This is why modern MCUs are an ideal solution to respond to increasing security demands. On one hand, available standalone security controllers are usually implemented with MCUs; on the other, there are application-optimised MCUs with integrated security functions.
Use of a standalone security element (security processor or co-processor) that acts as an HRoT has proven itself for years in other industries such as personal computers, servers, chip cards and identity documents.
The concept is also recommended for industrial applications. For example, a trusted platform module (TPM) (Fig. 2) can be used as an HRoT in conjunction with other security elements in order to provide an industrial controller with comprehensive security functions such as integrated crypto-processors, encrypted storage, buses and peripheral functions as well as integrated error detection. Network end points can be efficiently protected using this hardware based approach.
Hardware based security is proven in the field
Coming back to the initial point of discussion about new business models and opportunities in the context of the IoT, there are already numerous use cases and examples demonstrating how hardware based security solutions add real value in terms of integrity and reliability of connected devices.
For example, Infineon has been shipping TPMs for devices running Google’s Chrome based OS since 2011 and it is an integral part of the security architecture of Google Chromebooks, which were designed to provide a fast, simple and secured experience for people who use computing devices primarily to access the Internet and use Web based applications. One key part of their design is called defence in depth, which provides multiple levels of protection against malware.
Meanwhile, structure of the TPM standard was enhanced with some specific functions and interfaces added to support new applications. New profiles of TPMs can address security-relevant applications not only in the IT industry but also in embedded systems, smartphones, communications equipment, industrial automation or automotive. In addition, TPMs include a comprehensive software stack enabling a secure upgrade.
Automotive is also an upcoming field of application, as there are many features and functions already widely based on hardware security, designed in response to the level of security required by the specific application.
MCUs of the AURIX family, for example, provide special function blocks such as security hardware extensions (SHEs) or hardware security modules (HSMs). HSMs take care of secured communication with other MCUs by signing messages or even using full encryption. Further, these can be used to securely boot the MCU in order to prevent attacks from viruses and trojans and prevent unauthorised access.
With regards to the fact that the car is becoming an increasingly connected computing device communicating with other vehicles and infrastructure, TPMs will become indispensable to protect the car’s communication interfaces from hacker attackers or malware during software updates.
It will only be possible to implement new connected technologies like the IoT by making comprehensive use of powerful safety and security technology in order to protect infrastructure and components that are used from manipulation, attacks and malfunctions. Secured hardware is an important prerequisite, since maximum security requires secured hardware and cannot be achieved with software based concepts alone.
Infineon provides MCUs with integrated security functions and offers efficient and secured solutions tailored to the applications’ needs, whether industrial, automotive or consumer-oriented.