Atmel Trusted Platform Module June, 2014

Similar documents
Connecting Securely to the Cloud

Lecture Secure, Trusted and Trustworthy Computing Trusted Platform Module

Lecture Secure, Trusted and Trustworthy Computing Trusted Platform Module

Securing IoT devices with STM32 & STSAFE Products family. Fabrice Gendreau Secure MCUs Marketing & Application Managers EMEA Region

Lecture Embedded System Security Trusted Platform Module

Authenticated Booting, Remote Attestation, Sealed Memory aka Trusted Computing. Hermann Härtig Technische Universität Dresden Summer Semester 2009

Security Requirements for Crypto Devices

Distributed OS Hermann Härtig Authenticated Booting, Remote Attestation, Sealed Memory aka Trusted Computing

Authenticated Booting, Remote Attestation, Sealed Memory aka Trusted Computing. Hermann Härtig Technische Universität Dresden Summer Semester 2007

IOS Common Cryptographic Module (IC2M)

Securing IoT devices with Hardware Secure Element. Fabrice Gendreau EMEA Secure MCUs Marketing & Application Manager

Smart Grid Embedded Cyber Security: Ensuring Security While Promoting Interoperability

PROTECTING CONVERSATIONS

PKI Credentialing Handbook

Security Policy: Astro Subscriber Motorola Advanced Crypto Engine (MACE)

BCM58100B0 Series: BCM58101B0, BCM58102B0, BCM58103B0 Cryptographic Module VC0 Non-Proprietary Security Policy Document Version 0.

BlackVault Hardware Security Platform SECURE TRUSTED INTUITIVE. Cryptographic Appliances with Integrated Level 3+ Hardware Security Module

Trusted Platform Module explained

Terra: A Virtual Machine-Based Platform for Trusted Computing by Garfinkel et al. (Some slides taken from Jason Franklin s 712 lecture, Fall 2006)

This Security Policy describes how this module complies with the eleven sections of the Standard:

Provisioning secure Identity for Microcontroller based IoT Devices

Introducing Hardware Security Modules to Embedded Systems

Security in NVMe Enterprise SSDs

Market Trends and Challenges in Vehicle Security

FIPS Security Policy. for Marvell Semiconductor, Inc. Solaris 2 Cryptographic Module

Industrial IoT Security Attacks & Countermeasures

TPM Entities. Permanent Entities. Chapter 8. Persistent Hierarchies

Lecture Secure, Trusted and Trustworthy Computing Trusted Platform Module

UNIT - IV Cryptographic Hash Function 31.1

FIPS Non-Proprietary Security Policy

Seagate Secure TCG Enterprise SSC Pulsar.2 Self-Encrypting Drive FIPS 140 Module Security Policy

Security Policy for FIPS KVL 3000 Plus

CryptoAuthentication Firmware Protection

Titan silicon root of trust for Google Cloud

Seagate Momentus Thin Self-Encrypting Drives TCG Opal FIPS 140 Module Security Policy

Trusted Computing Group

9/30/2016. Cryptography Basics. Outline. Encryption/Decryption. Cryptanalysis. Caesar Cipher. Mono-Alphabetic Ciphers

Trusted Platform Modules Automotive applications and differentiation from HSM

TPM v.s. Embedded Board. James Y

OVAL + The Trusted Platform Module

Distributed OS Hermann Härtig Authenticated Booting, Remote Attestation, Sealed Memory aka Trusted Computing

Demonstration Lecture: Cyber Security (MIT Department) Trusted cloud hardware and advanced cryptographic solutions. Andrei Costin

An Introduction to Trusted Platform Technology

Hypervisor Security First Published On: Last Updated On:

WHAT FUTURE FOR CONTACTLESS CARD SECURITY?

Security Policy: Astro Subscriber Encryption Module Astro Spectra, Astro Saber, Astro Consolette, and Astro XTS3000. Version

Prepared by the Fortress Technologies, Inc., Government Technology Group 4023 Tampa Rd. Suite Oldsmar, FL 34677

Seagate Secure TCG Enterprise SSC Self-Encrypting Drives FIPS 140 Module Security Policy

6.857 L17. Secure Processors. Srini Devadas

Authentication and Key Distribution

Security Enhanced IEEE 802.1x Authentication Method for WLAN Mobile Router

Ezetap V3 Security policy

TERRA. Boneh. A virtual machine-based platform for trusted computing. Presented by: David Rager November 10, 2004

Atmel System Peripheral and Memory Products. Temperature Sensor, Crypto and Serial Memory Solutions

Cryptography Basics. IT443 Network Security Administration Slides courtesy of Bo Sheng

FIPS Non-Proprietary Security Policy. Level 1 Validation Version 1.2

Encryption. INST 346, Section 0201 April 3, 2018

FireEye CM Series: CM-4400, CM-7400, CM-9400

CSE 127: Computer Security Cryptography. Kirill Levchenko

Juniper Network Connect Cryptographic Module Version 2.0 Security Policy Document Version 1.0. Juniper Networks, Inc.

