securing iot with a hardware secure element
play

Securing IoT with a hardware Secure Element Marc Renaudin - Serge - PowerPoint PPT Presentation

Nov 14, 2022 •424 likes •537 views

Securing IoT with a hardware Secure Element Marc Renaudin - Serge Maginot - TIEMPO CONFIDENTIAL TIEMPO S.A.S. December 3, 2019 1 Outline Connected Objects Securing IoT with a hardware Secure Element Introduction Securing Treats

  1. Securing IoT with a hardware Secure Element Marc Renaudin - Serge Maginot - TIEMPO CONFIDENTIAL TIEMPO S.A.S. December 3, 2019 1

  2. Outline Connected Objects Securing IoT with a hardware Secure Element ■ Introduction ■ Securing – Treats – Security Services ■ Software and Hardware Architecture ■ Key provisionning ■ Normalisation ■ Conclusion December 3, 2019 2

  3. Introduction : Tiempo Secure products and markets Tiempo security IP and expertise Tiempo products Tiempo customers Secure Element Hard IP Secure Design Services TESIC Secure Element IP IoT devices Certified Secure MCU Chips smartcards eGov/eID Tiempo security certifications (CC EAL5+, EMVCo) December 3, 2019 3

  4. Securing – Treats – Security Services ■ Interaction between the TOE and its outer world ■ Confidentiality, Integrity and Authentication Side Channel Attacks December 3, 2019 4

  5. Leading IoT market requirements to SoCs ■ Connectivity : SoCs have to be connected + to communicate ■ Security : SoCs have to resist todays + future attacks ■ Lifetime : SoCs have to run 10 years + on standard batteries ■ Size : SoCs are inserted into very small devices ■ Price : SoCs have to be very price competitive ■ Flexibility : One SoC design should fit many solutions/markets December 3, 2019 5

  6. TESIC: secure element IP for secure chips Secure App TESIC is a generic CC EAL5+ certification-ready UICC App secure element IP with following USPs: Compiler Security APIs Linker Crypto library a. No third-party IP ownership/royalty IDE/debug TESIC drivers SDK ✓ Proprietary secure microcontroller: CC EAL5+ certified core , ✓ Proprietary secure crypto-processors and Security RSA/ECC 16/32-bit sensors ✓ Proprietary security sensors MCU Others AES/3DES b. Silicon-proven on various geometries Secure Microcontroller & Crypto-processors (130 nm, 110 nm, 55nm, 40nm, 28nm, under preparation: 22nm) TESIC secure element IP core ✓ Customizable, allowing to target various secure applications ✓ Offers pre-qualified security and outstanding performance c. Customer-validated SDK Hard IP SE d. CC EAL5+ and EMV-Co certified (TESIC-SC) ✓ Cryptographic Library + ✓ Secure Boot Loader December 3, 2019 6

  7. SoC integration of TESIC secure element Customer’s SoC SoC Memories NoC/Bus Interfaces Configurable memory External APB AHB ISO sizes Main Cache Cache Crypto JTAG Flash ROM 7816 Master Slave RAM RAM Ctrl RAM (according TAP (opt) Interface Interface SoC to JTAG applications) Configurable interfaces Asynchronous Interconnect (according to SoC Application architecture) CPU Interrupt Memory RSA Timers DES Misc. Controller Protection Unit ECC OTP 3DES Peripherals AES Configurable OTP size (according to NVM SECURITY SECURITY SECURITY SECURITY TRNG implementation) 16/32-bit MCU SENSOR SENSOR SENSOR SENSOR Memories Peripherals Comm. Interfaces Secure clockless MCU Secure clockless Crypto-Processors and Security Sensors TESIC secure element IP December 3, 2019 7

  8. Provisioning : HSM setup for TESIC enabled SoCs Tiempo’s CC EAL5+ compliant key management flow (with flash pre-programming) December 3, 2019 8

  9. Normalisation ■ CC EAL5+ and PP0084 Package 2 ■ Common Criteria VAN.5 and DVS.2 => Attacks and Life Cycle ■ Protection Profile Package 2 => Security functions and Software Updates ■ Strong expertise in secure HW and SW developments ■ State-of-the-art security countermeasures, hardware and software ■ Certified crypto-library and boot loader (protection profile PP0084b) ■ Certified design center and documentation (CC EAL5+ and EMVCo) ■ Tiempo is in constant collaboration with security labs (CESTI) and certification offices (French ANSSI, European Eurosmart/JHAS) ■ Remains up-to-date regarding the state of the art of physical attacks ■ Innovates with always better/new/patented security countermeasures ■ Participates to working groups on coming EU IoT security standard December 3, 2019 9

  10. Conclusion ■ Tiempo delivers a Secure Hard IP to secure IoT devices ■ That is certified at the right level (level of attacks and life cycle) ■ That enable to secure IoT devices (Authentication, Confidentiality, Integrity) ■ That can be integrated within customer’s SoC ■ Tiempo delivers a complete service to secure IoT devices ■ Provisioning and key management ■ HSM usage in the life cycle ■ Tiempo has partnerships and collaborative projects in the IoT markets ■ Lora/Sigfox/LTE-M/NB-IoT/5G ■ SECURIOT ■ SECURE-IP December 3, 2019 10

Recommend

Securing Systems with Insecure Hardware Kaveh Razavi About VUSec ~20 members Software

Securing Systems with Insecure Hardware Kaveh Razavi About VUSec ~20 members Software

Securing Systems with Insecure Hardware Kaveh Razavi About VUSec ~20 members Software protections Binary and malware analysis Fuzzing Network security Hardware and OS security 2 Assuming secure software, what is

984 views • 72 slides
Sec Secure ure Hardware Hardware and Hardware and Hardware- En Enabled abled Security

Sec Secure ure Hardware Hardware and Hardware and Hardware- En Enabled abled Security

SP SPACE ACE 201 2016 Sec Secure ure Hardware Hardware and Hardware and Hardware- En Enabled abled Security Security: : New Front New Frontiers iers Swarup Bhunia Professor Electrical & Computer Engineering SPACE | Dec 2016 1

607 views • 29 slides
Securing Secure Boot on Xen Ross Lagerwall Software Engineer, Citrix Systems 1 / 15

Securing Secure Boot on Xen Ross Lagerwall Software Engineer, Citrix Systems 1 / 15

Securing Secure Boot on Xen Ross Lagerwall Software Engineer, Citrix Systems 1 / 15 Presentation licensed CC-By-SA-4.0 Why Secure Boot? How can we prevent running malware at boot? With Secure Boot! What if the machine is a VM in

303 views • 15 slides
Practical Secure Two-Party Computation and Applications Lecture 4: Hardware-Assisted

Practical Secure Two-Party Computation and Applications Lecture 4: Hardware-Assisted

Practical Secure Two-Party Computation and Applications Lecture 4: Hardware-Assisted Cryptographic Protocols Estonian Winter School in Computer Science 2016 Motivation 2 Two Areas Cryptographic Protocols Secure Hardware strong security

759 views • 52 slides
Secure Hardware HOW CAN WE PROTECT OUR HARDWARE ??? HOW CAN OUR HARDWARE PROTECT ITSELF ??? 1

Secure Hardware HOW CAN WE PROTECT OUR HARDWARE ??? HOW CAN OUR HARDWARE PROTECT ITSELF ??? 1

Secure Hardware HOW CAN WE PROTECT OUR HARDWARE ??? HOW CAN OUR HARDWARE PROTECT ITSELF ??? 1 OReilly 2 Trusted or Trustworthy? An object is trusted if and only if it operates as expected An object is trustworthy if and only if it is

707 views • 45 slides
SECURING SECURE SHELL INTERACTIVE AND AUTOMATED ACCESS MANAGEMENT AGAINST INSIDER THREATS

SECURING SECURE SHELL INTERACTIVE AND AUTOMATED ACCESS MANAGEMENT AGAINST INSIDER THREATS

SECURING SECURE SHELL INTERACTIVE AND AUTOMATED ACCESS MANAGEMENT AGAINST INSIDER THREATS Applying Due Care Via Common Sense Approach April 2017 100% 46% Ponemon 2014 SSH Security Vulnerability of 2000 Global do not Organizations Report

307 views • 29 slides
Cryptographic Approaches for Securing Routing Protocols Adrian Perrig perrig@cmu.edu Why Secure

Cryptographic Approaches for Securing Routing Protocols Adrian Perrig perrig@cmu.edu Why Secure

Cryptographic Approaches for Securing Routing Protocols Adrian Perrig perrig@cmu.edu Why Secure Routing? Current routing protocols assume trusted environment! Even misconfigurations severely disrupt Internet routing Secure routing

245 views • 22 slides
Securing Computer Hardware Using 3D Integrated Circuit (IC) Technology and Split Manufacturing

Securing Computer Hardware Using 3D Integrated Circuit (IC) Technology and Split Manufacturing

Introduction Attack Model k -Security Layout Randomization Summary Securing Computer Hardware Using 3D Integrated Circuit (IC) Technology and Split Manufacturing for Obfuscation Frank Imeson ECE, University of Waterloo USENIX Security 13

540 views • 43 slides
Position Paper: Challenges Towards Securing Hardware-assisted Execution Environments Zhenyu Ning 1

Position Paper: Challenges Towards Securing Hardware-assisted Execution Environments Zhenyu Ning 1

Position Paper: Challenges Towards Securing Hardware-assisted Execution Environments Zhenyu Ning 1 Fengwei Zhang 1 Weisong Shi 1 Larry Shi 2 1 Wayne State University 2 University of Houston November 21, 2019 1 Overview of The Talk Motivation

575 views • 24 slides
The IBM 4758 Secure Cryptographic Coprocessor Hardware Architecture and Physical Security Steve

The IBM 4758 Secure Cryptographic Coprocessor Hardware Architecture and Physical Security Steve

The IBM 4758 Secure Cryptographic Coprocessor Hardware Architecture and Physical Security Steve Weingart Senior Engineer (561) 392 6100 c1shw@us.ibm.com Secure Systems and Smart Cards IBM T.J. Watson Research Center Hawthorne, NY 4758 PCI

386 views • 11 slides
Securing Home Networks Securing Home Networks protocols protocols A SWN04 A SWN04 K.

Securing Home Networks Securing Home Networks protocols protocols A SWN04 A SWN04 K.

Securing Home Networks Securing Home Networks protocols protocols A SWN04 A SWN04 K. MASMOUDI, K. MASMOUDI, H. AFIFI H. AFIFI Boston, 08/2004 6 th PCRD Integrated Project Goal : provide secure communication

450 views • 22 slides
Securing Energy Efficiency to Secure the Energy Union www.jrc.ec.europa.eu Yamina Saheb Heinz

Securing Energy Efficiency to Secure the Energy Union www.jrc.ec.europa.eu Yamina Saheb Heinz

Securing Energy Efficiency to Secure the Energy Union www.jrc.ec.europa.eu Yamina Saheb Heinz Ossenbrink Serving society Stimulating innovation Supporting legislation Does energy efficiency reduce the size of the energy trilemma? Energy

369 views • 20 slides
Securing RFID with Ultra-wideband Modulation Pengyuan Yu, Patrick Schaumont and Dong Ha

Securing RFID with Ultra-wideband Modulation Pengyuan Yu, Patrick Schaumont and Dong Ha

Securing RFID with Ultra-wideband Modulation Pengyuan Yu, Patrick Schaumont and Dong Ha Presented By: Eric Simpson Summary Traditional Secure Communications Securing the physical layer with UWB TH-PPM RFID digital baseband

386 views • 19 slides
LOCATION PRIVACY Marc Langheinrich University of Lugano (USI), Switzerland Securing a Mobile

LOCATION PRIVACY Marc Langheinrich University of Lugano (USI), Switzerland Securing a Mobile

LOCATION PRIVACY Marc Langheinrich University of Lugano (USI), Switzerland Securing a Mobile Phone Securing a Mobile Phone Securing a Mobile Phone Securing a Mobile Phone Can We Have it Both Ways? Safe Secure Privacy-friendly

892 views • 62 slides
The Human Element in Computer Security - Graphical Passcodes as a Means to Create Secure

The Human Element in Computer Security - Graphical Passcodes as a Means to Create Secure

The Human Element in Computer Security - Graphical Passcodes as a Means to Create Secure Authentication systems Steffen Werner University of Idaho Why Research on User Authentication? The applied appeal Growing importance of stored

1.11k views • 93 slides
Disentangle Secure-Enclave Hardware from Software Andrew Ferraiuolo, Andrew Baumann, Chris

Disentangle Secure-Enclave Hardware from Software Andrew Ferraiuolo, Andrew Baumann, Chris

Komodo: Using Verification to Disentangle Secure-Enclave Hardware from Software Andrew Ferraiuolo, Andrew Baumann, Chris Hawblitzel, Bryan Parno* Microsoft Research, Cornell University, Carnegie Mellon University* 1 Secure Remote

356 views • 21 slides
Securing secure boot with System Management Mode Paolo Bonzini Red Hat, Inc. KVM Forum 2015

Securing secure boot with System Management Mode Paolo Bonzini Red Hat, Inc. KVM Forum 2015

Securing secure boot with System Management Mode Paolo Bonzini Red Hat, Inc. KVM Forum 2015 Outline UEFI overview Secure boot and SMM Chipset support: QEMU Hypervisor support: KVM Paolo Bonzini KVM Forum 2015 What is UEFI?

591 views • 29 slides
Hardware Security Modules: Attacks and Secure Configuration Graham Steel Graham Steel April

Hardware Security Modules: Attacks and Secure Configuration Graham Steel Graham Steel April

Hardware Security Modules: Attacks and Secure Configuration Graham Steel Graham Steel April 2014 Graham Steel - HSM Attacks and Secure Configuration April 2014 - 2/ 56 Secure Hardware History Military: WW2 Enigma machines - captured

667 views • 56 slides
Securing Hardware Platforms Against Malicious Circuits Through Static Analysis Matthew Hicks -

Securing Hardware Platforms Against Malicious Circuits Through Static Analysis Matthew Hicks -

Securing Hardware Platforms Against Malicious Circuits Through Static Analysis Matthew Hicks - University of Illinois Samuel T. King - University of Illinois Milo M. K. Martin - University of Pennsylvania Jonathan M. Smith - University of

625 views • 27 slides
Efficiency and agility: in secure hardware and in life! Nele Mentens KU Leuven, ESAT, imec-COSIC

Efficiency and agility: in secure hardware and in life! Nele Mentens KU Leuven, ESAT, imec-COSIC

Efficiency and agility: in secure hardware and in life! Nele Mentens KU Leuven, ESAT, imec-COSIC and ES&S nele.mentens@kuleuven.be High-Tech Women, TU Darmstadt, March 4, 2020 Motivation Secure hardware: Why? What? How? High-Tech Women,

1.81k views • 89 slides
Securing The Web Browser Keeping the Phish in the Sea What is Wrong With This? Where to Begin?

Securing The Web Browser Keeping the Phish in the Sea What is Wrong With This? Where to Begin?

Securing The Web Browser Keeping the Phish in the Sea What is Wrong With This? Where to Begin? Security indicator only in the content region Notice that it is used for personal data that should be secure No access to the location or

933 views • 21 slides
hocos SLT Programs hardware-oriented computer science Why This Presentation? Lectures must

hocos SLT Programs hardware-oriented computer science Why This Presentation? Lectures must

Steganography for Our Research Hardware Security DeepFake Detection Foci and Your Secure Opportunities Memristive Composition Cryptography Fault attacks and Ilia Polian Stochastic countermeasures Hardware-oriented Computer Science

706 views • 24 slides
CHES Tutorial Cryptographic hardware: how to make it cool, fast and secure Junfeng Fan KULeuven,

CHES Tutorial Cryptographic hardware: how to make it cool, fast and secure Junfeng Fan KULeuven,

9/9/2012 CHES Tutorial Cryptographic hardware: how to make it cool, fast and secure Junfeng Fan KULeuven, ESAT/SCD-COSIC CHES 2012 Crypto hardware 9/9/2012 CHES Tutorial: Crypto hardware design 3 1 9/9/2012 Smart card SoC (NXP P60C080)

826 views • 54 slides
Why secure the OS? Works directly on the hardware but can be adapted during runtime Operating

Why secure the OS? Works directly on the hardware but can be adapted during runtime Operating

Why secure the OS? Works directly on the hardware but can be adapted during runtime Operating System Security Data and process are directly visible Application security can be circumvented from lower layers = > good scope

103 views • 8 slides

More recommend