Delivering High-mix, High-volume Secure Manufacturing in the Distribution Channel

Size: px

Start display at page:

Download "Delivering High-mix, High-volume Secure Manufacturing in the Distribution Channel"

Kristin Welch
5 years ago
Views:

1 Delivering High-mix, High-volume Secure Manufacturing in the Distribution Channel Steve Pancoast Vice President, Engineering Secure Thingz Inc Rajeev Gulati Vice President and CTO Data IO Corporation 1

2 Vulnerable IoT Internet of Threats 2

3 and IP Theft Continues to be Pervasive Products are counterfeited on a mammoth scale 2013 $300B in economic damage 3

A Chain of Trust is Critical Silicon Vendor (SEs, MCUs) OEM RoT Programming Facility Contract Manufacturing OEM Market Deployment Customer (OEM Updates) Security starts with a Root of Trust (RoT) in

4 A Chain of Trust is Critical Silicon Vendor (SEs, MCUs) OEM RoT Programming Facility Contract Manufacturing OEM Market Deployment Customer (OEM Updates) Security starts with a Root of Trust (RoT) in the IoT product that the OEM will provision into the Silicon / Product A Chain of Trust must be established from the OEM to Manufacturing through Deployment The OEM s RoT must be protected so that it cannot be easily compromised or reproduced One of the challenges facing the industry is how to securely provision the OEM s RoT? How to set up a Chain of Trust for the product? 4 Somewhat Unimportant 10% Very Unimportant 17% Importance of Security within IOT Embedded Development Neutral 12% Somewhat Important 23% Very Important 38% Source: Embedded Revolutions survey. Embedded Design. Sept 2017(Bill Wong)

Increasing Attack Surface Layered Security Enables Defense in Depth Upper security layers rely on the lower layer security services Authentication & Authorization Attack surface increases massively

5 Increasing Attack Surface Layered Security Enables Defense in Depth Upper security layers rely on the lower layer security services Authentication & Authorization Attack surface increases massively above layer 2 Authentication services Application security Communication drivers A foundational Root of Trust is critical in defining the product identity and security. Best protected by hardware Applications Security Communications & Data Security Hypervisor & OS Hardening Hardware RoT 5

Establishing a Root of Trust Root of Trust is defined as: The minimal set of software, hardware and data that has to be implicitly trusted in the platform there is no software or hardware at a deeper

6 Establishing a Root of Trust Root of Trust is defined as: The minimal set of software, hardware and data that has to be implicitly trusted in the platform there is no software or hardware at a deeper level that can verify the RoT SE There are typically 4 requirements that must be addressed in order to establish a Root of Trust in a device / product and to securely use it: Unique Product Keys: Product key pairs and other secure data in the product must be setup / provisioned, immutable and protected/private. Unique Product Identity: Unique product identity can be verified using cryptographic means (usually a certificate that can be validated via a certificate chain back to a CA). Authentication: Cryptographic method to authenticate that the product s key store owns the private key matching the public key in the product certificate. Immutable authentication method. Platform Integrity: Immutable boot path to a verified RoT Boot Manager that will verify subsequent software against a signature before execution. MCU also needs a secure execution environment. Unique Product Keys RoT Product Certificate (Identity) Authentication and Secure Boot 6

7 Transitioning from a Device to a Product The OEM must ensure ownership of the device with its own keys, certs and code. Secure Key Storage System Flash System RAM (1) A Secure Provisioning & Programming solution is required to securely program the following: (2,3) The Device may have RoT hardware such as secure configuration (2) and Secure Keys, Certs and Loader (3) (4) The OEM s secure identity (signed certificates) and authentication keys are securely provisioned into the SE / MCU. Inhibiting key theft and overproduction. (5) The OEM s secure software (SBM, Secure OS, Crypto) functions are securely programmed into the MCU. (6) The OEM s application code is securely programmed into the MCU. Inhibiting IP theft. Secure Provisioning System 1 Application Keys & Certs OEM Keys & Certs 4 RoT Keys & Certs 3 Boot Services OEM Application Non-Secure 6 OEM Secure Code (TZM) 5 Secure Loader 3 Application Non-Secure Secure Area (TZM) Secure Device Config Regs 2 Arm v8-m (TrustZone-M) 7

8 Solutions to Secure IoT Supply Chain Silicon Vendor OEM Program House or Distributor Contract Manufacturer Consumer / Operator Develop Manufacture Manage Security Provisioning Tool Chain Secure Boot Manager Secure IDE Extensions Automated Security Provisioning System with Integrated HSM Cloud 8

Develop Deploy SBM, Application Keys, Certificates,

Provision Delivering a Trustworthy Supply Chain Si Platform

Services Secure Boot Root of Trust Device OEM Trusted Devices

9 Develop Deploy SBM, Application Keys, Certificates, Constraints Audit Information Application Deploy Update Provision Delivering a Trustworthy Supply Chain Si Platform Blank Devices Programming Centre Contract Manufacturer User Services Secure Boot Root of Trust Device OEM Trusted Devices OEM Versioning Anti-rollback Authorise SW Develop Master Update Manage Audit 9

10 Secure Manufacturing Injecting Identity Securely to Enable Security & Lifecycle Management 10

11 Security Provisioning Approaches High Volume Low - Weakest Security - Large threat surface - Unsecured keys exposed in mfg with ICT/ISP In System Programming Silicon Supplier Programming Automated Security Provisioning System + Excellent Security - High MoQ, Low Flexibility, Long Lead Time, eng g support Minimum Order Quantity + Excellent Security + Flexibility + Scalable from Low to High Volume Low Security 11 High

12 Secure Element Provisioning Using the SentriX Platform Unprogrammed (Blank device) Securely programmed device Identity, Authenticity FW Signing FW Encryption OEM Signed Certificate HSM 1 Unique OEM device keys OEM Public Key Private Key MT Public Key 12

13 Secure Provisioning System Architecture At OEM Premise At Programming Center Premise OEM Public & SentriX Security Provisioning System P1 Private Info. OEM Secret Wrapping Tool. Guardian HSM P2 PN Device Programmers 13

14 Mutual Authentication OEM A Write Protected Storage O OEM Identity Key Pair Device 1 Write Protected Storage OEM Root CA Cert. Device 2 Write Protected Storage O 1 Read Protected Storage O 2 O OEM Root CA Cert. Device Cert. Device 2 Identity Key Pair Device Cert. OEM Root CA Cert. Read Protected Storage 1 Device 1 Identity Key Pair 2 Read Protected Storage Key: Certificate Signing Key Pair N N N s Public and Private Key A certificate 14

Secure Transfer of OEM Information to Provisioning System At OEM Premise OEM Identity Key - Private O Specific Guardian HSM Cert. G At Programming Center Premise OEM Root CA Cert.

15 Secure Transfer of OEM Information to Provisioning System At OEM Premise OEM Identity Key - Private O Specific Guardian HSM Cert. G At Programming Center Premise OEM Root CA Cert. SentriX Security Provisioning System O OEM Secret Wrapping Tool. Guardian HSM P1 Device Cert. Template Secure Transfer of OEM Inputs P2 PN Production Count: N Device Programmers 15

16 Summary OEM should leverage HW-based security (Secure Elements or Secure MCU) to secure their IoT Products Solutions to provision HW-based security during device development are critical and available now Solutions to provision HW-based security during device manufacture are available now. These solutions Can scale to low/mid/high volume manufacturing Are highly secure and cost effective 16

17 Thank You 17

Provisioning secure Identity for Microcontroller based IoT Devices

Provisioning secure Identity for Microcontroller based IoT Devices Mark Schaeffer, Sr. Product Marketing Manager, Security Solutions Synergy IoT Platform Business Division, Renesas Electronics, Inc. May