step by step
play

Step by Step Jrme Allard Silicon IP Product Manager - PowerPoint PPT Presentation

Aug 14, 2022 •401 likes •557 views

Embedding Security Step by Step Jrme Allard Silicon IP Product Manager jallard@insidesecure.com Design & Reuse IP-SoC conference Grenoble - December 7, 2017 www.insidesecure.com Inside Secure D&R IP-SoC Grenoble

  1. Embedding Security Step by Step Jérôme Allard Silicon IP Product Manager jallard@insidesecure.com Design & Reuse IP-SoC conference Grenoble - December 7, 2017 www.insidesecure.com Inside Secure – D&R IP-SoC – Grenoble – December 2017 1 |

  2. Security Essentials How to make sure How to ensure only information is authorized parties processed as can access valuable resources? intended? Protect the Protect the access data in process to data Protect the Protect the data in data at transit rest How to prevent How to ensure intrusions and spying critical assets are not of communications? compromised? Inside Secure – D&R IP-SoC – Grenoble – December 2017 2 |

  3. Securing Software Execution  Ensure the platform integrity and ownership ➢ Can someone change the code? insert a botnet? ➢ Can someone take control of the device?  Secure boot and software update ➢ Authenticity & Integrity ➢ Confidentiality, anti-cloning & device binding ➢ Anti-rollback ➢ Chain of Trust Inside Secure – D&R IP-SoC – Grenoble – December 2017 3 |

  4. Securing Test & Debug  Secure Boot  Debug & test ports are obvious entry point for hackers ➢ Can someone dump sensitive code / data ? secret keys? ➢ Can someone re-program the chip?  Authenticated Test & Debug enablement ➢ Life cycle management ➢ Lock test/debug ports after manufacturing ➢ Authentication of test/debug request and authorization control ➢ Privilege levels management Inside Secure – D&R IP-SoC – Grenoble – December 2017 4 |

  5. Securing Storage  Secure Boot  Secure Test and Debug  Data at rest are not out of sight … ➢ Can someone access the application or user data? ➢ Can someone use one device’s data on another similar device? ➢ Can someone replace the current data with old data?  Secure storage ➢ Domain separation ➢ Device binding ➢ Anti-replay Inside Secure – D&R IP-SoC – Grenoble – December 2017 5 |

  6. Securing Communications  Secure Boot  Secure Test and Debug  Connected devices do communicate  Secure Storage … ➢ Can someone spy or intercept communications? ➢ Can someone usurp the server identity?  Secure communications ➢ Authentication ➢ Privacy ➢ Anti-replay Inside Secure – D&R IP-SoC – Grenoble – December 2017 6 |

  7. Provisioning  Secure Boot  Secure Test and Debug  Secure Storage  Crypto systems relies on keys and shared secrets  Secure communications … ➢ How do I get the root keys in device  Provisioning ➢ Key generation and management ➢ High volumes ➢ Manufacturing control Inside Secure – D&R IP-SoC – Grenoble – December 2017 7 |

  8. Summary  Secure Boot  Secure Test and Debug  Secure Storage ➢ Performance  Secure communications ➢ Power ➢  Provisioning Size ➢ Cost ➢ Time to market Inside Secure – D&R IP-SoC – Grenoble – December 2017 8 |

  9. Enjoy the benefits of IP re-use Inside Secure Root-of-Trust solution RAM ROM Flash CPU / DSP CPU Protected CPU CPU Image Secure boot loader Secure Storage Protected Crypto data plane App. AES TLS SHA2 Secure boot loader RSA Secure Test & Debug ECC Secure Asset Store TRNG Inside Secure – D&R IP-SoC – Grenoble – December 2017 9 |

  10. Physical attacks protection Camo Cells Root-of-Trust Engine Side Channel Analysis Chip Tampering Logical Fault Injection (SCA) (Physical) • Hostile SW • Timing Attack • Power glitch • Probing & modifying (FIB, e-beam) • Replay • Power & EM • Clock glitch radiation analysis • Optical reverse • Buffer overflow • Electromagnetic (SPA/DPA) engineering pulse injection • Laser Cost & Expertise Inside Secure – D&R IP-SoC – Grenoble – December 2017 10 |

  11. Anti-counterfeiting Reverse Engineering using Pattern Recognition Layout Netlist Conventional NOR2 NOR2 Identical Counterfeit, Q DFFRCKB R at lower quality and price: D 1. Consume market share Conventional NAND3 2. Damage Brand A 3. Lower margin NAND3 4. Support and recalls Inside Secure – D&R IP-SoC – Grenoble – December 2017 11 |

  12. Foundry Standard Cells vs Camo Cells Camo cells are designed to appear as foundry cells, but perform different logical functions Foundry Standard Inside Secure Ver2 Inside Secure Ver1 Camo Gate AND2 Gate Camo Gate AND2 lookalike gates perform alternate functions Inside Secure – D&R IP-SoC – Grenoble – December 2017 12 |

  13. Summary – Best practices “How to Secure Your Product” • Consider security at a early stage in the design process ✓ Match security grade to potential impact of attack ✓ The longer the product lifespan, the higher security it will require ✓ One size does not fit all • Security is unlike other technologies ✓ Functional testing does not assure security ✓ Penetration testing are long, expensive and has no coverage metrics ✓ Therefore Get market-proven, mature solution • Security issues will happen! ✓ Automatic software upgrade is essential Inside Secure – D&R IP-SoC – Grenoble – December 2017 13 |

  14. Thank You! Jérôme Allard jallard@insidesecure.com Download your free copy of IoT Security for Dummies By INSIDE Secure Here Inside Secure – D&R IP-SoC – Grenoble – December 2017 14 |

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

min { a i , a j } max { a i , a j } P j P j P i P i P i P j Step 1 Step 2 Step 3 Figure 9.1 A

min { a i , a j } max { a i , a j } P j P j P i P i P i P j Step 1 Step 2 Step 3 Figure 9.1 A

a i a j a i , a j a j , a i min { a i , a j } max { a i , a j } P j P j P i P i P i P j Step 1 Step 2 Step 3 Figure 9.1 A parallel compare-exchange operation. Processes P i and P j send their elements to each other. Process P i keeps min { a i ,

372 views • 22 slides
Step 1 Step 2 Step 3 Step 4 Step 5 Preparation of a sketch Submission of birth map of all

Step 1 Step 2 Step 3 Step 4 Step 5 Preparation of a sketch Submission of birth map of all

Step 1 Step 2 Step 3 Step 4 Step 5 Preparation of a sketch Submission of birth map of all customary information forms to Preparation and adoption of Convening and submission Submission of Application Ste land owned by ILG obtain

1.23k views • 4 slides
Using RtI for SLD eligibility: Using RtI for SLD eligibility: Step by step procedures Step by

Using RtI for SLD eligibility: Using RtI for SLD eligibility: Step by step procedures Step by

Using RtI for SLD eligibility: Using RtI for SLD eligibility: Step by step procedures Step by step procedures Webster Groves School District 2009 Response to Intervention (RtI) is a comprehensive early detection and prevention strategy

688 views • 23 slides
o o o o Step 1:

o o o o Step 1:

o o o o Step 1: Bachelor of Laws (Western Sydney School of Law) Step 2: Professional Legal Training (College of Law et ors) Step 3: Admission to the Supreme

366 views • 14 slides
Outbreak Investigation Outbreak Investigation Step by Step Step by Step Darin Areechokchai MD.,

Outbreak Investigation Outbreak Investigation Step by Step Step by Step Darin Areechokchai MD.,

Outbreak Investigation Outbreak Investigation Step by Step Step by Step Darin Areechokchai MD., DTM&H., MCTM. Surveillance and Investigation Section Bureau of Epidemiology, Department of Disease Control Ministry of Public Health, Thailand

1.27k views • 83 slides
Step by step guide Step 1: Purchasing an RSBlog! membership Step 2: Downloading RSBlog! Step 3:

Step by step guide Step 1: Purchasing an RSBlog! membership Step 2: Downloading RSBlog! Step 3:

Step by step guide Step 1: Purchasing an RSBlog! membership Step 2: Downloading RSBlog! Step 3: Installing RSBlog! 3.1 Installing the component 3.2 Installing a new language file Step 4: Import plugins (optional) 4.1 Import Joomla! articles

889 views • 67 slides
Quick guide Step 1: Purchasing an RSEvents! membership Step 2: Downloading RSEvents! Step 3:

