The Three-Legged Stool of Cryptography

Similar documents
APPLICATION NOTE. Generating Random Secrets. ATSHA204A, ATECC108A, and ATECC508A. Description. Topics

APPLICATION NOTE. 3-lead CONTACT Package Usage. ATSHA204A, ATECC108A, and ATECC508A. Introduction. 3-lead CONTACT Package

AVR42789: Writing to Flash on the New tinyavr Platform Using Assembly

ATECC508A Public Key Validation. Introduction. Atmel CryptoAuthentication APPLICATION NOTE

AT60142H/HT. Rad-Hard 512Kx8 Very Low Power CMOS SRAM ERRATA-SHEET. Active Errata List. Errata History. Abbreviations. 1.

APPLICATION NOTE. CryptoAuthentication Personalization Guide. ATSHA204A and ATECC508A. Introduction. Features

AT03975: Getting Started with SAM L21. Descripton. Features. SMART ARM-Based Microcontroller APPLICATION NOTE

ATECC108. Atmel CryptoAuthentication SUMMARY DATASHEET. Features. Applications NOT RECOMMENDED FOR NEW DESIGNS. Replaced by ATECC108A

APPLICATION NOTE. AT6486: Using DIVAS on SAMC Microcontroller. SMART ARM-Based Microcontroller. Introduction. Features

AT11512: SAM L Brown Out Detector (BOD) Driver. Introduction. SMART ARM-based Microcontrollers APPLICATION NOTE

Smart RF Device Family - Getting Started Guide. Features. Description. References ATAN0115 APPLICATION NOTE

AT88CK101 HARDWARE USER GUIDE. Atmel CryptoAuthentication Development Kit. Atmel CryptoAuthentication AT88CK101 Daughterboard

AT03262: SAM D/R/L/C System Pin Multiplexer (SYSTEM PINMUX) Driver. Introduction. SMART ARM-based Microcontrollers APPLICATION NOTE

AT21CS Series Reset and Discovery. Introduction. Serial EEPROM APPLICATION NOTE

AT09381: SAM D - Debugging Watchdog Timer Reset. Introduction. SMART ARM-based Microcontrollers APPLICATION NOTE

ATAES132A Firmware Development Library. Introduction. Features. Atmel CryptoAuthentication USER GUIDE

AT06467: Getting started with SAM D09/D10/D11. Features. Description. SMART ARM-based Microcontrollers APPLICATION NOTE

AT88RF04C. CryptoRF EEPROM Memory 13.56MHz, 4 Kilobits SUMMARY DATASHEET. Features

This user guide describes how to run the Atmel ATWINC3400 Bluetooth Low Energy (BLE) Provisioning demo from out-of-box conditions.

USER GUIDE. Atmel QT6 Xplained Pro. Preface

AVR134: Real Time Clock (RTC) Using the Asynchronous Timer. Features. Introduction. AVR 8-bit Microcontrollers APPLICATION NOTE

APPLICATION NOTE. AT11008: Migration from ATxmega16D4/32D4 Revision E to Revision I. Atmel AVR XMEGA. Introduction. Features

EDBG. Description. Programmers and Debuggers USER GUIDE

AT88SC3216CRF. CryptoRF EEPROM Memory 13.56MHz, 32 Kilobits SUMMARY DATASHEET. Features

QT3 Xplained Pro. Preface. Atmel QTouch USER GUIDE

QT2 Xplained Pro. Preface. Atmel QTouch USER GUIDE

Ethernet1 Xplained Pro

ATECC108/ATSHA204 USER GUIDE. Atmel Firmware Library. Features. Introduction

AT10942: SAM Configurable Custom Logic (CCL) Driver. Introduction. SMART ARM-based Microcontrollers APPLICATION NOTE

Native route discovery algorithm

APPLICATION NOTE. Atmel QT4 Xplained Pro User Guide ATAN0114. Preface

Atmel System Peripheral and Memory Products. Temperature Sensor, Crypto and Serial Memory Solutions

AVR42772: Data Logger Demo Application on XMEGA A1U Xplained Pro. Introduction. Features. AVR XMEGA Microcontrollers APPLICATION NOTE

APPLICATION NOTE. How to Securely Switch Atmel s LIN Transceiver ATA6662/ATA6662C to Sleep Mode ATA6662/ATA6662C. Concerning Atmel ATA6662

ATtiny817 QTouch Moisture Demo User Guide. Description. Features. AVR 8-bit Microcontrollers USER GUIDE

Atmel and the use of Verilator to create uc Device Models

APPLICATION NOTE. AT05567: TC Capture on External Interrupt with the Event System on SAM D20. Preface ASF PROJECT DOCUMENTATION

SAMA5D2 Quad SPI (QSPI) Performance. Introduction. SMART ARM-based Microprocessor APPLICATION NOTE

DGILib USER GUIDE Atmel-42771A-DGILib_User Guide-09/2016

APPLICATION NOTE. AT04470: Differences between SAM D21 Variants A, B, and L. 32-bit Microcontroller. Introduction

USER GUIDE. ATWINC1500 Xplained Pro. Preface

SonicWall Mobile Connect for Chrome OS

APPLICATION NOTE. AT03324: Atmel REB212BSMA-EK Quick Start Guide. Atmel MCU Wireless. Introduction

APPLICATION NOTE. Atmel AT03261: SAM D20 System Interrupt Driver (SYSTEM INTERRUPT) SAM D20 System Interrupt Driver (SYSTEM INTERRUPT)

ATtiny104 Xplained Nano. Preface. AVR 8-bit Microcontrollers USER GUIDE

USER GUIDE. Atmel Segment LCD1 Xplained Pro. Preface

Cloud Access Manager How to Deploy Cloud Access Manager in a Virtual Private Cloud

Atmel AVR1619: XMEGA-B1 Xplained Demonstration. 8-bit Atmel Microcontrollers. Application Note. Features. 1 Introduction

APPLICATION NOTE. Atmel AT03160: Migrating Bootloader from ATxmega128A1 to other Atmel XMEGA Devices. Atmel AVR XMEGA. Features.

MySonicWall Secure Upgrade Plus

Atmel QT600 Quick Start Guide Touch Solutions

USER GUIDE. ZigBit USB Stick User Guide. Introduction

I/O1 Xplained Pro. Preface. Atmel MCUs USER GUIDE

SAM4 Reset Controller (RSTC)

USER GUIDE. Atmel OLED1 Xplained Pro. Preface

SonicWall Mobile Connect ios 5.0.0

USER GUIDE EDBG. Description

USER GUIDE. Atmel QT1 Xplained Pro. Preface

APPLICATION NOTE. Atmel AVR1638: XMEGA RTC Calibration. 8-bit Atmel Microcontrollers. Features. Introduction

One Identity Starling Two-Factor Desktop Login 1.0. Administration Guide

64K (8K x 8) Battery-Voltage Parallel EEPROM with Page Write and Software Data Protection AT28BV64B

One Identity Starling Two-Factor Authentication. Administrator Guide

One Identity Password Manager User Guide

AN12120 A71CH for electronic anticounterfeit protection

How to Show Grouping in Scatterplots using Statistica

SonicWall Content Filtering Client for Windows and Mac OS

APPLICATION NOTE. Atmel AVR536: Migration from ATmega644 to ATmega644A. 8-bit Atmel Microcontrollers. Introduction

HYCU SCOM Management Pack for F5 BIG-IP

Atmel AVR32847: Migration from/to the UC3L0 64/32/16 from/to the UC3L0 256/ bit Atmel Microcontrollers. Application Note.

Hardware Prerequisites Atmel Xplained Pro Evaluation Kit Atmel WINC1500 extension USB Micro Cable (TypeA / MicroB)

Dell SonicWALL SonicOS 5.9 Upgrade Guide

APPLICATION NOTE. Scope. Reference Documents. Software Ethernet Bridge on SAMA5D3/D4. Atmel SMART SAMA5D3/D4 Series

APPLICATION NOTE. Atmel AT01080: XMEGA E Schematic Checklist. Atmel AVR XMEGA E. Features. Introduction

SonicWall Mobile Connect for Android

APPLICATION NOTE. Atmel AT03304: SAM D20 I 2 C Slave Bootloader SAM D20. Description. Features

One Identity Starling Two-Factor AD FS Adapter 6.0. Administrator Guide

USER GUIDE. Atmel maxtouch Xplained Pro. Preface

STEVAL-SPBT4ATV3. USB dongle for the Bluetooth class 1 SPBT2632C1A.AT2 module. Features. Description

Secure . SOFTWAR INC. PO Box 325 Manquin, VA Information Security

USER GUIDE. Atmel PROTO1 Xplained Pro. Preface

One Identity Starling Two-Factor Authentication. Administration Guide

AVR1303: Use and configuration of IR communication module. 8-bit Microcontrollers. Application Note. Features. 1 Introduction

SonicWall Global VPN Client Getting Started Guide

SonicWall Secure Mobile Access

SMART ARM-based Microcontrollers ATSAMD21E16LMOTOR USER GUIDE

AVR1922: Xplain Board Controller Firmware 8-bit Microcontrollers Application Note Features 1 Introduction

AVR1315: Accessing the XMEGA EEPROM. 8-bit Microcontrollers. Application Note. Features. 1 Introduction

CEC1702 clicker. a great idea is just a click away

STK521. User Guide B AVR 01/12

RELEASE NOTES. GNU Toolchain for Atmel ARM Embedded Processors. Introduction

July SonicWall SonicOS 6.2 Upgrade Guide

AVR1518: XMEGA-A1 Xplained Training - XMEGA Clock System. 8-bit Atmel Microcontrollers. Application Note. Prerequisites.

One Identity Defender 5.9. Product Overview

SafeNet Authentication Client

DataTraveler 5000 (DT5000) and DataTraveler 6000 (DT6000) Ultimate Security in a USB Flash Drive. Submitted by SPYRUS, Inc.

One Identity Manager Administration Guide for Connecting to SharePoint

Cloud Access Manager How to Configure for SSO to SAP NetWeaver using SAML 2.0

AVR1503: Xplain training - XMEGA Programmable Multi Interrupt Controller 8-bit Microcontrollers Application Note Prerequisites

Dell One Identity Cloud Access Manager 8.0. Overview

AVR4018: Inertial Two (ATAVRSBIN2) Hardware User's Guide. 8-bit Microcontrollers. Application Note. Features. 1 Introduction

Transcription:

High Entropy Random Number A R T I C L E The Three-Legged Stool of Cryptography February 15, 2016 By Dan Ujvari, Senior Field Applications Engineer A Cryptographic Trilogy a Three-Legged Stool Analogy Implementing true security in IoT devices requires a three pronged approach. Like a three-legged stool, all three legs are needed to achieve security. At least two of these legs demand a hardware security approach. The three legs are comprised of: A Strong Cryptographic Cipher for the Job High Entropy, Cryptographically Secure, Random Number Generator (Crypto RNG) Persistent Secure Key Storage with Active Tamper Detection A Strong Cryptographic Cipher for the Job A cipher is a cryptographic algorithm for performing encryption/decryption, authentication, key management, or other security purposes. It needs to be strong enough for the application. A one-time pad is considered the only unbreakable cipher, so theoretically, all other ciphers can eventually be broken. Time and cost are the two usual measures of breaking any cipher. Time The cover time of a secret is the amount of time the message needs to be kept secret. A tactical secret, such as a command to fire a particular missile at a particular target has a cover time from the moment the commander sends the message to the moment the missile strikes the target. There isn t much value in the secret after that. If an algorithm is known to be breakable within a few hours, even that algorithm provides enough cover time for the missile firing Security scenario. On the other hand, if the communication is the long term strategy of the entire war, this has a cover time significantly longer and a much stronger cipher would be required. Cost Generally, the time it takes to break any cipher is directly related to the computation power of the attackers system and the mathematical skills of your adversary. This usually relates directly to cost, so the value of your secret will in a large part determine how much effort is put into breaking your cryptography. Therefore, you want to select a cipher Strong Cryptographic Cipher Persistent Secure Key Storage

