steve - adding security to your workflow print · • define the product certificate including the...
TRANSCRIPT
1
Adding Security to your Workflow to Deliver Trustworthy IoT Solutions
Steve Pancoast – VP [email protected]
Founding Member
2
Vulnerable IoT – “Internet of Threats”
The eight Bluetooth-related
vulnerabilities affect an
estimated 5.3 billion Android,
iOS, Linux, and Windows devices
3
Hacking Isn’t The Only Risk
0 5000 10000 15000 20000 25000 30000
Jewellery (71)
Pharmaceuticals (30)
Toys (95)
Perfumery and cosmetics (33)
Clothing, non knitted or crocheted (62)
Instruments, optical, medical etc. (90)
Watches (91)
Electrical machinery and equipment…
Articles of leather (42)
Clothing, knitted or crocheted (61)
Footwear (64)
Counterfeit Goods Seizures 2
1: OECD, April 2016. Trade in Counterfeit &Pirated Goods Mapping The Economic Impact2: OECD, April 2015. http://dx.doi.org/10.1787/888933345913
Privacy & GDPR
Minimum fine €10M or 2% of annual turnover – whichever is larger
Deliberate actions fine €20M or 4% of annual turnover
Counterfeiting
$500B+ per year1
GDP of Ireland & Netherlands combined
Electronic devices highest by value
4
Product Security Touches Many Areas,A Chain of Trust is required…
Creating secure IoT products starts with the software development…
– How is the Root of Trust established? Product Identity formed? Certificates created?
Market Deploymt
Customer(OEM Updates)
OEMContractManufacturing
ProgrammingFacility
OEMProduct
Development
Silicon Vendor(SE’s, MCU’s)
OEM RoT
It continues with how the products are manufactured / programmed…– Security compromised during provisioning? Keys leaked?
Product identities cloned?, Software IP theft?
And persists after the product was manufactured…– Secure software updates? System compromised?
Customer data protected?
5
A “Root of Trust” Must be Established
There are typically 4 requirements that must be addressed in order to
establish a “Root of Trust” in a device / product and to securely use it:
SE
“Root of Trust” is defined as:“The minimal set of software, hardware and data that is implicitly trusted in the platform ...”
– Unique Product Keys: Product key pairs and other secure data in the product must be setup / provisioned, immutable and protected.
– Unique Product Identity: Unique product identity can be verified using cryptographic means (usually via certificate chain back to CA).
– Authentication: Immutable cryptographic method to authenticate that the product contains the private key that matches the product cert.
– Platform Integrity: Secure MCU execution environment and an immutable boot path to a RoT Boot Manager that verifies subsequent software before execution.
6
What is Embedded Trust?
Embedded Trust helps make security easier for OEM’s. Provides a security solution in 4 areas:
1. Creating the Root of Trust (RoT) & Product Identity
2. Simplifying the Security Development Process
3. Streamlining the Secure Manufacturing Process
4. Enables Secure Lifecycle Software Updates
Embedded Trust is unique to offer a complete solution:From Development … To Manufacturing
7
Embedded Trust Development Workflow
The ET Development workflow consists of 4 steps:
