Big names in the semiconductor world announced more secure hardware Tuesday, while another outlined a framework it wants to offer startups to help bolster security when it comes to building connected devices. Both NXP and Atmel released new security-rich microcontrollers that come equipped with some security features built in that could take some serious spec sheets to compare and contrast.
However, it’s clear from the announcements at the Embedded World Conference in Germany that when it comes to connected devices, the microcontrollers will have more features built into them to support encryption and other features more familiar from higher-end processor cores such as random number generators on the chip and secure booting. In the case of the NXP devices they can be combined with additional hardware to prevent physical tampering for use in connected products such as smart electricity meters or even parking meters.
The emphasis on security at the hardware level is becoming more important as microcontrollers are becoming the brains of connected products, according to Jim Trent, VP & GM of the Microcontroller Business at NXP (pictured above). As more aspects of our medical devices, our cars and even industrial automation become connected to the internet and even to corporate intranets that might be breached, securing those devices becomes essential.
Of course all of this may well be useless if, once you pop that chip into your system, you run insecure hardware on it or hook it into a poorly designed system. This is where Freescale’s efforts come into play. Many of its microcontrollers offer some comparable levels of security already, but John Dixon, director of marketing at Freescale, outlined what it believes is the next step for getting its customers to think about security.
“When a customer comes to you asking if you have a Zigbee chip, we want to also be able to have a conversation about security,” said Dixon. To kickstart that conversation Freescale is teaming up with the Embedded Microprocessor Benchmarking Consortium (EEMBC) to identify critical embedded security gaps and establish guidelines that help connected device designers and manufacturers better secure IoT transactions and products. The founding members of this effort will share their result in the early summer.
Dixon explained that the idea here isn’t to create another standard or some long security document that will overwhelm anyone trying to build a product, but to create a framework that will help start a real conversation and start people thinking about how to design secure products. Freescale is also establishing security labs around the world in its Austin, Texas headquarters and in its other locations where customers and partners can collaborate on workshops and research. And finally, it will put its money where its mouth is by allocating 10 percent of its annual R&D budget to IoT security technologies. This year that budget was about $100 million.
As we said on this week’s podcast, security is becoming a huge issue that the people building connected products need to solve if we’re going to start trusting these devices to help drive our cars, manage our traffic and medicate our family members. We tend to talk about security as a monolithic thing that you either have or you don’t have, but as these chip firms show, it’s actually a series of steps that need to be taken and considered over every step of the product and then over every day of the product’s existence.
These products and efforts will help, but until the manufacturers of connected devices realize that security isn’t an item they can tick of a checklist, but rather it’s a mindset that someone must think about daily over the lifetime of the device, we’re still going to have stories about hacked cars, electric meters and everything else. But it’s good to start someplace.