The IAR Embedded Secure IP system
Embedded Secure IP (eSecIP) is a security development and provisioning system for embedded hardware devices, for example microcontrollers and microprocessors, for commercial products in late-stage or complete development. The eSecIP system obfuscates sensitive information and prevents it from cloning, tampering, and theft during transport; this feature is called Secure IP Transport. The obfuscation uses device-specific information and the sensitive information can only be de-obfuscated on the device on which it was provisioned. The eSecIP system encryption also prevents unauthorized production and overproduction of the device.
The process of using Embedded Secure IP to obfuscate sensitive information for a product starts with creating a Product Package (PPKG). The PPKG is created by the Original Equipment Manufacturer (OEM) from configuration files populated with the required information, and the ID of the Security Appliance that is to be used for provisioning the devices. After the content of the configuration files have been validated the PPKG can be created using OrBIT. The PPKG is then transferred to a Secure Deploy provisioning system, either Secure Deploy - Prototyping or Secure Deploy - Manufacturing, and the sensitive information decrypted by the Security Appliance. The provisioning is then started and the device-specific information, for example device ID, is extracted by Secure Deploy and used in the obfuscation process to the sensitive information can only be de-obfuscated by that device.
There are three editions of eSecIP: eSecIP Professional, eSecIP Standard, and eSecIP Basic. All three editions support the fundamental features, like Secure IP Transfer and overproduction protection. They also support device identity generation and production records. The notable differences in the products are the more advanced features.
eSecIP Professional is the full-feature edition of eSecIP that supports generation and obfuscation of a variety of data types. It uses a Binary Large Object (BLOB) to store all sensitive information on the device. The BLOB minimizes the space of the provisioned data hand requires a single address to access it which simplifies the memory map for the device. Each piece of information in the BLOB is independently obfuscated and the obfuscation method is tied to unique device information. To access the obfuscated data, the product application makes function calls to a decoder library whose source code and cryptographic functions are supplied with the installation. The source code can then be optimized for the product. eSecIP Professional can also obfuscate parts of the product application data, particularly while it is at rest. During provisioning, portions of the application can be extracted, obfuscated and added to the BLOB. On power up, the application code is de-obfuscated and placed into the device’s RAM where the application can access it.
eSecIP Standard is designed for products that might not be able to support additional de-obfuscation libraries, or who might already have the necessary functions built into their product application code. It supports many of the same data types and obfuscation features found in eSecIP Professional, but it does not support the obfuscation of product application data. With eSecIP Standard you have full control over all aspects of the information secured on the device, like its memory location and whether it is obfuscated or not. This is useful if your product has strict information location requirements.
eSecIP Basic is designed for production houses and their customers. Apart from the fundamental features it provides a simple form of device identity. It does not provide any security for the information contained on the device.