Quick guide Step 1: Purchasing an RSEvents! membership Step 2: Downloading RSEvents! Step 3:

Quick guide Step 1: Purchasing an RSEvents! membership Step 2: Downloading RSEvents! Step 3: Installing RSEvents! Step 4: Configure RSEvents! Step 5: Add user permissions Step 6: Create event categories Step 7: Create event locations Step 8:

627 views • 35 slides
FROM XML TO RDF STEP BY STEP: APPROACHES FOR LEVERAGING

FROM XML TO RDF STEP BY STEP: APPROACHES FOR LEVERAGING

Co-funded by the Horizon 2020 Framework Programme of the European Union Grant Agreement Number 644771 FROM XML TO RDF STEP BY STEP: APPROACHES

613 views • 26 slides
FIRST DAY OF SCHOOL STEP BY STEP DIRECTION TO GETTING LOGGED ONTO YOUR FIRST DAY OF 7TH OR 8TH

FIRST DAY OF SCHOOL STEP BY STEP DIRECTION TO GETTING LOGGED ONTO YOUR FIRST DAY OF 7TH OR 8TH

FIRST DAY OF SCHOOL STEP BY STEP DIRECTION TO GETTING LOGGED ONTO YOUR FIRST DAY OF 7TH OR 8TH GRADE AUGUST 10,2020 IS A MINIMUM DAY STUDENTS WILL LOG 7:45AM - ONTO THEIR 12:27PM CLASSES AND ENGAGE WITH THEIR TEACHERS AND PEERS STEP 1:

276 views • 6 slides
Small step and Auto Zhuoran Liu May 30th Difference between small step and big step The big

Small step and Auto Zhuoran Liu May 30th Difference between small step and big step The big

Type Theory and Coq Small step and Auto Zhuoran Liu May 30th Difference between small step and big step The big step specify how a given expression can be evaluated to its final value. The style is simple and natural for many purposes and is

196 views • 19 slides
Step by step guide Step 1: Purchasing a RSTickets!Pro membership Step 2: Downloading

Step by step guide Step 1: Purchasing a RSTickets!Pro membership Step 2: Downloading

Step by step guide Step 1: Purchasing a RSTickets!Pro membership Step 2: Downloading RSTickets!Pro 2.1 Downloading the component 2.2 Downloading the plugins/modules 2.3 Downloading additional language packs Step 3: Installing RSTickets!Pro

548 views • 44 slides
Quick guide Step 1: Purchasing RSMail! Step 2: Download RSMail! Step 3: Installing RSMail! Step

Quick guide Step 1: Purchasing RSMail! Step 2: Download RSMail! Step 3: Installing RSMail! Step

Quick guide Step 1: Purchasing RSMail! Step 2: Download RSMail! Step 3: Installing RSMail! Step 4: RSMail! settings Step 5: Add Subscribers 5.1. Create subscriber lists 5.2. Add subscribers 5.2.1 Manual add 5.2.2 Import from CSV Step 6

625 views • 14 slides
Quick guide Step 1: Purchasing a RSComments! membership Step 2: Download RSComments! Step 3:

Quick guide Step 1: Purchasing a RSComments! membership Step 2: Download RSComments! Step 3:

Quick guide Step 1: Purchasing a RSComments! membership Step 2: Download RSComments! Step 3: Installing RSComments! Step 4: Configure RSComments 4.1 General Configuration 4.2 Configure comments Step 5: Add user permissions Step 6: Moderate

337 views • 8 slides
Step by step guide Step 1: Purchasing an RSEvents! membership Step 2: Downloading RSEvents! Step

Step by step guide Step 1: Purchasing an RSEvents! membership Step 2: Downloading RSEvents! Step

Step by step guide Step 1: Purchasing an RSEvents! membership Step 2: Downloading RSEvents! Step 3: Installing RSEvents! Step 4: Configure RSEvents! 4.1 General settings 4.2 Dashboard settings 4.3 Events 4.3.1 Event general settings 4.3.2

1.29k views • 80 slides
Background CLINICAL TRIAL AGREEMENT ACTIVITY TIME TRACKING PI / Department Reviews Other

Background CLINICAL TRIAL AGREEMENT ACTIVITY TIME TRACKING PI / Department Reviews Other

Background CLINICAL TRIAL AGREEMENT ACTIVITY TIME TRACKING PI / Department Reviews Other Intermountain Reviews Approvals & Signtures Manage and Close Step 1: Step 1a: Step 1b Step 1c Dept Step 2: Step 3: Step 4 : Step 5: Step 6 :

754 views • 31 slides
W W W . A V I A N . A E R O The Connected Trip Building a trip is a mess Step 1 Step 2 Step 1

W W W . A V I A N . A E R O The Connected Trip Building a trip is a mess Step 1 Step 2 Step 1

W W W . A V I A N . A E R O The Connected Trip Building a trip is a mess Step 1 Step 2 Step 1 According to Google, people are browsing more than 7 different websites before they buy a ticket They are spending an average of 10 hours on

723 views • 21 slides
Credit Markets: The New Institutional Approach Econ239 October 2008 Overview Credit market

Credit Markets: The New Institutional Approach Econ239 October 2008 Overview Credit market

Credit Markets: The New Institutional Approach Econ239 October 2008 Overview Credit market transactions typically involve asymmetric information Nature of credit market institutions reflects privatesector response to this market

547 views • 36 slides
To use live captioning service on Google Slides, go to https://docs.google.com/presentation and

To use live captioning service on Google Slides, go to https://docs.google.com/presentation and

To use live captioning service on Google Slides, go to https://docs.google.com/presentation and log into the account: Click on the file you wish to open, or if you have no files yet you can import from your computer (shown on next page) or start a

475 views • 6 slides
Optimal Acquisition of a Partially Hedgeable House skun etin 1 , Fernando Zapatero 2 Co 1

Optimal Acquisition of a Partially Hedgeable House skun etin 1 , Fernando Zapatero 2 Co 1

Optimal Acquisition of a Partially Hedgeable House skun etin 1 , Fernando Zapatero 2 Co 1 Department of Mathematics and Statistics CSU Sacramento 2 Marshall School of Business USC November 14, 2009 WCMF, Santa Barbara Co skun etin,

237 views • 20 slides
1. Pharaoh is the Egyptian word meaning Great House. The Egyptians used it as another name for

1. Pharaoh is the Egyptian word meaning Great House. The Egyptians used it as another name for

1. Pharaoh is the Egyptian word meaning Great House. The Egyptians used it as another name for their kings. Whom they believed were living gods on earth. 2. Dynasty is a term used to describe a series of rulers from the same family 3. Vizier

496 views • 11 slides
ARM Architecture Cuauhtmoc Carbajal 29/01/2013 Outline Introduction Programmers model

ARM Architecture Cuauhtmoc Carbajal 29/01/2013 Outline Introduction Programmers model

ARM Architecture Cuauhtmoc Carbajal 29/01/2013 Outline Introduction Programmers model Instruction set System design Development tools 2 Outline Introduction Programmers model Instruction set System design

1.93k views • 164 slides
University of British Columbia CPSC 111, Intro to Computation 2009W2: Jan-Apr 2010 Tamara

University of British Columbia CPSC 111, Intro to Computation 2009W2: Jan-Apr 2010 Tamara

University of British Columbia CPSC 111, Intro to Computation 2009W2: Jan-Apr 2010 Tamara Munzner Inheritance II Lecture 34, Mon Apr 12 2010 borrowing from slides by Kurt Eiselt http://www.cs.ubc.ca/~tmm/courses/111-10 1 Reading This

1.44k views • 63 slides
Obtain original web presentation here: https://slides.com/odineidolon/chym2017- 8/fullscreen#/

Obtain original web presentation here: https://slides.com/odineidolon/chym2017- 8/fullscreen#/

Obtain original web presentation here: https://slides.com/odineidolon/chym2017- 8/fullscreen#/ This PDF version is of lower quality 1 . 1 HOW TO DEAL WITH HOW TO DEAL WITH OBSERVATIONAL DATA OBSERVATIONAL DATA FOR (HYDROLOGICAL) FOR

1.25k views • 50 slides
SQL Workshop Insert, Update, Delete Doug Shook Test Tables So far we have only read data

SQL Workshop Insert, Update, Delete Doug Shook Test Tables So far we have only read data

SQL Workshop Insert, Update, Delete Doug Shook Test Tables So far we have only read data When testing code that may change data, it is important to NEVER use the production DB Run the statements on test tables before deploying

588 views • 31 slides

More recommend