Add security to your IoT devices

As the development of Internet of Things (IoT) gains momentum, its security issues have become increasingly important. Safety certification of IoT devices is critical to improve the security of IoT. From IoT device suppliers’ point of view, the influx of fake products causes not only security issues, but also damage to business integrity and brand images. These are problems faced by both sellers and buyers, as ultimately both risk immense blows to their bottom lines. From Bitcoin account theft to foreign alarm system attacks, home camera tapping and smart door lock break-ins, various losses and inconveniences in our daily lives result from fake or inferior electronic accessories and batteries. Clearly, increased forgery-proof measures are needed to boost security to IoT devices.

Using encryption chips is a common method to secure IoT devices. Its advantages include low power consumption, small size, and compatibility with high-performance, anti-invasion, anti-forgery technologies. A large number of products utilize encryption chips in various industries and in our daily lives, such as bank USB keys, encrypted cell phone drives, smart door locks, and public transportation passes. However, no conversation about encryption chips is complete without talk of encryption algorithms. Read on for an outline of the principles of encryption chip defense mechanisms.

Common traditional encryption algorithms use symmetric encryption, in which the same key is used for encryption and decryption. The sender and receiver decide on the key before secured communication, and the key may change under a constant algorithm. Information will not be decrypted as long as the key is not disclosed. As key length constantly increases, exhaustive search attacks become harder. The AES algorithm that we often see today is a type of symmetric encryption. Since key length grew from 128-bit to 192-bit and to 256-bit, current computers do not yet have the ability to crack them. Keys can be further lengthened. But although encryption strength rises with key length, so does the time required to encrypt and decrypt information. Not only security but also encryption/decryption efficiency, as well as the cost of security chips, must be considered. 

A challenge for symmetric encryption is how to ensure secure transmission of keys when the sender and receiver are at different locations. In the current IoT age, information transmission still faces security problems. If the symmetric encryption key is leaked during transmission, then all security is lost. For communication with several parties, multiple keys are required – the enormous number of keys is cumbersome and difficult to manage.

Of course, symmetric encryption still has obvious advantages. It requires little computation and gives fast, efficient encryption with a publicized algorithm.

Another algorithm often used today is asymmetric encryption, which is designed to overcome symmetric encryption’s insecure key transmission issue. Factorization of the product of two large prime numbers is a well-recognized mathematical problem, and asymmetric encryption leverages this fact. In asymmetrical encryption, the encryption key is called a public key, and the decryption key, a private key. The public and private keys are a function containing two large prime numbers. The sender generates a set of public and private keys and sends the public key to various receivers, who then encrypt plain text information before sending it back to the sender. Only the sender’s private key is capable of decrypting the results.

With asymmetric encryption, we can easily achieve anti-forgery digital signatures, send keys securely through digital envelopes, and utilize widespread digital certifications. Asymmetric encryption has no key transmission issues, because the public and private keys form a set. The public key can be safely transmitted publicly to the receiver for encryption, which can only be decrypted by the sender’s private key. Information is therefore well protected.

Although asymmetric encryption delivers superior confidentiality and does not require parties to exchange keys in advance, its downside is slow encryption speed, typically many-times slower than that of symmetric encryption. In recent years, utilization of asymmetric encryption has increased widely. To date, no computing tool has been able to factorize keys using prime numbers up to 1024 digits. However, the cost of computing, as well as encryption speed issues, increases with the number of digits. Hence asymmetric encryption is suitable only for small data quantities, while large amounts must still rely on symmetric encryption. Thus, the two encryption types may be used in combination by sending symmetric encryption keys via asymmetric encryption. Once the key is securely received, symmetric encryption can be utilized for processing large quantities of data to be encrypted.

Besides security, cost-efficiency and practicality should also be taken into account for actual IoT device application. These include the economical costs and time resources spent on encryption, ease of use, and whether encryption effects the product’s normal functioning.

Avnet’s lab in Shenzhen designed a flexible IoT developing platform that is compatible with encryption chip modules. The platform incorporates sensors for temperature, humidity, pressure, and acceleration. The program includes a mobile app that allows users to read sensor parameters on the development platform. Secure function development can be achieved simply by inserting an encryption chip module. Here is a module utilizing the NXP A1006 encryption chip.

 
The small size of the NXP A1006 security chip, a minimum of 1 square millimeter, keeps costs down. Since the host MCU requires no encryption chip, only authentication of the public key, system costs are also reduced. The A1006 employs ECC protocol asymmetric encryption, which is tamper-resistant and uses low power provided by an OWI bus, and each chip has its own key. It is ideal for IoT device certification and anti-forgery processes.

Since they contain numerous nodes, IoT devices are cost-sensitive. Many are battery-powered and have strict low-power requirements as well as size requirements for ease of installation. For market viability, small-quantity data like device certification and anti-forgery security functions must not monopolize excessive host resources or incur escalating costs. For all of these reasons, the asymmetric encryption program, described above, is by far the most promising.

Avnet’s design and service team provides hardware and software support for the IoT development platform. Contact your nearest Avnet salesperson for details.