secure device lifecycle
play

Secure Device Lifecycle Stuart Kincaid Security Architect, Silicon - PowerPoint PPT Presentation

Mar 03, 2024 •250 likes •426 views

Secure Device Lifecycle Stuart Kincaid Security Architect, Silicon IP skincaid@insidesecure.com D&R IP-SOC Days Grenoble - December 2018 www.insidesecure.com www.insidesecure.com Inside Secure Proprietary Information 1 Product

  1. Secure Device Lifecycle Stuart Kincaid Security Architect, Silicon IP skincaid@insidesecure.com D&R IP-SOC Days Grenoble - December 2018 www.insidesecure.com www.insidesecure.com Inside Secure Proprietary Information 1

  2. Product Lifecycle Overview Before the product… ⚫ Start at the product definition and design – not once you have the product! ⚫ Adding a Unique Device identity or keys ⚫ Adding Assets ⚫ Debugging the application ⚫ What happens at the end of the product life? Inside Secure Proprietary Information 2

  3. Product Lifecycle Overview Once we have the product ⚫ Manufacturing and testing ⚫ Software development and debug ⚫ OEM customisation ⚫ In the field ⚫ End of life Inside Secure Proprietary Information 3

  4. Manufacturing Test ⚫ What is being programmed? ➢ Root Key Material – Device Identity or Hardware Unique Key (HUK) ➢ Debug Authorisation / Authentication Key ➢ Firmware Authentication and Confidentiality Keys ⚫ Test access enable mechanism to open JTAG (or proprietary) interface ➢ Having a fully open test interface enabling OTP to be programmed is not recommended Unprogrammed devices / wafers could be intercepted, re-purposed, cloned etc ➢ Use a ‘transport key’ in hardware – could be in ROM, RTL or a combination of both ➢ Once initial provisioning is completed, transport key unlock mechanism is locked out ➢ Subsequent access requires knowledge of provisioned key material ➢ Using hard fuses in OTP permanently locks out test access – can be a good option but can also limit the flexibility required to support multi-stage provisioning Inside Secure Proprietary Information 4

  5. What is trusted and when? ➢ The manufacturing environment can vary from site to site ➢ In some cases, the chip manufacturer may not fully trust the contract test house that is performing wafer test and initial provisioning and may wish to take additional steps to protect the provisioning data. This is a complex problem to solve and requires a fully integrated, secure provisioning setup. ➢ However, the wafer test environment is usually secure and is considered trusted by the chip manufacturer. ➢ It may also be the case that additional key material, such as required for host secure boot is only known at chip or even board test and these stages may also be trusted . ➢ In almost all cases, it is considered untrusted once the product is at the user or in the field Device Manufacturer Trusted OEM Trusted Untrusted Environment Environment Environment OEM Field Wafer Test Chip Test User Perso End of Life Integration Updates Inside Secure Proprietary Information 5

  6. Manufacturing Test ⚫ How do we get the identity, keys and other assets into the product? ⚫ We need a provisioning solution – trusted environment case ➢ Secure identity and key generation ➢ Traceability ➢ Customisable to fit with each vendor’s specific requirements Key Management System SoC Test Facility Key BlackBox Server Generation Headend Key records Key records SoC Vendor SOC DUT Encrypted Delivery Encrypted Link for SoCs Tester for SOCs BlackBox Error log Encrypted Delivery Analysis Server BlackBox Server Status Information Inside Secure Proprietary Information 6

  7. Manufacturing Test ⚫ What about the untrusted test environment? ➢ Device data may be encrypted after generation using a shared provisioning key ➢ The data is then fully encrypted all the way from the Key generation to the DUT, only being decrypted before storage in OTP ➢ Data cannot be ‘spied’ upon in the tester or between the tester and the DUT. ➢ Authenticate the tester to the SOC DUT (& may be vice versa!) Key Management System SoC Test Facility Key BlackBox Server Generation Headend Key records Key records SoC Vendor SOC DUT Encrypted Delivery Encrypted Link Encrypted data for SoCs Tester for SOCs Decrypted Data BlackBox Error log Encrypted Delivery Analysis Server BlackBox Server Status Information Inside Secure Proprietary Information 7

  8. Manufacturing Test ⚫ What if I don’t have or don’t want to use a provisioning system? ⚫ HUK can be generated on-chip and programmed into the OTP ➢ Requires TRNG to create unique keys ➢ Device must be ‘functional’ ie all FW needs to be available ➢ Will push the provisioning operation further downstream ⚫ Pre-generated encrypted key blob can be imported directly into the device ➢ Requires a ‘provisioning’ key to be present in hardware ➢ Once new material is decrypted & authenticated, they can be programmed into the OTP ➢ Pushes the provisioning operation further downstream Inside Secure Proprietary Information 8

  9. Debug / Development ⚫ Debug needs to be protected – devices must never go to the field with debug enabled ⚫ The key material added during provisioning enables a cryptographic unlock mechanism to be employed to control debug access ⚫ Debug enablement can be limited depending on the user / lifecycle stage Enable Enable Debug Features Root Key Public Key Host Secure Disallow Product Untested Si Material Auth Material boot Material Debug Developed Added added added Capability Debug Host App Inside Secure Proprietary Information 9

  10. OEM Customisation ⚫ The OEM may wish to customise the product and enable or disable certain features depending on the end customer or use case ⚫ Additional key material can be added ➢ If the OEM has their own keys, these may be added functionally to the OTP ⚫ The OEM FW can be signed using their own keys ➢ The FW may be bound to the device using keys derived from the assets programmed previously ⚫ OEM FW can be debugged if correct auth key has been provisioned Inside Secure Proprietary Information 10

  11. Secure Boot ⚫ As we now have key material available in the product, we have the ability to securely boot the host system ⚫ FW Images created and signed with private key ➢ Public key (or hash of it) stored in OTP is used to authenticate the image ⚫ Secret symmetric root key used to decrypt the image ⚫ Anti-rollback protection ➢ Manages monotonic counters in OTP to store the image version ⚫ Secure Boot toolkit provides ➢ The image signing & encryption tool ➢ A secure boot loader library to execute on the host CPU ➢ Multi-stage boot & signature delegation (certificates) support ➢ Customizable schemes to cope with the platform requirements Inside Secure Proprietary Information 11

  12. End of Life ⚫ The device may reach it’s end of life and be ‘terminated’ by the system ⚫ Or, the device may detect multiple threats or attacks and decide that life is not worth living and terminate itself ⚫ Or a functional fault may occur – detected by Power-On-Selftest say, and that is cause for stopping ⚫ Doesn’t matter why it happens, you still need to take care of the assets that are present by ‘ zeroising ’ (or vice versa depending on your logic) them ⚫ But don’t remove the device manufacturer auth key – we may want to perform some failure analysis Inside Secure Proprietary Information 12

  13. Enjoy the benefits of IP re-use Inside Secure Root-of-Trust solution RAM ROM Flash CPU / DSP Protected CPU CPU CPU Image Secure boot loader Secure Storage Debug Access Protected Platform Control Port Crypto data plane Enable 0 App. AES TLS Enable 1 SHA2 Secure boot loader JTAG RSA Secure Test & Debug ECC Enable 7 Secure Asset Store OTP TRNG Inside Secure Proprietary Information 13

  14. Summary of Lifecycle Stages Operating Functional State Product Stage OTP Contents Environment Trusted Wafer Fab Blank Initial State Wafer (Probe) Test Device can be Securely Booted HUK & Trusted Chip Debug Authkey Optionally, chip manufacturer Debug Chip (Final) Test OEM Host FW Key Material Host can be Securely Booted OEM Trusted Integration OEM Authkey Material Optionally, OEM Host App Debug Application or user Field Functional Field Use Specific Assets Product Secured Untrusted End-of-Life Assets Invalidated Not Functional (EOL) Failure Trusted Assets Invalidated Debug Mode Analysis Inside Secure Proprietary Information 14

  15. Summary – Best practices “How to Secure Your Product” • Consider the lifecycle security of your product at a early stage in the design process ✓ Match security grade to potential impact of attack ✓ The longer the product lifespan, the higher security it will require ✓ One size does not fit all • Security is unlike other technologies ✓ Functional testing does not assure security ✓ Penetration testing are long, expensive and has no coverage metrics ✓ Therefore Get market-proven, mature solution • Security issues will happen! ✓ Automatic software upgrade is essential Inside Secure Proprietary Information 15

  16. Thank you skincaid@insidesecure.com Inside Secure Proprietary Information 16

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

WoT device lifecycle Elena Reshetova, Intel Reasoning A single view on lifecycle is utmost

WoT device lifecycle Elena Reshetova, Intel Reasoning A single view on lifecycle is utmost

WoT device lifecycle Elena Reshetova, Intel Reasoning A single view on lifecycle is utmost important to defne security correctly (and not just security) Helps defning security scope Currently described in

1.44k views • 5 slides
Secure Device Pairing What is device pairing? What is

Secure Device Pairing What is device pairing? What is

Secure Device Pairing What is device pairing? What is device pairing? What is the problem? The wireless communica8on channel is rela8vely easy to

298 views • 9 slides
Lifecycle of a Medical Device / IVD Speaker Sally Jennings Chair, TARSC, IVD Australia

Lifecycle of a Medical Device / IVD Speaker Sally Jennings Chair, TARSC, IVD Australia

Lifecycle of a Medical Device / IVD Speaker Sally Jennings Chair, TARSC, IVD Australia Disclaimer Any comments, issues, actions or decisions described in or with this presentation DO NOT in any way reflect on any device currently or

534 views • 14 slides
CS 528 Mobile and Ubicomp Lecture 3b: Activity Lifecycle, Rotating Device, Saving Data &

CS 528 Mobile and Ubicomp Lecture 3b: Activity Lifecycle, Rotating Device, Saving Data &

CS 528 Mobile and Ubicomp Lecture 3b: Activity Lifecycle, Rotating Device, Saving Data & Intents Emmanuel Agu Android Activity LifeCycle Starting Activities Android Activity callbacks invoked corresponding to app state. Examples:

801 views • 54 slides
OUR ROAD TO IOT: SECURE DEVICE GRID 5 October 2015 Kresten Krab Thorup @drkrab

OUR ROAD TO IOT: SECURE DEVICE GRID 5 October 2015 Kresten Krab Thorup @drkrab

OUR ROAD TO IOT: SECURE DEVICE GRID 5 October 2015 Kresten Krab Thorup @drkrab Introduction IoT and SSL/TLS landscape Secure Device Grid design Lessons Learned ABOUT THE SPEAKER Kresten Krab Thorup, Ph.D. Trifork CTO - since 1999

948 views • 56 slides
Requirements for Secure Device Authentication Iden&ty in the browser

Requirements for Secure Device Authentication Iden&ty in the browser

Requirements for Secure Device Authentication Iden&ty in the browser workshop, 24-25 May 2011, Mountain View Mark Watson, Mitch Zollinger, Wesley Miaw 1

327 views • 9 slides
Box Overview Box Enables Secure File Sync and Sharing from Any Device Intuitive end-user web,

Box Overview Box Enables Secure File Sync and Sharing from Any Device Intuitive end-user web,

Box Overview Box Enables Secure File Sync and Sharing from Any Device Intuitive end-user web, Box natively previews desktop and mobile apps 120+ file types Comprehensive security controls by user, content, device Not familiar with Box? 57K

580 views • 34 slides
Android App Anatomy Eric Burke Square @burke_eric Topics Android lifecycle Fragments

