FRAM-based MCUs Bring Advanced Security to Low-Power Applications



Security is becoming increasingly important in a wide range of applications including smartphone accessories, smart metering, personal health monitoring, remote controls and access systems. To protect revenue and customer privacy, OEMs need to employ secure technology that increases the difficulty of hacking systems. For many of these applications, millions of devices will be deployed. The challenge for engineers will be to implement the right balance of security without substantially impacting system cost or reliability. Key considerations include protecting the transmission of sensitive data, preventing application code and security data from being read off the MCU, protecting the MCU from physical attacks, maximizing power efficiency and enabling secure updates so devices can evolve to address future threats.

Secure devices need to be able to safely store sensitive information as effectively as a bank vault. Such information includes the actual data to be exchanged, such as the credit card number of a customer or a log of the amount of electricity used and when, as well as any cryptographic data used to secure the communication channel, including secret keys and passwords.

To enable developers to bring advanced security to low-power applications, new low-power microprocessors (MCUs) integrate the performance and features required to lower cost and power consumption for secure applications. They also use non-volatile FRAM instead of EEPROM or Flash to provide a robust, unified memory architecture to simplify the design of secure systems.

The FRAM advantage
FRAM offers superior retention and endurance compared to traditional Flash-based systems. With Flash, data is stored as charged states of transistors (i.e., ON or OFF). To write to Flash, the appropriate block must first be erased and then written to. This process is physically destructive to the Flash and eventually results in the inability of transistors to reliably hold a charge.

To ensure the maximum life of Flash, techniques such as wear-leveling that spread usage across blocks evenly to avoid premature wearing of certain often-used blocks are typically employed. Further complicating the process of assessing the reliability of a Flash-based system is that the endurance specifications for Flash represent the average failure rate; each particular block may offer less or greater endurance. Retention reliability also degrades as endurance limits are approached because retention is a statistic depending on the wear of each memory element.

121105_lps_1
Figure 1: Model of an FRAM PZT molecule

FRAM, in contrast, stores data as a polarization state of molecules. Because this process is non-destructive, FRAM has nearly infinite retention and endurance. For an application such as a mobile payment system that needs to be able to perform 20,000 to 40,000 transactions over the life of the device, FRAM eliminates endurance and reliability concerns.

The high endurance of FRAM can also impact security in certain applications. For example, to increase communications security, a new key could be generated for each new transmission. Such an approach must consider the endurance of Flash and EEPROM. With FRAM, there are no memory endurance concerns about how often keys change.

Calibration
In addition to preventing unauthorized reading and writing of application data and cryptographic keys, systems must protect against malevolent manipulation of parameters to gain access to sensitive information as well as against invasive attacks against the physical MCU itself. MCUs are vulnerable to a variety of attacks to extract data, application code or secure keys stored in memory.

In many cases, the goal of an attack on an MCU is to alter data stored on the device. For example, the usage data on an automatic utility meter can be modified to show lower than actual usage to result in a reduced monthly bill. In general, rather than attempt to modify the data that is collected, hackers will attempt to alter the application code itself. To achieve this, they need to be able to first obtain an image of the application code to reverse engineer and then overlay a modified version successfully within the system.

121105_lps_2
Figure 2: The TI MSP430FR59xx MCU is based on the ultra-low-power “Wolverine” technology platform and uses non-volatile FRAM instead of EEPROM or Flash to provide a robust, unified memory architecture to simplify the design of secure systems

There are numerous methods that have been developed to force systems to expose confidential information or even their application code. For example, fault attacks can induce faulty operation by placing systems in an unpredictable state where they may output security keys or blocks of application code. Alternatively, hackers may attack a system physically, either by taking an MCU apart or inducing faults using optical means. Note that not all of the following attack scenarios apply to all applications. The likelihood of a particular attack being appropriate depends upon the application and the value of the data at risk.

  • Mechanical probing: Although it is difficult to mechanically probe EEPROM, it is possible to do so through the backside of the IC in a manner that does not destroy the floating gate or disrupt data in bit cells. The polarization state of FRAM, in contrast, can only be detected if the circuit is intact.
  • Power analysis: Spectral Power Analysis (SPA) and Dynamic Power Analysis (DPA) are specialized techniques where the electromagnetic emissions or power usage of an MCU is measured to create a profile that can be used to determine what the MCU is doing internally. EEPROM and Flash require a charge pump operating at 10 to 14 V, which makes them relatively easy to detect. The extremely fast read and write speed of FRAM (less than 50 ns and 200 ns respectively), as well as its lower operating voltage (1.5 V) make it much more difficult to successfully mount an SPA- or DPA-based attack against.
  • Microscopy: The use of Atomic Force Microscopy (AFM) or Scanning Kelvin Probe Microscopy (SKPM) has been shown to be able to detect charge levels of the floating gate in an EEPROM after backside deprocessing so that data stored in memory locations or being transmitted on data lines can be recorded.
  • Voltage manipulation: This type of attack has been used on EEPROM and Flash devices for several years, specifically for defeating phone cards. Effectively the input voltage to the device is manipulated outside the standard range to force-program bit cells. Note that it is difficult to provide brown-out and over-voltage protection circuitry that can operate longer than the time needed to complete programming of EEPROM bit cells. However, because of the fast read/write time for FRAM, it is possible to protect against voltage manipulation attacks.
  • Light manipulation: There is evidence that Optical Fault Induction attacks are possible on EEPROM bit cells to alter data values. As neither laser light nor UV radiation impact FRAM bit cells (ignoring the heat effect of intense light), FRAM-based devices are secure against these types of attacks.
  • Radiation: Bit flips in EEPROM can be caused by alpha particles. FRAM architecture has been shown to exhibit no effect from alpha particles and other radiation sources. In addition, given the ferroelectric nature of FRAM, they are not affected by magnetic fields either.
121105_lps_3
Figure 3: Summary table of susceptibility of FRAM vs. EEPROM

Countermeasures exist for many of these attacks to ensure the security of Flash and EEPROM ICs. However, these countermeasures are often expensive to implement compared to the practicality of an attack and the value of data being compromised on an individual device. In addition, these countermeasures can increase power requirements as well as introduce additional complexity to application design, thus potentially reducing overall system reliability. Therefore, with all of its inherent resilience to the different types of attacks, FRAM is more likely to have a positive impact in security applications than Flash or EEPROM by reducing design complexity and eliminating the overhead of implementing countermeasures.

The use of FRAM, with its fast signals and use of polarization states, also provides a strong level of protection for sensitive code and data compared to Flash or EEPROM. To further protect a system, FRAM memory blocks can be configured with different types of access rights: Read Only for constants such as fonts used for the LCD, Read and Write Only for variables, and Read and Execute Only for application code. The use of access rights not only increases application stability by preventing unintended misuse of memory, it protects against intentional attacks against the system.

FRAM memory management also provides another layer of memory security through IP encapsulation that allows developers to define protected memory segments and create functional separation of the application. Direct read/write access to a protected segment is allowed only by code execution within the same encapsulated segment. Thus, the only way code from an unprotected segment can access an encapsulated segment is by calling a function within the protected segment. Specifically, code handling security keys and data can be encapsulated so as to isolate it from the rest of the rest of the application. Thus, even if the application code was somehow corrupted, it could not be made to expose the secure parts of the system. In addition, external JTAG access is not allowed into protected segments. However, it is important to note that any design must include software settings such as secure gate entry and multiple checks in order to pass the standards for this type of security. This useful hardware feature can get you farther along, but it is not a foolproof plan.

121105_lps_4
Figure 4: The TI MSP430FR59xx MCU uses FRAM memory management to offer memory protection and IP encapsulation

Power
Portable applications that employ wireless connectivity need to be designed with power efficiency in mind. For example, an encrypted channel substantially increases transaction overhead through the handshaking and authentication processes used. This process increases the length of time a wireless radio is active, for example, but also how long the CPU is active. When a slow memory technology like Flash or EEPROM is in use, wireless updates can take on the order of seconds at a constant current of over 10 mA. The negative impact on battery life is prohibitive.

The efficiency of an integrated AES 256 cryptographic engine lets engineers introduce encryption capabilities that consume only 1/10th the energy previously required. In addition, the faster access and lower power requirements of FRAM consume approximately 250 times less power per bit to record data in its encrypted form before it is transmitted.

To put these numbers into perspective, consider a low-power device performing a wireless update. Because such devices require so little power, such an update might consume up to one month of battery life when using EEPROM or Flash. An equivalent system using FRAM would use less than ¼ day of battery life.

FRAM’s efficiency also impacts power and memory usage efficiency during standard operation. Flash and EEPROM must erase and program memory a block at a time. Thus, to change a single-bit system flag, an entire block of 256 Bytes must be read from Flash, the block erased and the block written back. With FRAM, developers have bit-level access to all of memory.

Finally, because of the read, erase, write sequence for EEPROM and Flash, developers must mirror data using redundant memory blocks to guarantee the integrity of data during a potential power loss. Write operations are guaranteed with FRAM through the use of an on-chip capacitor that ensures that there will be enough power to complete the current write operation. Because of the fast speed and lower current of FRAM writes, this capacitor can be small enough to be integrated on the MCU with no need for mirroring.

121105_lps_5
Figure 5: FRAM in the TI MSP430FR59xx MCU offers power-management benefits for wireless firmware updates

The higher power efficiency of FRAM can be used to support a longer battery life. Alternatively, since devices can store more data for less power than when using EEPROM or Flash, developers have the option of having larger data buffers or event logs. This enables devices to check in less frequently, thus reducing how often a radio or other power-hungry communications channel must be used.

Conclusion
Given the increasing connectivity of devices, integrating security in MCUs is becoming a common requirement. Through the ability to prevent, detect and respond to malevolent behavior outside a device’s expected realm of operation, OEMs can protect both their customers’ information as well as their own intellectual property by preventing exposure of data, protecting against application code from being overwritten and providing secure communication channels for the exchange of sensitive data.

The highly efficient architecture of FRAM-based MCUs integrate hardware that reduces software complexity to simplify secure system design without compromising data integrity or reliability, all while lowering power consumption. The result is the ability to cost effectively bring security to a whole new level of low-power applications.

 


borgeson_jacob

Jacob Borgeson is the FRAM product marketing manager for the MSP430™ MCU group at Texas Instruments and has been focused on microcontrollers and optimizing power consumption for five years.  He has previously authored articles discussing energy harvesting, low-power trends and wireless sensing and personal medical monitoring applications. Borgeson earned his BSEE and MBA from Texas Tech University.

Share and Enjoy:
  • Digg
  • Sphinn
  • del.icio.us
  • Facebook
  • Mixx
  • Google
  • TwitThis

Tags: ,