Addressing IoT chip security with secure manufacture and test

February 08, 2018 // By Jean-Pierre Joosting
The recent Meltdown and Spectre problems have highlighted the vulnerability of computer chips to hacking that can, at least, be addressed through software patches. However, another area that is increasingly a target for hackers is IoT where each node in an IoT network can provide an entry point to a company's corporate systems, in a similar manner to the way that home security cameras, robot vacuum cleaners, and so on have been hacked. Presto Engineering is offering a comprehensive manufacturing and test service that is tailored to ensure IoT chips are made to high standards of security.

IoT devices' connection to the Internet provides a potentially vulnerable route for hackers. The chip should have two levels of security built into the design of the ASIC itself to stop unauthorised access. The first is Cryptography to protect communication and maintain the confidentiality and integrity of data as it moves across the network. The second is Authentication to verify that only authorised computers or people have access.

Turning the design into a chip requires a highly secure manufacturing supply chain. Presto can manage the entire chip manufacturing and testing process to make chips with levels of security right up to that needed for banking standards, including the secure provisioning of the cryptographic keys.  The latter ensures that processors will only execute code and updates identified with the correct secret keys.  Handling these securely in the manufacturing supply chain is vital to an effective security strategy and is covered by the Common Criteria for Information Technology Security Evaluation standards.  These range from the basic Evaluation Assurance Level 1 to Level 7 for government and military, with Level 5 being typical for banks, payment systems, and other highly demanding commercial application.

See also: Forrester sees IoT reshaping businesses in 2018

"According to analysts, there are already billions of IoT chips in use," said Martin Kingdon, Presto's VP of Sales. "This figure is predicted to grow exponentially, driven by the ability of IoT to monitor and provide hard data on which actions can be taken, such as scheduling pre-emptive maintenance before a failure can happen.  But the rush to design and make IoT chips has often meant that security has been overlooked, or not included, in the drive to a lower price. This is false economy as these chips can be vulnerable to hacking giving access to confidential data streams."

Presto Engineering's extensive test and qualification facilities.