Provisioning secure Identity for Microcontroller based IoT Devices Mark Schaeffer, Sr. Product Marketing Manager, Security Solutions Synergy IoT Platform Business Division, Renesas Electronics, Inc. May 25, 2017 Authenticate Everything May 25, 2017 1
State of the IoT Internet of Insecure Things October 2016 s massive DDOS attack Privacy Industrial & Medical Sabotage Hacked Jeep Authenticate Everything May 25, 2017 2
Elements of a secure embedded platform Embedded MCU Embedded OS Secure Embedded Platform Secure Memory Simple security APIs for non-cryptographers Communications protocols integrated with security Security Services for managing identity, keys, firmware Authenticate Everything May 25, 2017 3
Security technology business objectives Authenticate Everything May 25, 2017 4
Iot chain-of-trust for solutions Certificate Services - Silicon vendor Cert - OEM Cert - App/customer/TLS Cert MCU - Read protection - Write Protection / OTP - HW Crypto acceleration - Secure Code isolation Root-of-Trust - Secure Boot - Secure Firmware Flash (manufacturing / Updates) - Unique Identity Application - Security APIs - Key / certificate management - Protocol support Secure Connectivity - TLS/SSL - MQTT - BTLE - WiFi - NFC. Cloud Services - Application - Lifecycle Mgmt - Security Policy - IDS/IPS - SIEM - Edge Computing Delivering a Trusted Device To Customer Secure Enrollment and Operations Authenticate Everything May 25, 2017 5
Spectrum of security features in ICs Disposable / Peripheral Anticounterfeiting IoT, Host anticounterfeiting VPN, Credit Cards, High end Industrial Total Solution Cost General purpose MCU Special Security ICs Attack scope for most embedded IoT applications General purpose MCU w/ HW memory protection PUF Secure Element, Smart Card Chip, TPM General purpose MCU w/ HW memory protection & tamper resistance Limited Remote / Logical attacks Physical attacks Security level (resistance to scope of attacks) Authenticate Everything May 25, 2017 6
Advantage of security in the general purpose MCU MCU without security System Board MCU with security System Board MCU MCU Boot firmware in ROM Secure features MCU Requires a set of specialized hardware..and thus robust security is often not implemented due to cost and complexity Security is integrated into MCU Authenticate Everything May 25, 2017 7
Are physical attacks on keys in scope? Physical attacks on a single point of failure (Data Center) are IN SCOPE Secure Location Data Center / Server In modern systems 1, highly sensitive master keys are typically only in a secure location And are also protected against physical attacks by specialized hardware Physical attacks on individual devices, Remote might or software might not scale attacks scale Field Embedded / IoT Devices Any keys in field devices are typically unique per device or temporary 1 The use of modern asymmetric / public key algorithms has reduced the use of secret master keys distributed into the field Authenticate Everything May 25, 2017 8
Memory segments in a single processor Unsecure Code Access Can Write Can Read User Flash 1 Read or Write (Unsecured) Updatable App firmware NOT IP Protected Non-secure Data Encrypted Data (Keys stored in Security MPU) Flash Access Window (Writeable) Unsecure Data is accessible by any code Write Only 1 The same scheme applies to SRAM, but generally contain any code or keys. Secure SRAM is available to secure flash and vice-versa. Security MPU (Read protected) Secure code Updatable keys Write Once (Root of Trust) Bootloader Kernel Secure Data is only accessible by Secure Code Authenticate Everything May 25, 2017 9
Develop your provision scheme early on Factory Distributor Programming Center Enrollment/ Operations OEM Identity Application Firmware User / App IDentity CM / OEM Silicon Silicon Silicon Inventory OEM Dev ID OEM FW Mast. OEM Dev ID OEM FW Mast. Silicon Identity App ID OEM Unique Identity OEM Firmware Mastering Cert Firmware (Encrypted, signed, controlled) TLS Authenticate Everything May 25, 2017 10
Advanced Security features & services Providing a chain-of-trust for solutions Secure Firmware Flashing Partners - Secure Manufacturing - Secure Updates Certificate Services - Renesas Cert - OEM Cert - App/customer/TLS Cert Bare MCU - MPU 1 (Read protection) - FAW 2 (Write protection) - HW Crypto acceleration Security Software Modules - Secure Boot - Secure Firmware Flash - Unique Identity Security Ref Soln Secure Flash Programming Solution SSP API s, Toolbox Ref Design - Security API s - Working application examples with simulated cloud server and Certificate Authority Security Toolbox Secure Connectivity - TLS/SSL - MQTT - BTLE, etc. Cloud Services - App - Life Cycle Mgmt - Security Policy - IDS/IPS - SIEM - Edge Computing 1 Hardware Memory Protection Unit 2 Hardware Flash Access Window / One-time-programmable Features End-to-End IoT solutions with Ecology Partners Authenticate Everything May 25, 2017 11
RENESAS Synergy s Security Reference Solution: A Firmware Flash Programming Solution Overview Synergy Platform OEM/Contract Manufacturer Partners/ Provisioning Tools Channel / End User Firmware Updates Synergy s Security Reference Solution Secure Deploy Application software / firmware Bare MCU Security Software Modules SentriX Security Programming Platform End Products The Synergy MCU provides hardware-protected memory segments integrated with an asymmetric cryptographic engine to validate and decrypt the firmware. Authenticate Everything May 25, 2017 12
Security toolbox Reference examples and sample protocols (Medical Device, Industrial Controller) Crypto API Key exchange Salt / Anti-replay Identity with certificates Integrity / Signature Certificate creation & usage Key generation Simple sample Certificate Authority Validating Chain-of-trust Public key validation and usage Authenticate Everything May 25, 2017 13
Thank You! Authenticate Everything May 25, 2017 14