scalable security for iot - eema · sram quiddikey symmetric crypto ip asymmetric crypto ip (*)...
TRANSCRIPT
![Page 1: Scalable Security for IoT - EEMA · SRAM Quiddikey Symmetric Crypto IP Asymmetric Crypto IP (*) iRNG. Main Advantages •Availability: uninitialized SRAM memory is present in almost](https://reader034.vdocument.in/reader034/viewer/2022042122/5e9c533b28059c00f81223ae/html5/thumbnails/1.jpg)
Scalable Security for IoT
Geert-Jan Schrijen
VP Engineering
Intrinsic-ID
![Page 2: Scalable Security for IoT - EEMA · SRAM Quiddikey Symmetric Crypto IP Asymmetric Crypto IP (*) iRNG. Main Advantages •Availability: uninitialized SRAM memory is present in almost](https://reader034.vdocument.in/reader034/viewer/2022042122/5e9c533b28059c00f81223ae/html5/thumbnails/2.jpg)
Outline
Short intro to Intrinsic-ID
The challenge of building a scalable IoT security solution
Leveraging Physically Unclonable Functions for IoT
Conclusions
2
![Page 3: Scalable Security for IoT - EEMA · SRAM Quiddikey Symmetric Crypto IP Asymmetric Crypto IP (*) iRNG. Main Advantages •Availability: uninitialized SRAM memory is present in almost](https://reader034.vdocument.in/reader034/viewer/2022042122/5e9c533b28059c00f81223ae/html5/thumbnails/3.jpg)
Intrinsic-ID introduction
Company Overview
• Spin-out of Philips Research in 2008
• HQ in Eindhoven, office in San Jose, sales reps in Seoul and Tokyo
• Independent company with venture capital funding
3
World leader in Cyber Physical Security based on PUF(Physically Unclonable Function)
• Most scalable, robust and secure PUF technology
• Deployed in secure systems for secure elements, smart cards, FPGAs and Government applications
• Extensive and solid patent portfolio
• Very experienced engineering team
![Page 4: Scalable Security for IoT - EEMA · SRAM Quiddikey Symmetric Crypto IP Asymmetric Crypto IP (*) iRNG. Main Advantages •Availability: uninitialized SRAM memory is present in almost](https://reader034.vdocument.in/reader034/viewer/2022042122/5e9c533b28059c00f81223ae/html5/thumbnails/4.jpg)
Intrinsic-ID’s PUF technology
4
SRAM startup (PUF)
values
establish a unique and
robust fingerprint
The fingerprint is
turned into a secure
secret key which is
the foundation of
enhanced security
Due to deep
sub-micron
process variations ICs
are intrinsically unique
5 10 15 20 25 30
5
10
15
20
25
30
-0.8
-0.6
-0.4
-0.2
0
0.2
0.4
0.6
0.8
5 10 15 20 25 30
5
10
15
20
25
30
-0.8
-0.6
-0.4
-0.2
0
0.2
0.4
0.6
0.8
![Page 5: Scalable Security for IoT - EEMA · SRAM Quiddikey Symmetric Crypto IP Asymmetric Crypto IP (*) iRNG. Main Advantages •Availability: uninitialized SRAM memory is present in almost](https://reader034.vdocument.in/reader034/viewer/2022042122/5e9c533b28059c00f81223ae/html5/thumbnails/5.jpg)
Intrinsic-ID main products
• Quiddikey®
– Secure key storage “without storing the key”
– Reconstructs device unique key from SRAM PUF
– Activation Code generated during on-time enrollment step
5
SRAM Quiddi-key
iRNG
987a29875f086e84
6513ab9849d...
ActivationCode (AC)
• iRNG®
– Random number generation– Seeded from SRAM-PUF noise– Deterministic Rancom Bit
Generator (DRBG)– FIPS 140-3 compliant– Short setup time
![Page 6: Scalable Security for IoT - EEMA · SRAM Quiddikey Symmetric Crypto IP Asymmetric Crypto IP (*) iRNG. Main Advantages •Availability: uninitialized SRAM memory is present in almost](https://reader034.vdocument.in/reader034/viewer/2022042122/5e9c533b28059c00f81223ae/html5/thumbnails/6.jpg)
IoT / Internet of Threats
Users have an
incentive to hack
their own meters
Physical access to
remote and distributed
infrastructure cannot be
prevented
Errors in sensor inputs can
trigger major
consequences in hubsIndustry needs
reliable supply
UAV relies on
sensors to keep
flying
(semi)
autonomous
vehicles rely on
sensors for safety
Medical
sensors drive
automated
devices
(pacemaker,
insulin pump)
6
![Page 7: Scalable Security for IoT - EEMA · SRAM Quiddikey Symmetric Crypto IP Asymmetric Crypto IP (*) iRNG. Main Advantages •Availability: uninitialized SRAM memory is present in almost](https://reader034.vdocument.in/reader034/viewer/2022042122/5e9c533b28059c00f81223ae/html5/thumbnails/7.jpg)
IoT hacks
7
![Page 8: Scalable Security for IoT - EEMA · SRAM Quiddikey Symmetric Crypto IP Asymmetric Crypto IP (*) iRNG. Main Advantages •Availability: uninitialized SRAM memory is present in almost](https://reader034.vdocument.in/reader034/viewer/2022042122/5e9c533b28059c00f81223ae/html5/thumbnails/8.jpg)
A complex security challenge
8
Challenging environment:• Physical access• No human users• Direct internet
connection
Nee
d fo
r secu
rity
Diversity of hardware:• Size• Resources (power,
memory, processing)
• Mobility
Reso
urce co
nstrain
ed
Scale and complexity:• Multiple devices
per home• Different
manufacturers• Different service
providers
Co
mp
lexity and
scale
![Page 9: Scalable Security for IoT - EEMA · SRAM Quiddikey Symmetric Crypto IP Asymmetric Crypto IP (*) iRNG. Main Advantages •Availability: uninitialized SRAM memory is present in almost](https://reader034.vdocument.in/reader034/viewer/2022042122/5e9c533b28059c00f81223ae/html5/thumbnails/9.jpg)
A wide variety of microprocessors used, often lacking security
9
Continuous operation vs. 1 data
packet per month
-40°C to 125°C (automotive)
-40°C to 100°C (industrial)
Grid power source vs.
irreplaceable battery
From disposable sensor to 20+
years in industrial applications
Operational Requirements
Guarded building vs.
remote outdoor location
Physically, locally or cloud
connected
From 0.5 kbyte of
RAM to >1 Mbyte
From few MHz to over
1 GHZ
< €50ct to > €100
Chip Properties
Often no keystore,
TEE or HW crypto
Often no NVM in small
embedded controllers
Hardware solution,
firmware, FPGA
![Page 10: Scalable Security for IoT - EEMA · SRAM Quiddikey Symmetric Crypto IP Asymmetric Crypto IP (*) iRNG. Main Advantages •Availability: uninitialized SRAM memory is present in almost](https://reader034.vdocument.in/reader034/viewer/2022042122/5e9c533b28059c00f81223ae/html5/thumbnails/10.jpg)
IoT Security Solution
Secure Root of Trust:• Combination of hardware components with trusted
software• Manages security protocols • Protects firmware and memory• Involved in the secure boot process of the IoT device• Protects the Root Identity: securely store UID and
private device keys• Performs integrity checking of the system• Protects authenticity, confidentiality and integrity of
data
10
![Page 11: Scalable Security for IoT - EEMA · SRAM Quiddikey Symmetric Crypto IP Asymmetric Crypto IP (*) iRNG. Main Advantages •Availability: uninitialized SRAM memory is present in almost](https://reader034.vdocument.in/reader034/viewer/2022042122/5e9c533b28059c00f81223ae/html5/thumbnails/11.jpg)
Efficient and flexible Root of Trust
• PUF based secure key storage• PUF based random number generation• Keys reconstructed on the fly and only accessible by crypto module• Optional (*): asymmetric crypto block
11
Embedded security module
Controller
I/O
SRAM Quiddikey SymmetricCrypto IP
AsymmetricCrypto IP (*)
iRNG
![Page 12: Scalable Security for IoT - EEMA · SRAM Quiddikey Symmetric Crypto IP Asymmetric Crypto IP (*) iRNG. Main Advantages •Availability: uninitialized SRAM memory is present in almost](https://reader034.vdocument.in/reader034/viewer/2022042122/5e9c533b28059c00f81223ae/html5/thumbnails/12.jpg)
Main Advantages
• Availability: uninitialized SRAM memory is present in almost every device
• Flexibility: – Implementation in hardware, software or
