Emerging Financial Payment Applications Powered by Freescale Security Solutions

Similar documents
Market Trends and Challenges in Vehicle Security

Connecting Securely to the Cloud

Securing IoT devices with STM32 & STSAFE Products family. Fabrice Gendreau Secure MCUs Marketing & Application Managers EMEA Region

New STM32WB Series MCU with Built-in BLE 5 and IEEE

New STM32WB Series MCU with built-in Bluetooth 5 and IEEE

Atmel Trusted Platform Module June, 2014

Zatara Series ARM ASSP High-Performance 32-bit Solution for Secure Transactions

What s In Your e-wallet? Using ARM IP to Enable Security in Mobile Phones. Richard Phelan Media Processing Division TrustZone Security Technology

ARM Security Solutions and Numonyx Authenticated Flash

Designing Security & Trust into Connected Devices

Jan ps/site/prod_summary.jsp?code=r DMK30&fsrch=1&sr=1

Renesas Synergy MCUs Build a Foundation for Groundbreaking Integrated Embedded Platform Development

Resilient IoT Security: The end of flat security models

M2351 Security Architecture. TrustZone Technology for Armv8-M Architecture

Beyond TrustZone Security Enclaves Reed Hinkel Senior Manager Embedded Security Market Develop

Ezetap V3 Security policy

Trusted Execution Environments (TEE) and the Open Trust Protocol (OTrP) Hannes Tschofenig and Mingliang Pei 16 th July IETF 99 th, Prague

Smart Card ICs. Dr. Kaushik Saha. STMicroelectronics. CSME 2002 (Chandigarh, India) STMicroelectronics

AT90SDC10X Summary Datasheet

Titan silicon root of trust for Google Cloud

STM32 Cortex-M3 STM32F STM32L STM32W

Designing Security & Trust into Connected Devices

High-Performance, Highly Secure Networking for Industrial and IoT Applications

T he key to building a presence in a new market

Dolphin DCI 1.2. FIPS Level 3 Validation. Non-Proprietary Security Policy. Version 1.0. DOL.TD DRM Page 1 Version 1.0 Doremi Cinema LLC

Integral Memory PLC. Crypto Dual (Underlying Steel Chassis) and Crypto Dual Plus (Underlying Steel Chassis) FIPS Security Policy

Sicherheitsaspekte für Flashing Over The Air in Fahrzeugen. Axel Freiwald 1/2017

Fundamentals of HW-based Security

Boot Loader. Bootloader

BCM58100B0 Series: BCM58101B0, BCM58102B0, BCM58103B0 Cryptographic Module VC0 Non-Proprietary Security Policy Document Version 0.

Seagate Secure TCG Enterprise SSC Pulsar.2 Self-Encrypting Drive FIPS 140 Module Security Policy

Hitachi Virtual Storage Platform (VSP) Encryption Board. FIPS Non-Proprietary Cryptographic Module Security Policy

Kinetis + mbed = the secure connection in IOT

The Future of Smart Cards: Bigger, Faster and More Secure

MM23SC8128RM Flash Security Turbo Microcontroller Smart Card Chip With 1024 bit RSA & Maths Co-processor

DynaPro Go. Secure PIN Entry Device PCI PTS POI Security Policy. September Document Number: D REGISTERED TO ISO 9001:2008

Secure Cryptographic Module (SCM)

Scott Johnson Dominic Rizzo Parthasarathy Ranganathan Jon McCune Richard Ho. Titan: enabling a transparent silicon root of trust for Cloud

A Developer's Guide to Security on Cortex-M based MCUs

STM32G0 MCU Series Efficiency at its Best

Cypress PSoC 6 Microcontrollers

AT90SO36 Summary Datasheet

MYD-Y6ULX Development Board

Trusted Platform Modules Automotive applications and differentiation from HSM

Security of Embedded Hardware Systems Insight into Attacks and Protection of IoT Devices

WHAT FUTURE FOR CONTACTLESS CARD SECURITY?

AVR XMEGA Product Line Introduction AVR XMEGA TM. Product Introduction.

Dolphin Board. FIPS Level 3 Validation. Security Policy. Version a - Dolphin_SecPolicy_000193_v1_3.doc Page 1 of 19 Version 1.

