Presto to demo IoT chip security at Embedded World
February 15, 2018
At this month’s Embedded World in Nuremberg, California-based Presto Engineering will be demonstrating a manufacturing and test service that is tailored to ensure IoT chips are made to high standards of security.
The recent Meltdown and Spectre problems have highlighted the vulnerability of computer chips to hacking that can, at least, be addressed through software patches. However, another area that is increasingly a target for hackers is IoT where each node in an IoT network can provide an entry point to a company's corporate systems, in a similar manner to the way that home security cameras, robot vacuum cleaners and so on have been hacked.
"According to analysts, there are already billions of IoT chips in use," said Martin Kingdon, Presto's VP of sales. "This figure is predicted to grow exponentially, driven by the ability of IoT to monitor and provide hard data on which actions can be taken, such as scheduling pre-emptive maintenance before a failure can happen. But the rush to design and make IoT chips has often meant that security has been overlooked, or not included, in the drive to a lower price. This is false economy as these chips can be vulnerable to hacking giving access to confidential data streams."
IoT devices' connection to the internet provides a potentially vulnerable route for hackers. The chip should have two levels of security built into the design of the asic itself to stop unauthorised access. The first is cryptography to protect communications and maintain the confidentiality and integrity of data as they move across the network. The second is authentication to verify that only authorised computers or people have access.
Turning the design into a chip requires a secure manufacturing supply chain. Presto can manage the entire chip manufacturing and testing process to make chips with levels of security right up to that needed for banking standards, including the secure provisioning of the cryptographic keys.
The latter ensures that processors will only execute code and updates identified with the correct secret keys. Handling these securely in the manufacturing supply chain is vital to an effective security strategy and is covered by the Common Criteria for Information Technology Security Evaluation standards. These range from the basic Evaluation Assurance levels one to seven for government and military, with level five being typical for banks, payment systems and other highly demanding commercial application.
Presto already has experience in mass-producing secure chips that are used in chip-and-pin banking cards. Its facility at Meyreuil, France, near Aix-en-Provence, and its facilities in Asia produce more than 70 million chips a year. As an experienced, certified provider of secure chips, Presto can provide products from small volumes in Europe to very large production runs in its secure facilities in Taiwan and Thailand.
This combines with Presto's IoT device expertise in mixed signal, package design, low power techniques, test and qualification to ensure right-first-time chips that can reduce time to market, costs and risks.