Silicon Labs says its technology redefines IoT security
Secure Vault technology is a suite of security features designed to help connected device manufacturers address escalating IoT security threats and regulatory pressures, says Silicon Labs.
Its Wireless Gecko Series 2 platform uses Secure Vault by combining security software features with physically unclonable function (PUF) hardware technology to reduce the risk of IoT security breaches and compromised intellectual property, explains Silicon Labs.
Secure Vault’s hardware features provide an optimised level of security implemented in a cost-effective, wireless SoC solution. The security subsystem, including a dedicated core, bus and memory, is separate from the host processor. This hardware separation isolates critical features, such as secure key store management and cryptography, into their own functional areas, making the overall device more secure. The combination of security features is particularly suitable for companies working to address emerging regulatory measures, such as GDPR in Europe and SB-327 in California, Silicon Labs adds.
“Embedded security is a key requirement for IoT products, and software updates alone cannot address all vulnerabilities present in insecure hardware,” said Tanner Johnson, senior cybersecurity analyst at Omdia. “As a result, hardware components can comprise the front line of defence for device security, especially with new legislation targeting IoT product security.”
Secure Vault advances IoT security through a combination of hardware and software features that make it easier for product manufacturers to protect a brand, design and consumer data. Integrating a security system with a wireless SoC helps designers simplify development and makes it possible to securely update connected devices over-the-air (OTA) throughout the product lifecycle, explains Silicon Labs, to deliver genuine, trusted software or firmware to connected products.
One of the biggest challenges for connected devices is post-deployment authentication. Silicon Labs’ factory trust provisioning service with optional secure programming provides a secure device identity certificate during IC manufacturing, analogous to a birth certificate, for each individual silicon die, enabling post-deployment security, authenticity and attestation-based health checks. The device certificate guarantees the authenticity of the chip for its lifetime.
Keys are encrypted and isolated from the application code. Virtually unlimited secure key storage is offered as all keys are encrypted using a master encryption key generated using a PUF. The power-up signatures are unique to a single device, and master keys are created during the power up phase to eliminate master key storage, further reducing attack vectors.
Advanced tamper detection offers a range of capabilities from easy-to-implement product enclosure tamper-resistance to sophisticated tamper detection of silicon through voltage, frequency and temperature manipulations. Hackers use these changes to force hardware or software to behave unexpectedly, creating vulnerabilities for glitch attacks. Configurable tamper-response features enable developers to set-up appropriate response actions with interrupts, resets, or in extreme cases, secret key deletion.
Silicon Labs is currently sampling new Secure Vault-enabled wireless SoCs, which are planned to be released in late Q2 2020.