The Next Steps in the Evolution of Embedded Processors

STM32 F-2 series High-performance Cortex-M3 MCUs

FIPS Security Policy. for Marvell Semiconductor, Inc. Solaris 2 Cryptographic Module

Lexmark PrintCryption TM (Firmware Version 1.3.1)

This Security Policy describes how this module complies with the eleven sections of the Standard:

eh880 Secure Smart Card Terminal

SecureDoc Disk Encryption Cryptographic Engine

Getting Started With the Stellaris EK-LM4F120XL LaunchPad Workshop. Version 1.05

EDGE COMPUTING & IOT MAKING IT SECURE AND MANAGEABLE FRANCK ROUX MARKETING MANAGER, NXP JUNE PUBLIC

SafeNet LUNA EFT FIPS LEVEL 3 SECURITY POLICY

Security in NVMe Enterprise SSDs

SEL-3021 Serial Encrypting Transceiver Security Policy Document Version 1.9

FIPS Non-Proprietary Security Policy

Kinetis KV5x Real-Time Control MCUs with Ethernet Up to 1 MB Flash and 256 KB SRAM

Introducing STM32 L0x Series. April

Outline. Trusted Design in FPGAs. FPGA Architectures CLB CLB. CLB Wiring

Telkonet G3 Series ibridge/extender Security Policy

Freescale i.mx6 Architecture

Trustzone Security IP for IoT

CoSign Hardware version 7.0 Firmware version 5.2

CSPN Security Target. HP Sure Start HW Root of Trust NPCE586HA0. December 2016 Reference: HPSSHW v1.3 Version : 1.3

FIPS Non-Proprietary Security Policy. Level 1 Validation Version 1.2

STM32F7 series ARM Cortex -M7 powered Releasing your creativity

AT-501 Cortex-A5 System On Module Product Brief

Typical Applications: GHz Bluetooth low energy systems - Proprietary 2.4 GHz systems - Sports and leisure equipment - Mobile phone accessories,

FIPS SECURITY POLICY FOR

Version 2.3 March 2, WisePad 2 Security Policy

The Future of Security is in Open Silicon Linux Security Summit 2018

AT90SO72 Summary Datasheet

FIPS Security Policy for Cisco Aironet Lightweight AP1131, AP1142, AP1242, AP1252, AP1262, CAP3502e, and CAP3502i Wireless LAN Access Points

Cisco Desktop Collaboration Experience DX650 Security Overview

FIPS Security Policy

BLE MODULE SPECIFICATIONS

IBM 4768 PCIe Cryptographic Coprocessor with Common Cryptographic Architecture (CCA) PCI-HSM Security Policy

Secure Elements 101. Sree Swaminathan Director Product Development, First Data

Webinar Tokenization 101

STM32 F0 Value Line. Entry-level MCUs

Smart Payments. Generating a seamless experience in a digital world.

MYD-IMX28X Development Board

FIPS Non-Proprietary Security Policy

IOS Common Cryptographic Module (IC2M)

How to protect Automotive systems with ARM Security Architecture

Canon MFP Security Chip. ISO/IEC Security Policy

How Safe is Anti-Fuse Memory? IBG Protection for Anti-Fuse OTP Memory Security Breaches

HOW TO INTEGRATE NFC CONTROLLERS IN LINUX

Designing with STM32F2x & STM32F4

Kinetis KE1xF512 MCUs

Quick Start Guide. TWR-VF65GS10 For Vybrid Controller Solutions Based on ARM Cortex -A5 and Cortex-M4 Processors with the DS-5 Toolchain TOWER SYSTEM

STM8L and STM32 L1 series. Ultra-low-power platform

Beyond TrustZone PSA. Rob Coombs Security Director. Part1 - PSA Tech Seminars Arm Limited

Designing, developing, debugging ARM Cortex-A and Cortex-M heterogeneous multi-processor systems

Clover Flex Security Policy

Transcription:

Emerging Financial Payment Applications Powered by Freescale Security Solutions FTF-CON-F0484 Starle Li Marketing Manager, AP M A Y. 2 0 1 4 TM External Use

Agenda Explosive Growth of China POS Industry Call for Security in Financial Application Introduction of Kinetis Security MCU Introduction of the i.mx Trust Architecture Summary External Use 1

China 3 rd Party Payment Market is Booming According to PBOC s report of 2013: Payment transaction via mobile phone Transaction times: 1.67Billion, 212.86% increase. Transaction volume: RMB 9.64Trillion, 317.56% increase. Payment transaction via telephone Transaction times: 0.45Billion, -6.59% increase. Transaction volume: RMB 4.74Trillion, -8.92 % increase. External Use 2

Direct Acquiring vs. 3 rd Party Payment Acquiring Surcharge Share 7:2:1 Inter-bank Settlement Inter-bank Settlement Acquiring Paying Acquirer Acquirer External Use 3

Lakala mobile POS Reshapes Mobile Payment Low cost Leverage resource of mobile phone BT interface with mobile phone, no 3G/LTE modem is needed. Low power to provide longer battery life. Mini form factor for mobile application External Use 4

China POS Products Evolution http://www.hkrt.cn/pc.asp?id=39 Payment carriers approved by PBOC will penetrate into acquiring business by selling mpos to micro merchants. PBOC approved 250 payment carriers from March 2011 to July 2013, and 47 out of 250 have the license of acquiring. CUP and banks began to promote mpos to expand the online payment business to defeat 3 rd party payment carriers. http://cn.unionpay.com/online_pay/minipay/file_94977279.html External Use 5

mpos vs. Traditional POS Traditional POS mpos Target Users Medium and big merchants Micro and smaller merchant Operators Banks, CUP Banks, 3 rd party payment providers Business Model Platform Requirement Interface to mobile devices Surcharge of transaction paid by merchants High, Application processor with security module N/A Surcharge of transaction paid by merchants, but much lower than traditional POS Low, MCU and security module USB, Bluetooth Cost High Low Safety Level High High Freescale Product i.mx258 K21D, K21F External Use 6

Security in POS External Use 7

How Much Security? When protecting a system you must consider: What are you trying to protect? What types of attack do you need to protect against? What are the likely attack points, and methods? How much security do you require? How much are you willing to pay? How will security impact the underlying system? How will you upgrade/maintain the system and security over time? External Use 8

Categories of Attack in Embedded Systems Electrical Over/Under voltage Power analysis Frequency analysis Electrostatic discharge Circuit probing Software Spy software insertion Flow analysis Trojan horse Virus Physical Temperature variation (into extremes) Temperature analysis De-processing System theft Partial destruction Hardware addition/substitution Classification per investment (equipment), Time Expertise needed Classification per type Invasive or semi invasive Non invasive >side channel attack Software External Use 9

How are Systems Protected Today? Physical security: Secure packaging Secure packaging with tamper detect (i.e. micro-switch, pressure monitoring) Secure packaging with tamper detect and destruction (i.e. dynamite) Obscured part numbers Hidden layers Protected location Electronic Security: Security bit, to protect on-chip non-volatile memory (e.g. Flash on MCUs) Prevent external access to on-chip resources: Locks device into Single Chip mode (disables external parallel bus) Disables Background Debug Mode Disables Test Mode Disables JTAG Disables any (serial) Bootstrap functions Memory array bulk erase turns security bit off (user selectable option) Secure System (e.g. Trust Zone) Code signing to prevent software tampering Assurance for stored IP Data stored encrypted in internal or external memory Data decrypted and stored in on-chip private memory at runtime How do you protect software IP in external memory systems? Proprietary (CPU) Design Silicon Obfuscation (e.g. obscuring metal layer) On-Chip Encryption Acceleration How do you protect the keys? External Use 10

Example 1 : power analysis : SPA, DPA External Use 11

Example 2 : spike/glitch attack Glitch attacks are fast changes in the signals supplied to the device and designed to affect its normal operation. Usually glitches are inserted in power supply and clock signals VDD Kinetis MCU External Use 12

Microcontroller System Security Requirement Hardware random number generator Memory protection unit Protected Flash memory LAN PAN WAN Encrypted communications Optional external memory system Integrated FLASH Peripherals FLASH CPU DRAM SRAM Hardware cryptographic acceleration Unique chip identifier Secure key storage, Unique chip ID Tamper detection, Secure RTC External Use 13

Freescale Products for Security External Use 14

Freescale Security MPU/MCU Overview i.mx 6S High i.mx53 Cortex A8, 800-1GHz 2D/3D GPU External Security Cortex A9, 1.0 GHz 2D/3D GPU + K21 i.mx Next-gen Cortex M4 100 MHz DryIce Security Block Mid i.mx31/l Vybrid Cortex A5+M4, 500/100MHz DryIce Security Block Low i.mx258 ARM926, 400MHz DryIce Security Block HAB, RTIC K21 Cortex M4 100 MHz DryIce Security Block, with USB OTG K61 Cortex M4 120~150M MHz DryIce Security Block, with Ethernet, DRAM, USB OTG 2012 2013 External Use 15

Kinetis MCU for Security External Use 16

Performance TM Kinetis K-Series Portfolio ARM Cortex-M4 solutions for a wide range of embedded applications Kinetis K Series 180 MHz 1 st Gen Kinetis K-Series Families K65F / K66F K65F / K66F 150 MHz 120 MHz K70 Graphics K60/K61 Ethernet w/optional Tamper K5x Measurement ( Medical ) K40 SLCD + USB K30 SLCD K70F K60F / K61F K70F K64F K60F / K61F K70F K60F / K61F K70F K63F / K64F K60F / K61F K2x USB K1x Baseline K24F K22F K21F / K22F K10F / K20F K24F K21F / K22F K10F / K20F Execution Production K22F 100 MHz 72 MHz 50 MHz K02F K02F K30D / K40D K30D / K40D K30D / K40D K12D / K22D K11D / K21D K10D / K20D K10D / K20D K10D / K20D K60D K5xD K30D / K40D K30D / K40D K30D / K40D K10D / K20D K10D / K20D K10D / K20D K12D / K22D K11D / K21D K60D K5xD K12D / K22D K11D / K21D 32KB 64KB 128KB 256KB 512KB Memory Density 2 nd Gen Kinetis K-Series Families K64, K66 Ethernet MCUs K63, K65 Ethernet. w/ Tamper MCUs K24 USBs MCU w/ extended RAM K22 USB MCUs K21 USB w/ Tamper MCUs K12 Baseline MCUs K11 Baseline w/tamper MCUs K02 L-Series Bridge Cortex-M4 External Use 17

Kinetis: Security Flash Security (All Kinetis families) Memory Protection Unit (All Kinetis families) 4-level protection limits access to flash resources safeguarding user s IP Data protection and increased software reliability Tamper Detection & battery back-up (K60, K70 families) Cryptographic Acceleration Unit (K1x, K2x, K50, K60, K70 families) Voltage, frequency, temperature & external sensing for physical attack detection Faster than s/ware implementations with only minimal CPU intervention Wide variety of algorithms supported H/w Cyclic Redundancy Check (All Kinetis families) Validation of memory contents and communication data for enhanced system integrity External Use 18

Kinetis Security Summary The entire (current) Kinetis family includes enhanced Flash security, with user selectable: Security bit, disables external and debug access Backdoor access enable Factory access enable Block erase & re-program disable Hardware protection against "Noise injection" attacks Memory Protection Unit 128-bit unique part identifier K60 and K70 120/150 MHz parts in 256 MAPBGA packages, and K11 and K21 50 MHz parts add: chip Battery backed up Tamper detection, monitoring- Protected Wire Vcc GND Supply voltage B A B A Clock frequency PCB Temperature External sensors External physical tampering (e.g. drilling into PCB) 256-bit secure user storage (key), erased on tamper Secure real time clock External Use 19

Kinetis: Security K10/K20/K30/K40/K50/K60/K70 Flash Security Options: User backdoor access disable Factory access disable Mass erase disable Multiple transfers from Flash to config register Memory Protection Unit (MPU): 16 areas, supervisor/user (config registers are fully accessible) Cryptographic Acceleration Unit (CAU): (K10/20/50/60/70 only) Symmetrical crypto Hashing functions Random Number Generator (RNG) Enablement: Crypto stacks Secure storage: 128 bit unique chip identifier Prevent External accesses for reading or programming Protects secure system against electrical noise attacks Facilitates generation of FIPS140 certifiable random numbers Facilitates certificate and authentication to a specific MCU Prevents block and security bit erase, and re-programming. Protects against system impersonation Allows sandboxing, running software with restricted access permissions Reduces CPU loading for cryptographic functions Facilitates detection of data tampering Hardware Cyclic Redundancy Check (CRC) Accelerates basic data integrity checking External Use 20 20

Kinetis: Security K10/K20/K60/K70, 50/120/150MHz Flash Security Options: User backdoor access disable Factory access disable Mass erase disable Multiple transfers from Flash to config register Protects against a wide range physical attacks on MCU, even during low power modes Memory Protection Unit (MPU): 16 areas, supervisor/user (config registers are fully accessible) Protected storage of user key or authentication code, may be used as master key to encrypt additional key depository Tamper Detection (with battery backup): Integrated sensors Frequency Voltage Temperature 4x passive external tamper sources (inputs) 2x active external tamper sources (2x output and input) Cryptographic Acceleration Unit (CAU): Symmetrical crypto Hashing functions Random Number Generator (RNG) Highly secure firmware verification, with secure firmware upgrade capability Protects against a wide range physical attacks on hardware system outside the MCU Secure storage: 256 bit user area, erased by tamper 128 bit unique chip identifier Secure Real Time Clock (RTC): Monotonic Overflow and reprogram protection Enablement: High Assurance Boot (HAB) with tools Crypto stacks External Use 21 May be used to prevent firmware downgrading Hardware Cyclic Redundancy Check (CRC)

Kinetis MCUs with Security and integrity solutions http://cache.freescale.com/files/32bit/doc/brochure/brkinetissec SOLS.pdf?&Parent_nodeId=&Parent_pageType External Use 22

High-end POS Powered by i.mx External Use 23

ViewAt Multimedia POS with i.mx6q+k21d Android 4.3 OS i.mx6q 4 ARM Cortex-A9 cores deliver outstanding performance K21D Security MCU provides uncompromising protection for financial application External Use 24

i.mx258 based PCIPED Certified Product MB400 Product Info http://www.miurasystems.com/downloads/mb400-productsheet.pdf Certification: https://www.pcisecuritystandards.org/approved_companies_providers/approv ed_pin_transaction_security.php W280 https://www.pcisecuritystandards.org/popups/pts_device.php?appnum=4-40072 G810 https://www.pcisecuritystandards.org/popups/pts_device.php?appnum=4-60146 MB400 G810 W280 External Use 25

i.mx Trust Architecture Features Trusted Execution Isolates execution of critical SW from possible malware TrustZone Secure & Normal Worlds (processor modes) Hardware firewalls between CPU & DMA masters and memory & peripherals High Assurance Boot Authenticated boot: prevents unauthorized SW execution Encrypted boot: protects SW confidentiality Digital signature checks embedded in on-chip boot ROM Run every time processor is reset HW Cryptographic Accelerators i.mx family dependent Symmetric: AES-128, AES-256, 3DES, ARC4 Message Digest & HMAC: SHA-1, SHA-256, MD-5 External Use 26

i.mx Trust Architecture Features (continued) Secure Storage Protects data confidentiality and integrity Off-chip: cryptographic protection including device binding On-chip: self-clearing Secure RAM HW-only keys: no SW access HW Random Number Generation Ensures strong keys and protects against protocol replay On-chip entropy generation Cryptographically secure deterministic RNG Secure Clock Provides reliable time source On-chip, separately-powered real-time clock Protection from SW tampering External Use 27

i.mx Trust Architecture Features (continued) Secure Debug: Protects against HW debug (JTAG) exploitation for: Security circumvention Reverse engineering Three security levels + complete JTAG disable Tamper Detection Protects against run-time tampering Monitoring of various alarm sources Debug activation External alarm (e.g. cover seal) SW integrity checks SW alarm flags HW and SW tamper response Support varies by i.mx family External Use 28

i.mx Trust Architecture Overview GPIO alarm External Memory i.mx Tamper Detect Erase Secure RAM Secure Clock Peripheral Slave HW Firewall HW Firewall HW Firewall HW Firewall SW alarm ARM CPU Accelerator (Cipher, Hash, RNG) HW Firewall DMA Master ROM (High Assurance Boot) Debug alarm Secure Debug Electrical Fuses (keys, security levels) JTAG External Use 29

i.mx Trust Architecture Deployment Feature i.mx 25 i.mx 27 i.mx 28 i.mx 35 i.mx 50 i.mx 51 i.mx 53 i.mx 6 Trusted Execution High Assurance Boot Secure Storage Hardware RNG Secure Clock Secure Debug Tamper Detection * * * * * External Digital Tamper only monitored when main power is supplied. External Use 30

i.mx6 Family Security HW Feature Assurance Boot Secure Storage Cryptographic Accelerators Run-time Monitoring Secure Real Time Clock Hardware Firewalls Resource Domain Separation Secure JTAG Physical Tamper Detection Device Configuration TrustZone Support i.mx6 Family Authenticated Boot + Encrypted boot (HABv4.1) On-chip zeroizable 4x4kB Secure RAM Off-chip storage protected using unique HW master key (AES-256) (CAAM/SNVS) Symmetric: AES-128/256, DES, 3DES, ARC4 Hash & HMAC: MD5, SHA-1, SHA-224, SHA-256 HW Random Number Generator follows NIST/BSI recommendations > 2015 (CAAM) None SNVS External memory (TZASC) On-chip peripherals (CSU) On-Chip Memory (CAAM, OCRAM) None Full or Controlled Disable (3 modes) Tamper Input GPIO Tamper Response (SNVS) Open, Closed, Field Return Peripheral DMA access control (CSU) Memory DMA access control (ARM TZASC) Interrupt separation (ARM GIC) Secure storage separation (CAAM/SNVS) Cryptographic separation (CAAM) OCRAM protected region (OCRAM, CSU) External Use 31

Compliance External Use 32

Federal Information Protection Standard - FIPS The US Government publishes a Federal Information Protection Standard, known as FIPS, which describes how governmental agencies should protect sensitive data. FIPS 140-2 is the standard pertaining to cryptography modules used by the federal government. The FIPS standard is published by the National Institute of Standards and Technology (NIST). www.nist.gov Certification of one system using a specific processor provides no pass through benefit to our customers The tests are system level tests, so every new system must go through the process For this reason, there are no plans for Freescale to pursue FIPS testing/certification of Kinetis. External Use 33

Payment Card Industry PCI Compliance PTS (PIN transaction security) is the PCI standard governing security for POS and PIN entry devices Like FIPS, PCI-PTS is a system level compliance test. Freescale has no plans to create a reference system and pass it through PCI-PTS certification; however, we hired an outside company to perform a security review of the Kinetis K70 specification. We have a customer version of the report that can be shared as needed. External Use 34

Europay, Mastercard, Visa EMV compliance Standard for IC cards or chip cards credit cards with a chip in them for authentication of transactions This is a system level compliance test, but in this case there is a defined standard for the interface to the outside world ISO7816-3. Smart Card Interface External Use 35

EMV Compliance (cont.) We support ISO7816-3 using the UART There are three classes determined by voltage: Class A (4.5V-5.5V) Class B (2.7V-3.3V) Class C (1.62V-1.98V) Kinetis can only support class B and C without external voltage translation hardware External Use 36

Useful References The DryIce and RTC chapters of the applicable device s reference manual The DryIce and RTC sections of the applicable device s data sheet (under NDA) Anxxxx: Using the DryIce Tamper Detection Unit on Kinetis Microcontrollers (under NDA) AN3795: Using the CRC Module on the Flexis AC Family AN4507: Using the Kinetis Security and Flash Protection Features AN4307: Using the CAU and mmcau in ColdFire, ColdFire+ and Kinetis CAU/MMCAU Performance Analysis Internal Document RSA Performance using Kinetis MCU Internal Document External Use 37

Designing with Freescale Tailored live, hands-on training in a city near you 2014 seminar topics include QorIQ product family update Kinetis K, L, E, V series MCU product training freescale.com/dwf External Use 38

www.freescale.com 2014 Freescale Semiconductor, Inc. External Use

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback