CycurHSM An Automotive-qualified Software Stack for Hardware Security Modules

Size: px
Start display at page:

Download "CycurHSM An Automotive-qualified Software Stack for Hardware Security Modules"

Transcription

1 CycurHSM An Automotive-qualified Software Stack for Hardware Security Modules Dr. Frederic Stumpf, ESCRYPT GmbH Embedded Security, Stuttgart, Germany 1 Introduction Electronic Control Units (ECU) are embedded systems that process information from different vehicle sub-systems, such as sensors or other ECUs, and control actuators to react on system events accordingly. One prominent example for ECUs is the engine control unit which is responsible for controlling a series of actuators on a combustion engine to ensure optimal engine performance. The engine's actuators are controlled based on complex system parameters, such as ignition timing, and are configured and adapted to the specific motor characteristic during vehicle production. Manipulation of these critical system parameters is an interesting attack target since manipulations may yield in modified motor characteristics which may give an attacker the ability to improve the performance of the engine. These attacks are commonly referred to as Chiptuning and are offered by an industry-wide tuning sector. The motor control unit is only one out of many ECUs which is susceptible to attacks. Other attacks on ECUs may cover the unauthorized activation of vehicle features or circumventions of the immobilizer system of a vehicle [HS11]. Due to the increased networking of ECUs and the fact that ECUs carry out more and more sensitive tasks, the attack surface and the resulting financial loss caused by a successful attack on an ECU will grow significantly in the near future. In addition, successful attacks on one ECU endanger the whole vehicle board network and can have an impact to the whole vehicle safety system, which at worst, may cause the safety-characteristics no longer being satisfied. In order to harden ECUs against attacks, security mechanisms which prevent reading out sensitive keying material and also prevent successful manipulation of the software of an ECU must be used. To provide the necessary trust primitives and resistance to physical attacks, the security mechanisms must be rooted in hardware. This approach prevents that sensitive information, e.g., cryptographic keys, are vulnerable to software attacks. Hardware Security Modules (HSM) are a promising technology to answer the requirements for such a secure hardware extensions for ECUs.

2 2 Automotive-qualified Hardware Security Modules Hardware Security Modules are dedicated hardware security components that encapsulate security functions and provide the necessary trust primitives. HSMs are integrated chips specifically developed and designed for security use-cases. Typically, implementations range from smart cards used for identification and authentication purposes, such as, national identification cards, to Trusted Platform Modules [Tru07] which are Hardware Security Modules for personal computers. HSMs typically consist of a CPU core, different types of data storages (e.g., RAM, ROM, Flash), a memory protection unit, a memory encryption unit, sensors, cryptographic accelerators, and further peripheral components. Most HSMs employ sophisticated countermeasures against physical attacks, such as active sensors to detect fault and glitching attacks, and also employ cryptographic implementations which are hardened against side channel attacks. However, typical Hardware Security Modules do not satisfy automotive requirements. Problematic characteristics that render integrating existing Hardware Security Modules as additional component inside of an ECU non-usable are especially: 1. High costs caused by integrating an external, additional chip inside an ECU 2. Sensitivity to attacks on the communication interface between ECU application core and HSM 3. The non-existence of debug/testing interfaces if a malfunctioned device needs to be analyzed 4. The high temperature range an automotive qualified product needs to satisfy The lack of existing technology has caused Bosch to develop an own HSM specification that satisfies automotive requirements [BGI+11]. In order to ensure a high market penetration, Bosch cooperated with the most important silicon manufacturers to ensure that the technology will be supported and implemented by a broad set of silicon manufacturers.

3 3 The Bosch HSM The basic architecture of the Bosch HSM is shown in Figure 1. Core of the HSM is a secure CPU where security critical tasks are executed. The HSM also possesses its own RAM, Boot ROM, AES engine as well as a True Random Number Generator (TRNG) as cryptographic peripheries. Parts of the HSM are also debug interfaces and an On-Chip Interconnect Interface which is used for communication with the host core and to access the flash. The host core is a typical automotive qualified application processor providing an execution environment for safety-critical tasks, achieved for example using additional lockstep cores. The flash is shared between host core and HSM, and the firmware both of the HSM and the host core is stored in shared flash. A memory protection unit (not shown in the figure) ensures that only the HSM is allowed to access its own HSM allocated data located in the flash. When the HSM is powered up, the local boot code is loaded from the boot ROM and the HSM is initialized with the code stored in the shared flash. The HSM provides a method to enable debugging the HSM including read out of all data stored in the flash and the internal data of the HSM (besides internal AES keys). The debug interface can only be activated internally by the HSM after a secure authentication protocol (e.g., challenge-response authentication) between the HSM and one external debugger has been performed. Figure 1: Main Components of the BOSCH HSM While the detailed realization and implementation of the HSM varies between the different silicon manufacturers, the basic concepts of providing a secure execution environment based on an additional secure core, are the same for all silicon manufacturers that provide an implementation which is compliant to the Bosch HSM.

4 4 HSM Security Functions The HSM implements a set of security functions which can be used to realize complex automotive security use-cases. For this purpose, the HSM offers the following primitives: AES-128 bit engine in Hardware A True Random Number Generator for secure generation of cryptographic keys Hardware-shielded protected storage for cryptographic keys or secure logging A secure system timer to realize a secure, replay protected logging Secure debug under control of the HSM 5 CycurHSM - A Secure Software Stack for Automotive HSMs The new CycurHSM product from ESCRYPT is a security firmware specifically designed for the Bosch HSM and its derivates. CycurHSM will support all available HSM implementations from the different silicon manufacturers and provides a standardized API to access the HSM. Besides making the existing HW security peripherals of the HSM available to software executed inside the HSM and applications on the host core, CycurHSM also implements a full cryptographic library with asymmetric cryptography support. CycurHSM provides all necessary interface to integrate the HSM inside of a typical automotive ECU, i.e., it consists of an AUTOSAR interfaces, required device drivers, and a PKCS#11 interface for non-autosar applications. As a result, CycurHSM fully encapsulates all required security functions needed to satisfy a broad set of automotive security requirements. The innovative design of CycurHSM is based on a real-time operating system to also ensure real-time characteristics of the HSM that will be required in future use-cases, e.g., for secure real-time critical on-board communication with the involvement of HSM technology. 5.1 Software Architecture The software architecture of CycurHSM is shown in Figure 2. Core component of CycurHSM is RTA-OS from ETAS. RTA-OS is a real-time operating system specifically designed to meet all requirements of automotive ECUs. Further, RTA-OS provides minimal runtime overheads, a very small footprint, and a MISRA C compliant implementation. RTA-OS provides a two-layer protection level to isolate trustworthy kernel tasks from non-trustworthy user tasks, thus providing an additional protection concept for the software of the HSM. Each task on the HSM is executed with the least privilege level required, as a result, potential security vulnerabilities in one task, do not cause the whole system to become insecure. The CycurLIB security library from ESCRYPT provides additional cryptographic primitives (ECC, RSA) and directly uses the cryptographic accelerators available in hardware on the HSM. CycurLIB encapsulates all cryptographic algorithms and functions and provides an interface to applications executed on top of the HSM. The software of the HSM implements customer specific security applications that directly use the provided security functions available on the HSM made available using the CycurLIB. In addition to the CycurLIB, a SHE emulation module

5 is executed on the HSM. This module uses the CycurLIB security library as underlying primitive and implements the SHE specification [Sof09] with additional extensions to SHE to satisfy extended automotive requirements (denoted as SHE+). The functionality is made available to applications executed on the host core using the HSM driver. The functionality of security applications can be fully implemented on top of the HSM but can also be distributed between host core and HSM if required. CycurLIB and all additional customer specific software applications are executed in user-mode on the HSM. The HSM is communicating with the host core using a specific HSM device driver which ensures secure communication between HSM and host core. The HSM driver on the host is fully compatible to AUTOSAR and provides an interface based on the AUTOSAR crypto abstraction layer (CAL). In addition, it provides a PKCS#11 compliant interface. Figure 2: Main SW Components of CycurHSM

6 5.2 Security Functions and Use-Cases Based on the HSM, a broad set of use-cases can be implemented. Since the HSM provides a standardized interface to security functions based on strong cryptography, security applications can be either realized on the HSM, the host core, or using a combination of both. Supported uses-cases include, but are not limited, to the following: Secure Boot Secure boot ensures that the integrity of code stored in the flash has not been compromised and is in a trustworthy state. This is achieved by checking the integrity of code before being executed during the initialization of the ECU. To this end, each component in the boot chain, validates the integrity of the following component in the boot chain before handing over control to the next component in the chain. The initial component is integrated as Core Root of Trust for Measurement inside the boot ROM which is initially responsible for initiating the boot process and for triggering the boot loader. The integrity is validated by computing a cryptographic hash value of the code and comparing it with a pre-configured hash value stored in secure storage of the HSM. If the computed result does not match the pre-configured value, the HSM prevents further execution of the code on the ECU. The secure boot is initiated and completely performed by the HSM itself, i.e., without any explicit call by the host CPU. Figure 3: Secure Boot process with involvement of the HSM Runtime Tuning Detection Runtime tuning detection verifies the code integrity of the flash content during the regular operation of the ECU. The goal is to detect manipulations on the original ECU flash. Runtime tuning detection takes advantage that the HSM is realized as one additional core with full access to the flash of the ECU. As a result, the HSM can independently validate the code integrity of the flash without causing any impact or delays on the safety-critical applications executed on the host core. Typically, the runtime tuning detection is a low-prioritized task implemented on top of the HSM that walks through the flash storage in regular intervals and compares the integrity of the flash code with pre-configured measurements. If the runtime tuning detection tasks detects an anomaly, a secure log entry is created that gives information about the detected anomaly. As an alternative, the runtime tuning detection may cause a specific reaction to an event, e.g., causing the ECU to go into fail-safe mode.

7 5.2.3 Secure Flashing Secure flashing is the process of updating the software of the ECU in a secure manner. Secure flashing supported by an HSM is typically divided into three phases. First, the authenticity of the flashing request of an external diagnosis tester is verified by the HSM. For this purpose, a challenge-response authentication protocol using symmetric or asymmetric keys is performed. After the HSM grants access, the download of the software can be initiated (step 2). Alongside to the software, a cryptographic signature is transmitted which was created by a trustworthy entity, e.g., the manufacturer of the ECU, that vouches for the trust level of the code. After the code has been transmitted, the HSM checks the signature of the code. If the signature verification succeeds and the code fits to the ECU, the internal flash structure is updated with the new code (step three).

8 6 Conclusion Hardware Security Modules are a necessary building block to harden embedded systems against attacks. HSMs are dedicated hardware security components that encapsulate security functions and provide the necessary trust primitives. This article gives a high-level overview of the CycurHSM product currently under development by ESCRYPT. CycurHSM is a complete software stack adapted to the available implementations of the Bosch HSM by different silicon manufacturers. In addition, it provides an own SHE(+) emulation module on a secure core. The innovative design of CycurHSM is based on a real-time operating system to satisfy future upcoming requests to also meet safety requirements. Based on CycurHSM, a broad set of security applications can be supported. CycurHSM provides the technology for fulfilling the requirements regarding a flexible HSM firmware that provides open and standardized interfaces to HSM-enhanced security applications. The full comparability of CycurHSM to AUTOSAR ensures a broad applicability and the usage of the technology in different types of ECUs. Contact & Further Information Web ESCRYPT GmbH Embedded Security Lise-Meitner-Allee Bochum, Germany Phone: ESCRYPT Inc. Embedded Security 315 E Eisenhower Parkway, Suite 214 Ann Arbor, MI 48108, USA Phone:

9 References [BGI + 11] [HS11] Oliver Bubeck, Jens Gramm, Markus Ihle, Jamshid Shokrollahi, Robert Szerwinski, and Martin Emele. A hardware security module for engine control units. In Proceedings of the 10th ESCAR Conference, Johann Heyszl and Frederic Stumpf. Asymmetric cryptography in automotive access and immobilizer systems. In Proceedings of the 10th ESCAR Conference, [Sof09] HIS Herstellerinitiative Software. She - secure hardware extension version 1.1. Technical report, [Tru07] Trusted Computing Group. TCG TPM Specification, Architecture Overview. Technical report, TCG, 2007.

Hardware Security Modules for Protecting Embedded Systems

Hardware Security Modules for Protecting Embedded Systems Hardware Security Modules for Protecting Embedded Systems Marko Wolf, ESCRYPT GmbH Embedded Security, Munich, Germany André Weimerskirch, ESCRYPT Inc. Embedded Security, Ann Arbor, USA 1 Introduction &

More information

Vehicular Security Hardware The Security for Vehicular Security Mechanisms

Vehicular Security Hardware The Security for Vehicular Security Mechanisms escrypt GmbH Embedded Security Systemhaus für eingebettete Sicherheit Vehicular Security Hardware The Security for Vehicular Security Mechanisms Marko Wolf, escrypt GmbH Embedded Security Embedded Security

More information

Embedding Trust into Cars Secure Software Delivery and Installation

Embedding Trust into Cars Secure Software Delivery and Installation Embedding Trust into Cars Secure Software Delivery and Installation André Adelsbach, Ulrich Huber, Ahmad-Reza Sadeghi, Christian Stüble Horst Görtz Institute for IT Security, Bochum, Germany Third Workshop

More information

Secure Wireless Application Platform

Secure Wireless Application Platform Texas Instruments SW@P Secure Wireless Application Platform New Challenges for Wireless Handsets Open Environment Multi-application, Interoperability Multiple Access Data Paths GSM/GPRS, EDGE, 802.11,

More information

M-Shield mobile security technology

M-Shield mobile security technology Technology for Innovators TM M-Shield mobile security technology making wireless secure Overview As 3G networks are successfully deployed worldwide, opportunities are arising to deliver to end-users a

More information

Vehicular On-board Security: EVITA Project

Vehicular On-board Security: EVITA Project C2C-CC Security Workshop 5 November 2009 VW, MobileLifeCampus Wolfsburg Hervé Seudié Corporate Sector Research and Advance Engineering Robert Bosch GmbH Outline 1. Project Scope and Objectives 2. Security

More information

Safety and security related features in AUTOSAR

Safety and security related features in AUTOSAR Safety and security related features in Dr. Stefan Bunzel Spokesperson (Continental) Co-Authors: S. Fürst, Dr. J. Wagenhuber (BMW), Dr. F. Stappert (Continental) Automotive - Safety & Security 2010 22

More information

SHE Secure Hardware Extension

SHE Secure Hardware Extension SHE Secure Hardware Extension Data Security for Automotive Embedded Systems Workshop on Cryptography and Embedded Security Embedded World @ Nuremberg, February 2012 Content Data Security - What does it

More information

NEXT GENERATION OF AUTOMOTIVE SECURITY: SECURE HARDWARE AND SECURE OPEN PLATFORMS

NEXT GENERATION OF AUTOMOTIVE SECURITY: SECURE HARDWARE AND SECURE OPEN PLATFORMS NEXT GENERATION OF AUTOMOTIVE SECURITY: SECURE HARDWARE AND SECURE OPEN PLATFORMS André Groll, Jan Holle University of Siegen, Institute for Data Communications Systems {andre.groll,jan.holle}@uni-siegen.de

More information

Secure Key Management A Key Feature for Modern Vehicle Electronics

Secure Key Management A Key Feature for Modern Vehicle Electronics 13AE-0069 Secure Key Management A Key Feature for Modern Vehicle Electronics Christian Schleiffer, Marko Wolf, André Weimerskirch, and Lars Wolleschensky ESCRYPT Copyright 2012 SAE International ABSTRACT

More information

EVITA-Project.org: E-Safety Vehicle Intrusion Protected Applications

EVITA-Project.org: E-Safety Vehicle Intrusion Protected Applications EVITA-Project.org: E-Safety Vehicle Intrusion Protected Applications 7 th escar Embedded Security in Cars Conference November 24 25, 2009, Düsseldorf Dr.-Ing. Olaf Henniger, Fraunhofer SIT Darmstadt Hervé

More information

Embedded Java & Secure Element for high security in IoT systems

Embedded Java & Secure Element for high security in IoT systems Embedded Java & Secure Element for high security in IoT systems JavaOne - September 2014 Anne-Laure SIXOU - ST Thierry BOUSQUET - ST Frédéric VAUTE - Oracle Speakers 2 Anne-Laure SIXOU Smartgrid Product

More information

Side Channel Analysis and Embedded Systems Impact and Countermeasures

Side Channel Analysis and Embedded Systems Impact and Countermeasures Side Channel Analysis and Embedded Systems Impact and Countermeasures Job de Haas Agenda Advances in Embedded Systems Security From USB stick to game console Current attacks Cryptographic devices Side

More information

IoT Security Concerns and Renesas Synergy Solutions

IoT Security Concerns and Renesas Synergy Solutions IoT Security Concerns and Renesas Synergy Solutions Simon Moore CTO - Secure Thingz Ltd Agenda Introduction to Secure.Thingz. The Relentless Attack on the Internet of Things Building protection with Renesas

More information

Secure web transactions system

Secure web transactions system Secure web transactions system TRUSTED WEB SECURITY MODEL Recently, as the generally accepted model in Internet application development, three-tier or multi-tier applications are used. Moreover, new trends

