Step by Step Jrme Allard Silicon IP Product Manager - - PowerPoint PPT Presentation

step by step
SMART_READER_LITE
LIVE PREVIEW

Step by Step Jrme Allard Silicon IP Product Manager - - PowerPoint PPT Presentation

Aug 14, 2022 401 likes •557 views

Embedding Security Step by Step Jrme Allard Silicon IP Product Manager jallard@insidesecure.com Design & Reuse IP-SoC conference Grenoble - December 7, 2017 www.insidesecure.com Inside Secure D&R IP-SoC Grenoble

slide-1
SLIDE 1

1 |

Inside Secure – D&R IP-SoC – Grenoble – December 2017 www.insidesecure.com

Design & Reuse IP-SoC conference Grenoble - December 7, 2017

Jérôme Allard Silicon IP Product Manager

jallard@insidesecure.com

Embedding Security Step by Step

slide-2
SLIDE 2

2 |

Inside Secure – D&R IP-SoC – Grenoble – December 2017

Security Essentials

How to ensure only authorized parties can access valuable resources? How to make sure information is processed as intended? How to prevent intrusions and spying

  • f communications?

How to ensure critical assets are not compromised?

Protect the access to data Protect the data in transit Protect the data in process Protect the data at rest

slide-3
SLIDE 3

3 |

Inside Secure – D&R IP-SoC – Grenoble – December 2017

Ensure the platform integrity and ownership

➢ Can someone change the code? insert a botnet? ➢ Can someone take control of the device?

Secure boot and software update

➢ Authenticity & Integrity ➢ Confidentiality, anti-cloning & device binding ➢ Anti-rollback ➢ Chain of Trust

Securing Software Execution

slide-4
SLIDE 4

4 |

Inside Secure – D&R IP-SoC – Grenoble – December 2017

Debug & test ports are obvious entry point for hackers

➢ Can someone dump sensitive code / data ? secret keys? ➢ Can someone re-program the chip?

Authenticated Test & Debug enablement

➢ Life cycle management ➢ Lock test/debug ports after manufacturing ➢ Authentication of test/debug request and authorization control ➢ Privilege levels management

Securing Test & Debug

 Secure Boot

slide-5
SLIDE 5

5 |

Inside Secure – D&R IP-SoC – Grenoble – December 2017

Data at rest are not out of sight

➢ Can someone access the application or user data? ➢ Can someone use one device’s data on another similar device? ➢ Can someone replace the current data with old data?

Secure storage

➢ Domain separation ➢ Device binding ➢ Anti-replay

Securing Storage

 Secure Boot  Secure Test and Debug …

slide-6
SLIDE 6

6 |

Inside Secure – D&R IP-SoC – Grenoble – December 2017

Connected devices do communicate

➢ Can someone spy or intercept communications? ➢ Can someone usurp the server identity?

Secure communications

➢ Authentication ➢ Privacy ➢ Anti-replay

Securing Communications

 Secure Boot  Secure Test and Debug  Secure Storage …

slide-7
SLIDE 7

7 |

Inside Secure – D&R IP-SoC – Grenoble – December 2017

Crypto systems relies on keys and shared secrets

➢ How do I get the root keys in device

Provisioning

➢ Key generation and management ➢ High volumes ➢ Manufacturing control

Provisioning

 Secure Boot  Secure Test and Debug  Secure Storage  Secure communications …

slide-8
SLIDE 8

8 |

Inside Secure – D&R IP-SoC – Grenoble – December 2017

 Secure Boot  Secure Test and Debug  Secure Storage  Secure communications  Provisioning

Summary

➢ Performance ➢ Power ➢ Size ➢ Cost ➢ Time to market

slide-9
SLIDE 9

9 |

Inside Secure – D&R IP-SoC – Grenoble – December 2017

Inside Secure Root-of-Trust solution

Enjoy the benefits of IP re-use

Crypto data plane AES SHA2 RSA ECC TRNG

RAM Flash

CPU CPU CPU CPU / DSP

Secure Asset Store Protected App.

ROM

Protected Image TLS Secure boot loader Secure Test & Debug Secure boot loader Secure Storage

slide-10
SLIDE 10

10 |

Inside Secure – D&R IP-SoC – Grenoble – December 2017

Physical attacks protection

Cost & Expertise

Logical

  • Hostile SW
  • Replay
  • Buffer overflow

Side Channel Analysis (SCA)

  • Timing Attack
  • Power & EM

radiation analysis (SPA/DPA) Fault Injection

  • Power glitch
  • Clock glitch
  • Electromagnetic

pulse injection

  • Laser

Chip Tampering (Physical)

  • Probing & modifying

(FIB, e-beam)

  • Optical reverse

engineering

Root-of-Trust Engine Camo Cells

slide-11
SLIDE 11

11 |

Inside Secure – D&R IP-SoC – Grenoble – December 2017

Anti-counterfeiting

Reverse Engineering using Pattern Recognition

Conventional NOR2 Conventional NAND3

NAND3

NOR2

Netlist

A

D

DFFRCKB

Q R

Layout

Identical Counterfeit, at lower quality and price:

  • 1. Consume market share
  • 2. Damage Brand
  • 3. Lower margin
  • 4. Support and recalls
slide-12
SLIDE 12

12 |

Inside Secure – D&R IP-SoC – Grenoble – December 2017

Foundry Standard Cells vs Camo Cells

Camo cells are designed to appear as foundry cells, but perform different logical functions

Inside Secure Ver1 Camo Gate Inside Secure Ver2 Camo Gate Foundry Standard AND2 Gate

AND2 lookalike gates perform alternate functions

slide-13
SLIDE 13

13 |

Inside Secure – D&R IP-SoC – Grenoble – December 2017

  • Consider security at a early stage in the design process

✓ Match security grade to potential impact of attack ✓ The longer the product lifespan, the higher security it will require ✓ One size does not fit all

  • Security is unlike other technologies

✓ Functional testing does not assure security ✓ Penetration testing are long, expensive and has no coverage metrics ✓ Therefore Get market-proven, mature solution

  • Security issues will happen!

✓ Automatic software upgrade is essential

Summary – Best practices “How to Secure Your Product”

slide-14
SLIDE 14

14 |

Inside Secure – D&R IP-SoC – Grenoble – December 2017

Download your free copy of

IoT Security for Dummies

By INSIDE Secure Here

Thank You!

Jérôme Allard jallard@insidesecure.com