Chip Lifecycle Security Managing Trust and Complexity

Similar documents
SECURITY CRYPTOGRAPHY Cryptography Overview Brochure. Cryptography Overview

Inside Secure. George Kuan Greater China Country Manager. November 8th, 2018

Provisioning secure Identity for Microcontroller based IoT Devices

Securing IoT devices with STM32 & STSAFE Products family. Fabrice Gendreau Secure MCUs Marketing & Application Managers EMEA Region

Connecting Securely to the Cloud

Delivering High-mix, High-volume Secure Manufacturing in the Distribution Channel

Research Institute in Secure Hardware & Embedded Systems (RISE) Professor Máire O Neill

How Safe is Anti-Fuse Memory? IBG Protection for Anti-Fuse OTP Memory Security Breaches

Titan silicon root of trust for Google Cloud

IBG Protection for Anti-Fuse OTP Memory Security Breaches

Trustzone Security IP for IoT

SECURITY OF CPS: SECURE EMBEDDED SYSTEMS AS A BASIS

Hardware Security Challenges and Solutions. Mike Bartley TVS, Founder and CEO

Embedded System Security. Professor Patrick McDaniel Charles Sestito Fall 2015

New Security Architecture for IoT. Suku Nair SMU HACNet Labs.

SECURITY FOR CONNECTED OBJECTS. Alain MERLE CEA-LETI

$263 WHITE PAPER. Flexible Key Provisioning with SRAM PUF. Securing Billions of IoT Devices Requires a New Key Provisioning Method that Scales

Cybersecurity Solution in Hardware

Securing IoT devices with Hardware Secure Element. Fabrice Gendreau EMEA Secure MCUs Marketing & Application Manager

The Next Steps in the Evolution of Embedded Processors

A Developer's Guide to Security on Cortex-M based MCUs

6.857 L17. Secure Processors. Srini Devadas

MICROCIRCUIT SECURITY

The CryptoManager Root of Trust

MASP Chapter on Safety and Security

18-642: Security Vulnerabilities

SSG Platform Security Division & IOTG Jan Krueger Product Manager IoT Security Solutions

From Design to Resign: Securing the Electronics Lifecycle

Market Trends and Challenges in Vehicle Security

Scott Johnson Dominic Rizzo Parthasarathy Ranganathan Jon McCune Richard Ho. Titan: enabling a transparent silicon root of trust for Cloud

Windows 10 IoT Core Azure Connectivity and Security

DICE: Foundational Trust for IoT

ENABLING HARDWARE SECURITY FOR THE INTERNET OF THINGS

Cryptography and Network Security

Trusted Execution Environments (TEE) and the Open Trust Protocol (OTrP) Hannes Tschofenig and Mingliang Pei 16 th July IETF 99 th, Prague

Digital Trust Ecosystem

How to protect Automotive systems with ARM Security Architecture

New Approaches to Connected Device Security

Fundamentals of HW-based Security

Overview of Protections against IC Counterfeiting and Hardware Trojan Horses

Secure Design Methodology and The Tree of Trust

Beyond TrustZone Security Enclaves Reed Hinkel Senior Manager Embedded Security Market Develop


Live Demo: A New Hardware- Based Approach to Secure the Internet of Things

Inside Secure accelerates strategy in Silicon IP business with SypherMedia acquisition

Building Trust in the Internet of Things

Trusted Platform Modules Automotive applications and differentiation from HSM

Atmel Trusted Platform Module June, 2014

CSPN Security Target. HP Sure Start HW Root of Trust NPCE586HA0. December 2016 Reference: HPSSHW v1.3 Version : 1.3

Securing IoT with the ARM mbed ecosystem

TRESCCA Trustworthy Embedded Systems for Secure Cloud Computing

Qualys Cloud Platform

Flash Memory Bumping Attacks

Security: The Key to Affordable Unmanned Aircraft Systems

ISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002

Spotlight on IoT Security. Choose the right security for the Internet of Things.

Strong Security Elements for IoT Manufacturing

Cryptography, Moore s Law, and Hardware Foundations for Security

Hacking challenge: steal a car!

A Novel Approach to RFID Authentication: The Vera M4H Unclonable RFID IC

Date: 13 June Location: Sophia Antipolis. Integrating the SIM. Dr. Adrian Escott. Qualcomm Technologies, Inc.

Cyber security of automated vehicles

Using Low-cost Cryptographic Hardware to Rob a Bank

Introducing Cyber Resiliency Concerns Into Engineering Education

Security in sensors, an important requirement for embedded systems

ECRYPT II Workshop on Physical Attacks November 27 th, Graz, Austria. Stefan Mangard.

SECURITY STORY WE NEVER SEE, TOUCH NOR HOLD YOUR DATA

The Future of Security is in Open Silicon Linux Security Summit 2018

Examples for the Calculation of Attack Potential for Smartcards

Lowering the cost of Bank Robbery

Designing Security & Trust into Connected Devices

Designing Security & Trust into Connected Devices

Dynamic Behavior of RS latches using FIB processing and probe connection

Intel Software Guard Extensions

DesignWare IP for IoT SoC Designs

2/13/2014. What is Tamper Resistance? IBM s Attacker Categories. Protection Levels. Classification Of Physical Attacks.

Compute solutions for mass deployment of autonomy

Designing Security & Trust into Connected Devices

ISO/IEC Common Criteria. Threat Categories

Trusted Platform for Mobile Devices: Challenges and Solutions

Considering the Security of Mobile Commerce and Banking. Professor Keith Mayes Information Security Group ACE-CSR

Trusted Computing Use Cases and the TCG Software Stack (TSS 2.0) Lee Wilson TSS WG Chairman OnBoard Security November 20, 2017

IoT Edge within the IoT Framework

DEVICE BIRTH CERTIFICATE

1-7 Attacks on Cryptosystems

Authentication Technology for a Smart eid Infrastructure.

Crises Control Cloud Security Principles. Transputec provides ICT Services and Solutions to leading organisations around the globe.

The embedded security challenge: Protecting bits at rest

A Perspective on the Role of Open-Source IP In Government Electronic Systems

UNCLASSIFIED R-1 ITEM NOMENCLATURE FY 2013 OCO

How to Create, Deploy, & Operate Secure IoT Applications

Copyright

Adversary Models. CPEN 442 Introduction to Computer Security. Konstantin Beznosov

Security of Embedded Hardware Systems Insight into Attacks and Protection of IoT Devices

SIDE CHANNEL ANALYSIS : LOW COST PLATFORM. ETSI SECURITY WEEK Driss ABOULKASSIM Jacques FOURNIERI

Optical Fault Masking Attacks. Sergei Skorobogatov

Product Overview Version 1.0. May 2018 Silent Circle Silent Circle. All Rights Reserved

Beyond TrustZone PSA. Rob Coombs Security Director. Part1 - PSA Tech Seminars Arm Limited

WHAT FUTURE FOR CONTACTLESS CARD SECURITY?

Bromium: Virtualization-Based Security

Transcription:

Chip Lifecycle Security Managing Trust and Complexity Dr. Martin Scott July 2016

Connected Endpoints Are The New Mobile 2

50 billion connected devices by 2020

Unprecedented Data Proliferation Cloud Endpoint Hub/Edge Sensitive data in transit remains vulnerable 4

Unprecedented Security Breaches Increasing security breaches at all levels Data center Network and edge Device end points Within two years, 90% of all IT networks will have an IoT-based security breach (IDC) Latest 2015 2014 2013 Sources: DataBreaches.net, IdTheftCentre 2012

Not All Endpoints Are Created Equal Data Sensitivity and criticality 6

Attack Techniques and Goals Boot and other SW attacks > take over system Fault induction > cause unintended behavior Exploit information leakage > extract keys, other secrets HW reverse eng g. > determine structures, behavior, functions Emulation replicate device behavior in inexpensive HW Inside job divert legitimate consumable device for illegimate uses Working for the adversaries Increasing system complexity, # of lines of SW code, tools/automation, funding, Complex and distributed chip supply chain 7

Security at the Endpoint Software-based Security Firmware-based Security Silicon-based Security Highest Level of Security 8

Enabling Trust Without Being Trusted Multiple (potentially distrusting) stakeholders with rights on a device Chipmaker Device maker/oem Consumer Network operator Service Provider (e.g., bank, content provider etc) RoT operator RoT operator should not be able to compromise the security of other stakeholders, but all stakeholders need to know they are communicating with a genuine device HW RoT configured to support multiple trust roots, each with different rights on the device HW RoT allows permanent transference of rights from one root to another (not just delegation) Specific 3-party cryptographic protocols Two stakeholders, e.g., Consumer Device and Service Provider RoT operator acting as a trust broker RoT broker does not get access to those shared keys. Software 9

Silicon Root-of-Trust Secures Keys and Data 10

HW Root of Trust (RoT) Hardware IP block integrated within the SoC Securely manages keys, and device functionality during entire device lifecycle Secure personalization Secure key provisioning Flexible SoC feature management (manufacturing and in-field) Device lifecycle state management OTP management Support for Secure Test/Debug, RMA Chip Authentication Provides security services and updates security configuration based on authorized commands Protects keys and configuration against a wide spectrum of physical and logical attacks Protocol attacks: Replay, Man-in-the-middle, Eavesdropping Non invasive: Side-channel timing, power, EM Passive Invasive attacks: Glitch, Fault, Laser (Optional for Anti-counterfeiting) Active Invasive Attacks: FIB, Optical, Electron Microscope 11

Often Need Effective Anti-Cloning as well 1. Anti-Interpretation Camouflage Entropic Array Analog Functions 2. Anti-Replication Entropic Array Analog Functions PUF s Anti- Interpretation Camouflage Concealed Storage Shields PUFs Asynchronous Logic Layout-specific binding functions 3. Anti-Probing Anti- Replication Anti- Probing Concealed Storage Shield: front/back Sensors: IR laser spectrum detection Layout, fab-node specific functions Detectors 12

Anti-Cloning Highly-Qualitative Cost Scale $$$$$$ Analog/HS Anti-Replication $$$$$ Analog/HS Camouflage $$$$ Backside shielding, Tamper detection Camouflage Anti-Emulation Reverse Engineering $ Low-cost Emulator $$ New silicon clone with many R.E. vendors $$$ Clone with massextract anti-camo R.E. (e.g., lowspeed failure analysis, EBIC, SEM) Clone with massextract anti-camo R.E. after FIB cuts on rework on shield alarms Clone with manual anticamo R.E (e.g, cross-section, high-speed FA, DOCA) with FIB rework (cuts and rewire) Clone with manual anticamo R.E., FIB rework and lowlevel circuit redesign 13

Now Add a Complex Chip/Device Manufacturing Supply-Chain Many people, entities and locations involved in chip/device supply chain: Design Tape-out Fab Assembly and Test Provisioning System Assembly 14

And a Complex Device Lifecycle Distribution and Retail Back End Services Decommission/ Salvage RMA Consumer Use Reseller Device management, OTA code updates, feature unlock, cloud backup, etc. 15

Secure End-to-End Device Key and Feature Management Security Service HW Root of Trust Admin Appliance 16

Building Trust Across The Entire Value Chain Securing devices and applications across all touch points Management Trust by Design Secure Assets & Clusters Device Configurations & Customer Demands Applications & Services Customer Data & Intelligence Manufacturing In-field 17

Chip Lifecycle Security Managing Trust and Complexity THANK YOU

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback