Wireless access control is only as strong as its weakest link, as Vivien Delport, Director of Applications EngineeringSecurity, Microcontroller and Technology Division and Cristian Toma, Applications Engineer of Microchip Technology Inc. explain.
One wireless security solution simply does not fit all applications and various factors need to be balanced, if designers are to find a system that offers adequate
protection at an affordable cost. The latest microcontrollers, featuring advanced security encryption algorithms, on-chip RF communication or low-power technology, together with dedicated RF ICs, can help designers to easily develop a complete, secure wireless system that offers the right balance of cost, size and functionality.
No wireless access-control device is unbreakable. It only takes time and money for crypto-attackers to find a way to break the device and read the protected information. By using a system-level approach to security, designers can develop a powerful arsenal with which to protect wireless access-control devices. Security is a system-wide issue and it is crucial for designers to consider the security of the mobile/transmitter and the base/receiver section of their design, as well as potential weaknesses in their hardware.
Unless the designer is totally familiar with different types of potential crypto-attacks such as plaintext, side-channel, differential crypto-analysis, meet-in-the-middle and slide attacks, choosing a security algorithm can be a difficult decision. Using a public algorithm such as the Data Encryption Standard (DES) encryption provides an encryption key of 56 bits, whilst the Advanced Encryption Standard (AES) can use either 128- or 256-bit keys. Designers may also choose to use a proprietary algorithm such as Microchip’s KEELOQ® technology, which combines a strong cryptographic algorithm with code-hopping technology. Code-hopping, or rolling code, provides an additional level of security by changing the cipher message each time it is transmitted to prevent the re-use of previously transmitted messages.
Unfortunately, higher security often means higher cost: The stronger the algorithm have more complex calculations and therefore need larger software memory. This typically requires a more expensive microcontroller which adds to the overall cost of the security solution and its complexity. Stronger algorithms also typically result in longer crypto messages that need to be transmitted. This will add longer time delays and also increase the power consumption when sending the radio packet over the air, because the packet takes more time to send. Longer data transmission is not always desirable and can negatively influence the field acceptance of the product.
Hiding the key
Effective key management is as important as the choice of security algorithm. Kerckhoff’s Principle states that “a security system should not rely on the security algorithm being secret but, rather, on the key being secret.” It is always safest to assume that both the encrypted message and the algorithm will eventually be known to the public, even if it is a proprietary algorithm.
System security should, therefore, never rely solely on the algorithm being secret, but also consider how the security encryption keys will be generated, exchanged, stored, safeguarded, used and replaced throughout the system to decipher or unscramble encrypted messages.
A critical element of any key-management scheme is that not all devices use the same secret key. This helps to increase overall system security, so that if a single mobile unit is compromised, it does not compromise the entire security system. The easiest way to implement this is to give each mobile unit its own unique secret code or encryption key.
One method often used to accomplish this is to serialise each unit with a unique number, and then base the calculation of the unique encryption keys on this serial number and a master manufacturer’s code. A receiver unit that needs to support multiple mobile units at the same time can then easily use the serial number to derive the encryption key needed to decipher information transmitted from that specific mobile device. Mobile-unit serialisation is typically carried out at time of production, either by pre-programming the embedded microcontroller with this information before placing it on the printed circuit board, or by using an In-Circuit Serial Programming interface (ICSP) to programme the microcontroller after board assembly.
It is essential to protect the encryption keys at all times, including during the manufacturing process, and especially if assembly is carried out by a third-party Contract Manufacturer (CM). It is preferable to provide the CM with pre-programmed code-protected microcontrollers than it is to try to secure their complete production flow against the illegal copying of encryption keys. Most microcontroller suppliers, such as Microchip, provide Serialised Quick Turnaround Programming options on all of their microcontrollers. By providing the manufacturer with device serialisation information, they can pre-programme both the application software and serialisation information into the microcontroller during production testing.
Another good way of protecting system security is to make regular changes rather than keeping the same security solution with the exact same security key information for prolonged time periods. Make changes to either the key-management scheme, the master-encryption code used to derive the unique encryption keys for each mobile unit, or even migrate to next-generation security algorithms as they become available. The downside to change is the loss of backward compatibility but this is a design trade-off that system designers need to evaluate. In these types of designs, an embedded microcontroller makes it easier to implement on-the-fly changes, without the need for a complete re-design and allowing the same hardware design to be used for different products.
Attacks on security systems go well beyond analysing the data and trying to perform mathematical attacks on the security system, they also include analysing the application circuit to see if hardware tampering allows access to the secured system. If the receiver’s output simply pulls a digital line high to activate a relay that presents an easy point of attack. Of course, this only works if an attacker can get physical access to the receiver units’ hardware while in use.
Another attack scheme involves analysing the mobile sender units from the physical component side. This involves analysing the actual circuit and applying specification voltages that signal the microcontroller, or current-starving the application to see if this allows the attacker to read the secured information stored inside the device’s non-volatile memory. There are also other invasive and non-invasive attack methods that try to break the code-protection locking mechanisms built into microcontrollers.
With cyber-attackers continually trying to devise new threats, component manufacturers are constantly adding more layers of physical obscurity to protect algorithm codes and keys stored in microcontrollers. It is always best to work closely with a microcontroller supplier to understand which devices incorporate the latest tamper-proof circuitry to protect the information stored inside the device.
The frequency used will depend mainly upon the application and regulations. For example, in the US, the Instrumental, Scientific and Medical (ISM) bands are 315 MHz and 915 MHz. whilst in Europe, the ISM bands are 433 MHz and 868MHz. The distance covered by the radio link is also subject to guidelines. A typical RKE application requires at least 20 meters and there can sometimes be a maximum distance requirement. In Japan, for example, the maximum covered range is just 5 meters due to stronger RF regulations. One of the most common mistakes is to focus on the maximum transmitter range and forget that the transmitter and receiver are equally important. Good antenna design can significantly improve the reception from a weak transmitter. The RF-modulation scheme and data rate also have a big impact on the reliability of the radio link. Frequency-modulated radio links are typically less subject to noise. However, such techniques add cost. A more advanced radio link adds cost both to the remote unit and to the the receiver. However, with today’s advancements in integrated RF transmitters, receivers and transceivers, these devices can be in the same price range as low-cost hybrid RF modules.
Designers must fully understand what they are trying to protect and then decide on which security solution to use, and this will affect total system cost in a number of ways. Using a microcontroller-based solution, instead of an ASIC-based design, adds flexibility. Microcontrollers allow designers to make changes simply by altering the software. This is also true if minor code changes are needed to support multiple countries’ regulations, using the same hardware design.
The latest microcontrollers allow easier development of wireless products while offering a high level of security through the use of software blocks that support most of the encryption algorithms in a high-level language, such as C. This significantly simplifies the development of a secure wireless application, which can easily be tailored to the rapidly changing consumer markets.
Some microcontrollers can reduce design complexity by integrating on-board wireless peripherals. Microchip’s rfPIC™ microcontrollers, for example, integrate UHF wireless transmitters for low-power RF applications, whilst supporting space-constrained applications with a small package outline and a low external component count. Other microcontrollers, such as PIC® microcontrollers with eXtreme Low Power (XLP) technology, are optimised for low-power applications. The XLP PIC® devices feature sleep currents down to 20 nA and provide compatibility with a dedicated RF modules for IEEE 802.11 (WiFi) or IEEE 802.15.4 (ZigBee) as well as transceivers and receivers for ISM-band applications.
Another significant industry advancement that allows shorter time-to-market is a wide selection of integrated RF transmitters receivers, or transceivers. These devices help to reduce the complexity of RF design by integrating most of the RF circuitry needed into a single chip. The next-generation RF ICs only need a few basic external components to enable the full implementation of a high-performance RF wireless implementation. These devices also typically have an SPI-type interface for an easy connection to a microcontroller which configures the RF radio to the appropriate settings and sends/receives the demodulated data packets.
The complexity of designing low-cost, secure wireless solutions has been significantly simplified with recent advancements in microcontrollers, RF ICs and compact security algorithms. However, wireless design still requires a strong understanding of the latest attack methods used to break security systems. Finding the right counter-measures at an affordable price point is only possible if the system design engineer takes a system-wide approach to security. With such a wide range of component and technology choices, designers should not simply look for specific security features on a device datasheet but engage in a detailed discussion of all of their design options with their microcontroller supplier.