Chip Lifecycle Security Managing Trust and Complexity Dr. Martin Scott July 2016
Connected Endpoints Are The New Mobile 2
50 billion connected devices by 2020
Unprecedented Data Proliferation Cloud Endpoint Hub/Edge Sensitive data in transit remains vulnerable 4
Unprecedented Security Breaches Increasing security breaches at all levels Data center Network and edge Device end points Within two years, 90% of all IT networks will have an IoT-based security breach (IDC) Latest 2015 2014 2013 Sources: DataBreaches.net, IdTheftCentre 2012
Not All Endpoints Are Created Equal Data Sensitivity and criticality 6
Attack Techniques and Goals Boot and other SW attacks > take over system Fault induction > cause unintended behavior Exploit information leakage > extract keys, other secrets HW reverse eng g. > determine structures, behavior, functions Emulation replicate device behavior in inexpensive HW Inside job divert legitimate consumable device for illegimate uses Working for the adversaries Increasing system complexity, # of lines of SW code, tools/automation, funding, Complex and distributed chip supply chain 7
Security at the Endpoint Software-based Security Firmware-based Security Silicon-based Security Highest Level of Security 8
Enabling Trust Without Being Trusted Multiple (potentially distrusting) stakeholders with rights on a device Chipmaker Device maker/oem Consumer Network operator Service Provider (e.g., bank, content provider etc) RoT operator RoT operator should not be able to compromise the security of other stakeholders, but all stakeholders need to know they are communicating with a genuine device HW RoT configured to support multiple trust roots, each with different rights on the device HW RoT allows permanent transference of rights from one root to another (not just delegation) Specific 3-party cryptographic protocols Two stakeholders, e.g., Consumer Device and Service Provider RoT operator acting as a trust broker RoT broker does not get access to those shared keys. Software 9
Silicon Root-of-Trust Secures Keys and Data 10
HW Root of Trust (RoT) Hardware IP block integrated within the SoC Securely manages keys, and device functionality during entire device lifecycle Secure personalization Secure key provisioning Flexible SoC feature management (manufacturing and in-field) Device lifecycle state management OTP management Support for Secure Test/Debug, RMA Chip Authentication Provides security services and updates security configuration based on authorized commands Protects keys and configuration against a wide spectrum of physical and logical attacks Protocol attacks: Replay, Man-in-the-middle, Eavesdropping Non invasive: Side-channel timing, power, EM Passive Invasive attacks: Glitch, Fault, Laser (Optional for Anti-counterfeiting) Active Invasive Attacks: FIB, Optical, Electron Microscope 11
Often Need Effective Anti-Cloning as well 1. Anti-Interpretation Camouflage Entropic Array Analog Functions 2. Anti-Replication Entropic Array Analog Functions PUF s Anti- Interpretation Camouflage Concealed Storage Shields PUFs Asynchronous Logic Layout-specific binding functions 3. Anti-Probing Anti- Replication Anti- Probing Concealed Storage Shield: front/back Sensors: IR laser spectrum detection Layout, fab-node specific functions Detectors 12
Anti-Cloning Highly-Qualitative Cost Scale $$$$$$ Analog/HS Anti-Replication $$$$$ Analog/HS Camouflage $$$$ Backside shielding, Tamper detection Camouflage Anti-Emulation Reverse Engineering $ Low-cost Emulator $$ New silicon clone with many R.E. vendors $$$ Clone with massextract anti-camo R.E. (e.g., lowspeed failure analysis, EBIC, SEM) Clone with massextract anti-camo R.E. after FIB cuts on rework on shield alarms Clone with manual anticamo R.E (e.g, cross-section, high-speed FA, DOCA) with FIB rework (cuts and rewire) Clone with manual anticamo R.E., FIB rework and lowlevel circuit redesign 13
Now Add a Complex Chip/Device Manufacturing Supply-Chain Many people, entities and locations involved in chip/device supply chain: Design Tape-out Fab Assembly and Test Provisioning System Assembly 14
And a Complex Device Lifecycle Distribution and Retail Back End Services Decommission/ Salvage RMA Consumer Use Reseller Device management, OTA code updates, feature unlock, cloud backup, etc. 15
Secure End-to-End Device Key and Feature Management Security Service HW Root of Trust Admin Appliance 16
Building Trust Across The Entire Value Chain Securing devices and applications across all touch points Management Trust by Design Secure Assets & Clusters Device Configurations & Customer Demands Applications & Services Customer Data & Intelligence Manufacturing In-field 17
Chip Lifecycle Security Managing Trust and Complexity THANK YOU