Designing Secure IoT Applications with BG22 | Symmetry Blog
About Anuja Upale
Silicon Labs recently launched their latest BLE Series 2 SoC: EFR32BG22 (BG22). Along with Bluetooth Low Energy, it also supports Bluetooth Mesh and Direction finding with sub-meter accuracy in a compact footprint. BG22 hosts a Bluetooth 5.2 compliant stack with dynamic transmit power control. This technology was designed with energy-friendly applications in mind, offering ultra-low transmit while receiving current consumption specifications.
BG22 Key Features
- Bluetooth 5.2
- Ultra Low Power: 4.1mA TX @ 0 dBm & 3.7mA RX
- ARM Cortex- M33 with 76.8 MHz maximum operating frequency
- Peripherals: 2x USART, 2x I2C, 2x PDM and 12-bit ADC (16 channels)
- Compact Size: 5x5 QFN40, 4x4 QFN32, 4x4 TQFN32
Security Features of BG22
In today’s world, security is not just an integral part of IoT applications, it is a mission critical consideration. Developers must be cognizant of evolving threats in order to design systems that will withstand hacks. Achieving this is especially challenging when developing IoT products where resources are constrained. Understanding these challenges, Silicon Labs developed their cost-effective SoC with optimized security to support various IoT applications.
- Enhanced Cryptographic Accelerator: The BG22 cryptographic accelerator utilizes autonomous hardware to protect keys. Additional cyphers that are supported include AES (128/192/256), SHA-1, and SHA-2 (SHA-224/SHA256) ECC (256-bit). The AES & ECC encryptions perform faster with the latest Series 2 technology. Although crypto engine software requirements are constantly evolving, the BG22 hardware accelerator allows for smooth energy-efficient adaptation.
- True Random Number Generator: Random numbers are required to generate encrypted keys for security algorithms. Pseudo Random Number Generators (PRNG) with pre-defined algorithms are typically used to generate random numbers. However, this method presents an issue of vulnerability if a bias is detected during this process. To counteract this, Silicon Labs designed a True Random Number Generator (TRNG) hardware peripheral that uses entropy from a thermal energy source. TRNG is an approved pseudo random number generator that is compliant with NIST SP800-90 and AIS-31.
- Secure Boot With RTLS: Silicon Labs uses Secure Boot with Root of Trust and Secure Loader (RTSL) to ensure firmware authentication for devices and the avoidance of malware injection. Instead of using a public key with one-time programmable memory, Silicon Labs uses a full chain of trust processes that begins from ROM. Secure Boot also helps in protecting over-the-air-updates.
- Secure Debug With Lock/Unlock: It is standard practice to lock the debug port before deploying devices in the field. However, if there is an issue with a device, failure analysis cannot be performed, as debug interfaces become no longer accessible. Silicon Labs has overcome this by providing a secure debug lock/unlock feature that allows access to the debug port through unique tokens. This helps to accelerate troubleshooting and the failure analysis process.
The BG22 offers a great combination of low-energy, detailed security, wireless performance, processing power, stack and tools to support IoT products at an affordable cost. Silicon Labs’ latest BG22 product is already being used in a number of different applications across the globe. In fact, SiLab’s has partnered with OnAsset Intelligence, the leading provider of supply chain tracking and monitoring solutions, to support what has been described to be the World’s Largest Industrial Bluetooth Density Test. This test allowed OnAsset to read 12,000 Sentinel Bluetooth 5 tags in one room in under 60 seconds. The success of this experiment could unlock efficiencies and automation opportunities for the global supply chain in ways that have never been done before.