In the most classic architecture for IoT objects, developers decide to build their device, from the SoC (System on Chip ) CPU upwards, add the needed peripherals and memory, design the I/O and, at the end of the process, add a Secure Element to benefit from its capacities in key storage, cryptography and more generally hardware-based security. Consequently, in the most classical architecture, the SoC device runs on its own CPU and calls functions from the SE when needed. With the latest version of its Secure Element IP TESIC, Tiempo brings a revolution in this world, by introducing a new paradigm: the Secure Element should be the Master and the core CPU the Slave.
The SoC CPU is generally a large and complex processor that performs various functions and supports several I/O protocols, which can run an open operating software that may be subject to security issues, many reasons why it can only be deemed an untrusted environment. On the contrary, a Secure Element is a secure architecture, already used in billions of SIM cards and banking cards daily. It has limited and controlled I/O, a limited and protected memory and implements physical security features; as such, it constitutes a secure environment, which can be certified to the highest levels of Common Criteria.
By allowing the Secure Element to take control of the CPU, it is obvious that the level of security of the whole system significantly increases. In this new paradigm where the master in the system is the Secure Element and the CPU is dependent on it, a full array of new possibilities emerge: the secure element can control the access to the external Flash memory, it can control the boot of the CPU and reboot it with a fresh program whenever necessary, and it allows for secure debug processes.
A hardware Secure Element in itself has control over its I/O, and can be the only processor able to access a secure area of the Flash memory; this constitutes a means to ensure this storage is secure and will not be attacked by unauthorized access agents or used for malware. This way the protected Flash memory can be used to store a recovery image of the SoC software that will be reloaded in case of an attack on the SoC. Consequently, when the Secure Element controls access to the Flash memory in the system, it can guarantee that the device cannot be subject to a ransomware attack, for instance.
The Secure Element, when used as a master, fully handles the boot process. The Secure Element is the first to boot when the device is started, and is in a position to control the CPU boot. In such a case, the Secure Element reads the software image from the Flash and fills the CPU RAM, then it resets the CPU that boots on the latest content of the RAM: controlled software.
Similarly, debug is made more secure as the Secure Element controls whether the debug tool is authorized to access the CPU. Only in this case, debug can take place, thus defeating any unauthenticated intrusion attempt.
Like the other IP cores of the TESIC family, this new Secure Element IP core can be easily integrated by a SoC developer. Behaving as a master and able to take control of the CPU, it allows to significantly increase the level of security of the SoC.
Sébastien Riou, application manager at Tiempo Secure, declares “Large fleet of connected objects make juicy targets for ransom seekers. A SoC with a master Secure Element gives the means to recover control of your fleet, remotely, in a matter of minutes.”
This new version of TESIC has been partly developed by Tiempo Secure in the context of the iMRC project, having the support of the Grand Cybersecurity Challenge sponsored by the French government.