which is well known to be strong, has been open to both academia and the public, and survived their scrutiny. Vigorously avoid proprietary algorithms claiming to be strong. The only thing which can speak to a cipher s strength is for it to be fully open to scrutiny. These types of proven ciphers are available within the Atmel line of microcontrollers and microprocessors and the Atmel CryptoAuthentication devices. Importance of a High Entropy, Crypto RNG The importance of a high quality RNG cannot be overstated. Some examples which rely on the randomness of the random number are: Key stream in one-time pads Private keys in asymmetric algorithms like RSA and ECC Initialization vectors for cipher modes Anti-replay nonces in virtually all secure network protocols Any modern cipher regardless of intrinsic strength is only as strong as the random number generator used. Lack of adequate entropy in the random number significantly reduces the computational energy needed for attacks. Cryptographically secure random number generators are important in every phase of public key cryptography. To realize a cryptographically secure random number generator, a high quality deterministic random number generator and a high entropy source(s) are employed. The resulting generator needs to produce numbers statistically independent of each other. The output needs to survive the next bit test, which tests the possibility to predict the next bit of any sequence generated, while knowing all prior numbers generated, with a probability of success not significantly greater than 0.5. This is no trivial task for randomly generated numbers as large as 2 256. It is incredibly hard to create a Crypto RNG. Even if you had the processing firmware right, there is typically not enough entropy sources in an embedded system to create a cryptographically secure random number generator. Most embedded systems, especially IoT nodes are, well boring. At least when considered in the context of entropy. 2 256 is a larger number than the number of all the stars in the entire universe. How much entropy do you really think exists in your battery powered sensor? Companies serious about security put a lot of effort into their Crypto RNGs and have their generators validated by the National Institute of Standards and Technology (NIST), the government body overseeing cryptographic standards in the US and Canada. Any assurance or statements that a RNG is compliant or meets standards and is not validated by NIST is unacceptable within the cryptographic community. A Random Number Generator is either on NIST s RNG Validation List or it isn t. Atmel is just such a serious company. The Crypto RNG Atmel used in its Atmel CryptoAuthentication devices is validated by NIST and is listed on their publically available listing: http://csrc.nist.gov/groups/stm/cavp/documents/rng/rngval.html Persistent Secure Key Storage with Active Tamper Detection Strong ciphers supported with high entropy random keys and nonces are used to keep adversaries away from our secrets, but their value is zero if an adversary can easily obtain the keys used to authenticate and encrypt. System security is heavily dependent on the confidentiality of the keys. Protection and safeguarding of these keys is critically important to any cryptographic system. Your secret/private keys are, by far, the most rewarding prize to any adversary. 2

If your keys are compromised, an adversary will have access to every secret message you send, like a flower offering its nectar to a honeybee. To add insult to injury, nobody will inform you the keys have been compromised. You will go on sending secret messages, blissfully unaware your adversaries can read them at their leisure; completely unhindered. A very well respected manager in our crypto business unit puts it this way; Keys need to be protected behind guns, guards, and dogs. Holding cryptographic keys in software or firmware is akin to placing your house key under the front mat, or above the door, or in that one flowerpot nobody will ever think of looking in. Adversaries will unleash a myriad of attacks on your system in an effort to obtain your keys. If they can get their hands on your equipment, as is often the case with IoT devices, they will rip them apart. They will employ environmental attacks such as extreme temperature, voltage or clock rates, or power consumption analysis. They will decapsulate and probe the die of your microcontrollers to disable JTAG locks or other protections. There is no limit to what they can and will do. The Atmel line of CryptoAuthentication devices offers a long list of active defenses to these attacks, as well as providing an external tamper detect capability you can use to secure your devices from physical intrusion and warranty violation. Summary As stated in this brief of the three elements which enable truly secure systems, poor protection of the keys and low entropy random numbers will compromise any security system, no matter the algorithm or protocol used. Inadequate entropy in a random number generator compromises every aspect of cryptography because it is relied upon from the generation of keys to supplying initialization vectors for cipher modes to generating anti-replay nonces in the messaging protocol. The Atmel hardware CryptoAuthentication devices ensure you have a NIST validated cryptographically secure random number generator. Keys, signatures, and certificates require a persistent secure vault to protect them. The very elements which ensure the authority, security and integrity of your system cannot be left in the attackable open. Keys held in software or firmware are easily recovered. Typical microcontrollers and microprocessors do not contain the protections needed to keep out adversaries. Even newer processors with secure zones have very limited key storage and are not designed to prevent aggressive attacks on the keys stored in the devices. From software protocol attacks to environmental and hardware probing, the ways and means of an adversary to recover keys from your software/firmware are nearly unlimited. This is akin to hanging your house key in a flimsy silk pouch on your front door knob. Hardware security devices offer a number of benefits which include: Secure storage of private keys in the key hierarchy. Stop adversaries from hacking your code. Secure boot and program image checking to prevent execution of unauthorized code Read-only storage of digital signatures and certificates to prevent root store attacks Stop unscrupulous contract manufacturers from over building your product. Create new revenue streams by allowing premium services to be purchased post deployment Limit the life of products, such as the number of squirts an ink cartridge has, thereby thwarting refill/reuse. Streamline deployed product tracking and warranty services. 3

