The information contained herein is proprietary to Intrinsic-ID B.V. Receipt of this document does not imply any license under any intellectual property rights of Intrinsic-ID. Demonstrator Application Usage Guide Version 1.0 Date August 10, 2017 Status Approved Reference www.intrinsic-id.com
Copyright in this document rests with Intrinsic ID B.V. Reproduction or publication in any medium of this document, in whole or in part, is expressly prohibited without the prior written permission of Intrinsic ID. Intrinsic ID reserves the right to make any changes to this document without prior notice. The contents of this document is provided AS-IS and without any warranties or guarantees as to accuracy or completeness. Receipt or possession of this document conveys no license under any patent or other intellectual property right of Intrinsic ID. Intrinsic ID, QUIDDIKEY, QUIDDICARD, BROADKEY, CITADEL, CONFIDENTIO, FUZZY ID and other designated brands included herein are trademarks of Intrinsic ID B.V. All other trademarks are the property of their respective owners. 2 / 12
History Information Version Date Change Description Modified by: Reviewed by: 1.0 2017-08-10 First release. PB OH, SG, TA 3 / 12
Table of Contents History Information 3 Table of Contents 4 1. Introduction 5 1.1. Purpose 5 1.2. Scope 5 1.3. Definitions, Acronyms and Abbreviations 5 1.4. References 6 1.5. Overview 6 2. Functional Overview 7 2.1. Demonstrator flow 7 3. Prerequisites 11 3.1. Required software and tools 11 3.2. Connecting the board components 11 4. Running the Demonstrator 12 4.1. Building the Demonstrator image 12 4.2. Running and Debugging the Demonstrator 12 4 / 12
1. Introduction 1.1. Purpose This Usage Guide will walk the user through Intrinsic ID s out-ofbox demonstrator application, delivered as e² studio project for the Renesas Synergy DK- S7G2 platform. The software demonstrator uses the library to showcase a subset of the functionality of Intrinsic ID s BROADKEY product family. The BROADKEY product family is software security IP providing functionality for SRAM PUF-based secure key generation, storage and management., also referred to as DEMOKEY, is specifically intended for demonstrating and testing the way-of-working of BROADKEY, mimicking most of its behavior (functionality, API, state diagram, etc.). In order to allow developers to effortlessly migrate from DEMOKEY to BROADKEY, the full naming convention of the API (including the bk_ prefix) is kept identical. It is highly recommended to read Product Specification [1] and Integration Manual [2] before adding DEMOKEY library in a project. Disclaimer: DEMOKEY is explicitly intended for demonstration purposes only, and does not provide any security guarantees. Though the functional behavior is the same as BROADKEY s, its security level is not; e.g. DEMOKEY s device key can be guessed by a skilled attacker, whereas BROADKEY s functionality has full cryptographic strength. For this reason, it is strongly discouraged to use DEMOKEY in in-the-field applications. 1.2. Scope The scope of this document is confined to the DEMOKEY software demonstrator application. This demonstration variant of the BROADKEY product family provides key (re)generation and protection. Since it is intended as a demo, this functionality does not offer any security strength. 1.3. Definitions, Acronyms and Abbreviations AC API bk_ IP KC NVM PUF SD SRAM Activation Code Application Programming Interface BROADKEY (as prefix in function/variable names) Intellectual Property Key Code Non-Volatile Memory Physical Unclonable Function Start-up Data (of uninitialized SRAM) Static Random Access Memory 5 / 12
1.4. References [1] Intrinsic ID, Product Specification, 2017. [2] Intrinsic ID, Integration Manual, 2017. 1.5. Overview This document is organized as follows: Section 2 presents a functional overview of DEMOKEY and of the software demonstrator s flow. Section 3 presents a description of the prerequisites needed to run DEMOKEY software demonstrator. Section 4 provides all practical details for running and debugging the DEMOKEY software demonstrator. 6 / 12
2. Functional Overview DEMOKEY allows for key extraction from unique physical properties of the underlying hardware, instead of storing keys in Non-Volatile Memory (NVM) or even hard-wiring it into the encryption core. This approach is based on the concept of Physical Unclonable Functions (PUFs). Instead of storing a key in NVM, DEMOKEY generates an Activation Code (AC) which, in combination with SRAM startup behavior, is used to reconstruct a device dependent key for use by the system, without that key ever having to leave the device. In order to enable DEMOKEY functionality, a device must be first enrolled. Enrollment instantiates a cryptographic context from the secret SRAM SD, and produces an AC which can be used later on in time to reconstruct the same cryptographic context. It is important to note that the combination of SRAM SD and AC defines the cryptographic context. If, at a later point, the same context is required in order to perform compatible operations, the same AC needs to be provided to the DEMOKEY module on the same physical device. For this reason, the AC needs to be stored in between usage of DEMOKEY, and can be stored in a non-volatile memory, on- or off-chip, without further protection. Once a device has been enrolled, DEMOKEY can be started at any time with the stored AC in order to reconstruct the same cryptographic context instantiated during enrollment. After a successful enrollment or start, DEMOKEY enables device key (re)generation and protection functionality. A device key is unique per device, and it can always be reconstructed by DEMOKEY provided that the same AC and SRAM region are used. Protection of user keys is performed by wrapping a user-provided key value into a key code (KC). The key code protects the secret key value, and can hence be treated without any further protection, e.g. one can store it publicly in a non-volatile memory, on- or off-chip, without additional protection. The key code can always be unwrapped, i.e. the originally user-provided key value is reconstructed, provided that the same AC and SRAM region are used. Note: re-enrollment of a device will generate a new activation code and instantiate a new cryptographic context which is incompatible with earlier contexts instantiated on the same device. As a result, device keys will be different from those generated in earlier contexts, and key codes generated in earlier contexts cannot be unwrapped. Further details about the functionality of software IP can be found in Product Specification [1]. 2.1. Demonstrator flow The software demonstrator includes both enrollment and reconstruction procedures. Steps of both procedures are shown on the display included in the Renesas Synergy DK-S7G2 kit. 7 / 12
Enrollment procedure To start the enrollment procedure, i.e. to enroll a Synergy DK-S7G2 board using DEMOKEY, power on or reset the board and hold the S1 button until the enrollment is completed as shown in Figure 1. In the enrollment phase, the software demonstrator: 1. Creates the cryptographic context and generate an AC. 2. Outputs a new 256-bits symmetric device key. 3. Wraps (protects) the above symmetric device key into a key code, and outputs its value 1. 4. Stores the AC, device key and key code into the device s flash memory, which will be used to test the reconstruction procedure. Above steps are shown on the display of the board, as depicted in Figure 1. 1 Wrapping the device-key is not strictly required as it can always be reconstructed by DEMOKEY without further protection or any key code. Instead, the wrap/unwrap functionality is typically used to protect/store user-provided keys. In this demo, wrapping of the device key is performed only to showcase the functionality. 8 / 12
Figure 1: Display s output after the enrollment procedure has been performed Reconstruction procedure After the board has been enrolled, the reconstruction procedure can be started at any time. To this aim, power-off or reset the board, and don t press any button. After few seconds, the reconstruction procedure will start. In this phase, the software demonstrator: 1. Internally reconstructs the cryptographic context using the AC stored in flash during enrollment. 2. Reconstructs and outputs the 256-bits symmetric device key. 3. Unwraps the key code (which has been stored in flash during enrollment), and outputs the unwrapped key. 4. Displays the 256-bits symmetric device key which has been stored in flash during enrollment. Above steps are shown on the display of the board, as depicted in Figure 2. 9 / 12
Figure 2: Display s output after the reconstruction procedure has been performed The user can verify that the reconstructed key displayed in step 2 is the same as the key of step 4. This demonstrates that DEMOKEY is capable of reliably reconstructing the same key at any time. The user can also verify that DEMOKEY is capable of correctly unwrapping the key code, as the unwrapped key displayed in step 3 is the same as the key of step 4. This demonstrates that DEMOKEY worked as intended, as it is capable of reliably reconstructing and unwrapping keys. 10 / 12
3. Prerequisites 3.1. Required software and tools e² studio Integrated Solution Development Environment (ISDE) Synergy Software Package (SSP), Release 1.2.1 The reader is expected to be familiar with the e² studio environment, e.g. license configuration, and generic techniques of compiling and building software. 3.2. Connecting the board components In order to be able to run the demonstrator, S5 DIP switches on the main board must be configured as following: DIP switch name BOOT EXP JTAG PBs PMOD ENET1 QSPI DRAM Setting Off Off On On Off Off On On The USB cable must be connected to the DK-S7G2 J-Link OB (J17) on the main board. The other end of the USB cable must be connected to a USB port of the PC. Furthermore, the display included in the kit must be connected through the LCD EXPANSION interface. 11 / 12
4. Running the Demonstrator 4.1. Building the Demonstrator image The first step is building the software demonstrator project into an executable image that can be flashed and run on the board. The software demonstrator project, IID_DEMOKEY_DKS7G2, must first be imported in an e² studio workspace. To this aim, click on File > Import and select Existing Projects into Workspace from the General category. Press Next. Browse to the directory containing the IID_DEMOKEY_DKS7G2 project and make sure that Copy projects into workspace option is enabled. Select the project and press Finish. The next step is to double click on the configuration.xml file located in the project s root directory, and then click on Generate Project Content. In order to build the imported project, right click on the project name and press Build Project. The IID_DEMOKEY_DKS7G2.elf file will be created under the Debug directory. 4.2. Running and Debugging the Demonstrator It is possible to use the integrated debugger to flash and run the software demonstrator on the board. To this aim, click on Run > Debug Configurations Double click on Renesas GDB Hardware Debugging, and a new IID_DEMOKEY_DKS7G2 Debug configuration will appear. Click on the newly generated configuration, then on the Debugger tab. Select J-Link ARM from the Debug hardware menu, and R7FS7G27H from the Target Device menu. In order to flash and debug the demonstrator application, press the Debug button. To run the demonstrator, click on Resume under the Run menu (this operation has to be performed twice). Since at this point the board is already flashed with the application, the user can also run the demonstrator without e² studio or the debugger. 12 / 12