Connecting Securely to the Cloud Security Primer Presented by Enrico Gregoratto Andrew Marsh
Agenda 2 Presentation Speaker Trusting The Connection Transport Layer Security Connecting to the Cloud Enrico Gregoratto IoT Integrity Building Trust Raising The Bar Use a SE Conclusion Andrew Marsh Q & A
Communications With A Cloud Service 3 IoT Overview Cloud Service Network Gateway
Identifying Threats 4 Tampering with Data Eavesdropper IoT Cloud Service Network Gateway Compromised Tampering with Data Fake Service Cloned or Counterfeit
Classes of Attacks 5 ATTACKS IoT Internet Cloud Service Software Attack Misuse of network protocols Exploit communication protocol errors Flaws in software design / implementation BOX Board Level Attack With the case opened / removed Test / debug port access Inter device bus and IO probing Reset, clock attacks Power analysis Temperature / electrical attacks (glitch, overvoltage) Silicon Level Attack de-packaged Circuit analysis and probing Fault injection Laser beam
Classes of Attacks 6 IoT BOX Internet Cloud Service Silicon Level Attack ATTACKS Board Level Attack Software Attack SOLUTION Misuse of network protocols Exploit communication protocol errors Flaws in software Confidentiality design / implementation Data / Identity Protection Secure Communications Secure Storage With the case opened Authentication / removed Test / debug port access Inter device bus and IO to probing Server Reset, clock attacks Server to Power analysis Temperature / electrical Integrity attacks and (glitch, Availability overvoltage) Secure Boot Secure Firmware Upgrade Trusted Processing de-packaged Circuit analysis and probing Fault injection Laser beam
Securing the Connection 7
Secure Communications 8 Cloud Services have selected to use a standards based secure communication protocols Cloud Services vendors use "lightweight" messaging protocols like MQTT - Message Queue Telemetry Transport (ISO / IEC PRF 20922) CoAP - Constrained Application Protocol (RFC7252) These messaging protocols were designed for connections with remote devices with limited resources (memory / CPU) or where network bandwidth is limited These messaging protocols use Transport Layer Security (TLS) to secure communications
Crypto Basics 9
Cryptography One Key or Two? 10 Sender Communications Channel Receiver Secret Key Cryptography (Symmetric) Data File Clear Text Encryption Cipher Text Data File Decryption Data File Clear Text Public Key Cryptography (Asymmetric) Data File Clear Text Public Encryption Cipher Text Data File Decryption Private Data File Clear Text
Cryptographic Hash Cryptography HASH Algorithms Easy to compute and quick A one way function, non-reversible (computationally infeasible to obtain the original message from the hash), unique (practically impossible for two different messages to generate same result) Used in many processes like authentication, secure boot, secure downloads 11 NIST (Secure Hashing Algorithm) SHA-2, SHA-3 Code File Clear Text One Way Function Data File Hash Value Hash function has no key, and the clear text can not be recovered from the hash value
Digital Signatures Cryptography Digital Signatures Used to check the authenticity of information - code, files, messages, Public Keys 12 Private Signing Code File Hash Hash Value Using RSA Sign / Encrypt Clear Text Authentication Using RSA Code File Clear Text Hash Public Calculated Hash Value Compare If the Hash values are equal the file is authentic Hash Value Verify / Decrypt
Transport Layer Security - TLS 13
Transport Layer Security 14 Transport Security Layer - TLS (RFC 5446) protocol provides - / Server Authentication (optional) making use of asymmetrical crypto like :- RSA and ECC Information Confidentiality / Data Protection key exchange crypto like:- Diffie-Hellman encryption using symmetric ciphers like :- AES, Triple DES Message Integrity Makes extensive use of X.509 certificates and a Public Key Infrastructure authentication may be carried out at the Application Layer A IoT due to its limited capabilities (memory/processing) does not need to support a full crypto suite
Hello! Server Cloud Service TLS Exchange Overview 15 IP Connection Client Hello Client IoT Digital Signature Authentication Server s Server s CA Mutual Authentication Crypto Crypto RNG Key-Pair Establish a shared key Diffie-Hellman key exchange Session key Crypto Crypto Secured Link Session Data File AES Cipher Text Data File AES Data File Clear Text Clear Text
Connecting to The Cloud 16
Example of Registering to Cloud Service 17 Cloud Service 1) Gather the End-Point Credentials and Server CA 2) Generate a Public/Private key pair Server s CA End-Point Credentials CSR Server s CA 3) Create a Signing Request (CSR) Signing Process 4) Request a 5) Register the into Your IoT Account Key-Pair 6) Program s, End-Point Credentials and keys into the IoT Now the IoT can establish a secure communications channel with the Cloud Service Server s CA End-Point Credentials Key-Pair BOX IoT TLS Your IoT Account
Registering Demo to Cloud Service 1) Gather the End-Point Credentials and Server CA from the Cloud Services Provider 2) Request a and Public/Private key pair 3) Register the into Your IoT Account with the Cloud Services Provider 4) Program s, End-Point Credentials and keys into the IoT Server s CA Server s CA End-Point Credentials Key-Pair Cloud Service Crypto Process TLS Server s CA Your IoT Account 18 Now the IoT can establish a secure communicate channel with the Cloud Service End-Point Credentials Key-Pair BOX IoT
Handling TLS Credentials 19 Protect the keys (especially the Private Key ) Store certificates and other credentials such that they cannot be easily replaced 95% attacks today are software IoT Server s CA End-Point BOX Credentials Key-Pair
IoT Integrity Building Trust 20
Classes of Attacks 21 ATTACKS IoT Internet Cloud Service Software Attack Misuse of network protocols Exploit communication protocol errors Flaws in software design / implementation BOX Board Level Attack With the case opened / removed Test / debug port access Inter device bus and IO probing Reset, clock attacks Power analysis Temperature / electrical attacks (glitch, overvoltage) Silicon Level Attack de-packaged Circuit analysis and probing Fault injection Laser beam
Security Needs for an IoT 22 Cloud Service providers wish to protect their services, their network and their brand Information/data confidentiality and integrity through the use of cryptography Trust-worthiness through cryptographic authentication between communicating devices Trust-worthiness of the platform through device integrity
Example of a Simple IoT 23 Sensor Communications MCU Sensor MCU Communication
Security Layering 24 Silicon Security Features Used to establish a robust platform on which trusted processes and associated cryptography can be performed Secure Boot-Loader (SB) Establishing a Root-of-Trust Verifying firmware image on every boot Secure Firmware Update (SFU) Building a system that can evolve to counter new threats, add new functionality, fix bugs in a controlled and secure way once device is in the field Application Access control and right management Feature and product management Secure Communications Layer TLS / DTLS Physical Layer Network physical layer security e.g. WiFi WPA2, 802.11i, Foundation of Trust Security Services Secure Boot, Secure Firmware Update Silicon Security Features Firewall PCROP RDP WRP MPU
Secure Boot 25 Secure Boot uses cryptographic functions to confirm the authenticity of firmware before allowing it to run A multi-stage boot process consists of each stage authenticating the next Reset Cert. Code First Stage Trusted Authenticates Code Second stage Loader Cert. Authenticates Code Third Stage RTOS Cert. Authenticates Application Chain of Trust
Secure Boot Process 26 Performed after a RESET, using a Public Key stored in the device It is a stateful process for predictable behavior Reset File Trusted Code Image Hash Public Compare OK Run Code State Based Process Calculated Hash Value Hash Value NOK Verify / Decrypt Code Authentication Reload
RESET Configure WRP/RDP/PCROP Disable DMAs Enable MPU Enable Firewall Zero s SRAM Disable MPU Secure Boot State Machine Secure Boot Flow 27 Enter Protected Enclave Enclave Exit Protected Enclave Disable IRQs Enter Firewall Secure Processing Exit Firewall Enable IRQs Firewall Protection Secured by the Memory Protection Unit Jump to User App
FLASH SB: SFU-En Boot SFU: SFU-En App SRAM Secure Processing 28 Secure Processing Environment Secure cryptographic functions Protected access to Shared Info. data-space Single Access Point Shared Info. Secure Processing Secure Region Keys Protected Volatile Data Enclave Firewall Protection Single access point Call Gate Code segment cannot be executed without passing through it Volatile and Non-Volatile Data cannot be accessed from outside User App #1 SRAM Non Secure Region C-STACK Environment Configured to protect - Volatile data (SRAM) User App #2 or Download Area (opt) Non Protected Data Non-volatile data (FLASH) Code - no jump calls
Secure Engine APIs 29 Enter Protected Enclave Disable IRQs Wrapper of internal protected functions secure_engine.o/.h user_file.c Secure Engine APIs Enclave Enter Firewall Secure Processing Exit Firewall Firewall Protection Encryption / Decryption Shared Info. - Read / Write User-level APIs handling Parameter parsing for the single Secure Engine Exit Protected Enclave Enable IRQs Entering and exiting of the secure environment
Handling TLS Assets 30
Handling TLS Assets 31 Communications IoT MCU End-Point Credentials Server s CA Key-Pair Sensor MCU Cloud Service IP Connection Comms Firewall Crypto Sensor Security Services Silicon Security Features Make use of the security mechanisms provided by the MCU to protect code, cryptographic functions and protect the keys (especially the Private Key ) Store certificates and credentials in such that they cannot be easily replaced
32 Enhanced Integrity by adding a Secure Element
Classes of Attacks 33 ATTACKS IoT Internet Cloud Service Remote Software Attack Misuse of network protocols Exploit communication protocol errors Flaws in software design / implementation BOX Board Level Attack With the case opened / removed Test / debug port access Inter device bus and IO probing Reset, clock attacks Power analysis Temperature / electrical attacks (glitch, overvoltage) Silicon Level Attack de-packaged Circuit analysis and probing Fault injection Laser beam
Add a Secure Element 34 To Improve Integrity Sensor Communications MCU Sensor MCU Secure Element Secure Element STM32 STSAFE Communication
Adding a Secure Element 35 Communications A Secure Element is designed to thwart silicon invasive attacks Sensor MCU Secure Element Independently assessed, achieving very high standards like EAL5+ Common Criteria Certified Protects keys and performs cryptographic functions (ECC, AES) For Secure Communications, Boot and Firmware Updates STM32 STSAFE Provides a Secure Data Store Secure keys and certificates are provisioned during the manufacturing process
Cloud Service TLS Exchange using an MCU 36 IoT Hello! Client Hello MCU Mutual Authentication Server s Digital Signature Authentication Crypto Server s CA Key-Pair RNG Establish a shared key Diffie-Hellman key exchange Crypto Session key Secured Link Session Cipher Text Data File AES Data File Clear Text STM32
Hello! TLS Exchange with Secure Element 37 Cloud Service Client Hello IoT MCU Secure Element Mutual Authentication Server s Digital Signature Authentication Crypto Server s CA Key-Pair RNG Establish a shared key Diffie-Hellman key exchange I2C Crypto Session key Secured Link Session Cipher Text Data File AES Data File Clear Text STM32 Session Key Data File Pairing key Crypto STSAFE
Production Flow with Personalization 38 Standard MCU Factory Personalization Hardware Security Module Key-Pair Put Secret Keys Store s MCU Code Diffusion and Test Package CM / OEM CUSTOMER Fabrication Products Trusted?
Production Flow with Personalization 39 Secure Element ST Secure Factory Personalization Approved by Hardware Security Module Put Secret Keys Store s Key-Pair Factory Personalization MCU Code Diffusion and Test Package Personalization CM / OEM + CUSTOMER Fabrication and Personalization Phases Products
Impact on Software Stack 40 The Secure Elements crypto functions replace software implementations in the Crypto Library Application Application MQTT MQTT TLS TLS IP Stack CryptoLib IP Stack CryptoLib Crypto Functions OS HAL OS HAL SE Driver Driver CPU, Crypto H/W, Interfaces CPU, Crypto H/W, Interfaces STSAFE I2C Secure Element
Conclusion
Conclusion 42 Internet of Things presents a wealth of opportunities, a growth for commerce but an increased of risk of theft, mischief and damage or loss of life Secure communications is essential for success Secure and trustworthy IoT devices, well fortified against threats, are essential Design products resistant against threats throughout their life-cycle Most of the software related attacks today can be thwarted by good firmware development practices Consider enhancing your IoT s integrity by using a Secure Element
Demos
ST Solution for Security in IoT 44 Service Provider Secure Boot Solution for IoT Encryption Authentication CLOUD Secure MCU With STM32 Nucleo and sensors Expansion Board
45
46
Helping to Fortify Your IoT Solutions. ST the Strong Element. STMicroelectronics 2017