Android App Anatomy Eric Burke Square @burke_eric Topics Android lifecycle Fragments

Android App Anatomy Eric Burke Square @burke_eric Topics Android lifecycle Fragments Open source Tape Otto Dagger ActionBarSherlock Android Design on every device. Lifecycle Install Apps Run Forever Uninstall

844 views • 82 slides
The Case for Secure Connectivity Mobile Device and Internet Use in Corrections Classrooms Thank

The Case for Secure Connectivity Mobile Device and Internet Use in Corrections Classrooms Thank

The Case for Secure Connectivity Mobile Device and Internet Use in Corrections Classrooms Thank you for joining! While waiting for the webinar to start, please answer the poll on the right. This training was supported under the LINCS Regional

670 views • 45 slides
Key Management Lifecycle Key Management Lifecycle Cryptographic key management encompasses the

Key Management Lifecycle Key Management Lifecycle Cryptographic key management encompasses the

Key Management Lifecycle Key Management Lifecycle Cryptographic key management encompasses the entire lifecycle of cryptographic keys and other keying material. Basic key management guidance is provided in [SP800-21]. A single item of keying

522 views • 18 slides
Usability and Security of Out-Of-Band Channels in Secure Device Pairing Protocols Ronald Kainda,

Usability and Security of Out-Of-Band Channels in Secure Device Pairing Protocols Ronald Kainda,

Outline Introduction HISPs Proposed OOB Methods Experimental Design Results Analysis and Discussion Conclusion Usability and Security of Out-Of-Band Channels in Secure Device Pairing Protocols Ronald Kainda, Ivan Flechais, and A.W.

670 views • 41 slides
Notary: A Device for Secure Transaction Approval Athalye et al., presented by Jack Cook Overview

Notary: A Device for Secure Transaction Approval Athalye et al., presented by Jack Cook Overview

Notary: A Device for Secure Transaction Approval Athalye et al., presented by Jack Cook Overview Goals and Big Ideas Threat Model Strengths Weaknesses Evaluation Attack Defenses Discussion Questions

240 views • 20 slides
CS412 Software Security Secure Software Lifecycle Mathias Payer EPFL, Spring 2019 Mathias Payer

CS412 Software Security Secure Software Lifecycle Mathias Payer EPFL, Spring 2019 Mathias Payer

CS412 Software Security Secure Software Lifecycle Mathias Payer EPFL, Spring 2019 Mathias Payer CS412 Software Security Software liveliness Software is not a one-shot effort Software development, production, and maintenance are cost/labor

449 views • 23 slides
ndnMouse Secure Control Interface for a PC Using a Mobile Device Wesley Minner CS 217B, Spring

ndnMouse Secure Control Interface for a PC Using a Mobile Device Wesley Minner CS 217B, Spring

ndnMouse Secure Control Interface for a PC Using a Mobile Device Wesley Minner CS 217B, Spring 2017 Project Final Presentation Motivation (Recap) Primary use case: slideshow control Traditional... Wired: short cord small radius

608 views • 42 slides
Secure and Usable Out-Of-Band Channels for Ad hoc Mobile Device Interactions Ronald Kainda, Ivan

Secure and Usable Out-Of-Band Channels for Ad hoc Mobile Device Interactions Ronald Kainda, Ivan

Introduction HISP OOB Channels Problem definition Proposed methods Security and usability study Conclusion Secure and Usable Out-Of-Band Channels for Ad hoc Mobile Device Interactions Ronald Kainda, Ivan Flechais, A.W. Roscoe Workshop in

650 views • 18 slides
Secure spontaneous device authentication from ambient audio Stephan Sigg 07.02.2013, Westf

Secure spontaneous device authentication from ambient audio Stephan Sigg 07.02.2013, Westf

Information Systems Architecture Science Research Division Secure spontaneous device authentication from ambient audio Stephan Sigg 07.02.2013, Westf alische Wilhelms Universit at M unster Motivation Related work Spontaneous

611 views • 48 slides
Incorporation of circular economy principles to NDCs and mid-century strategies. Circular

Incorporation of circular economy principles to NDCs and mid-century strategies. Circular

Incorporation of circular economy principles to NDCs and mid-century strategies. Circular Economy Strategies to Increase the Level of Ambition of Climate Action Agenda 1.30 - 1.35 Setting the stage 1.35 - 1.40 Keynote Speech:

329 views • 6 slides
Grant Prep Boot Camp Grant Prep Boot Camp Grant Prep Boot Camp Grant Prep Boot Camp Robyn Gershon,

Grant Prep Boot Camp Grant Prep Boot Camp Grant Prep Boot Camp Grant Prep Boot Camp Robyn Gershon,

Grant Prep Boot Camp Grant Prep Boot Camp Grant Prep Boot Camp Grant Prep Boot Camp Robyn Gershon, MHS, DrPH Robyn Gershon, MHS, DrPH Associate Dean for Research Resources Associate Dean for Research Resources Columbia University Columbia

471 views • 18 slides
dementia in Finland Dimitrije Jakovljevi MD, PhD Helsinki Health Center, Home Care Services,

dementia in Finland Dimitrije Jakovljevi MD, PhD Helsinki Health Center, Home Care Services,

Use of opioids at the end of life in adults with advanced dementia in Finland Dimitrije Jakovljevi MD, PhD Helsinki Health Center, Home Care Services, Helsinki Attendo Terveyspalvelut Oy CONFLICT OF INTEREST DISCLOSURE I have no potential

200 views • 15 slides
Pipeline Front-end Instruction Fetch & Branch Prediction Instructor: Nima Honarmand Spring

Pipeline Front-end Instruction Fetch & Branch Prediction Instructor: Nima Honarmand Spring

Spring 2015 :: CSE 502 Computer Architecture Pipeline Front-end Instruction Fetch & Branch Prediction Instructor: Nima Honarmand Spring 2015 :: CSE 502 Computer Architecture Big Picture Spring 2015 :: CSE 502 Computer

1.06k views • 66 slides
Palliative and End-Of-Life Care in partnership with The Irish Hospice Foundation 10 th March 2020,

Palliative and End-Of-Life Care in partnership with The Irish Hospice Foundation 10 th March 2020,

Making Integrated Care Happen Palliative and End-Of-Life Care in partnership with The Irish Hospice Foundation 10 th March 2020, 14:00 GMT/15:00 CET #IFICIreland The International Foundation for Integrated Care (IFIC) is a not- for-profit

196 views • 15 slides
pa patients and and the their fam amily car aregivers wi with th com ommunity-based supp

pa patients and and the their fam amily car aregivers wi with th com ommunity-based supp

Using case man management in n Prim rimary Car Care as as an an up upstr tream app approach to o con onnect t end end of of life pa patients and and the their fam amily car aregivers wi with th com ommunity-based supp

318 views • 20 slides
Before you begin Navigate to the CNA Home page: https://cod.edu/academics/programs/cna/

Before you begin Navigate to the CNA Home page: https://cod.edu/academics/programs/cna/

CERTIFIED NURSING ASSISTANT (CNA ) Training Program Online Advising Session Meets advising session registration requirement for the NURSA 1105 course for SPRING 2021 at College of DuPage Before you begin Navigate to the CNA Home page:

880 views • 50 slides
Life in the U.S. Lecture Series: ISS Employment Conference Global Engagement Office

Life in the U.S. Lecture Series: ISS Employment Conference Global Engagement Office

Life in the U.S. Lecture Series: ISS Employment Conference Global Engagement Office International Students and Scholars www.scu.edu Global Engagement Office Welcome and Housekeeping Hold questions until the end of each presentation. Keep

1.04k views • 89 slides

More recommend