Connectivity is vital for most modern devices. It’s no longer just for computers, smartphones or tablets. Televisions, thermostats, medical devices, automobiles and even aircraft are all connected today.
With growing connectivity comes increased security concerns. Connected devices need to establish proof of identity and origin in order to reliably determine appropriate data sharing and control with other devices and service providers. This process this is defined as authentication.
Authentication is a key aspect of security that ensures robust access to trusted agents and easy identification of suspicious activity. With product-level authentication, clones and suspicious agents aren’t validated so network and device access are denied. This is especially critical in applications for automotive, industrial, medical and aviation where human and environmental safety is paramount.
With any connected device, serious security planning must be factored into the early stages of the design process. Waiting until the end of the design process risks project schedule delays, drives up costs and creates unforeseen vulnerabilities in device security. Well planned security delivers strong value by helping the device function properly from the start, avoid potentially expensive litigation and the detrimental effects on a company’s brand image caused by hacking.
Secure programming vs. secure provisioning: choosing the right solution
What are the best ways to protect devices and software from IP theft, cloning and malicious system hacking? Two primary solutions are connected to device security: secure programming and secure provisioning. Which option is best for your application? While both solutions provide security solutions, key differences will help you make the right choice.
Secure programming
First, secure programming requires all data be generated/obtained outside the device itself, increasing the opportunity for that data to be compromised. Except for certain field programmable gate arrays (FPGAs) and multiprocessor system on a chip (MPSoCs), secure programming provides security through software on the device. This can protect firmware on the device but does not provide adequate protection from some cyberattacks like counterfeiting and overbuilding.
Software defects and bugs in programming are vulnerabilities that are continuously exploited by hackers. Once software-based security is compromised, system recovery becomes nearly impossible. Secure programming is suitable for low-level applications that don’t require advanced security, or in cases where a malfunction won’t cause injury or harm to a person or property. It’s also suitable for devices specifically designed to provide security without requiring bidirectional communication with the programming system. Examples of this include connected IoT devices from Microchip/Microsemi and Xilinx. Secure programming doesn’t rely on additional hardware, which provides some cost savings but at the expense of more robust security.
Secure provisioning
Secure provisioning employs added hardware in providing the best security protection for the complete lifecycle of the device. While the additional hardware will come at a financial cost, the prices are often reasonable and can save a company expensive litigation and brand damage resulting from hacking. Secure provisioning also delivers firmware protection and prevents overbuilding, counterfeiting and protects against software programming vulnerabilities. By having the root of trust anchored to hardware, device software and operations are protected. Hardware-based security also protects against unauthorized code reading and is more resilient to physical attacks. Secure provisioning provides critical protection in devices that, if compromised, could cause harm to a person, property damage or loss of sensitive data.
- Side-by-side comparison
- Definition of terms
- Example Devices
Side-by-side comparison
| Secure programming vs secure provisioning | ||
|---|---|---|
| Feature | Programming | Provisioning |
| Customer IP encrypted at rest ⓘ | YES | YES |
| Key material stored in HSM ⓘ | NOT SUPPORTED | YES |
| Supports unique data for each device ⓘ | YES | YES |
| Supports pre-generated key material ⓘ | YES | YES |
| Supports generation of key material on-the-fly ⓘ | NOT SUPPORTED | YES |
| Avnet needs access to unencrypted key material ⓘ | YES** | NO** |
| Black key load* ⓘ | NOT SUPPORTED | YES |
| Requires monolithic data load ⓘ | YES | NO** |
| Trusted logging ⓘ | NOT SUPPORTED | YES |
| Hardware authentication ⓘ | YES | YES |
| Over-production protection ⓘ | NOT SUPPORTED | YES |
| *Requires target device to also support this feature. | **Conditional — ask for details. | |
Definition of terms
- Customer IP encrypted at rest: Customer’s intellectual property is encrypted while not in use.
- Key material stored in HSM: Key material is stored in a dedicated hardware security module (HSM).
- Supports unique data for each device: The processing methodology and infrastructure allow for device serialization, which means that each device can be programmed with a specified set of unique data from all other devices in a lot, program or lifetime of the project.
- Supports pre-generated key material: The processing methodology and infrastructure allow for key material to be pre-generated for each lot, program or programmer for faster processing. However, the key material exists outside of the programmer itself. For provisioning, which uses an HSM, this does not represent an increased security risk. For programming, which does NOT utilize an HSM, this represents an increased security risk.
- Supports generation of key material on-the-fly: The processing methodology and infrastructure allow for key material to be generated on-the-fly as each device is being provisioned. Then, information from the device, or security features of the device (signing, key generation, random number generation, etc.), can be used to alter data prior to loading it on the device.
- Avnet needs access to unencrypted key material: The processing methodology and infrastructure requires access to unencrypted key material in order to successfully program the device, which requires that Avnet personnel also have access that unencrypted data.
- Black key load: The processing methodology and infrastructure supports black key load (ie… loading of key material in encrypted form, so that it is never decrypted outside of the device itself), if also supported by the device.
- Requires monolithic data load: All required data is loaded into the programmer buffer before that data can be transmitted to the target device. In most cases, this means bi-directional communication with the target device is limited or not available, so device security features (signing, key generation, random number generation, etc) cannot be leveraged.
- Trusted logging: System and processing logs are recorded using a methodology that guards against tampering and ensures the accuracy of the logs.
- Hardware authentication: The programming hardware is authenticated prior to allowing devices to be processed.
- Over-production protection: The processing methodology and infrastructure guard against an operator producing more devices than are authorized.
Example devices by current methodology
| Secure provisioning | Secure programming |
|---|---|
| Infineon OPTIGA Trust E/X | Xilinx 7 series eFUSE |
| NXP A70/A71/SE050 | Xilinx Zync/UltraScale Zync |
| Microchip SAML11 | Microchip/Atmel ATSHA/ATECC |
| Cypress PSOC 6 | Renesas Board ID |
| Texas Instruments LM4F | |
| NXP/Freescale Kinetis MK21 |
Avnet is delivering innovations in IoT and connected security that provide value while expanding the capabilities of devices and the web.
Markets
Avnet is at the forefront of identifying and leading customers looking to capitalize on emerging markets. We see over the horizon to be prepared for future markets.
Learn MoreSupply-Chain Solutions
Linking Value throughout Your Solution
Learn More