Security for microcontrollers with IP protection and licensing
All products are designed to beat the competition. The effort that went into their development should pay off for as long as possible. This article explains how to shield microcontrollers with a level of protection on a par with larger systems – without having to dive into the depths of cryptography.
By Marco Blume, Wibu-Systems Download PDF version of this article
Microcontrollers are all around us: Digital watches at our wrists, smartphones in our pockets, tablets on our desks. Light switches in our smart homes. In the cars in our garage. Not to mention the clever little coffee maker on the countertop. Wherever we turn, we see devices that have long left the era of “on and off” switches behind. This has added so much comfort to our lives. Nowadays, watches can read emails, and air conditioning knows when we are in the room. Satnav systems knows where traffic is heaviest. Our smartphones know where we are heading, because our calendar is synced across all of our devices.
That is one side of the coin: The brave new comfortable world. There is another side we need to remember: the challenge of protecting our data, shielding our networks from attack, and not falling prey to software or hardware pirates. Just like a new home owner would never move in without locks installed on doors and windows, the design of intelligent devices also needs protection from the very start. But the entire package needs to fit – the most modern lock will not keep criminals out if the door itself is a thin sheet of plywood. This example should remind developers that they need to see security holistically in the design process to end up with a completely integrated solution against as many attacks as possible.
The level of protection depends on the quality of the measures taken and later compliance. This is where many developers enter unfamiliar terrain. Most are specialists in their areas and not experts for cryptography or secure software design. Users would ideally not be reminded of any security matters at all, and security must not hike up the costs.
The predictions for IoT applications are mind-bending: The IoT is expected to contribute around $15 trillion to global GDP in the next 20 years (source: General Electric), with 28.1 billion units installed by 2020 (source: IDC). These are not only impressive figures; they are also a wake-up call for the security issues created by the IoT revolution. Wibu-Systems has teamed up with Infineon to develop CodeMeter μEmbedded, an efficient firmware protection for systems using the XMC4000 microcontroller family, especially in the Industrial IoT. This article presents the integration on an XMC microcontroller as an example that can be adapted to nearly any other microcontroller platform. The functional principle stays the same.
The IoT comes in many shapes and sizes: Industrie 4.0 or smart homes and smart cars. What they all need is uncompromising security. Typical use cases include the authentication and licensing of components, monitoring and protection of system integrity, protection of data and communication channels, and the safety of upgrades and updates. This needs integrated solutions based on secure hardware to protect our infrastructure and its many components against attacks, fraud, and manipulation. Since all embedded systems used in the IoT are built around microcontrollers, this is the first line of defense.
Figure 1. The components involved at the developer and in the XMC controller
The challenge for secure microcontrollers lies in making the chosen solution simple to integrate and usable even under tough industrial conditions. Wibu-Systems has developed CodeMeter μEmbedded based on its CodeMeter technology. The solution focuses on secure firmware updates and feature upgrades. Code integrity, license monitoring, protection against reverse engineering, and copy protection are key.
Safety (for the user) is not an issue – the laws in this area are legion. Security (for the device) is, however, not guaranteed by similar legislation or universally accepted regulations. The CodeMeter µEmbedded use cases cover the most common security aspects. 1. Integrity protection: The microcontroller must only work with firmware from a defined source that must not be changed without proper authority. 2. IP protection: Users in the field need to be able to load the firmware, so it needs to be protected against reverse engineering. 3. Licensing: There should be an option to activate additional features via licenses upgrade without replacing the firmware in the field. In their mission to give developers an easy-to-use solution, Wibu-Systems and Infineon have pooled their resources in one package: Version 4 of Infineon’s DAVE development tool is available as a free download. The Eclipse-based platform makes software development easy with a vast periphery and application-oriented code repository. The developer can use commercial third party tools to translate the C source code for ARM and load it into the microcontroller. This covers the entire development cycle from first evaluation to the final product, while giving the developer maximum autonomy for fast and efficient platform-driven software and product development.
Figure 2. Firmware is encrypted by the SBSL and remains in the XMC controller.
CodeMeter µEmbedded was developed specifically for microcontrollers and Field Programmable Gate Arrays (FPGAs). Larger systems like PLCs or PCs can use two other, fully compatible flavors of the technology: CodeMeter Embedded and CodeMeter Runtime. CodeMeter µEmbedded comes with a minimal footprint of less than 80 kByte, which was achieved by slimming the solution down to the minimum features for its intended use cases. The licenses are bound to the unique ID of the microcontroller and entitled during production. With the right license file, additional features can be activated in the field.
Figure 3. The developer creates a license and upgrades features without changing the firmware.
CodeMeter µEmbedded can also be used to store symmetric and asymmetric keys in protected memory. These keys can then only be used on devices with the right ID e.g. to check device licenses, track production volumes, or load encrypted application code onto the devices. The users benefit from the ability to use familiar tools like DAVE and CodeMeter Protection Suite, which handle all cryptographic operations. A new plug-in for DAVE gives the developers a neat interface to configure their XMC4000 microcontrollers and create encrypted firmware updates or license files.
The XMC4000 family of microcontrollers for industrial applications was made with digital power converters, electrical drives, and sensor devices in mind. All XMC4000 microcontrollers work at temperatures up to +125° C. They use ARM Cortex M4 processors with built-in DSP capabilities, Floating Point Unit, Direct Memory Access (DMA), and a Memory Protection Unit (MPU). The extensive periphery includes analog / mixed-signal converters, high-resolution timers / PWM channels, and interfaces for all common industrial communication standards. The XMC4800 series comes with on-chip EtherCAT (Ethernet for Control Automation Technology) for simple and cost-efficient real-time Ethernet communication.
The solution is built on a Secure Bootstrap Loader (SBSL) injected into the XMC controller during production. It accesses a CmActLicense bound to each controller that contains the keys to decrypt the firmware. After the SBSL and license are loaded, the controller switches into read-protected mode. Communication with the firmware only goes via the SBSL launched on start-up. The protection effort begins during the initial development at the OEM. The developers can use their accustomed tools and methods and create a firmware v1.0 in DAVE, which comes with a dedicated plug-in for ExProtector by Wibu-Systems. DAVE also creates a project for the SBSL. The developer only needs to reserve memory on the dongle for the required keys, and the SBSL can be loaded directly into the XMC controller. This is the only time that the firmware developers have to concern themselves with the security solution. Even secure key storage is made easy: the keys are stored right on the dongle.