Lifecycle Security
At Secure-IC, we believe that a device or system is truly protected when security is designed from the foundation. This is a prerequisite, but along with the security of the objects or the devices, its lifecycle management is also key. It is therefore essential to secure a device throughout its entire life cycle, from manufacturing to decommissioning.
IoT security lifecycle faces three major challenges:
- The inclusion of hardware Trojans in the system that can compromise its functioning;
- A fine rights management that needs to adapt and evolve according to the stages of the device’s lifecycle;
- Some counterfeiting problems which can create clone products with the side effects that one can imagine.
Hardware Trojans represent a challenging threat for the integrity of integrated circuits
Trojans are very powerful attacks that consist in inserting a non-desired function or component in a system in order to execute some operations like allowing to bypass an encryption operation, to dump the content of a memory or to disable some side-channel countermeasures.
The particularity of hardware Trojans, is that they can be inserted at any time during the product manufacturing chain; at a foundry stage when an extra component is added to the system with the Trojan inside, or during assembly stage.
This requires that the stakeholders trust the entire production chain to prevent such inclusions or that they are themselves able to detect efficiently hardware Trojans to prevent them.
Due to their wide taxonomy, it is very difficult to detect Trojans effectively. Only the use of multiple threat detection methods increases the guarantee that there are no Trojans in a system. That is why, Secure-IC relies on its evaluation tools to detect and deal efficiently with Trojans such as reactive analog detection or machine learning, and on its protection and embedded detection IPs.
Lifecycle approach to security ensures a fine rights management
Since a connected device is made up of different components used to make the system smart and functional, it is easy to understand that there are several different players in the semiconductor value chain. Original equipment manufacturers (OEM), for example, supply their products to another company that will used them as components in their own products which will then be sold as finished goods to end users.
The products or the different components constituting the final product will then each be managed by specific rights depending on the stage of the element in its lifecycle (design, manufacturing, operation, end of life). Each player has access to its own without the other being capable of modifying its intellectual property or even the way the device work.
At the design stage, secure keys will be generated, at the manufacturing stage, MCU keys and firmware will be written as well as key management for each individual device. In the field, rights will manage the secure operation of the product and the firmware update. Each stage will therefore be different and managed independently, impervious or not to the next step
If the IoT device security lifecycle is not properly managed, the danger for a product is the possibility to be root kitted, that is to say, an attacker could take full control over it and be able to modify it or even make it work inoperable.
Secure-IC’s integrated Secure Elements namely SecuryzrTM efficiently handle rights management in a product to ensure normal and authorized operations. SecuryzrTM Server will allow to do the right provisioning at the right time as well as real-time device monitoring and secure updates (FOTA, i.e. Firmware Update Over-The-Air).
The dangers of counterfeit products
As previously stated, any component undergoes several stages in its lifecycle.
Throughout the supply chain, a chip will be first manufactured and then tested once, assembled, tested again and software finally injected. Counterfeiting of either raw materials or finished goods that are not authentic is made possible all along the chain with a chip that can be extracted at any time and used for other purposes.
A counterfeit or a cloned product can have several direct and significant economic and legal consequences but it can also damage the reputation of a brand and a product especially when facing product liability issues as well as risks and safety considerations for the end user.
Thanks to its Physically Unclonable Function (PUF), Secure-IC offers the capability to generate a unique identifier inside the chip as a tamper-proof control system, thus preventing counterfeiting and guaranteeing a secure development lifecycle.
Cybersecurity is an ever evolving field and our mission is not only to secure devices by design but also to fully understand and know how the entire supply chain works. This allows us to understand what the threats are and how to maintain trust over time even as devices reach end-of-life. Thus, adopting a strong root of trust as well as proactive IoT device lifecycle management are critical to maintaining the cybersecurity of our connected devices and embedded system over time.
Physically Unclonable Function (PUF) IP
Security Lifecycle Management Solution
Related Resources & Events
You may also be interested in having a closer look at the elements below: