A wise man avoids danger, so how can you achieve reliable security certification for your electronic system?

Electronic systems are bringing innovation to a wide range of applications, such as Internet of Things applications, autonomous driving, vision technology, mobile payments, artificial intelligence, etc. The security threats related to these systems are also increasing, and security attacks against electronic devices are emerging in an endless stream. "More and more applications require unprecedented encryption and anti-tampering measures. The emergence of a new generation of security standards has accelerated the demand for security certification, and the stringent requirements for size and cost further increase the difficulty of design." High performance. Liu Wuguang, security product line manager at semiconductor supplier Analog Devices, said at a recent event. As a company with more than 35 years of technology development and extensive application in the field of hardware security technology, ADI has an undeniable say in the field of security chips.

Encryption has always been considered the most commonly used means of information security protection. The essence of confidential communication is to protect the key. In order to fundamentally solve the physical security problem of passwords, several issues must be considered, including: the physical mechanism to generate random keys to prevent electronic interception when transmitting keys between authentication agents. , and methods to prevent access to secure key storage through physical and mechanical detection. Attackers will steal secret keys through various means, so in addition to investing in encryption algorithms, designers have also begun to gradually turn their attention to the design of hardware protection solutions.

In cryptography and embedded security ICs, PUF (physically unclonable) technology relies on random physical factors (unpredictable and uncontrollable) to generate keys, which are natively present, and/or accidentally introduced during the manufacturing process . "ADI uses the PUF feature named ChipDNA inside the security chip to achieve encryption security functions in two ways: one directly generates the private key of the asymmetric algorithm security chip; the other generates the encryption and decryption password for the internal memory , using the password generated by PUF to encrypt/decrypt the content stored in the memory," Liu Wuguang explained.

Since the characteristics of PUF depend on the physical characteristics of the semiconductor, any attack method that changes the internal part of the device will cause the content of the PUF to change, making it impossible to detect the true content of the PUF, making it impossible to know the private key of the security device, or to decrypt the device memory data. Password, there is no way to know the information about the keys and sensitive data stored in it. According to Liu Wuguang, ADI's current security chips containing PUF technology include the SHA-3 symmetric algorithm DS28E50/DS28C50, the asymmetric algorithm DS28E38, DS28E39/DS28C39, and IoT chips DS28S60 and MAXQ1065.

In the past, only a small number of electronic device users would consider security issues, and they were mainly concentrated in the financial industry, access control market, etc., and most of them were implemented using related software technology or special hardware. This situation has changed in recent years. Today, security encryption has been widely used in software and hardware IP protection, system accessory identification and anti-counterfeiting, network security and other fields. "For example, there are many dedicated sensors in industrial applications. Encrypted products are often needed to authenticate the sensors. At the same time, some differentiated parameters may be saved in the sensors, such as zero-point deviation and gain error. These parameters can be recorded in advance. Inside the encryption chip, system components can read these calibration parameters to complete automatic correction of the sensor," Liu Wuguang pointed out. In Liu Wuguang's sharing, the application scenarios of security chips cover almost all aspects of modern society, from smart homes, industry to automobiles and medical treatment.

Common accessory identification application examples

1. Under the general trend of automobile intelligence, formal parts certification makes vehicles safer

Autonomous driving is becoming a dream, but the various potential safety risks behind it also cause concerns. "Automotive electronics are becoming more and more abundant, and there are more and more types of related parts, including sensors, batteries, TPMS, TBOX, etc., which will be a modular trend. It is foreseeable that electronic parts will increasingly affect the performance of the entire vehicle. Safety, therefore there must be a legality safety mechanism for parts to ensure that parts are genuine and first-hand, thereby protecting the interests of car manufacturers and consumers,” Liu Wuguang pointed out.

In critical components such as advanced driver assistance systems and electric vehicle batteries, low-quality counterfeit products can pose serious safety risks when compared to approved components. On the other hand, these components may not function properly because they cannot be calibrated. By adding a single certification chip, designers can certify components between electronic control units (ECUs) and endpoint components such as optical cameras, headlights, electric vehicle batteries, occupancy sensors, and even steering wheels. The industry estimates that the global automotive cybersecurity market is US$9.06 billion, and the global annual global automobile counterfeit parts market alone can reach US$20 billion to US$45 billion. "With the accelerated development of intelligence and electrification, a global consensus has been formed on improving automobile market regulations based on security chips, and relevant standards are being gradually launched in various places." Liu Wuguang said.

The DS28C40 automotive-grade security authenticator is the industry's first automotive system solution launched by ADI that meets the AEC-Q100 standard. It provides enhanced security, confidentiality and data integrity of the Internet of Vehicles for cars, which can effectively reduce design complexity and reduce the cost of current solutions. software security risks. This IC can be embedded in any vehicle peripheral, such as cameras, sensors or battery management systems. This vehicle safety certification IC uses ECDSA encryption technology to send verification information to the host ECU to confirm whether the components embedded in it are system parts that comply with OEM specifications.

2. Life first, safety first, strengthen medical equipment safety certification

Medical devices are another key application area where security chips are in high demand. "As medical electronic devices that protect people's health, they usually store very sensitive information including personal identity and health data. If this private information is obtained by hackers, it will have great potential impact and harm." Liu Wuguang pointed out, " Moreover, many medical devices require digital authentication to ensure the authenticity of their accessories, and to store sensor calibration parameters and control the number of uses, which requires a reliable security chip in the device to implement security functions such as digital signatures and encryption.”

Many medical devices are equipped with security chips that can achieve authentication, authorization and data security functions of medical devices through digital signatures and encryption. “For example, the needle assembly of a single-use blood transfusion set is integrated with a security chip, which improves patient safety and the work efficiency of medical staff; a single-use blood oxygen sensor probe will also use a security chip to achieve authenticity certification; portable respirators The machine uses a security chip for identity verification and electronic signature to ensure that only verified accessories (such as sensors, nebulizers) can communicate with the ventilator, avoiding the use of third-party accessories that pose security risks;..." Various application cases have impressed Liu Wuguang Tell so many treasures. According to Liu Wuguang, the annual consumption of security chips by one customer of blood oxygen sensor probes alone can reach 80 million levels.

3. Say no to software and hardware IP infringement, and a reliable authorization mechanism protects your research and development results.

Software-defined cars, software-defined radios, software-defined networks, software-defined storage... In an intelligent world, software has played an increasingly important role in all aspects of technology. Today, as software applications become increasingly widespread, the protection of software-related intellectual property rights becomes increasingly important. Security chips can play a key role in software protection. "ADI can provide encryption control and protection solutions in the form of secure memory, which is very suitable for applications such as license management, secure software function and status settings, and tamper-proof data storage that require intellectual property protection to prevent software IP from being copied by unauthorized third parties. Counterfeiting and software authorization usage control are done through encryption chips," Liu Wuguang pointed out.

It is reported that many regions around the world, including China, the United States and Europe, have introduced or are planning to introduce various safety mandatory regulations. For example, batteries used in some automobiles and industrial products are required to have a "passport" function, which is equivalent to providing a tracking ID for the battery. These mandatory specifications require manufacturers to add security chips to record the ID of electronic accessories and record usage status, health status and other information. Today, as the importance of security is attracting more and more attention, small-sized, cost-effective system security solutions are about to usher in development opportunities with rapid market growth.

At present, the industry has provided a wealth of security chip solutions, and ADI provides security chips, security managers, security microcontrollers, etc. that support various security algorithms. In addition to the previously mentioned ChipDNA-based PUF features that enable unique physical properties to encrypt security functions, the 1-Wire® interface used in these solutions provides unique size and design advantages. Commonly used security chips in the industry support I ² C or SPI. The main difference of ADI’s unique 1- Wire interface is fewer connection contacts and the resulting difference in size, system resources and cost: I ² C requires four connection contacts Points, SPI requires 5 connection contacts, 1- Wire only requires two connection contacts: GND and 1 -Wire communication line between the host and the accessory .

“Fewer connection contacts result in higher electrical reliability, simpler mechanical design, and lower cost ESD/EMC for host port connection protection. 1-Wire products offer memory, mixed-signal, and safety-certified capabilities The combination is completed through a single-contact serial interface," Liu Wuguang pointed out. According to reports, the 1- Wire protocol uses a quasi-synchronous method to transmit data, using a low-level signal of a certain width as the clock signal for data transmission. It has better anti-noise capabilities, more reliable communication quality, and longer communication distance (> 100m). In addition, the 1 -Wire interface supports a master-slave network structure, allowing multiple external accessories to share the same host 1- Wire interface, further reducing the cost of ESD/EMC protection on the host side.

"For large-volume application scenarios and mainly for the embedded application market, size and cost are very sensitive considerations. The security chip based on 1- Wire is well optimized in solution size and cost . ." Liu Wuguang said. For different system needs, 1- Wire 's security chips, security managers, security microcontrollers and various module solutions provide differentiated solutions, with costs ranging from a few US dollars to less than one US dollar, which can meet the different product needs of customers. "For example, for software IP protection and accessory authentication, the cost of security processor-based implementation may be unacceptable to many customers. Without processor resources, our security chip can implement a more cost-effective authentication solution." Liu Takemitsu emphasized.

As security requirements continue to penetrate into every aspect of electronic system design, manufacturers and circuit designers are facing unprecedented challenges. Products based on 1-Wire provide memory, mixed-signal and security authentication function combinations and clever implementation, providing highly competitive advantages. Certification not only protects the program code, but also helps reduce production costs by using secure software function settings on public hardware platforms. The data security of some solutions can even enable remote configuration modifications, saving valuable time for technicians. In the face of endless security standards and the need to obtain relevant product certifications, this more optimized security solution helps manufacturers overcome cost and technical challenges to embrace the opportunities of rapid market growth.

View previous content↓↓↓