Security and Cryptography at NXP Ventzislav Nikov NXP - - PowerPoint PPT Presentation

Security and Cryptography at NXP

Ventzislav Nikov NXP Semiconductors Research Laboratory Leuven Center of Competence System Security and DRM 29.05.2008

2

Outline

Products

– Domains, – Telematics, – Product Security

Cryptography

– Trends, – Assumptions, – Challenges

Conclusions

3

Products

Domains

4

NXP Semiconductors

Established in 2006 (formerly the Semiconductor division of Philips) Key focus areas: Owner of NXP Software: an independent software solutions company

Mobile and Personal Home Automotive and Identification

5

Mobile & Personal Nexperia Mobile Solutions

Security

• SIM
• Smartcard

User Interface

• Cameras
• Audio accessories

(USB headsets)

• Display, Keyboard
• Sensors
• Speakers, Microphones

Multimedia Processing

• Multimedia co-processors
• Application Software

Cellular Pipe

• Baseband Processor incl.

Telecom Software

• PMU
• PA
• RF

Connectivity Pipes

• Bluetooth
• GPS
• WLAN
• UWB
• USB
• NFC
• Wireless USB

Broadcast Pipes

• Digital Radio Broadcast
• AM/FM
• TV
• GPS

6

Home & Car

Platform Security DTV, STB, PC TV, Car entertainment Digital Rights Management In-Vehicle Networks, Car immobilizers and keyless entry/go

internet

Content server Rights manager license server

Acquisition License and Content Transfer License and Content Storage Streaming

7

Identification

NFC & RFID technology (more than 3 billion ICs shipped) More than 80% of the world’s e-passports projects use our ICs Contactless SmartCard schemes for electronic ticketing, banking, automatic fare collection,… A global leader in smart card technology and security (over 1 billion ICs shipped). It is not so surprising that WE are the first to get EAL5+ for our smart card ICs. #1 in Contactless, PKI and EMV solutions and Java Card. NXP product family SmartMX for the payment market

8

NFC Applications in Mobile Phones

Transactions Payment everywhere: Mobile phone = POS Transactions Access to public transport: Mobile phone = transport card Transactions Access Control: Mobile phone = key Connectivity Exchange information Mobile phone = electronic business card Service Discovery Take info from poster: Mobile phone = ticket counter Transactions Micro-payments: Mobile phone = debit card

9

Products

Telematics

10

Telematics: Road Pricing System Overview

Transport & payment card

Services Server Vignette OBU GPS Satellite

Secure Positioning Secure Payment Secure ID Secure Services Secure Physical Link

11

Car Identification Privacy OBU Active Secure Payment Positioning Secure

Road Pricing Security Service Domains

Set of security mechanisms targeting a same objective Domains are loosely linked to allow parallel design and analysis Secure Lifecycle

M a n u f a c t u r i n g R e g i s t r a t i

• n

A c t i v a t i

• n

T e r m i n a t i

• n

D i a g n

• s

t i c Secure Software Secure Communication Root of Trust

12

Secure Positioning in Road Pricing

Protecting integrity of unauthenticated GNSS services

Police Checks Checkpoints

Car-to-Car Communications

Car Sensors (odometer, gauge, tachymeter…) GSM Trilateration OBU Compass, accelerometer…

Infrastructure-less Infrastructure-based

Smart Roads

13

Actors & Potential Privacy Attackers

Road Price Operator Government

Driver / Car Owner

• Mobile

Network Operator Family 3rd-Parties

14

Privacy Sensitive Data

Time Fee Localization Identity

Enforcement vs. Privacy-Preserving System Therefore the system must provide a mean to revoke driver anonymity!

15

Products

Product Security

16

Product security – what is it about

Product security is business driven to address identified risks as appropriate Product security development - similar to any product development project. Security follows the “classic” product life cycle steps

– Requirements – Architecture – Specification and Design – Implementation – Testing + [Certification] – Maintenance

Security must be fully integrated with the product functional life cycle

– Cost-effectiveness – User friendliness

Security is a process of continuous improvement based on the Plan Do Check Act model

Plan Check Act Do

17

Product Security Architecture (simplified)

18

Product security implementation

Specification and design of product security

– To be integrated with full product specification & design on different levels

– Secure Manufacturing – Application security – Platform security – Hardware security – …

– Supporting security services

• Key management (e.g., generation, key distribution, storage , maintenance

and renewal/revocation)

• Other trust services such as “time stamping”, code signing

– Supporting security test specification

Product Implementation & Testing Product maintenance

19

You created your secure software…

– Stored the key in some on-chip fuses, so eavesdropping of wires does not reveal the key. – Made sure that there are no buffer overflow conditions. – Made sure that at no moment in time the key is left on the stack. – Used strong virtualization techniques.

What can possibly go wrong?

Is Your Product Really Secure? HW-SW Co-Designed? Cracking Security at the Weakest Link

Suppose: You need to create a system to operate securely in a hostile environment…

(CE) device device device as

• pposed to

20

Common Criteria approach

Business justification

Create confidence towards customers, (new) service providers, regulators, etc… “Assurance” label in a future open market with different suppliers Based on a worldwide accepted security evaluation standard in all industry sectors Adequate basis to drive marketing and possible standardization

21

Cryptography

Trends, Assumption and Challenges

22

Cryptography ≠ Security

Crypto is only a tiny piece of the security puzzle

– but an important one

Most systems break elsewhere – weakest link

– incorrect requirements or specifications – implementation errors – application level – social engineering

Trends

– Side Channel Attacks (past Smart Cards - now STB – next !? Mobile) – Common Criteria – EAL 4+/5+ – Going to more and more restricted environments

23

Light weight crypto – case study

AES hardware implementation - Most compact version about 3K gates Stream ciphers (until recently nearly all broken – just 1 or 2 exceptions) Now 10 to 20 stream ciphers are still surviving the attacks – But their hardware implementation requires 1.5-3K gates The smallest block ciphers - PRESENT requires 1.8K gates The smallest MAC algorithm - SQUASH around 0.5K gates

24

Security Layers: How everything stacks up…

Cryptographic Algorithms AES, SHA, RSA Cryptographic Primitives CBC mode, HMAC, Digital signatures Security Protocols SSL, IPSec, DTCP, OCSP Secure Services PKI, DRM, Timestamping

Applications

Few, Generic and Mathematically secure Many, Ad hoc, Complex, Multiple compromises

Cryptographic Protocols Key Establishment, Distributed Computing

25

Assumptions

Black box crypto – is it a correct assumption? Side channel leaks / attacks White box crypto – too hard to defend! So, where are we exactly?

26

Challenges

Security in longer term (50-100 years) Encryption/Integrity/Authentication of ultra-high speed networks Ultra-low footprint algorithms (few hundred gates) The power challenge Cost efficient Agility of the algorithms

27

Challenges

How to make “secure” SW/HW in the non black box model. SW IP protection Privacy Standardization – either too few or too many. Infrastructure requirements - efficiency New more realistic security models – Algorithms/Protocols secure in such models

28

Conclusion

Crypto is Science Security is Economics Crypto Research can help (a lot) although can not solve all problems.

29