1. Define the various product RoT keys and product certificates
2. Configure the Security World & Secure Boot Manager (SBM) with the RoT ...
3. Build the SBM
4. Customer’s application SW is automatically mastered
Create Keys(Cert, Prod, Mastering)
Create Prod Identity
Certificate
ProvisionedMCU with
SBM
OEM AppSecurely
Programmedvia SBM
and loaded into the MCU
SBM Code
Sec World
OEM Application
AutomaticallyMasteredOEM App
Sec World
and Program / Provision into the MCU
SBM Image
8
Embedded Trust Simplifies the Process
The Embedded Trust editor enables the user to easily:
• Define the product certificate including the supporting chains
• Define the cryptographic product keys and certificate keys
• Visually edit the hierarchies
• Specify the various key & certificate parameters
• The definition of these items form the “Security World” context that is configured into the SBM
Authority Root
Authority Intermediate
Product Certificate
Product KeyPair
Cert KeyPair
Cert KeyPair
9
Embedded Trust’s Secure Boot Manager
The SBM Provides:
OEM Configurable SBM Source Code
Integrates the Security World Context
Only signed & encrypted code accepted
Supports versioning & anti-rollback
Supports modular updates
API for SBM management functions andto leverage the RoT certs & keys
Foundation Boot
Update Framework
Version Management
Modular Updates
Minimal API Interfaces
Access C
on
trol
Ap
plicati
on
Isola
tion
Syste
m I
nte
grit
y C
heck
Secure Key Storage and Management
10
From Development to Manufacturing
Embedded Trust enables you to easily move from Development to Production:
A optional secure USB based HSM is added to Embedded Trust system
Development Keys & Certificates are replaced with Production Keys & Certs
Production Keys & Certificates are created in the HSM using the security world
Same Security World
Context
Development:Keys and Certscreated in PC
Production:Keys and Certscreated in HSM
11
Embedded Trust Manufacturing Workflow
The ET Manufacturing workflow consists of 5 steps:
1. Connect the optional ET USB HSM to Embedded Trust PC System
2. Load the Security World context which will create keys & certs in secure HSM
3. Load the SBM image and ET + HSM will Provision the SBM image
4. Load the App image and ET + HSM will Master the App image
5. Images can then be programmed via ISPSec World
SBM Image
Provisioned SBM
Mastered App
App Image
Secure Transfer
SentriX SecureProgrammingManufacturing
Solution withGuardian HSM
In Sys Programming via the JTAG Probeconnected to PC
(Secure with ST SFI)
or with a high volume Sentrix
12
Secure Software Updates
The Secure Boot Manager enables a secure software update solution that helps to manage and protect the product over time.
The SBM verifies all SW updates and will only accept updates that have been “Mastered & Signed” by the keys held in the secure Mastering System.
Secure Thingz also plans to provide a secure SW update Cloud Service that will enable OEM’s with a cloud based Mastering System and provide a M2M security solution to master & sign software updates for the OEM’s products.
OEM Cloud
SW Update ReqOEM Update Req& Product Cert
Mastered & Signed SW Update
Mastered SW Update
STZ M2M Mastering Cloud Service
OEM uses STZ service and places SW updates in the cloud. For each update request, the service verifies and masters the SW update
OEMProduct
13
Summary
Embedded Trust integrates security into your SoftwareDevelopment Workflow
Manage keys and certificate structures for your product
Protection from Development to Production Manufacturing
Secure Boot Manager enables secure software updates
Embedded TrustTM
14
Thank You
15
A Holistic Approach To Security
DEV
ELO
P
MANUFACTURE
MANAGE
Certificate Hierarchy
Development
Test
Mastering
OEM Management
System
UserManagement
System
Cloud Provider Devices
Factory Management
System Desktop Factory
Trust Anchors
16
Ex: Product RoT & Certificate Chain
Root Name
Pub Key ____
Issuer Name (Same as Root Name)
Issuer Sig (root)
Pri
Ke
y
__
__
Root’s Pri key
used to self-sign
(i.e. Root Cert)
OEM Name
Pub Key ____
Issuer Name
Issuer Sig
Pri
Ke
y
__
__
Root Certificate (CA)
Root’s Pri key
also signs
Interm Cert
Intermediate
OEM Certificate
Re
fere
nce
Issu
er
OEM Prod Name
Prod Pub _ Key ____
Issuer Name
Issuer Sig Pro
d P
ri_
_
Ke
y
_
__
__
Product
OEM Certificate
Interm’s Pri key
signs Prod Cert
Signature verified
by Issuer Pub Key
OEM Prod Pri
Key securely
stored in MCU
(later used for
authentication)
OEM Prod Cert
stored in MCU
(later used to
prove identity)
Product
MCU
Re
fere
nce
Issu
er