The number of IoT devices has steadily
outgrown the number of humans living on this planet and is expected to keep
increasing.
This same trend is true for the proliferation of interconnected electronic
devices within today's industrial IoT (IIoT) systems. Digitization,
ever-growing IIoT and use of operational technology across nearly every
sector helps improve efficiencies and reduce costs – but it comes at the
expense of increased threat potential. The repercussions of attacks can
threaten our environment, risk worker safety and
financially impact organizations.
Modern industrial systems are incredibly complex, and identifying the security
requirements for a given product can be daunting, to say the least. To help
ease the task of pinpointing security requirements, NXP
defined a comprehensive set of security definitions in a structured, simplified framework. We call these ‘security primitives’ that you can use to find suitable products or related security
standards based on use cases or high-level ideas of security requirements.
Here’s a typical example to illustrate how you can use the security
primitives. Let’s say you’re designing an access control system for a smart
commercial building. It generates, stores and transmits sensitive data about
its occupants and their comings and goings and it requires a microcontroller
that can protect the data handled at various stages of its use. Moreover, you
want it to protect against hacks of the system software.
With increasing connected devices across industrial environments,
determining the right security is crucial.
Using the security primitives, you can quickly identify the first requirement:
both the long-term data storage and short-term memory needs to be protected
when data on the microcontroller is stored or processed. This is covered by
the “secure (encrypted) storage” primitive.
The second requirement of prevention of software hacking corresponds to the
integrity and authenticity of the system software and can be linked to the
“root of trust” primitive. The root of trust security property relates to the
initial root of trust on the platform that is established during the
manufacturing process and is the foundation for the device commissioning. This
might be achieved, for instance, by manufacturing the IIoT device inside
trusted manufacturing facilities, or, if available, by using pre-provisioned
secure elements in a zero-trust environment.
Learn more about security primitives.
Discover common vocabulary for
security requirements
in industrial and IoT.
Providing the translation from these high-level descriptions of security
requirements to the corresponding security primitives is a first step to
identify an NXP product that has the necessary security features to meet the
requirements of the customer. This security mapping enables NXP to quickly
identify which platforms and products are ideally suited for this use-case:
for example, the
i.MX RT1170
crossover MCU family is selected as a potential solution for this customer.
Specifically, for secure storage, the i.MX RT1170 has secure non-volatile
storage including tamper protection. Moreover, there is support for secure
memory. The root of trust on the i.MX RT1170 is enabled by high assurance
boot. With this secure boot process, the boot image is validated and the i.MX
RT1170 can attest to a secure authentic state: in other words it can detect
any modifications made to the software.
NXP’s security definitions serve as an entry point for gathering security
functional requirements and process requirements for a particular use case.
Hence, the
security primitives
are a good starting point to help you map your security requirements to
products in a structured way in order to find the best security solutions for
your needs.