With regards to creating a truly secure system, active hardware protection for keys and cryptographically secure random numbers are not an option. They are a necessity. The Atmel CryptoAuthentication devices offer a high security, tamper resistant, physical environment within which to store and use keys for digital signatures, key generation/exchange/management, and perform authentication. Atmel is very serious about security. In addition to testing, validations, and approvals by certifying entities, Atmel employs third party labs to apply the very latest attacks and intrusion methodologies to the devices. Atmel devices are extremely resilient. The methodologies and results of these tests are available to customers under non-disclosure agreement. Please visit the Atmel Security ICs webpages for more information, www.atmel.com/products/security-ics/default.aspx. 4

Atmel Corporation 1600 Technology Drive, San Jose, CA 95110 USA T: (+1)(408) 441.0311 F: (+1)(408) 436.4200 www.atmel.com 2016 Atmel Corporation. / Rev.:. Atmel, Atmel logo and combinations thereof, Enabling Unlimited Possibilities, CryptoAuthentication, and others are registered trademarks or trademarks of Atmel Corporation in U.S. and other countries. Other terms and product names may be trademarks of others. DISCLAIMER: The information in this document is provided in connection with Atmel products. No license, express or implied, by estoppel or otherwise, to any intellectual property right is granted by this document or in connection with the sale of Atmel products. EXCEPT AS SET FORTH IN T HE ATMEL TERMS AND CONDITIONS OF SALES LOCATED ON THE ATMEL WEBSITE, ATMEL ASSUMES NO LIABILITY WHATSOEVER AND DISCLAIMS ANY EXPRESS, IMPLIED OR STATUTORY WARRANTY RELATING TO ITS PRODU CTS INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT. IN NO EVENT SHALL ATMEL BE LIABLE FOR ANY DIRECT, INDIRECT, CONSEQUENTIAL, PUNITIVE, SPECIAL OR INCIDENTAL DAMAGES (INCLUDING, WITHOUT LIMITATION, DAMAG ES FOR LOSS AND PROFITS, BUSINESS INTERRUPTION, OR LOSS OF INFORMATION) ARISING OUT OF THE USE OR INABILITY TO USE THIS DOCUMENT, EVEN IF ATMEL HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. Atmel makes no representations or warranties with respect to the accuracy or completeness of the contents of this document and reserves the right to make changes to specifications and products descriptions at any time without notice. Atmel does not make any com mitment to update the information contained herein. Unless specifically provided otherwise, Atmel products are not suitable for, and shall not be used in, automotive applications. Atmel products are not intended, authorized, or warranted for use as components in applications intended to support or sustain life. SAFETY-CRITICAL, MILITARY, AND AUTOMOTIVE APPLICATIONS DISCLAIMER: Atmel products are not designed for and will not be used in connection with any applications where the failure of such products would reasonably be expected to result in significant personal injury or death ( Safety -Critical Applications ) without an Atmel officer's specific written consent. Safety-Critical Applications include, without limitation, life support devices and systems, equipment or systems for the operation o f nuclear facilities and weapons systems. Atmel products are not designed nor intended for use in military or aerospace applications or environments The Three-Legged unless specifically designated Stool by of AtmCryptography el as military-grade. Atmel [ARTICLE] products are not designed nor intended for use in automotive applications unless specifically designated by Atmel as automotive-grade. 5

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback