Secure RISC-V. A FIPS140-2 Compliant Trust Module for Quad 64-bit RISC-V Core Complex

Similar documents
Titan silicon root of trust for Google Cloud

Provisioning secure Identity for Microcontroller based IoT Devices

SiFive Freedom SoCs: Industry s First Open-Source RISC-V Chips

Hitachi Releases Smart Card Microcontroller AE45X series Equipped with Contact/Contactless Dual Interface in a Single Chip

Agile Hardware Design: Building Chips with Small Teams

Smart Card Operating Systems Overview and Trends

Trusted Platform Module explained

Oberon M2M IoT Platform. JAN 2016

Scott Johnson Dominic Rizzo Parthasarathy Ranganathan Jon McCune Richard Ho. Titan: enabling a transparent silicon root of trust for Cloud

Trusted Execution Environments (TEE) and the Open Trust Protocol (OTrP) Hannes Tschofenig and Mingliang Pei 16 th July IETF 99 th, Prague

Date: 13 June Location: Sophia Antipolis. Integrating the SIM. Dr. Adrian Escott. Qualcomm Technologies, Inc.

Hardened Security in the Cloud Bob Doud, Sr. Director Marketing March, 2018

ARM Security Solutions and Numonyx Authenticated Flash

Trusted Platform Modules Automotive applications and differentiation from HSM

NVIDIA'S DEEP LEARNING ACCELERATOR MEETS SIFIVE'S FREEDOM PLATFORM. Frans Sijstermans (NVIDIA) & Yunsup Lee (SiFive)

$263 WHITE PAPER. Flexible Key Provisioning with SRAM PUF. Securing Billions of IoT Devices Requires a New Key Provisioning Method that Scales

Securing IoT devices with STM32 & STSAFE Products family. Fabrice Gendreau Secure MCUs Marketing & Application Managers EMEA Region

A Developer's Guide to Security on Cortex-M based MCUs

Connecting Securely to the Cloud

econet smart grid gateways: econet SL and econet MSA FIPS Security Policy

Atmel Trusted Platform Module June, 2014

Security of Embedded Hardware Systems Insight into Attacks and Protection of IoT Devices

Cypress PSoC 6 Microcontrollers

Trojan-tolerant Hardware & Supply Chain Security in Practice

WHAT FUTURE FOR CONTACTLESS CARD SECURITY?

Beyond TrustZone Security Enclaves Reed Hinkel Senior Manager Embedded Security Market Develop

Building secure devices on the intelligent edge with Azure Sphere. Paul Foster, Microsoft Dr Hassan Harb, E.On

SMART CARDS. Miguel Monteiro FEUP / DEI

Trustzone Security IP for IoT

DesignWare IP for IoT SoC Designs

EDGE COMPUTING & IOT MAKING IT SECURE AND MANAGEABLE FRANCK ROUX MARKETING MANAGER, NXP JUNE PUBLIC

ARM TrustZone for ARMv8-M for software engineers

T he key to building a presence in a new market

Security in NFC Readers

The Future of Security is in Open Silicon Linux Security Summit 2018

The Next Steps in the Evolution of Embedded Processors

Secure Elements 101. Sree Swaminathan Director Product Development, First Data

Securing IoT with the ARM mbed ecosystem

Overview of PBI-blockchain cooperation technology

SECURITY CRYPTOGRAPHY Cryptography Overview Brochure. Cryptography Overview

HOW TO INTEGRATE NFC CONTROLLERS IN LINUX

Intelop. *As new IP blocks become available, please contact the factory for the latest updated info.

Trojan-tolerant Hardware

EVT/WOTE 09 AUGUST 10, Ersin Öksüzoğlu Dan S. Wallach

Smart Card ICs. Dr. Kaushik Saha. STMicroelectronics. CSME 2002 (Chandigarh, India) STMicroelectronics

Beyond TrustZone PSA Reed Hinkel Senior Manager Embedded Security Market Development

Azure Sphere Transformation. Patrick Ward, Principal Solutions Specialist

Custom Silicon for all

CSI: VIDEO SURVEILLANCE CONVERTING THE JUGGERNAUT

Beyond TrustZone PSA. Rob Coombs Security Director. Part1 - PSA Tech Seminars Arm Limited

RISCV with Sanctum Enclaves. Victor Costan, Ilia Lebedev, Srini Devadas

How I Learned to Stop Worrying and Love the Internet of Things

Vineet Kumar Sharma ( ) Ankit Agrawal ( )

CREDENTSYS CARD FAMILY

What s In Your e-wallet? Using ARM IP to Enable Security in Mobile Phones. Richard Phelan Media Processing Division TrustZone Security Technology

BCM58100B0 Series: BCM58101B0, BCM58102B0, BCM58103B0 Cryptographic Module VC0 Non-Proprietary Security Policy Document Version 0.

