be showcased at IoT World Congress 2024 at ST booth in Barcelona Fira Hall 1.
Article by: STMicroelectronics