IoT Security: Hardware Root of Trust

PB 25 Rockwell newlogo 400

November 22, 2022

By  Rob Lodesky, Key Account Manager, HMS Networks

IoT has steadily gained popularity in recent years with more users migrating to digitalized products and smart gadgets. As an increasing amount of IoT equipment comes online, many unsecured items will be vulnerable to remote software assaults. Inadequate security gives hackers the opportunity to brick and commandeer a device to help build botnets. These malware networks introduce unauthorized code, steal data, or exploit their hosts through some other means. Because device manufacturers want to safeguard their reputations, their IoT devices must be secure. With more laws, regulations, and standards being created in this vein, security cannot be imposed as an afterthought. This is where Hardware Root of Trust comes into play.

What is Hardware Root of Trust?

Root of trust establishes the secure process boot up chain, called Chain of Trust, used to validate software and hardware used on the device. If the credentials used to implement the initial piece of code are verified, each successive piece of code executed is trusted. A strong root of trust consists of identity and cryptographic keys rooted in the hardware of a device. This establishes a unique, immutable, and unclonable identity to authorize a device in a network. It enables a secure boot process using keys for cryptographic operations, ensuring the authenticity of firmware and software until the OS (Operating System) is loaded.

How is Hardware Root of Trust Implemented?

Hardware root of trust can help with a range of security issues that are primarily divided into pre-boot and post-boot. Pre-boot can use a computer chip called a Trusted Platform Module (TPM) to verify/measure integrity and secure the boot process from low-level malware. TPM assists with various activities during post-boot, including root of trust for authentication. Systems that deploy hardware root of trust will use unified extensible firmware interface (UEFI), which offers options such as “Secure Boot” that help prevent attacks or infection from malware.

How does the Root of Trust process start inside a processor?

There are essentially two methods: the battery backed storage of secret keys and Physical Unclonable function (PUF). PUF is widely held as the industry standard for FPGAs and ASIC processors. PUF starts with a physical microstructure. These microstructures can be random imprints of some substance, such as foam, plastic, or even silicon. The processor then uses challenge response authentication to measure this random structure. (Most people know challenge response authentication as username/password – ask for a username, type a username.) These random measurements work in the same way: the processor measures something withing the microstructure, and the microstructure is measured and validated. The problem with cloning, or making the process unclonable, is ensuring the manufacturing process could not replicate the microstructure.

What are some of the other phases of Hardware Root of Trust?

Typically, solutions start with an Immutable Boot Loader (sometimes using a PUF), which then starts the BIOS (Basic input/output System) or UEFI validation process. The Phase 1 process uses RSA or ECC private key encryption, sometimes using a TPM to build the keys necessary for the RSA and ECC cipher suites. If an OS is used, the loader is validated using the same private key encryption, then finally the OS, and application (if used).

What other hardware might be necessary for Hardware root of Trust?

If startup speed is a factor in your design, SSL accelerators can offload some of the algorithmic horsepower typically done by the main processor. There are now chipsets built for this specific purpose. Entropy generating hardware can be used to achieve proper random Key generation, although a PUF can also be used, to some degree.


Related Articles

Changing Scene

  • Westburne and Kinova Announce Groundbreaking Partnership

    Westburne and Kinova Announce Groundbreaking Partnership

    Westburne is thrilled to announce a groundbreaking partnership that is set to redefine the landscape of collaborative robotics. Westburne has joined forces with Kinova, a global provider in robotics innovation, to deliver cutting-edge solutions that will transform industries and elevate Westburne’s commitment to technological advancement. This partnership marks a significant milestone in Westburne’s journey towards… Read More…

  • ABB Appoints Morten Wierod to Succeed Björn Rosengren as CEO

    ABB Appoints Morten Wierod to Succeed Björn Rosengren as CEO

    The ABB Board of Directors has appointed Morten Wierod as Chief Executive Officer. He will take office on August 1, 2024, and succeed Björn Rosengren, who will step down from his position as Chief Executive Officer effective July 31, 2024, and retire as of December 31, 2024. From August 1, 2024, until the end of… Read More…

Sponsored Content
The Easy Way to the Industrial IoT

The way to the Industrial IoT does not have to be complicated. Whether access to valuable data is required or new, data-driven services are to be generated, Weidmuller enables its customers to go from data to value the easy way. Weidmuller’s comprehensive and cutting-edge IIoT portfolio applies to greenfield and brownfield applications. Weidmuller offers components and solutions from data acquisition, data pre-processing, data communication and data analysis.

Visit Weidmuller’s Industrial IoT Portfolio.

ADVANCED Motion Controls Takes Servo Drives to New Heights (and Depths) with FlexPro Extended Environment Product Line

Advanced Motion Controls is proud to announce the addition of six new CANopen servo drives with Extended Environment capabilities to their FlexPro line. These new drives join AMC’s existing EtherCAT Extended Environment FlexPro drives, making the FlexPro line the go-to solution for motion control applications in harsh environments.

Many motion control applications take place in conditions that are less than ideal, such as extreme temperatures, high and low pressures, shocks and vibrations, and contamination. Electronics, including servo drives, can malfunction or sustain permanent damage in these conditions.

Read More

Service Wire Co. Announces New Titles for Key Executives

Bruce Kesler and Mark Gatewood have been given new titles and responsibilities for Service Wire Co.

Bruce Kesler has assumed the role of Senior Director – Business Development. Bruce will be responsible for Service Wire’s largest strategic accounts and our growing Strategic Accounts Team.

Mark Gatewood has been promoted to the role of Vice President – Sales & Marketing. In this role, Gatewood will lead the efforts of Service Wire Company’s entire sales and marketing organization in all market verticals.

Read More

Tri-Mach Announces the Purchase of an Additional 45,000 sq ft. Facility

Tri-Mach Elmira Facility

Recently, Tri-Mach Inc. was thrilled to announce the addition of a new 45,000 sq ft. facility. Located at 285 Union St., Elmira, ON, this facility expands Tri-Mach’s capabilities, allowing them to better serve the growing needs of their customers.

Positioning for growth, this additional facility will allow Tri-Mach to continue taking on large-scale projects, enhance product performance testing, and provide equipment storage for their customers. The building will also be the new home to their Skilled Trades Centre of Excellence.

Read More

JMP Parent Company, CONVERGIX Acquires AGR Automation, Expanding Global Reach

Convergix Automation Solutions has completed the acquisition of AGR Automation (“AGR”), a UK-based provider of custom, high-performance automation design and systems integration primarily to the life sciences industry.

Following Convergix’s acquisitions of JMP Solutions in August 2021 and Classic Design in February 2022, AGR marks the third investment in Crestview’s strategy to build Convergix into a diversified automation solutions provider targeting the global $500+ billion market, with a particular focus on the $70 billion global systems integration and connectivity segments. Financial terms of the transaction were not disclosed.

Read More

Latest Articles

  • Helping McMaster University Adapt its Buildings for the Future

    Helping McMaster University Adapt its Buildings for the Future

    McMaster University is using technology to better control and manage its legacy thermal systems and create smarter buildings. Carmichael Engineering Ltd., a Canadian systems integrator, worked closely with ABB Canada’s experts and its highly adaptable smart building platform, ABB Cylon, to improve energy efficiency, enhance user adaptability, and leverage innovative technologies in locations across campus. Read More…

  • FLIR’s Thermal Camera Technology: A Crucial Component in Industrial Settings

    FLIR’s Thermal Camera Technology: A Crucial Component in Industrial Settings

    Thermal imaging technologies like the ones by FLIR improve safety, operational efficiency, and cost savings in many automated and industrial applications. By capturing the infrared radiation emitted by an object or process, it identifies thermal anomalies that warrant further investigation by experts. Today, thermography is more sophisticated and accessible than ever, making is easy for… Read More…