Provisioning secure Identity for Microcontroller based IoT Devices

Similar documents
Delivering High-mix, High-volume Secure Manufacturing in the Distribution Channel

Connecting Securely to the Cloud

ENABLING HARDWARE SECURITY FOR THE INTERNET OF THINGS

Securing IoT devices with STM32 & STSAFE Products family. Fabrice Gendreau Secure MCUs Marketing & Application Managers EMEA Region

New Approaches to Connected Device Security

$263 WHITE PAPER. Flexible Key Provisioning with SRAM PUF. Securing Billions of IoT Devices Requires a New Key Provisioning Method that Scales

A Developer's Guide to Security on Cortex-M based MCUs


Firmware Updates for Internet of Things Devices

Securing IoT with the ARM mbed ecosystem

Beyond TrustZone Security Enclaves Reed Hinkel Senior Manager Embedded Security Market Develop

Market Trends and Challenges in Vehicle Security

Titan silicon root of trust for Google Cloud

TERRA. Boneh. A virtual machine-based platform for trusted computing. Presented by: David Rager November 10, 2004

SSG Platform Security Division & IOTG Jan Krueger Product Manager IoT Security Solutions

Security in NVMe Enterprise SSDs

Trustzone Security IP for IoT

Windows IoT Security. Jackie Chang Sr. Program Manager

Windows 10 IoT Core Azure Connectivity and Security

Security of Embedded Hardware Systems Insight into Attacks and Protection of IoT Devices

Trusted Execution Environments (TEE) and the Open Trust Protocol (OTrP) Hannes Tschofenig and Mingliang Pei 16 th July IETF 99 th, Prague

Designing Security & Trust into Connected Devices

Azure Sphere Transformation. Patrick Ward, Principal Solutions Specialist

Beyond TrustZone PSA Reed Hinkel Senior Manager Embedded Security Market Development

Atmel Trusted Platform Module June, 2014

Designing Security & Trust into Connected Devices

Trusted Platform Modules Automotive applications and differentiation from HSM

Resilient IoT Security: The end of flat security models

ARM mbed mbed OS mbed Cloud

The Next Steps in the Evolution of Embedded Processors

Scott Johnson Dominic Rizzo Parthasarathy Ranganathan Jon McCune Richard Ho. Titan: enabling a transparent silicon root of trust for Cloud

Strong Security Elements for IoT Manufacturing

Securing IoT devices with Hardware Secure Element. Fabrice Gendreau EMEA Secure MCUs Marketing & Application Manager

Designing Security & Trust into Connected Devices

Building secure devices on the intelligent edge with Azure Sphere. Paul Foster, Microsoft Dr Hassan Harb, E.On

Putting It (almost) all Together: ios Security. Konstantin Beznosov

6.857 L17. Secure Processors. Srini Devadas

Building firmware update: The devil is in the details

Beyond TrustZone PSA. Rob Coombs Security Director. Part1 - PSA Tech Seminars Arm Limited

GlobalPlatform Trusted Execution Environment (TEE) for Mobile

How to protect Automotive systems with ARM Security Architecture

Trusted Computing Use Cases and the TCG Software Stack (TSS 2.0) Lee Wilson TSS WG Chairman OnBoard Security November 20, 2017

ARM mbed Technical Overview

Easy Incorporation of OPTIGA TPMs to Support Mission-Critical Applications

ARM TrustZone for ARMv8-M for software engineers

Project Cerberus Hardware Security

TRUSTED SUPPLY CHAIN & REMOTE PROVISIONING WITH THE TRUSTED PLATFORM MODULE

ARM mbed Towards Secure, Scalable, Efficient IoT of Scale

CSPN Security Target. HP Sure Start HW Root of Trust NPCE586HA0. December 2016 Reference: HPSSHW v1.3 Version : 1.3

The Future of Security is in Open Silicon Linux Security Summit 2018

Lecture 3 MOBILE PLATFORM SECURITY

Using the tpm with iot

Chip Lifecycle Security Managing Trust and Complexity

Date: 13 June Location: Sophia Antipolis. Integrating the SIM. Dr. Adrian Escott. Qualcomm Technologies, Inc.

1. System Requirements Extract Evaluation Software PK-S5D9 Board Setup... 3

What s In Your e-wallet? Using ARM IP to Enable Security in Mobile Phones. Richard Phelan Media Processing Division TrustZone Security Technology

The Open Application Platform for Secure Elements.

Oberon M2M IoT Platform. JAN 2016

2013 Cisco and/or its affiliates. All rights reserved. 1

Adding value to your MS customers

Secure RISC-V. A FIPS140-2 Compliant Trust Module for Quad 64-bit RISC-V Core Complex

Innovation is Thriving in Semiconductors

M2351 Trusted Boot. Application Note for 32-bit NuMicro Family

BCM58100B0 Series: BCM58101B0, BCM58102B0, BCM58103B0 Cryptographic Module VC0 Non-Proprietary Security Policy Document Version 0.

1. OVERVIEW RELEASE ITEMS HOW TO APPLY ADDITIONAL FUNCTIONS AND CHANGE FUNCTIONS FROM PREVIOUS EDITION...

Who s Protecting Your Keys? August 2018

DICE: Foundational Trust for IoT

Securing the System with TrustZone Ready Program Securing your Digital World. Secure Services Division

Beyond TrustZone Part 1 - PSA

CSI: VIDEO SURVEILLANCE CONVERTING THE JUGGERNAUT

Managing & Accelerating Innovation with Open Source at the Edge

EDGE COMPUTING & IOT MAKING IT SECURE AND MANAGEABLE FRANCK ROUX MARKETING MANAGER, NXP JUNE PUBLIC

Terra: A Virtual Machine-Based Platform for Trusted Computing by Garfinkel et al. (Some slides taken from Jason Franklin s 712 lecture, Fall 2006)

Leveraging the full potential of NFC to reinvent physical access control. Friday seminar,

Introducing Hardware Security Modules to Embedded Systems

Security Requirements for Crypto Devices

Building a Better Mousetrap:

Building mbed Together: An Overview of mbed OS and How To Get Involved

DEVICE BIRTH CERTIFICATE

Azure Sphere: Fitting Linux Security in 4 MiB of RAM. Ryan Fairfax Principal Software Engineering Lead Microsoft

CardOS Secure Elements for Smart Home Applications

Automotive Security An Overview of Standardization in AUTOSAR

Cisco Secure Boot and Trust Anchor Module Differentiation

Embedded System Security Mobile Hardware Platform Security

DesignWare IP for IoT SoC Designs

Hypervisor Security First Published On: Last Updated On:

Microsoft Azure Sphere Overview Martin Grossen, Line Manager Microsoft Embedded / IoT Europe 5. June 2018

M2351 Security Architecture. TrustZone Technology for Armv8-M Architecture

PKI Credentialing Handbook

Cyber security of automated vehicles

Deploying Secure Boot: Key Creation and Management

Securing Smart Meters with MULTOS Technical Overview

Embedded System Security Mobile Hardware Platform Security

How I Learned to Stop Worrying and Love the Internet of Things

mbed OS Update Sam Grove Technical Lead, mbed OS June 2017 ARM 2017

Making Blockchain Real for Business IBM Blockchain Offering

Cisco Desktop Collaboration Experience DX650 Security Overview

ARM European Technical Symposium The security challenges that IoT and Mobile Computing Devices are facing. Pierre Garnier, COO

Technical Brief Distributed Trusted Computing

Microcontrollers. Claude Dardanne Executive Vice President, General Manager, Microcontrollers, Memory & Secure MCU Group.

Transcription:

Provisioning secure Identity for Microcontroller based IoT Devices Mark Schaeffer, Sr. Product Marketing Manager, Security Solutions Synergy IoT Platform Business Division, Renesas Electronics, Inc. May 25, 2017 Authenticate Everything May 25, 2017 1

State of the IoT Internet of Insecure Things October 2016 s massive DDOS attack Privacy Industrial & Medical Sabotage Hacked Jeep Authenticate Everything May 25, 2017 2

Elements of a secure embedded platform Embedded MCU Embedded OS Secure Embedded Platform Secure Memory Simple security APIs for non-cryptographers Communications protocols integrated with security Security Services for managing identity, keys, firmware Authenticate Everything May 25, 2017 3

Security technology business objectives Authenticate Everything May 25, 2017 4

Iot chain-of-trust for solutions Certificate Services - Silicon vendor Cert - OEM Cert - App/customer/TLS Cert MCU - Read protection - Write Protection / OTP - HW Crypto acceleration - Secure Code isolation Root-of-Trust - Secure Boot - Secure Firmware Flash (manufacturing / Updates) - Unique Identity Application - Security APIs - Key / certificate management - Protocol support Secure Connectivity - TLS/SSL - MQTT - BTLE - WiFi - NFC. Cloud Services - Application - Lifecycle Mgmt - Security Policy - IDS/IPS - SIEM - Edge Computing Delivering a Trusted Device To Customer Secure Enrollment and Operations Authenticate Everything May 25, 2017 5

Spectrum of security features in ICs Disposable / Peripheral Anticounterfeiting IoT, Host anticounterfeiting VPN, Credit Cards, High end Industrial Total Solution Cost General purpose MCU Special Security ICs Attack scope for most embedded IoT applications General purpose MCU w/ HW memory protection PUF Secure Element, Smart Card Chip, TPM General purpose MCU w/ HW memory protection & tamper resistance Limited Remote / Logical attacks Physical attacks Security level (resistance to scope of attacks) Authenticate Everything May 25, 2017 6

Advantage of security in the general purpose MCU MCU without security System Board MCU with security System Board MCU MCU Boot firmware in ROM Secure features MCU Requires a set of specialized hardware..and thus robust security is often not implemented due to cost and complexity Security is integrated into MCU Authenticate Everything May 25, 2017 7

Are physical attacks on keys in scope? Physical attacks on a single point of failure (Data Center) are IN SCOPE Secure Location Data Center / Server In modern systems 1, highly sensitive master keys are typically only in a secure location And are also protected against physical attacks by specialized hardware Physical attacks on individual devices, Remote might or software might not scale attacks scale Field Embedded / IoT Devices Any keys in field devices are typically unique per device or temporary 1 The use of modern asymmetric / public key algorithms has reduced the use of secret master keys distributed into the field Authenticate Everything May 25, 2017 8

Memory segments in a single processor Unsecure Code Access Can Write Can Read User Flash 1 Read or Write (Unsecured) Updatable App firmware NOT IP Protected Non-secure Data Encrypted Data (Keys stored in Security MPU) Flash Access Window (Writeable) Unsecure Data is accessible by any code Write Only 1 The same scheme applies to SRAM, but generally contain any code or keys. Secure SRAM is available to secure flash and vice-versa. Security MPU (Read protected) Secure code Updatable keys Write Once (Root of Trust) Bootloader Kernel Secure Data is only accessible by Secure Code Authenticate Everything May 25, 2017 9

Develop your provision scheme early on Factory Distributor Programming Center Enrollment/ Operations OEM Identity Application Firmware User / App IDentity CM / OEM Silicon Silicon Silicon Inventory OEM Dev ID OEM FW Mast. OEM Dev ID OEM FW Mast. Silicon Identity App ID OEM Unique Identity OEM Firmware Mastering Cert Firmware (Encrypted, signed, controlled) TLS Authenticate Everything May 25, 2017 10

Advanced Security features & services Providing a chain-of-trust for solutions Secure Firmware Flashing Partners - Secure Manufacturing - Secure Updates Certificate Services - Renesas Cert - OEM Cert - App/customer/TLS Cert Bare MCU - MPU 1 (Read protection) - FAW 2 (Write protection) - HW Crypto acceleration Security Software Modules - Secure Boot - Secure Firmware Flash - Unique Identity Security Ref Soln Secure Flash Programming Solution SSP API s, Toolbox Ref Design - Security API s - Working application examples with simulated cloud server and Certificate Authority Security Toolbox Secure Connectivity - TLS/SSL - MQTT - BTLE, etc. Cloud Services - App - Life Cycle Mgmt - Security Policy - IDS/IPS - SIEM - Edge Computing 1 Hardware Memory Protection Unit 2 Hardware Flash Access Window / One-time-programmable Features End-to-End IoT solutions with Ecology Partners Authenticate Everything May 25, 2017 11

RENESAS Synergy s Security Reference Solution: A Firmware Flash Programming Solution Overview Synergy Platform OEM/Contract Manufacturer Partners/ Provisioning Tools Channel / End User Firmware Updates Synergy s Security Reference Solution Secure Deploy Application software / firmware Bare MCU Security Software Modules SentriX Security Programming Platform End Products The Synergy MCU provides hardware-protected memory segments integrated with an asymmetric cryptographic engine to validate and decrypt the firmware. Authenticate Everything May 25, 2017 12

Security toolbox Reference examples and sample protocols (Medical Device, Industrial Controller) Crypto API Key exchange Salt / Anti-replay Identity with certificates Integrity / Signature Certificate creation & usage Key generation Simple sample Certificate Authority Validating Chain-of-trust Public key validation and usage Authenticate Everything May 25, 2017 13

Thank You! Authenticate Everything May 25, 2017 14

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback