Embedding Security Step by Step Jérôme Allard Silicon IP Product Manager jallard@insidesecure.com Design & Reuse IP-SoC conference Grenoble - December 7, 2017 www.insidesecure.com Inside Secure – D&R IP-SoC – Grenoble – December 2017 1 |
Security Essentials How to make sure How to ensure only information is authorized parties processed as can access valuable resources? intended? Protect the Protect the access data in process to data Protect the Protect the data in data at transit rest How to prevent How to ensure intrusions and spying critical assets are not of communications? compromised? Inside Secure – D&R IP-SoC – Grenoble – December 2017 2 |
Securing Software Execution Ensure the platform integrity and ownership ➢ Can someone change the code? insert a botnet? ➢ Can someone take control of the device? Secure boot and software update ➢ Authenticity & Integrity ➢ Confidentiality, anti-cloning & device binding ➢ Anti-rollback ➢ Chain of Trust Inside Secure – D&R IP-SoC – Grenoble – December 2017 3 |
Securing Test & Debug Secure Boot Debug & test ports are obvious entry point for hackers ➢ Can someone dump sensitive code / data ? secret keys? ➢ Can someone re-program the chip? Authenticated Test & Debug enablement ➢ Life cycle management ➢ Lock test/debug ports after manufacturing ➢ Authentication of test/debug request and authorization control ➢ Privilege levels management Inside Secure – D&R IP-SoC – Grenoble – December 2017 4 |
Securing Storage Secure Boot Secure Test and Debug Data at rest are not out of sight … ➢ Can someone access the application or user data? ➢ Can someone use one device’s data on another similar device? ➢ Can someone replace the current data with old data? Secure storage ➢ Domain separation ➢ Device binding ➢ Anti-replay Inside Secure – D&R IP-SoC – Grenoble – December 2017 5 |
Securing Communications Secure Boot Secure Test and Debug Connected devices do communicate Secure Storage … ➢ Can someone spy or intercept communications? ➢ Can someone usurp the server identity? Secure communications ➢ Authentication ➢ Privacy ➢ Anti-replay Inside Secure – D&R IP-SoC – Grenoble – December 2017 6 |
Provisioning Secure Boot Secure Test and Debug Secure Storage Crypto systems relies on keys and shared secrets Secure communications … ➢ How do I get the root keys in device Provisioning ➢ Key generation and management ➢ High volumes ➢ Manufacturing control Inside Secure – D&R IP-SoC – Grenoble – December 2017 7 |
Summary Secure Boot Secure Test and Debug Secure Storage ➢ Performance Secure communications ➢ Power ➢ Provisioning Size ➢ Cost ➢ Time to market Inside Secure – D&R IP-SoC – Grenoble – December 2017 8 |
Enjoy the benefits of IP re-use Inside Secure Root-of-Trust solution RAM ROM Flash CPU / DSP CPU Protected CPU CPU Image Secure boot loader Secure Storage Protected Crypto data plane App. AES TLS SHA2 Secure boot loader RSA Secure Test & Debug ECC Secure Asset Store TRNG Inside Secure – D&R IP-SoC – Grenoble – December 2017 9 |
Physical attacks protection Camo Cells Root-of-Trust Engine Side Channel Analysis Chip Tampering Logical Fault Injection (SCA) (Physical) • Hostile SW • Timing Attack • Power glitch • Probing & modifying (FIB, e-beam) • Replay • Power & EM • Clock glitch radiation analysis • Optical reverse • Buffer overflow • Electromagnetic (SPA/DPA) engineering pulse injection • Laser Cost & Expertise Inside Secure – D&R IP-SoC – Grenoble – December 2017 10 |
Anti-counterfeiting Reverse Engineering using Pattern Recognition Layout Netlist Conventional NOR2 NOR2 Identical Counterfeit, Q DFFRCKB R at lower quality and price: D 1. Consume market share Conventional NAND3 2. Damage Brand A 3. Lower margin NAND3 4. Support and recalls Inside Secure – D&R IP-SoC – Grenoble – December 2017 11 |
Foundry Standard Cells vs Camo Cells Camo cells are designed to appear as foundry cells, but perform different logical functions Foundry Standard Inside Secure Ver2 Inside Secure Ver1 Camo Gate AND2 Gate Camo Gate AND2 lookalike gates perform alternate functions Inside Secure – D&R IP-SoC – Grenoble – December 2017 12 |
Summary – Best practices “How to Secure Your Product” • Consider security at a early stage in the design process ✓ Match security grade to potential impact of attack ✓ The longer the product lifespan, the higher security it will require ✓ One size does not fit all • Security is unlike other technologies ✓ Functional testing does not assure security ✓ Penetration testing are long, expensive and has no coverage metrics ✓ Therefore Get market-proven, mature solution • Security issues will happen! ✓ Automatic software upgrade is essential Inside Secure – D&R IP-SoC – Grenoble – December 2017 13 |
Thank You! Jérôme Allard jallard@insidesecure.com Download your free copy of IoT Security for Dummies By INSIDE Secure Here Inside Secure – D&R IP-SoC – Grenoble – December 2017 14 |
Recommend
More recommend