ABRIDGED DATA SHEET. DeepCover Secure Authenticator. Benefits and Features. General Description. Applications

Automotive Security An Overview of Standardization in AUTOSAR

SGX Security Background. Masab Ahmad Department of Electrical and Computer Engineering University of Connecticut

Security in NFC Readers

Seagate Secure TCG Enterprise SSC Self-Encrypting Drives FIPS 140 Module. Security Policy. Security Level 2. Rev. 0.

Clover Flex Security Policy

Design and Analysis of Fair-Exchange Protocols based on TPMs

Unbound and Oasis KMIP Interoperability

Sony Security Module. Security Policy

Scott Johnson Dominic Rizzo Parthasarathy Ranganathan Jon McCune Richard Ho. Titan: enabling a transparent silicon root of trust for Cloud

Big and Bright - Security

Trustzone Security IP for IoT

CAT862 Dolby JPEG 2000/MPEG-2 Media Block IDC Security Policy. Version 3 June 30, 2010

From Coulouris, Dollimore and Kindberg Distributed Systems: Concepts and Design. Edition 4 Pearson Education 2005

Data Security and Privacy. Topic 14: Authentication and Key Establishment

Refresher: Applied Cryptography

ARX (Algorithmic Research) PrivateServer Hardware version 4.7 Firmware version 4.8.1

Department of Computer Science Institute for System Architecture, Operating Systems Group TRUSTED COMPUTING CARSTEN WEINHOLD

Fundamentals of HW-based Security

SafeNet LUNA EFT FIPS LEVEL 3 SECURITY POLICY

Dolphin DCI 1.2. FIPS Level 3 Validation. Non-Proprietary Security Policy. Version 1.0. DOL.TD DRM Page 1 Version 1.0 Doremi Cinema LLC

Server side management system for multiple IoT terminals in industrial systems

L13. Reviews. Rocky K. C. Chang, April 10, 2015

Designing Network Encryption for the Future Emily McAdams Security Engagement Manager, Security & Trust Organization BRKSEC-2015

TRUSTED COMPUTING TRUSTED COMPUTING. Overview. Why trusted computing?

Improving Security in Embedded Systems Felix Baum, Product Line Manager

Digital Certificates Demystified

CS 425 / ECE 428 Distributed Systems Fall 2017

A TRUSTED STORAGE SYSTEM FOR THE CLOUD

Trojan-tolerant Hardware & Supply Chain Security in Practice

Exam : Title : Security Solutions for Systems Engineers(SSSE) Version : Demo

Dolphin Board. FIPS Level 3 Validation. Security Policy. Version a - Dolphin_SecPolicy_000193_v1_3.doc Page 1 of 19 Version 1.

Lecture 9a: Secure Sockets Layer (SSL) March, 2004

Department of Computer Science Institute for System Architecture, Operating Systems Group TRUSTED COMPUTING CARSTEN WEINHOLD

Satisfying CC Cryptography Requirements through CAVP/CMVP Certifications. International Crypto Module Conference May 19, 2017

ID-One PIV (Type A) FIPS Security Policy. (PIV Applet Suite on ID-One Cosmo V7-n) Public Version

Cryptography & Key Exchange Protocols. Faculty of Computer Science & Engineering HCMC University of Technology

Using Cryptography CMSC 414. October 16, 2017

IOT SECURITY TOP 20 R E Q U I R E M E N T S

Sicherheitsaspekte für Flashing Over The Air in Fahrzeugen. Axel Freiwald 1/2017

Transcription:

Atmel Trusted Platform Module June, 2014 1 2014 Atmel Corporation

What is a TPM? The TPM is a hardware-based secret key generation and storage device providing a secure vault for any embedded system Four Primary Capabilities Platform Integrity Authentication Secure Communication IP Protection Asymmetric Algorithm (RSA) Supports 512, 1024, & 2048 keys SHA-1 Hashing HMAC 2 2014 Atmel Corporation

Atmel TPM Basic Architecture I/O Non-Volatile Storage uc 8-AVR Program Code Volatile Storage Opt-In SHA-1 Platform Configuration Registers (PCR) RSA Engine Key Generation Trusted Platform Module (TPM) Packaging RNG AIK 3 2014 Atmel Corporation

Hardware Security Features Strong Multi-Level HW Security: Active shield over entire chip All memories internally encrypted Data independent crypto execution Randomized math operations Internal state consistency checking Voltage tampers, isolated power rail Internal clock generation Secure test methods, no JTAG No debug probe points, no test pads No package or die identification Designed to Defend Against: Microprobe attacks Timing attacks Emissions attacks Faults, invalid command attacks Power cycling, clock glitches Partial personalization attacks ATMEL Crypto Devices Standard Devices 4 2014 Atmel Corporation

Symmetric Key Encryption Symmetric Key Algorithms use the same key to encrypt AND decrypt data AES & DES are examples of widely used symmetric algorithms Alice s Kingdom Bob s Kingdom Distributing the SHARED KEY is a major security risk 5 2014 Atmel Corporation

Asymmetric Key Encryption Asymmetric algorithms use two related keys (Public & Private) for data encryption and decryption Public keys freely distributed with NO security risk Private keys are NEVER exposed RSA and ECC are examples of asymmetric algorithms Only Bob can decrypt using Bob s Private Key Do you want 1101010111000100010101000111110101011101010010010101 Alice encrypts message with Bob s Public Key to meet for dinner? Data is protected no matter who is watching or listening 6 2014 Atmel Corporation

Platform Integrity Secure Boot Platforms configured with many different SW modules Problem: Modules may be maliciously corrupted Platform may not be trusted Files could be intercepted How the TPM can help TPM stores hash value of each boot module in protected HW Verifies no unauthorized changes made to any module Firmware, Software or Hardware Can verify that at a particular time, that a particular system was in a TRUSTED state Real time audits can verify platform state at any time 7 2014 Atmel Corporation 7

Authentication In order for devices to gain access to a network or service they should be authentic Typical applications are Servers, Routers, AP s, Switches, MFP s and Femtocells/Microcells Store keys in protected hardware Need ability to deny access to unauthorized user Clone, generic, or non-subscription devices should not be able to access services not paid for Problem: Before allowing full access and functionality, how do I ensure it is authentic? Ways TPM can help Keys are generated and protected by TPM Certificates can be created and protected by TPM Authorization check can be done inside the TPM Sign & Verify commands utilize 2048-RSA PKI White list of good public keys provides for access only by authentic and trusted devices anywhere around the world 8 2014 Atmel Corporation

Secure Communication and Updates May be desire to send FW updates securely Add new functionality only to authentic systems Smart Home Networking Applications Problem: This equipment needs to be connected over a network Vulnerable to a remote attack with unauthorized FW updates How can the TPM help? Create session keys for encrypting data transmitted across a network (Only after authenticating) Sign FW updates and TPM can verify signature before allowing Keys are stored inside the TPM Hardware vault Encrypt data to be transmitted using recipient s public key 9 2014 Atmel Corporation

TPM Market Trends Where? Anything on a network! Tablets & PC s Access Points MFP s LTE base stations Servers/uServers Gambling gaming machines Smart Home Networking Fiscal Cash Registers Why? Standards based PKI > 200 TCG Member Companies FIPS 140-2 in end product RFQ s 10 2014 Atmel Corporation

Anything networked is a good application for TPM! 11 2014 Atmel Corporation

TPM Offering Today and Tomorrow 12 2014 Atmel Corporation

AT97SC3204 Today & Tomorrow First TPM vendor supporting Industrial Grade (-40C to +85C) Key gen > 4x faster than previous generation Internal MCU running at 66MHz Atmel signed Endorsement Key Full X.509 Certs available Small certs also available Optional Field Upgrade supported Configurable Failed-Authorization Attempts Counters (0-1024) Supported in both a 4.4mm and 6.1mm 28-TSSOP + 6mm x 6mm 40-QFN/MLF (4x4mm 32-QFN 1Q14) Interfaces: LPC, I2C Introducing FIPS-Flex Mode - AT97SC3204-X4 Series Ability to permanently set FIPS or Standard mode at CM or after 13 2014 Atmel Corporation

AT97SC3204 & 3205 FIPS Certified http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/1401val2013.htm 14 2014 Atmel Corporation

Introducing FIPS/Flexible Mode 15 2014 Atmel Corporation

Atmel Advantages Atmel continues to release new generation TPM s supporting Industry needs World s first FIPS certified vendor High speed crypto calculations SelfTestFull well below the industry target Low power auto-hibernation feature Supporting 4x4mm QFN Widest temp range supported -40C to +85C Optional Small & Full-cert & field upgrade support 21 2014 Atmel Corporation

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback