Building a security-optimized embedded design using protected key storage

Todd Whitford and Kerry Maletsky, Atmel Corporation
Embedded.com (March 7, 2013)

How much security can you afford to add to your next design? In many cases, equipping an embedded system to protect its proprietary intellectual property (IP) and the data it’s entrusted with represents only a small fraction of the unit’s overall cost. But can you afford even this small increase and still remain competitive in the unforgiving global technology market?

Or, is it better to ask if you can afford not to include it? Many incidents occurring throughout the high-tech economy illustrate some of the challenges embedded systems designers face in defending their products and the customers who use them against sophisticated attacks. Many of these are various forms of cyber-theft that seek to extract the information stored or transported by an embedded system. Once limited to simply pirating copyrighted movies, audio, and other multimedia, IP theft has evolved rapidly over the last decade as industrial spies and other cyber criminals have learned to extract the firmware, FPGA code, and other details of a product’s design for their own use or sale to the highest bidder.

Some of the most common ways that stolen IP can undermine both the immediate profits and long-term success of legitimate manufacturers include:

Hardware cloning A time-honored tradition in black-market electronics whereby a product’s circuit boards, components, and often even its mechanical design are copied and used to produce unlicensed knock-offs. Modern cloning practices usually include use of pirated firmware and FPGA code. When grey-market manufacturers begin selling unauthorized knock-offs of propriety peripherals and accessories (ink cartridges, cables, batteries, and other consumables), the OEM loses a reliable revenue stream.

Overbuilding A relatively recent variant of cloning in which an authorized third-party assembly facility deliberately builds more units than a client has ordered with the intent of selling them through alternate channels. Unless a product was designed with provisions to secure it against this practice, overbuilding is nearly undetectable.

Reverse engineering Even if a competitor does not produce a copy of your product, stolen IP can allow them to inexpensively acquire proprietary technologies and features which give your products market differentiation.

Shortened design cycles Pirated designs allow would-be competitors to bring their products to market quickly, reducing the time an innovative company gets to enjoy the marketing advantages and premium pricing that a product’s unique features make possible.

Click here to read more ...

×
Semiconductor IP