Design a Microcontroller With Security In Mind

There are many parts to building a secure networked device, and the entire industry is still learning how to do it right. Resources are especially constrained for low-cost microcontroller devices. Would it be easier to build more secure devices if microcontrollers had security hardware built-in? That is the investigation of Project Sopris by Microsoft Research.

The researchers customized the MediaTek MT7687, a chip roughly comparable to the hacker darling ESP32. The most significant addition was a security subsystem. It performs tasks notoriously difficult to do correctly in software, such as random number generation and security key storage. It forms the core of what they called the “hardware-based secure root of trust.”

Doing these tasks in a security-specific module solves many problems. If a key is not stored in memory, a memory dump can’t compromise what isn’t there. Performing encryption/decryption in task-specific hardware makes it more difficult to execute successful side-channel attacks against them. Keeping things small keeps the cost down and also eases verifying correctness of the code.

But the security module can also be viewed from a less-favorable perspective. Its description resembles a scaled-down version of the Trusted Platform Module. As a self-contained module running its own code, it resembles the Intel Management Engine, which is currently under close scrutiny.

Will we welcome Project Sopris as a time-saving toolkit for building secure networked devices? Or will we become suspicious of hidden vulnerabilities? The researchers could open-source their work to ease these concerns, but value of their work will ultimately depend on the fast-moving field of networked device security.

Do you know of other efforts to add hardware-assisted security to microcontrollers? Comment below or let us know via the tip line!

[via Wired]

Image of Mount Sopris, namesake of the project, by [Hogs555] (CC-BY 4.0)


Remote PC Power Control Thwarts Button Pushers

Pervasive connectivity is a mixed blessing at best, especially when it creates the expectation that we’ll always have access to everything we need. When what you need is on your work or home PC, there are plenty of options for remotely accessing files using your phone. But if your roomie or the cleaning crew powers the machine down, you’ve got a problem – unless you’ve got a way to remotely power the machine back up.

[Ahmad Khattab]’s hack required getting up close and personal with his PC’s motherboard. A Particle Photon steals power from the always-on 3.3 volt line of the vacant Trusted Platform Module connector on his machine. Outputs from the Photon are connected to the motherboard’s power switch connection and a smartphone app drives the outputs and turns the machine on and off. As [Ahmad] admits, there are plenty of ways to attack this problem, including Wake-on-LAN. But there’s something to be said for the hardware approach, especially when a Photon can be had for $20.

Astute readers will note that we recently covered a very similar project using a Particle Core. Be sure to check that one out for a little more detail on using Particle’s cloud, and for some ideas on powering the module if your motherboard lacks a TPM port. In the meantime, enjoy [Ahmad]’s video.

Continue reading “Remote PC Power Control Thwarts Button Pushers”

TPM crytography cracked

Trusted Platform Module based cryptography protects your secrets as well as your government’s secrets.  Well, it used to. [Christopher Tarnovsky] figured out how to defeat the hardware by spying on its communications. This requires physical access so it’s not quite as bad as it sounds, but this does reach beyond TPM to many of the security chips made by Infineon.  This includes peripheral security chips for Xbox 360 and some chips used in cell phones and satellite TV.

[Christopher] revealed his hack during his presentation at Black Hat 2010. The method is wicked-hard, involving removal of the chip’s case and top layer, then tapping into a data bus to get at unencrypted data. The chip still has some tricks up its sleeve and includes firmware traps that keep a look out for this type of attack, shutting down if it’s detected. Infineon commented that they knew this was possible but regard it as a low threat due to the high skill level necessary for success.

[Thanks Greg]