Embedded Security Solutions for the IoT Industry
Embedded Security Solutions for the IoT Industry
According to Gartner's forecast, the number of IoT devices worldwide will reach 26 billion by 2020, and the IoT market will reach $1.9 trillion. In the process of continuously promoting more secure IoT devices and applications, hardware products that ensure embedded security have also ushered in the development trend. Market analysis by ABI Research shows that sales of secure hardware for digital authentication and embedded security will reach $5.3 billion by 2024, about double the level in 2019.
Digital security research experts at ABI Research believe that hardware-based security offers better protection than software-based security because it is more difficult to alter or attack physical devices and data entry points. However, less than 10% of IoT devices are currently protected by hardware security.
Technologies currently employed in the IoT market come in many forms, some of which are retrofitted from existing security solutions such as Trusted Platform Module (TPM) and Trusted Execution Environment (TEE), NFC Embedded Secure Elements and Authentication IC. The needs of the IoT market have been reinvented, such as embedded SIMs and secure microcontrollers.
STMicroelectronics' STM32 series is the industry-renowned Arm Cortex MCU architecture product portfolio. As of July 2020, the shipment of STM32 series has reached 6 billion, mainly used in smart devices, wearable devices, electronic medical equipment, Internet of Things, payment terminal, etc. The company's STM32Trust combines knowledge, design tools, and STMicroelectronics' original, ready-to-use software to help designers take advantage of the security features built into STM32 MCUs to build trust between devices, prevent unauthorized access, defend against side-channel attacks, avoid data theft and Code modification.
Developed by STMicroelectronics in close collaboration with partners and customers, the STM32Trust builds on multiple asset protection use cases and the security features they require, integrating the full range of cyber protection resources available to the STM32 family, taking advantage of a security-centric approach The chip functions and software packages help designers implement a robust multi-layer security protection strategy. Featuring a suite of 12 security features, the STM32Trust provides hardware, software and design services from STMicroelectronics and third parties and complies with the requirements of major IoT certification schemes
12 security features of STM32Trust
EdgeLock secure enclave from NXP is a pre-configured, self-managing and autonomous on-chip security subsystem that provides intelligent protection for IoT edge devices against attacks and threats. As the built-in security subsystems of NXP's i.MX 8ULP, i.MX 8ULP-CS, and i.MX 9 applications processors, they are fully integrated, simplifying the complexities of implementing robust system-wide security for IoT applications.
The research and development of IoT hardware security technology advancement is largely dominated by some large enterprises, and their market leadership is difficult to shake in a short period of time.
Competitive Landscape of Embedded Security Market
Embedded security is mainly used to enhance the protection of runtime data security in embedded systems. The continuous development and implementation of new embedded security modules, such as hardware security modules, secure processing modules, and trusted platform modules, has created huge business opportunities for key players in the embedded security market. Market analyst firm PMR expects the global embedded security market to grow at a CAGR of nearly 7% between 2020 and 2030.
The growing global demand for connected devices, including smartphones and tablets with connectivity and multimedia capabilities, drives the need for higher embedded security technologies and provides embedded security manufacturers and services in the global market business creates growth opportunities. According to data from PMR, the global embedded security market will grow at a CAGR of 6.1% between 2015 and 2020. It is expected to triple between 2021 and 2031, reaching $5.23 billion in 2021.
Some of the major players in the embedded security market today include Infineon, NXP, Microchip, Texas Instruments, McAfee LLC, Broadcom, and Advantech, among others. Among them, the five major manufacturers including Infineon, NXP, Microchip, TI and McAfee LLC occupy more than 65% of the market share. Due to the strong strength of market participants, although the potential is huge, the competition in the global embedded security market is still very fierce. Only by continuously improving their product development and innovation capabilities can these players secure their market positions.
Embedded Security Solutions for the Automotive Industry
Electrification, networking and intelligence have become the development trend and trend of the automotive industry. Cars are connected to the outside world in various ways through more and more wireless technology, and the number of connected cars is increasing. In the next few years, the market sales of connected cars will exceed the sales of traditional cars. In China, the penetration rate of smart cars is expected to reach 82% in 2025. The proliferation of connected cars brings a corresponding problem: digital intruders and malicious hackers are always trying to break into car systems. From 2018 to 2019, automotive cybersecurity incidents increased by 99 percent, according to Upstream Security's 2020 Global Automotive Cybersecurity Information. Embedded security policies for cars must be on the agenda.
Summary of this article
The above discussion of embedded security is just the tip of the industry iceberg. Many of today’s modern embedded devices and systems have CPUs or MCUs built in and are responsible for performing critical functions, and many end users have no idea how vulnerable their embedded devices are, especially if they are not being used directly to process or store sensitive data . Therefore, designing these devices with safety in mind is a very urgent task.
The security of connected vehicles is a big topic, NXP breaks it down into four main parts that can be managed, which is what we usually call layered management, and devised a multi-layered scheme called "4+1" A layered safety framework that protects the entire vehicle as a whole through four key systems. These layers of protection include:
Layer 1: Security interface. This layer of protection adds security to the TCU, with the addition of a Security Element (SE) for maximum security. The secure element used is also a dedicated secure microcontroller with advanced cryptographic accelerators and proven resistance to advanced physical and electrical attacks.
Layer 2: Security Gateway. From a security perspective, apart from isolation, the most important function should be the firewall, which separates the external interface from the network inside the vehicle. NXP's solution uses a central gateway with a firewall to achieve physical and electrical isolation of the network.
The third layer: the security network. NXP secures the in-vehicle network in 4 steps. One is to add message authentication. The second is to encrypt the messages exchanged between different ECUs in the vehicle, and the third is intrusion detection, which checks pattern recognition and rules to detect anomalies in network traffic. The fourth is ECU-level verification, which regularly verifies the authenticity of the ECUs in the network
The fourth layer: safe processing. When a bug or security breach is detected, OEMs need to be able to update vehicle software quickly, seamlessly and securely, ensuring that the software running on the processor is authentic.
Tier +1: Secure vehicle access. This is the traditional practice of vehicle security, such as remote locking and unlocking, remote vehicle monitoring, etc.
As for the execution steps of these four layers in practical applications, NXP's explanation is that users can determine the order according to the OEM's architecture. It may be that the fourth layer starts before the third layer, or the first layer is the last. One relies on the security implementation of the application processor in the TCU.
