TI’s embedded security toolbox helps address the emerging threats of an increasingly connected and complex world.
TI offers security enablers to help developers implement their security measures to protect their assets (data, code, identity and keys).
How do developers achieve their desired level of security in connected devices? Assess the risks and threats, and discover how to implement security in your system.
E-book: Building your application with security in mind
Security is paramount in our increasingly connected and complex world. Security and cybersecurity have become a top concern. The need for designers to improve security from end-point to end-point is increasing. A thorough evaluation of the risks, as well as selection of appropriate measures is necessary in order to protect targeted applications. In this context, the question arises: how do developers achieve their desired level of security in connected devices? This e-book presents the main security enablers TI offers to assist in meeting the designers’ security objectives.
Video: Introduction to TI’s security framework
See how TI’s security toolbox helps address the emerging threats of an increasingly connected and complex world.
TI embedded security enablers
Assessing security should start with three fundamental questions:
- What is being protected? (Asset)
- Who or what are we protecting against? (Threat and threat probability)
- What is the attack surface? (Exposure points and threat probability)
Understanding the targeted application, a risk assessment will identify the security measure(s) that can be implemented in the system and are adequate to mitigating threats. Once the security measures are identified, determine the security enabler(s) needed.
How can you achieve your latency or throughput performance while maintaining your keys/data/code security?
You can leverage the efficiency of dedicated hardware to implement your cryptographic objectives. It can be provided as hardware or as ROM, such as Advanced Encryption Standard (AES) tables. In some cases, the device does not provide cryptographic acceleration, but TI provides generic software C libraries.
Can somebody use a debugger probe to read out your assets?
You can lock out debugging ports. Some devices will provide various options such as permanent locks, or you can create a password/credential per device to allow reopening of the debugging port.
How can you identify and authenticate the identity of your device to the network?
You can evaluate and elect to use an identity that TI stores in the devices. It may have the form of a unique ID (UID) and optionally a signature (certificate) key whose public key is easily shareable with a cloud service, for example.
External Memory Protection
You want to expand your application with off-chip flash or double-data-rate (DDR) memory. How do you make sure that only
Quad SPI (QSPI)/external memory interface (EMIF) with execute-in-place provides an easy way to expand your application. The capability to decrypt/authenticate on the fly can assist you in protecting confidentiality/authenticity while allowing only your application to run on the CPU.
Initial Secure Programming (Overbuild Protection Plus Counterfeiting)
You want to program your chip in an untrusted environment (such as a foreign manufacturing facility). How can you ensure that your application/keys are not altered, stolen or replaced?
TI provides a methodology that you can evaluate and elect to use to strengthen the confidentiality, integrity and authenticity of initial firmware or keys programmed in an untrusted facility or during the first boot of the application.
How can you get optimal performance while connecting to the network with known protocols?
You can use networking protocol accelerators for Internet Protocol security (IPsec), Transport Layer Security (TLS), or dedicated hardware and firmware to these protocols (A firmware denotes a piece of software in ROM or a piece of software that TI programs at manufacturing).
If somebody has physical access to your application, can they open the package or use the power supply to get access to your assets?
Removing the package and measuring the answer time or power consumed by a protocol request are powerful attacks that anyone with access to the device can use. TI provides various hardware and software features to help you thwart these types of attacks
Your application runs off an external flash. How can you make sure that only your software runs on your devices?
Methodologies can help secure the boot process by preventing the loading of software (bootloaders, drivers, operating systems, applications) not signed with an acceptable digital signature.
Secure Firmware and Software Update
How can you update your application remotely and securely? Nobody should be able to spy, impersonate or replay your updates.
You can encrypt and sign the updated image for part or all of the application to help mitigate against efforts to spy, impersonate or replay your firmware updates. TI provides various product-dependent features such as over-the-air updates (OTA) while the application is running, hot swap and load for external flash.
If somebody tampers with your device or finds a software weakness to exploit, are your critical keys and data secure?
Keys and data are stored in a part of the memory that is isolated from the rest of the code and data. TI provides various security features ranging from encrypted blob of keys, anti-tamper modules with master keys, and a private key bus between the nonvolatile memory and the cryptographic accelerators.
Software Intellectual Property (IP) Protection
Your software IP (code) represents a significant investment that you’d like to protect. Can you protect its confidentiality during different parts of your product’s life cycle?
Firewalls, IP protection zones/regions, encryption and debugging lockout of part or all of the application are some of the security features that TI provides to help you address these types of concerns.
Trusted Execution Environment (TEE)
Now that you have developed, audited and/or certified your application, how can you make sure that vulnerability in another application running on the same central processing unit (CPU) cannot be exploited to attack your assets: keys, data and code?
A TEE enables you to isolate your application (keys/data/code) at run time from other applications, helping you reduce the risk of security vulnerabilities in other parts of the software. A TEE can either be a physically separated MCU or a virtually isolated processing unit
Find a product
|Portfolio: Learn about the security offering||TI Security Enabler (device feature example)|
|MSP430™ ultra-low power MCUs|
|C2000™ real-time control MCUs|
|SimpleLink™ MSP432™ MCUs|
|SimpleLink™ Sub-1 GHz Wireless MCUs|
|SimpleLink™ Bluetooth low energy Wireless MCUs|
|SimpleLink™ Wi-Fi® Wireless MCUs|