Security Policy for Schlumberger Cyberflex Access 32K Smart Card with ActivCard Applets

Microsemi Secured Connectivity FPGAs

Secure Application Trend in Smartphones. STMicroelectronics November 2017

Secure Internet of Things Project Overview. Philip Levis, Faculty Director SITP 2018 Retreat Santa Cruz, CA

SAM A5 ARM Cortex - A5 MPUs

Dolphin DCI 1.2. FIPS Level 3 Validation. Non-Proprietary Security Policy. Version 1.0. DOL.TD DRM Page 1 Version 1.0 Doremi Cinema LLC

Designing Security & Trust into Connected Devices

Kinetis + mbed = the secure connection in IOT

High-Performance, Highly Secure Networking for Industrial and IoT Applications

Open Mobile API The enabler of Mobile ID solutions. Alexander Summerer, Giesecke & Devrient 30th Oct. 2014

Securing the System with TrustZone Ready Program Securing your Digital World. Secure Services Division

AT90SDC10X Summary Datasheet

Mobile & IoT Market Trends and Memory Requirements

Security in NVMe Enterprise SSDs

Accelerating the RISC-V Revolution: Unleashing Custom Silicon with Revolutionary Design Platforms and Custom Accelerators

Mobile & IoT Market Trends and Memory Requirements

The CryptoManager Root of Trust

Innovation is Thriving in Semiconductors

Bluetooth Smart Development with Blue Gecko Modules. Mikko Savolainen October 2015

FIPS Non-Proprietary Security Policy

The Open Application Platform for Secure Elements.

FIPS Security Policy

Cyber security of automated vehicles

Implementing Secure Software Systems on ARMv8-M Microcontrollers

SSG Platform Security Division & IOTG Jan Krueger Product Manager IoT Security Solutions

A HIGH-PERFORMANCE OBLIVIOUS RAM CONTROLLER ON THE CONVEY HC-2EX HETEROGENEOUS COMPUTING PLATFORM

Dolphin Board. FIPS Level 3 Validation. Security Policy. Version a - Dolphin_SecPolicy_000193_v1_3.doc Page 1 of 19 Version 1.

CLASS AGENDA. 9:00 9:15 a.m. 9:15 10:00 a.m. 10:00 12:00 p.m. 12:00 1:00 p.m. 1:00 3:00 p.m. 3:00 5:00 p.m.

CardOS Secure Elements for Smart Home Applications

Protecting Embedded Systems from Zero-Day Attacks

Next Generation Enterprise Solutions from ARM

FeliCa Approval for Security and Trust (FAST) Overview. Copyright 2018 FeliCa Networks, Inc.

ST19WR08 Dual Contactless Smartcard MCU With RF UART, IART & 8 Kbytes EEPROM Features Contactless specific features

SGX Enclave Life Cycle Tracking TLB Flushes Security Guarantees

N V M e o v e r F a b r i c s -

Creating the Complete Trusted Computing Ecosystem:

SICS Software Week, October 2014

Designing Security & Trust into Connected Devices

IoT It s All About Security

SIDE CHANNEL ATTACKS AGAINST IOS CRYPTO LIBRARIES AND MORE DR. NAJWA AARAJ HACK IN THE BOX 13 APRIL 2017

g6 Authentication Platform

Free Chips Project: a nonprofit for hosting opensource RISC-V implementations, tools, code. Yunsup Lee SiFive

TRESCCA Trustworthy Embedded Systems for Secure Cloud Computing

New Approaches to Connected Device Security

Transcription:

Secure RISC-V A FIPS140-2 Compliant Trust Module for Quad 64-bit RISC-V Core Complex Shumpei Kawasaki, Murthy Vedula, Software Hardware Consulting Group Kesami Hagiwara, Cong-Kha Pham, University of Electro-Communications 18/12/04 1

18/12/04 2

1986 IC card 1991 GSM SIM card 30+ Years Security Hardware 1995 Modulo Exponentiation Coprocessor 1996 Java Card MULTOS 2003 C-Callable Crypto Library for Routers 2004 Contactless emoney Suica (Sony Felica). 2008 Secure OS for Smart Phone. 2018 Apple Secure Enclave. Mask ROM E2PROM RAM Montgomery Modulo Multiplier CPU 18/12/04 3

Open Sourcing Security Proprietary CPUs designs are not disclosed (e.g. meltdown / spectrum). Third-party can confirm vulnerability for white box security functions (source code release). Open source security IPs will lowers barriers to secure systems and nurture future exciting application products (e.g. AI, cyberphysical systems, and robotics). This help transition from security based on obscurity to one based on let enemy know. 18/12/04 4

cryptospec cryptospec macro cell IP protects system and user secrets from unauthorized access. cryptospec is deeply embedded in 64-bit RISC-V system to prevent the main CPUs running unauthorized software. Makes go-or-no-go decision based on trust measure of the instructions/data. Has its own TLS software to establish its own secure connection with the server. 18/12/04 5

18/12/04 6

Cryptospec Secure OS EEPROM/Flash/OTP stores long-term, permanent keys (e.g. RSA/DSA/ECDSA) and private keys (e.g. 3DES/AES/HMAC). RAM stores short-term (e.g. TLS session keys (e.g. 3DES/AES/HMAC). Privacy information is stored in on-chip Flash or external Flash encrypted. Own SSL/TLS separate from Linux SSL/TLS. Callback, Integrity check, Caller address list. Security Applets From Multiple 3 rd Parties (e.g. Anti-Cloning, Usage Control, Service Billling, etc.) 18/12/04 7 RAM OTP/ Flash/ EEPROM Mask ROM Hardware Normal Application Work Space Secure Applet Work Space, Short- Term Keys, Downloaded Applets, Long- Term Permanent /Private Keys Secure OS (Host Command APIs, Crypto Library APIs, Com APIs User Program Download, Anti-Tampering, SSL/TLS etc.) Physical Memory Protection Secure MCU (Secure OS) Normal MCU (RTOS)

System Block Diagram Realtime I/Os MODE ICE CLK KEY DRAM Linux NIC Analog FIPS140-2 Cryptographic Boundary Cryptospec Timers, UART, PWM, GPIO, TRNG, (NIC) Normal CPU Control Clock Secure CPU MMM Crypto DMAC TileLink Switch DDRC AES Encrypt Banked L2 Cache, RAM TileLink Coherence Manager TileLink Switch NIC Serial SPI I2C SD/eMMC Timers TEE RISC V Coreplex CPU, FPU, MMU, L1 Cache Accelerator 18/12/04 8

Open Secure MCU Igloo2 25K FPGA Open DevKit in Kicad Cyber-Physical System POC Open RISC-V Coreplex 180nm Open Dev Environment OP-TEE = Trusted Execution Environment KiCad Board DDR I/O Open Secure MCU in FPGA (120KG) Open RISC-V Coreplex in 40-65nm SoC (>MG) 18/12/04 9

Secure RISC-V System 18/12/04 10

FIPS140-2 Certification Tamper-evident coatings or seals. Zeroization Methodically Tested and Checked: Design Assurance. Inputs: Security Architecture, Functional Tests, Developer Tests, Configuration Test and Developer Procedures. Vulnerability Analysis and Independent Testing. Previous Experience on FIPS140-2 Level 3 Certification. 18/12/04 11

Bi-Endianness Many critical infrastructure (high-speed railroad, power plants, ) were constructed in big-endian. Despite secondary to little-endian, BIG-ENDIAN addition will be important for certain apps. We are ask OSS engineers in Japan in hope of making contribution to RISC-V. 18/12/04 12

Security Needs for Society 5.0 Cyber-Physical Systems Cloud OTA Update Remote Attestation Factory Identify Real System from Fake Reject Malicious SW Security Patches Attack Via Devkits Cyber Attack Payment Support Ofusticate Keys Scramble Leak Signals Physical Analysis Side-Channel Attack 18/12/04 13

Conclusions We are planning to develop an open security system level platform with assistance from METI and NEDO. The benefit will be a broader reach of security technologies to IoTs without fragmenting RISC-V systems. The security architecture is orthogonal to the existent and future RISC-V hardware (e.g. TEE addition) and software (OP-TEE) activities also assisted by METI. Emphasis on Japanese cabinetʼs Society 5.0 infrastructure applications led us to bi-endian architecture extensions. We are working with AIST, Hitachi, SECOM, Keio University, University of Tokyo, NEDO and METI to make this into a reality. 18/12/04 14

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback