Securing IoT with a hardware Secure Element Marc Renaudin - Serge - - PowerPoint PPT Presentation

▶

Nov 14, 2022 424 likes •539 views

Securing IoT with a hardware Secure Element Marc Renaudin - Serge Maginot - TIEMPO CONFIDENTIAL TIEMPO S.A.S. December 3, 2019 1 Outline Connected Objects Securing IoT with a hardware Secure Element Introduction Securing Treats

SLIDE 1

CONFIDENTIAL TIEMPO S.A.S.

Securing IoT with a hardware Secure Element

December 3, 2019

Marc Renaudin - Serge Maginot - TIEMPO

SLIDE 2

Outline

Connected Objects Securing IoT with a hardware Secure Element ■ Introduction ■ Securing – Treats – Security Services ■ Software and Hardware Architecture ■ Key provisionning ■ Normalisation ■ Conclusion

December 3, 2019

SLIDE 3

Certified Secure MCU Chips

Introduction : Tiempo Secure products and markets

December 3, 2019

Tiempo security IP and expertise Tiempo products Tiempo customers

IoT devices smartcards eGov/eID

Tiempo security certifications (CC EAL5+, EMVCo)

Secure Element Hard IP Secure Design Services

TESIC Secure Element IP

SLIDE 4

Securing – Treats – Security Services

■ Interaction between the TOE and its outer world

■ Confidentiality, Integrity and Authentication

December 3, 2019

Side Channel Attacks

SLIDE 5

Leading IoT market requirements to SoCs

■ Connectivity: SoCs have to be connected + to communicate ■ Security: SoCs have to resist todays + future attacks ■ Lifetime: SoCs have to run 10 years + on standard batteries ■ Size: SoCs are inserted into very small devices ■ Price: SoCs have to be very price competitive ■ Flexibility: One SoC design should fit many solutions/markets

December 3, 2019

SLIDE 6

TESIC: secure element IP for secure chips

TESIC is a generic CC EAL5+ certification-ready secure element IP with following USPs:

a. No third-party IP ownership/royalty

✓ Proprietary secure microcontroller: CC EAL5+ certified core, ✓ Proprietary secure crypto-processors and ✓ Proprietary security sensors

b. Silicon-proven on various geometries

(130 nm, 110 nm, 55nm, 40nm, 28nm, under preparation: 22nm) ✓ Customizable, allowing to target various secure applications ✓ Offers pre-qualified security and outstanding performance

c. Customer-validated SDK

d. CC EAL5+ and EMV-Co certified (TESIC-SC)

✓ Cryptographic Library + ✓ Secure Boot Loader

December 3, 2019

TESIC secure element IP core

Secure Microcontroller & Crypto-processors

16/32-bit MCU RSA/ECC Others Security sensors AES/3DES SDK Compiler Linker IDE/debug Secure App UICC App Security APIs Crypto library TESIC drivers

Hard IP SE

SLIDE 7

SoC integration of TESIC secure element

December 3, 2019

Secure clockless Crypto-Processors and Security Sensors Secure clockless MCU Memories

RSA ECC AES DES

3DES Misc. Peripherals

Memory Protection Unit Interrupt Controller ROM Main RAM Crypto RAM

APB Slave

Interface

JTAG TAP Timers Interfaces

16/32-bit MCU

TRNG

SECURITY SENSOR

Asynchronous Interconnect

AHB Master

Interface

OTP

SECURITY SENSOR SECURITY SENSOR SECURITY SENSOR

Cache RAM Cache

Ctrl

TESIC secure element IP

ISO 7816 (opt)

External Flash

Customer’s SoC

SoC NoC/Bus

SoC JTAG

Application CPU Memories Peripherals Comm. Interfaces

Configurable memory sizes (according to applications)

Configurable interfaces (according to SoC architecture) Configurable OTP size (according to NVM implementation)

SLIDE 8

Provisioning : HSM setup for TESIC enabled SoCs

Tiempo’s CC EAL5+ compliant key management flow (with flash pre-programming)

December 3, 2019

SLIDE 9

Normalisation

■ CC EAL5+ and PP0084 Package 2

■ Common Criteria VAN.5 and DVS.2 => Attacks and Life Cycle ■ Protection Profile Package 2 => Security functions and Software Updates

■ Strong expertise in secure HW and SW developments

■ State-of-the-art security countermeasures, hardware and software ■ Certified crypto-library and boot loader (protection profile PP0084b) ■ Certified design center and documentation (CC EAL5+ and EMVCo)

■ Tiempo is in constant collaboration with security labs (CESTI) and certification offices (French ANSSI, European Eurosmart/JHAS)

■ Remains up-to-date regarding the state of the art of physical attacks ■ Innovates with always better/new/patented security countermeasures

■ Participates to working groups on coming EU IoT security standard

December 3, 2019

SLIDE 10

Conclusion

■ Tiempo delivers a Secure Hard IP to secure IoT devices

■ That is certified at the right level (level of attacks and life cycle) ■ That enable to secure IoT devices (Authentication, Confidentiality, Integrity) ■ That can be integrated within customer’s SoC

Securing IoT with a hardware Secure Element

Marc Renaudin - Serge Maginot - TIEMPO

Outline

Connected Objects Securing IoT with a hardware Secure Element ■ Introduction ■ Securing – Treats – Security Services ■ Software and Hardware Architecture ■ Key provisionning ■ Normalisation ■ Conclusion

Introduction : Tiempo Secure products and markets

Tiempo security IP and expertise Tiempo products Tiempo customers

IoT devices smartcards eGov/eID

Tiempo security certifications (CC EAL5+, EMVCo)

TESIC Secure Element IP

Securing – Treats – Security Services

■ Interaction between the TOE and its outer world

■ Confidentiality, Integrity and Authentication

Leading IoT market requirements to SoCs

TESIC: secure element IP for secure chips

TESIC is a generic CC EAL5+ certification-ready secure element IP with following USPs:

✓ Proprietary secure microcontroller: CC EAL5+ certified core, ✓ Proprietary secure crypto-processors and ✓ Proprietary security sensors

(130 nm, 110 nm, 55nm, 40nm, 28nm, under preparation: 22nm) ✓ Customizable, allowing to target various secure applications ✓ Offers pre-qualified security and outstanding performance

c. Customer-validated SDK

✓ Cryptographic Library + ✓ Secure Boot Loader

TESIC secure element IP core

SoC integration of TESIC secure element

TESIC secure element IP

Customer’s SoC

Provisioning : HSM setup for TESIC enabled SoCs

Tiempo’s CC EAL5+ compliant key management flow (with flash pre-programming)

Normalisation

■ CC EAL5+ and PP0084 Package 2

■ Common Criteria VAN.5 and DVS.2 => Attacks and Life Cycle ■ Protection Profile Package 2 => Security functions and Software Updates

■ Strong expertise in secure HW and SW developments

■ State-of-the-art security countermeasures, hardware and software ■ Certified crypto-library and boot loader (protection profile PP0084b) ■ Certified design center and documentation (CC EAL5+ and EMVCo)

■ Tiempo is in constant collaboration with security labs (CESTI) and certification offices (French ANSSI, European Eurosmart/JHAS)

■ Remains up-to-date regarding the state of the art of physical attacks ■ Innovates with always better/new/patented security countermeasures

■ Participates to working groups on coming EU IoT security standard

Conclusion

■ Tiempo delivers a Secure Hard IP to secure IoT devices

■ That is certified at the right level (level of attacks and life cycle) ■ That enable to secure IoT devices (Authentication, Confidentiality, Integrity) ■ That can be integrated within customer’s SoC

■ Tiempo delivers a complete service to secure IoT devices

■ Provisioning and key management ■ HSM usage in the life cycle

■ Tiempo has partnerships and collaborative projects in the IoT markets

■ Lora/Sigfox/LTE-M/NB-IoT/5G ■ SECURIOT ■ SECURE-IP