Embedded cybersecurity for wearables, sensors, and machines

In the wake of the digitalization revolution, small, embedded devices with various forms of wireless connectivity have been integrated into consumer products, infrastructure, and manufacturing machines, or have given rise to new concepts altogether, such as personal wearable devices. The potential of this paradigm, sometimes called the Internet of Things (IoT), is enormous: the collected data can produce valuable insights, support informed decisions, enable timely action, and sometimes even carry out the action.

However, with their connectivity and inclusion in large-scale applications, these devices also become exposed to cyberattacks. Security in the IoT is especially precarious due to a tension between the low cost and constrained features of the devices on one hand and the potentially hostile environment in which the devices are deployed on the other, with attacks and vulnerabilities having been documented. Designing and implementing an effective cybersecurity concept for an embedded device thus needs to consider all possible attack vectors and be driven by the threat landscape specific to the given application.

The EncryptFlow, a technology for end-to-end data encryption with built-in, granular data sharing and audit trails, is particularly relevant to medical data.

As the main driver of technological progress and economic growth in the modern digital economy, data generates value by being transformed into insights, applications, and services. But this potential often remains undeveloped because factors such as a data ownership mindset or the limitations of current data management systems split data into silos. This isn’t helped by the fact that a regulatory framework on data sharing is still under construction. 

Responding to this, CSEM has designed a unique technology called EncryptFlow. It integrates end-to-end data encryption and transparent data sharing, enabling a data owner to retain fine-grained control over who gets what access. EncryptFlow is also designed and optimized to scale up to IoT proportions. The full interaction in a transaction is automatically embedded in a signed, sequential, and non-repudiable audit trail, available to both parties in the exchange.

EncryptFlow is compatible with data generation in resource-constrained devices, with the data encryption module taking up less than 10kB of ROM and requiring 2kB of RAM in total. At the same time, a compact key manager can provision (hundreds of) thousands of such data encryption modules with initial keys and subsequent reconstruct decryption keys. Combined with cryptography, EncryptFlow ensures integrity of both the data being shared and the full exchange. Thanks to portable microledgers, the technology can be used on its own, or integrated with a distributed ledger or trusted execution environments for various tradeoffs between data protection guarantees, overhead, and portability.

CSEM’s proposed solution is a low-footprint Trusted Anchor (TAn) (hard macro and associated firmware) offering state-of-the-art cryptographic accelerators designed to resist low-skilled to medium-level attacks (e.g., AVA_VAN2/3) throughout the lifespan of a typical low-cost IoT solution.

Our RISC-V-based TAn primarily targets applications where resources are scarce, such that conventional defenses against power analysis and other side channel attacks would be prohibitively costly, delivering more aggressive, yet well-analyzed cost-security trade-offs.

The TAn is designed to be future-proof from the ground up. This includes acceleration of Post-Quantum secure cryptography and, and, unlike conventional secure elements, fully embraces the support of both firmware updates and partial hardware reconfiguration, in alignment with the paradigm of crypto-agility. As a result, our TAn embeds the necessary tools to secure IoT solutions over a long life span (≥ 20 years). We would love to hear your thoughts!

To support PQC transition in legacy systems and COTS platforms, a software variant of the TAn relying on platform SW isolation features, such as ARM TrustZoneM, is being developed as well. It packs all the essential features of post-quantum-security and crypto-agility but lacks the low-overhead side-channel defenses, the acceleration capabilities, and enhanced isolation of the hardware-base TAn incarnation.