Boost MCU security AND performance with hardware accelerated crypto

In this Product How-To article, TI’s Carlos Betancourt and Greg Turner describe how the hardware accelerated cryptography modules built in to the company’s ARM-based Sitara processor family can be used to accelerate compute-intensive cryptographic algorithms and offload those tasks from the ARM core which can then devote the additional headroom to performance of real-time deterministic control functions.

In 2010, an estimated 8.6 million households had at least one person who experienced identity theft victimization, according to the Bureau of Justice Statistics. The list of security risks continues to grow when adding hacking, phishing, malware and viruses. In today’s hyper-connected world, the opportunities to be victimized by a scam or theft are a mouse click or a tap on a touch screen away. Important personal and confidential information is placed on the Internet and sent across wireless connections constantly by millions of people every day.

From personal computers to wireless mobile devices and even embedded processors deployed in a myriad of end user applications such as industrial controls, residential automation and home entertainment centers, technology has enhanced user experiences. It has also heightened the issue of security.

Failing to incorporate the proper security measures into a new product can cause its demise in the marketplace. Moreover, how security is implemented is often just as crucial to a product’s success. Many manufacturers utilize cryptography for security but the processing of complex cryptographic algorithms can be taxing for many processors, making the device or system seem unresponsive and sluggish.

Manufacturers must manage the tradeoffs: How to deploy the level of security needed to reassure users without slowing down the device to the point where the user experience is affected?

Many of manufactures have opted to move the cryptographic processing to their product’s hardware. Accelerating cryptographic processing in hardware instead of performing these algorithms entirely in software ensures that security measures do not get in the way of an engaging and satisfying user experience.

Cryptography basics

On the most basic level, cryptography is concerned with encoding or encrypting communications to keep the meaning hidden from everyone except those who are authorized of decoding or decrypting it. As such, cryptography involves a set of communication protocols often based on higher order mathematics. On one side of a communication channel, data is encrypted before it is transmitted. The receiving end will possess the decrypting algorithms so the data can be transformed back into a readily understandable form .

In symmetric-key cryptography, for instance, both the sender and the receiver have the same key, referred to as “private” key, which is used for encrypting and decrypting a message (Figure 1 below). This private key must be kept secret to prevent others from being able to decrypt the message. The term “symmetric” is used because both ends use the same exact key. The problem with this scheme is delivering the private key to the receiver securely.

on image to enlarge.

Figure 1 – Symmetric Key Cryptography [1].

Asymmetric-key cryptography, on the other hand, uses a pair of keys that are mathematically related in such a way that information can be encrypted with a key and decrypted with the other. However, one key cannot be created from the other. The key pair consists of a private key that must be kept secret and a “public” key that can be distributed widely.

There are two main uses of asymmetric key cryptography, Encryption (Figure 2 below, top) and Authentication (Figure 2, below, bottom). With public encryption a message can be encrypted with a public key and transmitted over to the owner of the private key. Only the holder of the private key will be able to decrypt the original message. Authentication can be achieved by encrypting a message with a sender’s private key.

Receivers who possess the corresponding sender’s public key will be able to decrypt the message and therefore know that the message is authentic because only the owner of the private key could have encrypted. Encryption and Authentication can even be combined. The sender can encrypt a message first with the receiver’s public key and then with the sender’s private key.

on image to enlarge.

on image to enlarge.

Figure 2 – Asymmetric Key Encryption (top) and Decryption (bottom)[1].

The receiver will use the sender’s public key to authenticate the message first, and then the receiver’s private key to decrypt the message. It is worth mentioning that public keys can be verified by a trusted third party to assure the user of the key that it is from the intended owner. A verified public key is called a “certificate.” Verisign is the best known certificate authority.