More information

Secure Network Communications FIPS 140 2 Non Proprietary Security Policy

Secure Network Communications FIPS 140 2 Non Proprietary Security Policy Secure Network Communications FIPS 140 2 Non Proprietary Security Policy 21 June 2010 Table of Contents Introduction Module Specification Ports and Interfaces Approved Algorithms Test Environment Roles

More information

Patterns for Secure Boot and Secure Storage in Computer Systems

Patterns for Secure Boot and Secure Storage in Computer Systems Patterns for Secure Boot and Secure Storage in Computer Systems Hans Löhr, Ahmad-Reza Sadeghi, Marcel Winandy Horst Görtz Institute for IT Security, Ruhr-University Bochum, Germany {hans.loehr,ahmad.sadeghi,marcel.winandy}@trust.rub.de

More information

Pervasive Computing und. Informationssicherheit

Pervasive Computing und. Informationssicherheit Pervasive Computing und 11. Symposium on Privacy and Security Rüschlikon, 13. September 2006 Prof. Christof Paar European Competence Center for IT Security www.crypto.rub.de Contents 1. Pervasive Computing

More information

BroadSAFE Enhanced IP Phone Networks

BroadSAFE Enhanced IP Phone Networks White Paper BroadSAFE Enhanced IP Phone Networks Secure VoIP Using the Broadcom BCM11xx IP Phone Technology September 2005 Executive Summary Voice over Internet Protocol (VoIP) enables telephone calls

More information

Safety and Security Features in AUTOSAR

Safety and Security Features in AUTOSAR Safety and Security Features in AUTOSAR Nagarjuna Rao Kandimala, Michal Sojka Czech Technical University in Prague 166 27 Praha 6, Czech Republic Thursday 15 th November, 2012 Contents 1 Introduction 2

More information

Wireless Microcontrollers for Environment Management, Asset Tracking and Consumer. October 2009

Wireless Microcontrollers for Environment Management, Asset Tracking and Consumer. October 2009 Wireless Microcontrollers for Environment Management, Asset Tracking and Consumer October 2009 Jennic highlights Jennic is a fabless semiconductor company providing Wireless Microcontrollers to high-growth

More information

Secure Hardware PV018 Masaryk University Faculty of Informatics

Secure Hardware PV018 Masaryk University Faculty of Informatics Secure Hardware PV018 Masaryk University Faculty of Informatics Jan Krhovják Vašek Matyáš Roadmap Introduction The need of secure HW Basic terminology Architecture Cryptographic coprocessors/accelerators

More information

Using BroadSAFE TM Technology 07/18/05

Using BroadSAFE TM Technology 07/18/05 Using BroadSAFE TM Technology 07/18/05 Layers of a Security System Security System Data Encryption Key Negotiation Authentication Identity Root Key Once root is compromised, all subsequent layers of security

More information

CHANCES AND RISKS FOR SECURITY IN MULTICORE PROCESSORS

CHANCES AND RISKS FOR SECURITY IN MULTICORE PROCESSORS CHANCES AND RISKS FOR SECURITY IN MULTICORE PROCESSORS Prof. Dr.-Ing. Georg Sigl Institute for Security in Information Technology Technical University Munich sigl@tum.de Fraunhofer Research Institution

More information

Threat Model for Software Reconfigurable Communications Systems

Threat Model for Software Reconfigurable Communications Systems Threat Model for Software Reconfigurable Communications Systems Presented to the Management Group 6 March 007 Bernard Eydt Booz Allen Hamilton Chair, SDR Security Working Group Overview Overview of the

More information

Embedded Security for Modern Building Automation Systems

Embedded Security for Modern Building Automation Systems Embedded Security for Modern Building Automation Systems Daniel Höttges, ESCRYPT GmbH Embedded Security, Bochum, Germany Marko Wolf, ESCRYPT GmbH Embedded Security, München, Germany Digitalization and

More information

Embedded Trusted Computing on ARM-based systems

Embedded Trusted Computing on ARM-based systems 1 / 26 Embedded Trusted Computing on ARM-based systems Martin Schramm, M.Eng. 10.04.2014 Agenda 2 of 26 martin.schramm@th-deg.de Embedded computing platforms have become omnipresent intend to alleviate

More information

Technical Brief Distributed Trusted Computing

Technical Brief Distributed Trusted Computing Technical Brief Distributed Trusted Computing Josh Wood Look inside to learn about Distributed Trusted Computing in Tectonic Enterprise, an industry-first set of technologies that cryptographically verify,

More information

PUF Physical Unclonable Functions

PUF Physical Unclonable Functions Physical Unclonable Functions Protecting next-generation Smart Card ICs with SRAM-based s The use of Smart Card ICs has become more widespread, having expanded from historical banking and telecommunication

More information

Security in Vehicle Networks

Security in Vehicle Networks Security in Vehicle Networks Armin Happel, Christof Ebert Stuttgart, 17. March 2015 V1.1 2015-04-28 Introduction Vector Consulting Services supports clients worldwide in improving their product development

More information

FIPS 140-2 Non- Proprietary Security Policy. McAfee SIEM Cryptographic Module, Version 1.0

FIPS 140-2 Non- Proprietary Security Policy. McAfee SIEM Cryptographic Module, Version 1.0 FIPS 40-2 Non- Proprietary Security Policy McAfee SIEM Cryptographic Module, Version.0 Document Version.4 December 2, 203 Document Version.4 McAfee Page of 6 Prepared For: Prepared By: McAfee, Inc. 282

More information

RELEASE NOTES. Table of Contents. Scope of the Document. [Latest Official] ADYTON Release 2.12.9 - corrections. ADYTON Release 2.12.

RELEASE NOTES. Table of Contents. Scope of the Document. [Latest Official] ADYTON Release 2.12.9 - corrections. ADYTON Release 2.12. Table of Contents Scope of the Document... 1 [Latest Official] ADYTON Release 2.12.9... 1 ADYTON Release 2.12.4... 1 ADYTON Release 2.9.3... 3 ADYTON Release 2.7.7... 3 ADYTON Release 2.6.2... 4 ADYTON

More information

Do AUTOSAR and functional safety rule each other out?

Do AUTOSAR and functional safety rule each other out? Software development Do AUTOSAR and functional safety rule each other out? While simplicity is a factor in safety-critical applications, AUTOSAR has over 6,000 configuration parameters and well over 100,000

More information

Security Policy for FIPS 140 2 Validation

Security Policy for FIPS 140 2 Validation BitLocker Windows OS Loader Security Policy for FIPS 140 2 Validation BitLocker Windows OS Loader (winload) in Microsoft Windows 8.1 Enterprise Windows Server 2012 R2 Windows Storage Server 2012 R2 Surface

More information

TPM Key Backup and Recovery. For Trusted Platforms

TPM Key Backup and Recovery. For Trusted Platforms TPM Key Backup and Recovery For Trusted Platforms White paper for understanding and support proper use of backup and recovery procedures for Trusted Computing Platforms. 2006-09-21 V0.95 Page 1 / 17 Contents

More information

Software Development for Multiple OEMs Using Tool Configured Middleware for CAN Communication

Software Development for Multiple OEMs Using Tool Configured Middleware for CAN Communication 01PC-422 Software Development for Multiple OEMs Using Tool Configured Middleware for CAN Communication Pascal Jost IAS, University of Stuttgart, Germany Stephan Hoffmann Vector CANtech Inc., USA Copyright

More information

Plain English Guide To Common Criteria Requirements In The. Field Device Protection Profile Version 0.75

Plain English Guide To Common Criteria Requirements In The. Field Device Protection Profile Version 0.75 Plain English Guide To Common Criteria Requirements In The Field Device Protection Profile Version 0.75 Prepared For: Process Control Security Requirements Forum (PCSRF) Prepared By: Digital Bond, Inc.

More information

Introducing etoken. What is etoken?

Introducing etoken. What is etoken? Introducing etoken Nirit Bear September 2002 What is etoken? Small & portable reader-less Smartcard Standard USB connectivity Logical and physical protection Tamper evident (vs. tamper proof) Water resistant

More information

Standardized software components will help in mastering the. software should be developed for FlexRay were presented at

Standardized software components will help in mastering the. software should be developed for FlexRay were presented at Embedded Software for FlexRay Systems Special aspects and benefits of implementing modularized software Standardized software components will help in mastering the growing complexity of the interplay of

More information

Deeply Embedded Real-Time Hypervisors for the Automotive Domain Dr. Gary Morgan, ETAS/ESC

Deeply Embedded Real-Time Hypervisors for the Automotive Domain Dr. Gary Morgan, ETAS/ESC Deeply Embedded Real-Time Hypervisors for the Automotive Domain Dr. Gary Morgan, ETAS/ESC 1 Public ETAS/ESC 2014-02-20 ETAS GmbH 2014. All rights reserved, also regarding any disposal, exploitation, reproduction,

More information

SECURE IMPLEMENTATIONS OF CONTENT PROTECTION (DRM) SCHEMES ON CONSUMER ELECTRONIC DEVICES

SECURE IMPLEMENTATIONS OF CONTENT PROTECTION (DRM) SCHEMES ON CONSUMER ELECTRONIC DEVICES SECURE IMPLEMENTATIONS OF CONTENT PROTECTION (DRM) SCHEMES ON CONSUMER ELECTRONIC DEVICES Contents Introduction... 3 DRM Threat Model... 3 DRM Flow... 4 DRM Assets... 5 Threat Model... 5 Protection of

More information

Secure Data Exchange Solution

Secure Data Exchange Solution Secure Data Exchange Solution I. CONTENTS I. CONTENTS... 1 II. INTRODUCTION... 2 OVERVIEW... 2 COPYRIGHTS AND TRADEMARKS... 2 III. SECURE DOCUMENT EXCHANGE SOLUTIONS... 3 INTRODUCTION... 3 Certificates

More information

Trusted Platforms for Homeland Security

Trusted Platforms for Homeland Security Trusted Platforms for Homeland Security By Kevin Schutz, Product Manager Secure Products Summary Ongoing threats from hackers, viruses, and worms continue to make security a top priority for IT and business

More information

Automotive Software Development Challenges Virtualisation and Embedded Security

Automotive Software Development Challenges Virtualisation and Embedded Security Automotive Software Development Challenges Virtualisation and Embedded Security 1 Public ETAS-PGA/PRM-E October 2014 ETAS GmbH 2014. All rights reserved, also regarding any disposal, exploitation, Automotive

More information

SPINS: Security Protocols for Sensor Networks

SPINS: Security Protocols for Sensor Networks SPINS: Security Protocols for Sensor Networks Adrian Perrig, Robert Szewczyk, J.D. Tygar, Victor Wen, and David Culler Department of Electrical Engineering & Computer Sciences, University of California

More information

Hardware Virtualization for Pre-Silicon Software Development in Automotive Electronics

Hardware Virtualization for Pre-Silicon Software Development in Automotive Electronics Hardware Virtualization for Pre-Silicon Software Development in Automotive Electronics Frank Schirrmeister, Filip Thoen fschirr@synopsys.com Synopsys, Inc. Market Trends & Challenges Growing electronics

More information

AUTOSAR Software Architecture

AUTOSAR Software Architecture AUTOSAR Software Architecture Robert Warschofsky Hasso-Plattner-Institute für Softwaresystemtechnik Abstract. AUTOSAR supports the re-use of software and hardware components of automotive electronic systems.

More information

Smart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi

Smart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi Smart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi Purpose This paper is intended to describe the benefits of smart card implementation and it combination with Public

More information

CRYPTOGRAPHY AS A SERVICE

CRYPTOGRAPHY AS A SERVICE CRYPTOGRAPHY AS A SERVICE Peter Robinson RSA, The Security Division of EMC Session ID: ADS R01 Session Classification: Advanced Introduction Deploying cryptographic keys to end points such as smart phones,

More information

How to Secure Infrastructure Clouds with Trusted Computing Technologies

How to Secure Infrastructure Clouds with Trusted Computing Technologies How to Secure Infrastructure Clouds with Trusted Computing Technologies Nicolae Paladi Swedish Institute of Computer Science 2 Contents 1. Infrastructure-as-a-Service 2. Security challenges of IaaS 3.

More information

Trustworthy Computing

Trustworthy Computing Stefan Thom Senior Software Development Engineer and Security Architect for IEB, Microsoft Rob Spiger, Senior Security Strategist Trustworthy Computing Agenda Windows 8 TPM Scenarios Hardware Choices with

More information

Secure Embedded Systems eine Voraussetzung für Cyber Physical Systems und das Internet der Dinge

Secure Embedded Systems eine Voraussetzung für Cyber Physical Systems und das Internet der Dinge Secure Embedded Systems eine Voraussetzung für Cyber Physical Systems und das Internet der Dinge Mitgliederversammlung EIKON e.v. 26. Februar 2014 Prof. Dr.-Ing. Georg Sigl Lehrstuhl für Sicherheit in

More information

Customer Experience. Silicon. Support & Professional Eng. Services. Freescale Provided SW & Solutions

Customer Experience. Silicon. Support & Professional Eng. Services. Freescale Provided SW & Solutions September 2013 Silicon Support & Professional Eng. Services Customer Experience Freescale Provided SW & Solutions Provide Valued Software, Support & Professional Engineering Services, Competitively 2 Customer

More information

Digital Rights Management Demonstrator

Digital Rights Management Demonstrator Digital Rights Management Demonstrator Requirements, Analysis, and Design Authors: Andre Osterhues, Marko Wolf Institute: Ruhr-University Bochum Date: March 2, 2007 Abstract: This document describes a

More information

W ith an estimated 14 billion devices connected to

W ith an estimated 14 billion devices connected to Renesas Synergy Security Portfolio Delivers Comprehensive Protection from Industrial and IoT Threats Advanced capabilities give developers tools to counter attacks W ith an estimated 14 billion devices

More information

Certification Report

Certification Report Certification Report EAL 4+ Evaluation of ncipher nshield Family of Hardware Security Modules Firmware Version 2.33.60 Issued by: Communications Security Establishment Canada Certification Body Canadian

More information

A Virtualized Linux Integrity Subsystem for Trusted Cloud Computing

A Virtualized Linux Integrity Subsystem for Trusted Cloud Computing A Virtualized Linux Integrity Subsystem for Trusted Cloud Computing Stefan Berger Joint work with: Kenneth Goldman, Dimitrios Pendarakis, David Safford, Mimi Zohar IBM T.J. Watson Research Center 09/21/2011

More information

Key & Data Storage on Mobile Devices

Key & Data Storage on Mobile Devices Key & Data Storage on Mobile Devices Advanced Computer Networks 2015/2016 Johannes Feichtner johannes.feichtner@iaik.tugraz.at Outline Why is this topic so delicate? Keys & Key Management High-Level Cryptography

More information

Hi and welcome to the Microsoft Virtual Academy and

Hi and welcome to the Microsoft Virtual Academy and Hi and welcome to the Microsoft Virtual Academy and 2012 Microsoft Corporation 1 the start of the Windows 8 Security Insights training. My name is Milad Aslaner I m part of the Premier Field Engineering

More information

Lecture Embedded System Security Dynamic Root of Trust and Trusted Execution

Lecture Embedded System Security Dynamic Root of Trust and Trusted Execution 1 Lecture Embedded System Security Dynamic Root of Trust and Execution Prof. Dr.-Ing. Ahmad-Reza Sadeghi System Security Lab Technische Universität Darmstadt (CASED) Germany Summer Term 2014 Dynamic Root

More information

How to Drop your Anchor

How to Drop your Anchor How to Drop your Anchor Enabling Trust in Cloud-Based Services Andreas Curiger CTO Securosys SA DIGS DC Day, Sep 16, 2015 10:30-10:55 The Promising World of Cloud Computing Cloud computing offers network

More information

Trusted Platform Module

Trusted Platform Module Trusted Platform Module TPM Fundamental APTISS, August 2008 Raymond Ng Infineon Technologies Asia Pacific Pte Ltd Raymond.ng@infineon.com TPM Fundamental Introduction to TPM Functional Component of TPM

More information

Recipe for Mobile Data Security: TPM, Bitlocker, Windows Vista and Active Directory

Recipe for Mobile Data Security: TPM, Bitlocker, Windows Vista and Active Directory Recipe for Mobile Data Security: TPM, Bitlocker, Windows Vista and Active Directory Tom Olzak October 2007 If your business is like mine, laptops regularly disappear. Until recently, centrally managed

More information

Certification Report. NXP Secure Smart Card Controller P40C012/040/072 VD

Certification Report. NXP Secure Smart Card Controller P40C012/040/072 VD TÜV Rheinland Nederland B.V. Version 20101101 Certification Report NXP Secure Smart Card Controller P40C012/040/072 VD Sponsor and developer: NXP Semiconductors Germany GmbH, Business Unit Identification

More information

15 th TF-Mobility Meeting Sensor Networks. Torsten Braun Universität Bern braun@iam.unibe.ch www.iam.unibe.ch/~rvs

15 th TF-Mobility Meeting Sensor Networks. Torsten Braun Universität Bern braun@iam.unibe.ch www.iam.unibe.ch/~rvs 15 th TF-Mobility Meeting Sensor Networks Torsten Braun Universität Bern braun@iam.unibe.ch www.iam.unibe.ch/~rvs Overview 2 Ubiquitous Computing > Vision defined by Mark Weiser in 1991 Seamless integration

More information

Northrop Grumman M5 Network Security SCS Linux Kernel Cryptographic Services. FIPS Security Policy Version 2.42. www.northropgrumman.

Northrop Grumman M5 Network Security SCS Linux Kernel Cryptographic Services. FIPS Security Policy Version 2.42. www.northropgrumman. Northrop Grumman M5 Network Security SCS Linux Kernel Cryptographic Services FIPS Security Policy Version 2.42 www.northropgrumman.com/m5/ SCS Linux Kernel Cryptographic Services Security Policy Version

More information

Windows Server 2008 R2 Boot Manager Security Policy For FIPS 140-2 Validation

Windows Server 2008 R2 Boot Manager Security Policy For FIPS 140-2 Validation Boot Manager Security Policy Windows Server 2008 R2 Boot Manager Security Policy For FIPS 140-2 Validation v 1.3 6/8/11 1 INTRODUCTION... 1 1.1 Cryptographic Boundary for BOOTMGR... 1 2 SECURITY POLICY...

More information

Index. BIOS rootkit, 119 Broad network access, 107

Index. BIOS rootkit, 119 Broad network access, 107 Index A Administrative components, 81, 83 Anti-malware, 125 ANY policy, 47 Asset tag, 114 Asymmetric encryption, 24 Attestation commercial market, 85 facts, 79 Intel TXT conceptual architecture, 85 models,

More information

Using AES 256 bit Encryption

Using AES 256 bit Encryption Using AES 256 bit Encryption April 16 2014 There are many questions on How To Support AES256 bit encryption in an Industrial, Medical or Military Computer System. Programmable Encryption for Solid State

More information

PrivyLink Cryptographic Key Server *

PrivyLink Cryptographic Key Server * WHITE PAPER PrivyLink Cryptographic Key * Tamper Resistant Protection of Key Information Assets for Preserving and Delivering End-to-End Trust and Values in e-businesses September 2003 E-commerce technology

More information

M2M For industrial and automotive

M2M For industrial and automotive M2M For industrial and automotive Content ST at a glance... 4 Where to find us... 5 The value chain... 5 Secure MCU... 6 Focus on ST33 secure microcontrollers... 6 M2M fields of application... 7 What is

More information

SecureDoc Disk Encryption Cryptographic Engine

SecureDoc Disk Encryption Cryptographic Engine SecureDoc Disk Encryption Cryptographic Engine FIPS 140-2 Non-Proprietary Security Policy Abstract: This document specifies Security Policy enforced by SecureDoc Cryptographic Engine compliant with the

More information

Chapter 3: Operating-System Structures. Common System Components

Chapter 3: Operating-System Structures. Common System Components Chapter 3: Operating-System Structures System Components Operating System Services System Calls System Programs System Structure Virtual Machines System Design and Implementation System Generation 3.1

More information

IoT Security Platform

IoT Security Platform IoT Security Platform 2 Introduction Wars begin when the costs of attack are low, the benefits for a victor are high, and there is an inability to enforce law. The same is true in cyberwars. Today there

More information

WebSphere DataPower Release 6.0.1 - FIPS 140-2 and NIST SP800-131a support.

WebSphere DataPower Release 6.0.1 - FIPS 140-2 and NIST SP800-131a support. WebSphere DataPower Release 6.0.1 - FIPS 140-2 and NIST SP800-131a support. 601DataPower_Security_NIST.ppt Page 1 of 17 This presentation discusses three new security features in the WebSphere DataPower

More information

Pulse Secure, LLC. January 9, 2015

Pulse Secure, LLC. January 9, 2015 Pulse Secure Network Connect Cryptographic Module Version 2.0 Non-Proprietary Security Policy Document Version 1.1 Pulse Secure, LLC. January 9, 2015 2015 by Pulse Secure, LLC. All rights reserved. May

More information

Cloud security architecture

Cloud security architecture ericsson White paper Uen 284 23-3244 January 2015 Cloud security architecture from process to deployment The Trust Engine concept and logical cloud security architecture presented in this paper provide

More information

OMAP platform security features

OMAP platform security features SWPT008 - July 2003 White Paper OMAP platform security features By Harini Sundaresan Applications Engineer, OMAP Security Texas Instruments, Wireless Terminal Business Unit This white paper introduces

More information

Enhancing Organizational Security Through the Use of Virtual Smart Cards

Enhancing Organizational Security Through the Use of Virtual Smart Cards Enhancing Organizational Security Through the Use of Virtual Smart Cards Today s organizations, both large and small, are faced with the challenging task of securing a seemingly borderless domain of company

More information

Lecture VII : Public Key Infrastructure (PKI)

Lecture VII : Public Key Infrastructure (PKI) Lecture VII : Public Key Infrastructure (PKI) Internet Security: Principles & Practices John K. Zao, PhD (Harvard) SMIEEE Computer Science Department, National Chiao Tung University 2 Problems with Public

More information

Cyber Security Practical considerations for implementing IEC 62351

Cyber Security Practical considerations for implementing IEC 62351 1. Introduction Cyber Security Practical considerations for implementing IEC 62351 Frank Hohlbaum, Markus Braendle, Fernando Alvarez ABB frank.hohlbaum@ch.abb.com Switzerland Two trends are currently changing

More information

KeyStone Architecture Security Accelerator (SA) User Guide

KeyStone Architecture Security Accelerator (SA) User Guide KeyStone Architecture Security Accelerator (SA) User Guide Literature Number: SPRUGY6B January 2013 Release History www.ti.com Release Date Description/Comments SPRUGY6B January 2013 Added addition engine

More information

SENSE Security overview 2014

SENSE Security overview 2014 SENSE Security overview 2014 Abstract... 3 Overview... 4 Installation... 6 Device Control... 7 Enrolment Process... 8 Authentication... 9 Network Protection... 12 Local Storage... 13 Conclusion... 15 2

More information

Secure Software Delivery and Installation in Embedded Systems

Secure Software Delivery and Installation in Embedded Systems Secure Software Delivery and Installation in Embedded Systems André Adelsbach, Ulrich Huber, Ahmad-Reza Sadeghi Horst-Görtz-Institute, Bochum, Germany ISPEC 2005 Presentation Singapore, April 13, 2005

More information

RF-Enabled Applications and Technology: Comparing and Contrasting RFID and RF-Enabled Smart Cards

RF-Enabled Applications and Technology: Comparing and Contrasting RFID and RF-Enabled Smart Cards RF-Enabled Applications and Technology: Comparing and Contrasting RFID and RF-Enabled Smart Cards January 2007 Developed by: Smart Card Alliance Identity Council RF-Enabled Applications and Technology:

More information

Chapter 3 Operating-System Structures

Chapter 3 Operating-System Structures Contents 1. Introduction 2. Computer-System Structures 3. Operating-System Structures 4. Processes 5. Threads 6. CPU Scheduling 7. Process Synchronization 8. Deadlocks 9. Memory Management 10. Virtual

More information

Strong authentication of GUI sessions over Dedicated Links. ipmg Workshop on Connectivity 25 May 2012

Strong authentication of GUI sessions over Dedicated Links. ipmg Workshop on Connectivity 25 May 2012 Strong authentication of GUI sessions over Dedicated Links ipmg Workshop on Connectivity 25 May 2012 Agenda Security requirements The T2S U2A 2 Factor Authentication solution Additional investigation Terminal

More information

High-Performance, Highly Secure Networking for Industrial and IoT Applications

High-Performance, Highly Secure Networking for Industrial and IoT Applications High-Performance, Highly Secure Networking for Industrial and IoT Applications Table of Contents 2 Introduction 2 Communication Accelerators 3 Enterprise Network Lineage Features 5 Example applications

More information

ST19NP18-TPM-I2C. Trusted Platform Module (TPM) with I²C Interface. Features

ST19NP18-TPM-I2C. Trusted Platform Module (TPM) with I²C Interface. Features Trusted Platform Module (TPM) with I²C Interface Data brief Features Single-chip Trusted Platform Module (TPM) Embedded TPM 1.2 firmware I²C communication interface (Slave mode) Architecture based on ST19N

More information

Secure Data Management in Trusted Computing

Secure Data Management in Trusted Computing 1 Secure Data Management in Trusted Computing Ulrich Kühn Deutsche Telekom Laboratories, TU Berlin Klaus Kursawe (KU Leuven) Stefan Lucks (U Mannheim) Ahmad-Reza Sadeghi (RU Bochum) Christian Stüble (RU

More information

A Cryptographically Secure On-chip Firewall for Memory Address Space Control

A Cryptographically Secure On-chip Firewall for Memory Address Space Control A Cryptographically Secure On-chip Firewall for Memory Address Space Control Roberto Rivoir Director of Security Development Rambus France IoT & Security Innovation Day Sophia Antipolis, France 26 November

More information

Description of the Technical Component:

Description of the Technical Component: Confirmation concerning Products for Qualified Electronic Signatures according to 15 Sec. 7 S. 1, 17 Sec. 4 German Electronic Signature Act 1 and 11 Sec. 2 and 15 German Electronic Signature Ordinance

More information

Security in Automotive Applications

Security in Automotive Applications Security in Automotive Applications Renesas Electronics America Inc. Renesas Technology & Solution Portfolio 2 Microcontroller and Microprocessor Line-up 2010 2013 32-bit 8/16-bit 1200 DMIPS, Superscalar

More information

IBM Crypto Server Management General Information Manual

IBM Crypto Server Management General Information Manual CSM-1000-0 IBM Crypto Server Management General Information Manual Notices The functions described in this document are IBM property, and can only be used, if they are a part of an agreement with IBM.

More information

ECU State Manager Module Development and Design for Automotive Platform Software Based on AUTOSAR 4.0

ECU State Manager Module Development and Design for Automotive Platform Software Based on AUTOSAR 4.0 ECU State Manager Module Development and Design for Automotive Platform Software Based on AUTOSAR 4.0 Dhanamjayan P.R. 1, Kuruvilla Jose 2, Manjusree S. 3 1 PG Scholar, Embedded Systems, 2 Specialist,

More information

Section 1 CREDIT UNION Member Information Security Due Diligence Questionnaire

Section 1 CREDIT UNION Member Information Security Due Diligence Questionnaire SAMPLE CREDIT UNION INFORMATION SECURITY DUE DILIGENCE QUESTIONNAIRE FOR POTENTIAL VENDORS Section 1 CREDIT UNION Member Information Security Due Diligence Questionnaire 1. Physical security o Where is

More information

Part I. Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai 2001. Siemens AG 2001, ICN M NT

Part I. Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai 2001. Siemens AG 2001, ICN M NT Part I Contents Part I Introduction to Information Security Definition of Crypto Cryptographic Objectives Security Threats and Attacks The process Security Security Services Cryptography Cryptography (code

More information

WIND RIVER SECURE ANDROID CAPABILITY

WIND RIVER SECURE ANDROID CAPABILITY WIND RIVER SECURE ANDROID CAPABILITY Cyber warfare has swiftly migrated from hacking into enterprise networks and the Internet to targeting, and being triggered from, mobile devices. With the recent explosion

More information

Accellion Secure File Transfer Cryptographic Module Security Policy Document Version 1.0. Accellion, Inc.

Accellion Secure File Transfer Cryptographic Module Security Policy Document Version 1.0. Accellion, Inc. Accellion Secure File Transfer Cryptographic Module Security Policy Document Version 1.0 Accellion, Inc. December 24, 2009 Copyright Accellion, Inc. 2009. May be reproduced only in its original entirety

More information

Application Note. Atmel CryptoAuthentication Product Uses. Atmel ATSHA204. Abstract. Overview

Application Note. Atmel CryptoAuthentication Product Uses. Atmel ATSHA204. Abstract. Overview Application Note Atmel CryptoAuthentication Product Uses Atmel Abstract Companies are continuously searching for ways to protect property using various security implementations; however, the cost of security

More information