Security and Cryptography at NXP Ventzislav Nikov NXP - PowerPoint PPT Presentation

Security and Cryptography at NXP Ventzislav Nikov NXP Semiconductors Research Laboratory Leuven Center of Competence System Security and DRM 29.05.2008

Outline Products – Domains, – Telematics, – Product Security Cryptography – Trends, – Assumptions, – Challenges Conclusions 2

3 Products Domains

NXP Semiconductors Established in 2006 (formerly the Semiconductor division of Philips) Key focus areas: Home Automotive and Identification Mobile and Personal Owner of NXP Software: an independent software solutions company 4

Mobile & Personal Nexperia Mobile Solutions Multimedia Processing Broadcast Pipes -Multimedia co-processors -Digital Radio Broadcast -Application Software -AM/FM -TV Cellular Pipe -GPS -Baseband Processor incl. Telecom Software -PMU -PA -RF Connectivity Pipes -Bluetooth -GPS -WLAN -UWB -USB -NFC User Interface -Wireless USB -Cameras -Audio accessories Security (USB headsets) -SIM -Display, Keyboard -Smartcard -Sensors -Speakers, Microphones 5

Home & Car Platform Security DTV, STB, PC TV, Car entertainment Digital Rights Management In-Vehicle Networks, Car immobilizers and Acquisition keyless entry/go License Streaming and Content Transfer Content server internet License and Content Storage Rights manager license server 6

Identification NFC & RFID technology (more than 3 billion ICs shipped) More than 80% of the world’s e-passports projects use our ICs Contactless SmartCard schemes for electronic ticketing, banking, automatic fare collection,… A global leader in smart card technology and security (over 1 billion ICs shipped). It is not so surprising that WE are the first to get EAL5+ for our smart card ICs. #1 in Contactless, PKI and EMV solutions and Java Card. NXP product family SmartMX for the payment market 7

NFC Applications in Mobile Phones Transactions Transactions Access to Payment public transport: everywhere: Mobile phone Mobile phone = transport card = POS Service Discovery Transactions Take info Micro-payments: from poster: Mobile phone Mobile phone = debit card = ticket counter Connectivity Exchange Transactions information Access Control: Mobile phone Mobile phone = key = electronic business card 8

9 Products Telematics

Telematics: Road Pricing System Overview Secure GPS Satellite Secure Payment Positioning OBU Transport & payment card Secure ID Vignette Secure Physical Link Secure Services Services Server 10

Road Pricing Security Service Domains Set of security mechanisms Car targeting a same objective Identification Secure Communication Domains are loosely linked to OBU Privacy Active allow parallel design and Root of analysis Trust Secure Secure Lifecycle Software Secure Secure g n Payment Positioning n n i r o o u c n i i i t t t t c o a a s a i r n o t t f a n s i u m v i g n g i r a a t e c e i M R D A T 11

Secure Positioning in Road Pricing Protecting integrity of unauthenticated GNSS services Car Sensors (odometer, gauge, tachymeter…) Infrastructure-less GSM Trilateration OBU Compass, accelerometer… Smart Roads Police Checks Checkpoints Car-to-Car Infrastructure-based Communications 12

Actors & Potential Privacy Attackers Road Price Government Operator 3 rd -Parties Mobile Network ------ ------ Operator ------ ------ ------ ------ Family Driver / Car Owner 13

Privacy Sensitive Data Identity Localization Fee Time Enforcement vs. Privacy-Preserving System Therefore the system must provide a mean to revoke driver anonymity! 14

15 Product Security Products

Product security – what is it about Product security is business driven to address identified risks as appropriate Product security development - similar to any product development project. Security follows the “classic” product life cycle steps – Requirements – Architecture – Specification and Design – Implementation – Testing + [Certification] – Maintenance Security must be fully integrated with the product functional life cycle – Cost-effectiveness – User friendliness Security is a process of continuous improvement based on the Plan Do Check Act model Plan Do Act Check 16

Product Security Architecture (simplified) 17

Product security implementation Specification and design of product security – To be integrated with full product specification & design on different levels – Secure Manufacturing – Application security – Platform security – Hardware security – … – Supporting security services • Key management (e.g., generation, key distribution, storage , maintenance and renewal/revocation) • Other trust services such as “time stamping”, code signing – Supporting security test specification Product Implementation & Testing Product maintenance 18

Is Your Product Really Secure? HW-SW Co-Designed? Cracking Security at the Weakest Link Suppose: You need to create a system to operate securely in a hostile environment… as (CE) opposed to device device device You created your secure software… – Stored the key in some on-chip fuses, so eavesdropping of wires does not reveal the key. – Made sure that there are no buffer overflow conditions. – Made sure that at no moment in time the key is left on the stack. – Used strong virtualization techniques. What can possibly go wrong? 19

Common Criteria approach Business justification Create confidence towards customers, (new) service providers, regulators, etc… “Assurance” label in a future open market with different suppliers Based on a worldwide accepted security evaluation standard in all industry sectors Adequate basis to drive marketing and possible standardization 20

Cryptography Trends, Assumption and Challenges 21

Cryptography ≠ Security Crypto is only a tiny piece of the security puzzle – but an important one Most systems break elsewhere – weakest link – incorrect requirements or specifications – implementation errors – application level – social engineering Trends – Side Channel Attacks (past Smart Cards - now STB – next !? Mobile) – Common Criteria – EAL 4+/5+ – Going to more and more restricted environments 22

Light weight crypto – case study AES hardware implementation - Most compact version about 3K gates Stream ciphers (until recently nearly all broken – just 1 or 2 exceptions) Now 10 to 20 stream ciphers are still surviving the attacks – But their hardware implementation requires 1.5-3K gates The smallest block ciphers - PRESENT requires 1.8K gates The smallest MAC algorithm - SQUASH around 0.5K gates 23

Security Layers: How everything stacks up… Many, Ad hoc, Complex, Multiple compromises Applications Secure Services PKI, DRM, Timestamping Security Protocols SSL, IPSec, DTCP, OCSP Cryptographic Protocols Key Establishment, Distributed Computing Cryptographic Primitives CBC mode, HMAC, Digital signatures Cryptographic Algorithms AES, SHA, RSA Few, Generic and Mathematically secure 24

Assumptions Black box crypto – is it a correct assumption? Side channel leaks / attacks White box crypto – too hard to defend! So, where are we exactly? 25

Challenges Security in longer term (50-100 years) Encryption/Integrity/Authentication of ultra-high speed networks Ultra-low footprint algorithms (few hundred gates) The power challenge Cost efficient Agility of the algorithms 26

Challenges How to make “secure” SW/HW in the non black box model. SW IP protection Privacy Standardization – either too few or too many. Infrastructure requirements - efficiency New more realistic security models – Algorithms/Protocols secure in such models 27

Conclusion Crypto is Science Security is Economics Crypto Research can help (a lot) although can not solve all problems. 28

29