combination
– Allows for secure operation without requiring embedded NVM
• Security: Strong protection against physical attacks, no keys permanently stored
12
![Page 13: Scalable Security for IoT - EEMA · SRAM Quiddikey Symmetric Crypto IP Asymmetric Crypto IP (*) iRNG. Main Advantages •Availability: uninitialized SRAM memory is present in almost](https://reader034.vdocument.in/reader034/viewer/2022042122/5e9c533b28059c00f81223ae/html5/thumbnails/13.jpg)
Key Storage Security
13
Fuses
Anti-fuseOTP
Secu
rity
FLASHEEPROM
ROM
Traditional solutions:• Physical change applied,
key visible in structure• Key programmed
externally
IID PUF
Cost
PUF based key storage:• No physical traces of any sensitive data• Key generated from internal entropy in
nano-structure
![Page 14: Scalable Security for IoT - EEMA · SRAM Quiddikey Symmetric Crypto IP Asymmetric Crypto IP (*) iRNG. Main Advantages •Availability: uninitialized SRAM memory is present in almost](https://reader034.vdocument.in/reader034/viewer/2022042122/5e9c533b28059c00f81223ae/html5/thumbnails/14.jpg)
Implementation Flexibility
14
BUS
On
Chip
SRAM
Processor
I/O
Crypto
Engine
On Chip
Sensors
Peripherals
Network
PUF
source
Secure or advanced uP
FLASH
/
EEPROM
Existing
engine
used
Secure
Zone*
PUF and IoT
security
protocols
* In smartcard chip, entire processor is secured
AC
![Page 15: Scalable Security for IoT - EEMA · SRAM Quiddikey Symmetric Crypto IP Asymmetric Crypto IP (*) iRNG. Main Advantages •Availability: uninitialized SRAM memory is present in almost](https://reader034.vdocument.in/reader034/viewer/2022042122/5e9c533b28059c00f81223ae/html5/thumbnails/15.jpg)
Implementation Flexibility
15
On
Chip
SRAM
Proces-
sorI/O
PUF
IP
On Chip
Sensors
Peripherals
Network
PUF
source
Small embedded uP
Control /
IoT Security
Protocols
BUS
AC
Crypto
Engine
Further
enhancements
![Page 16: Scalable Security for IoT - EEMA · SRAM Quiddikey Symmetric Crypto IP Asymmetric Crypto IP (*) iRNG. Main Advantages •Availability: uninitialized SRAM memory is present in almost](https://reader034.vdocument.in/reader034/viewer/2022042122/5e9c533b28059c00f81223ae/html5/thumbnails/16.jpg)
Easy integration into various IoT devices
16
Security Stack Small
embedded uP
Secure
embedded uP
Advanced
Embedded uP
Advanced uP
Control Logic
(optional)
Integrated with
firmware Integrated with
firmware
SW library on
top of OS
Software
library
PUF key. mgt.
logicHardware IP
(preferred) or
firmware
Hardware IP
(preferred)
Firmware in
TEE
Crypto
Protocols Available via
hardware
accelerators
Available via
OS or
hardware
Available OS
APIs
Crypto
Algorithms
Available
accelerators
PUF source Available SRAM on device (from ~200 bytes)
![Page 17: Scalable Security for IoT - EEMA · SRAM Quiddikey Symmetric Crypto IP Asymmetric Crypto IP (*) iRNG. Main Advantages •Availability: uninitialized SRAM memory is present in almost](https://reader034.vdocument.in/reader034/viewer/2022042122/5e9c533b28059c00f81223ae/html5/thumbnails/17.jpg)
Volatile operation (example)
Key setup• Generate private/public key pair on chip• Enroll PUF and output AC• Reconstruct PUF key and use it to wrap the private key (W_Kpriv)• Store externally: AC, W, public key (e.g. in certificate)
17
Embedded security module
Controller
I/O
SRAM Quiddikey SymmetricCrypto IP
AsymmetricCrypto IP
iRNG
Kpriv
W_Kpriv
Kpub
AC
![Page 18: Scalable Security for IoT - EEMA · SRAM Quiddikey Symmetric Crypto IP Asymmetric Crypto IP (*) iRNG. Main Advantages •Availability: uninitialized SRAM memory is present in almost](https://reader034.vdocument.in/reader034/viewer/2022042122/5e9c533b28059c00f81223ae/html5/thumbnails/18.jpg)
Volatile operation (example)
Authentication• Retrieve AC and W_Kpriv• Reconstruct PUF key from AC• Unwrap W_Kpriv to retrieve private key• Use private key in challenge/response authentication protocol
18
Embedded security module
Controller
I/O
SRAM Quiddikey SymmetricCrypto IP
AsymmetricCrypto IP
iRNG
Kpub
AC
W_Kpriv
Kpriv
![Page 19: Scalable Security for IoT - EEMA · SRAM Quiddikey Symmetric Crypto IP Asymmetric Crypto IP (*) iRNG. Main Advantages •Availability: uninitialized SRAM memory is present in almost](https://reader034.vdocument.in/reader034/viewer/2022042122/5e9c533b28059c00f81223ae/html5/thumbnails/19.jpg)
Conclusions
• The IoT poses many security challenges
• An efficient and scalable security solution is needed
• A secure root of trust is an essential component
• PUF based key management provides high security, scalability and flexibility
19