Security for microcontrollers with IP protection and licensing

All products are designed to beat the competition. The effort that went into their development should pay off for as long as possible. This article explains how to shield microcontrollers with a level of protection on a par with larger  systems – without having to dive into the depths of cryptography.


By Marco Blume, Wibu-Systems              Download PDF version of this article


Microcontrollers are all around us: Digital watches at our wrists, smartphones in our pockets, tablets on our desks. Light switches in our smart homes. In the cars in our garage. Not to mention the clever little coffee maker on the countertop. Wherever we turn, we see devices that have long left the era of “on and off” switches behind. This has added so much comfort to our lives. Nowadays, watches can read emails, and air conditioning knows when we are in the room. Satnav systems knows where traffic is heaviest. Our smartphones know where we are heading, because our calendar is synced across all of our devices.

That is one side of the coin: The brave new comfortable world. There is another side we need to remember: the challenge of protecting our data, shielding our networks from attack, and not falling prey to software or hardware pirates. Just like a new home owner would never move in without locks installed on doors and windows, the design of intelligent devices also needs protection from the very start. But the entire package needs to fit – the most modern lock will not keep criminals out if the door itself is a thin sheet of plywood. This example should remind developers that they need to see security holistically in the design process to end up with a completely integrated solution against as many attacks as possible.

The level of protection depends on the quality of the measures taken and later compliance. This is where many developers enter unfamiliar terrain. Most are specialists in their areas and not experts for cryptography or secure software design. Users would ideally not be reminded of any security matters at all, and security must not hike up the costs.

The predictions for IoT applications are mind-bending: The IoT is expected to contribute around $15 trillion to global GDP in the next 20 years (source: General Electric), with 28.1 billion units installed by 2020 (source: IDC). These are not only impressive figures; they are also a wake-up call for the security issues created by the IoT revolution. Wibu-Systems has teamed up with Infineon to develop CodeMeter μEmbedded, an efficient firmware protection for systems using the XMC4000 microcontroller family, especially in the Industrial IoT. This article presents the integration on an XMC microcontroller as an example that can be adapted to nearly any other microcontroller platform. The functional principle stays the same.

The IoT comes in many shapes and sizes: Industrie 4.0 or smart homes and smart cars. What they all need is uncompromising security. Typical use cases include the authentication and licensing of components, monitoring and protection of system integrity, protection of data and communication channels, and the safety of upgrades and updates. This needs integrated solutions based on secure hardware to protect our infrastructure and its many components against attacks, fraud, and manipulation. Since all embedded systems used in the IoT are built around microcontrollers, this is the first line of defense.

Figure 1. The components involved at the developer and in the XMC controller

 

The challenge for secure microcontrollers lies in making the chosen solution simple to integrate and usable even under tough industrial conditions. Wibu-Systems has developed CodeMeter μEmbedded based on its CodeMeter technology. The solution focuses on secure firmware updates and feature upgrades. Code integrity, license monitoring, protection against reverse engineering, and copy protection are key.

Safety (for the user) is not an issue – the laws in this area are legion. Security (for the device) is, however, not guaranteed by similar legislation or universally accepted regulations. The CodeMeter µEmbedded use cases cover the most common security aspects. 1. Integrity protection: The microcontroller must only work with firmware from a defined source that must not be changed without proper authority. 2. IP protection: Users in the field need to be able to load the firmware, so it needs to be protected against reverse engineering. 3. Licensing: There should be an option to activate additional features via licenses upgrade without replacing the firmware in the field. In their mission to give developers an easy-to-use solution, Wibu-Systems and Infineon have pooled their resources in one package: Version 4 of Infineon’s DAVE development tool is available as a free download. The Eclipse-based platform makes software development easy with a vast periphery and application-oriented code repository. The developer can use commercial third party tools to translate the C source code for ARM and load it into the microcontroller. This covers the entire development cycle from first evaluation to the final product, while giving the developer maximum autonomy for fast and efficient platform-driven software and product development.

Figure 2. Firmware is encrypted by the SBSL and remains in the XMC controller.

 

CodeMeter µEmbedded was developed specifically for microcontrollers and Field Programmable Gate Arrays (FPGAs). Larger systems like PLCs or PCs can use two other, fully compatible flavors of the technology: CodeMeter Embedded and CodeMeter Runtime. CodeMeter µEmbedded comes with a minimal footprint of less than 80 kByte, which was achieved by slimming the solution down to the minimum features for its intended use cases. The licenses are bound to the unique ID of the microcontroller and entitled during production. With the right license file, additional features can be activated in the field.

Figure 3. The developer creates a license and upgrades features without changing the firmware.

 

CodeMeter µEmbedded can also be used to store symmetric and asymmetric keys in protected memory. These keys can then only be used on devices with the right ID e.g. to check device licenses, track production volumes, or load encrypted application code onto the devices. The users benefit from the ability to use familiar tools like DAVE and CodeMeter Protection Suite, which handle all cryptographic operations. A new plug-in for DAVE gives the developers a neat interface to configure their XMC4000 microcontrollers and create encrypted firmware updates or license files.

The XMC4000 family of microcontrollers for industrial applications was made with digital power converters, electrical drives, and sensor devices in mind. All XMC4000 microcontrollers work at temperatures up to +125° C. They use ARM Cortex M4 processors with built-in DSP capabilities, Floating Point Unit, Direct Memory Access (DMA), and a Memory Protection Unit (MPU). The extensive periphery includes analog / mixed-signal converters, high-resolution timers / PWM channels, and interfaces for all common industrial communication standards. The XMC4800 series comes with on-chip EtherCAT (Ethernet for Control Automation Technology) for simple and cost-efficient real-time Ethernet communication.

The solution is built on a Secure Bootstrap Loader (SBSL) injected into the XMC controller during production. It accesses a CmActLicense bound to each controller that contains the keys to decrypt the firmware. After the SBSL and license are loaded, the controller switches into read-protected mode. Communication with the firmware only goes via the SBSL launched on start-up. The protection effort begins during the initial development at the OEM. The developers can use their accustomed tools and methods and create a firmware v1.0 in DAVE, which comes with a dedicated plug-in for ExProtector by Wibu-Systems. DAVE also creates a project for the SBSL. The developer only needs to reserve memory on the dongle for the required keys, and the SBSL can be loaded directly into the XMC controller. This is the only time that the firmware developers have to concern themselves with the security solution. Even secure key storage is made easy: the keys are stored right on the dongle.


Related


Making your device secure

The internet of things is faced with a major security challenge. Compared to traditional, often unconnected embedded systems, the nature of IoT devices radically increases the risk of attack not just ...

 


Dirk Giesen describes the Parasoft tool suite for Embedded Software Development

Are you responsible for embedded software development in your organization? Your goal should be to create safe, secure, and reliable software. To make sure your device will work properly, deploy Paras...


Ross Sabolik of Silicon Labs talks about advanced Power over Ethernet

In this video Ross Sabolik of Silicon Labs talks about smart  Power over Ethernet systems with Alix Paultre at their APEC exhibit in San ANtonio, Texas. As PoE migrates to higher power levels and...


Dialog Semi walks through their latest IC solutions for battery chargers

In this video an engineer from Dialog Semiconductor walks us through their latest ICs for battery chargers at APEC 2018. Dialog's Qualcomm Quick Charge adapter solutions offer high efficiency to e...


Steve Allen of pSemi explains their latest LED driver solution

Steve Allen of pSemi explains their latest LED boost product based on Arctic Sand's two-stage architecture. Their PE23300 has a charge-pump, switched-capacitor architecture that offloads most of t...


Teledyne describes their latest 12-bit Wavepro HD oscilloscope

In this video Teledyne LeCroy describes their latest Wavepro HD oscilloscope to Alix Paultre of Power Electronics News at the company's launch event. The WavePro HD high-definition oscilloscope de...


Dialog Semi walks through their latest IC solutions for battery chargers

In this video an engineer from Dialog Semiconductor walks us through their latest ICs for battery chargers at APEC 2018. Dialog's Qualcomm Quick Charge adapter solutions offer high efficiency to e...


ROHM explains their latest wireless battery charger solution kit

In this video an engineer from ROHM goes over their latest wireless power development kit, co-developed with Würth for embedded development. The kit provides a complete wireless power transfer sy...


Tektronix describes their latest mixed-signal oscilloscope

In this video Tektronix explains the features in their latest 5 Series MSO Mixed Signal Oscilloscope. Features include an innovative pinch-swipe-zoom touchscreen user interface, a large high-definitio...


AVX shows a supercapacitor demonstrator at APEC

In this video Eric from AVX explains their supercapacitor demonstrator box at APEC 2018 in San Antonio, Texas. The box shows how a 5V 2.5-farad supercapacitor can quickly charge up using harvested ene...


OnSemi explains their latest passive smart wireless sensor for industrial applications

In this video On Semiconductor explains their latest wireless sensor for hazardous environments at APEC in San Antonio, Texas. Intended for applications like high-voltage power cabinets and other plac...


TI demonstrates an improved gaming power system at Embedded World

In this video Texas Instruments' explains Significant reduction in ripple, which results in improved reliability and increased design margins, among other advantages. Another benefit that improve...


Infineon explains their latest motor drive technology at APEC 2018

In this video Infineon demonstrates new gate drivers using their LS-SOI technology at APEC 2018. In the demo Victorus, an Infineon application engineer, shows in real time how much better thermal the ...


STMicro goes over their latest wireless-enabled microcontroller for the IoT

In this video STMicroelectronics goes over their latest wireless-enabled STM32WB microcontroller for the IoT and intelligent devices in several live connectivity demonstrations at Embedded World 2018....