IoT Security Platform

Transcription

1 IoT Security Platform

2 2 Introduction Wars begin when the costs of attack are low, the benefits for a victor are high, and there is an inability to enforce law. The same is true in cyberwars. Today there is an emerging opportunity for cyber hackers with the introduction of IoT (Internet of Things) devices. Devices that were once isolated and secure by default will be connected and communicating over the network. The addition of IoT devices weakens a once stable cyber system and exposes it to attacks. Explosive growth of IoT devices will expand a porous digital border that can be easily breached if not protected. Over the next five years, the number of connected devices is expected to at least double, with 75% of the growth coming from non-hub devices such as sensor nodes and accessories. This massive growth will create entirely new categories of products and services for devices, sensors, consumer products and vehicles, through the power of connection. These connections will drive innovation, but they will also expand the cyberattack space in ways never before experienced in the history of the computer industry. A new way of securing devices is required. To combat this expanding threat, Rubicon Labs has built an IoT Security Platform to enable ecosystems to drive IoT innovation with a scalable hardware security platform that manifests trust.

3 3 Rubicon Labs IoT Security Platform delivers advanced security with the following features: Minimal semiconductor footprint Low power consumption Hardware key protection Zero-knowledge keys Distributed device activation Zero-knowledge certificate authority Universal architecture Secure identity Signing Authentication Encryption Renewability Scalable security Powerful ecosystem

4 4 Technical Details Two IoT device types Rubicon Labs divides IoT devices into two categories: Simple and Complex. These two device types define the IoT classes that we support. Simple: These are state machine or microcontroller driven and designed for very small gate count and low-power environments. Typically, this is a fixed operation IoT core that supports secure identity and signing. Complex: Characterized by a CPU driven architecture that requires complex capabilities with significant local processing and functionality. These systems may run a mainstream Linux/ Unix-based OS, but will have a range of power consumption requirements. Complex IoT devices include industrial controllers, home gateways and vehicle subsystems.

5 5 20K Gates Minimal semiconductor footprint, low power consumption Rubicon Labs IoT Security Platform uses minimal hash and symmetric encryption semiconductor blocks to achieve and surpass the cryptographic strength of larger, far less efficient public key cryptography engines. For authentication in Simple IoT devices, the semiconductor IP core can be as small as 20K gates. For more Complex systems, Rubicon offers integration with a RISC based embedded CPU, allowing far greater capability with a footprint below 100K gates.

6 6 Hardware Key Protection (Root of Trust) Rubicon Labs has patented technology for making secrets and keys inaccessible in memory. The foundation of this innovation is a unique coupling of a keyed one-way hash function with a secure memory space. This coupling creates a vault that can be provisioned with a key whose value is never known by anyone or anything, but it is still usable by the device. This breakthrough in technology allows a device to construct zero-knowledge systems for digital identity and secure communication. Zero-knowledge proofs are among the most powerful tools cryptographers have ever devised. They are a mathematical means to prove an assertion without revealing any other information. The Rubicon IoT Security Platform enforces this paradigm. The only interaction that the CPU can have with the key is to write data to the input of the keyed hash function and then read the resulting output. Rubicon Labs technology and product implement secure secrets but also protect code that interacts with those secrets or a derivative of them. Security is anchored to a hardware root of trust, which establishes a tamper-resistant secure environment that begins when the first zero-knowledge proof is established, not when power is applied to the device. Thus, Rubicon devices do not have a secure boot requirement. The protection logic is contained within a Secure Mode Controller. This block is responsible for implementing the hardware root-of-trust that forms the core of the security system.

7 7 Zero-Knowledge Keys Each IoT device has a one-time programmable key burned into its silicon when it is fabricated. This key represents half of the dual 256 bit zero-knowledge hardware secret. Secure keys can be derived from this same structure, creating zero knowledge keys. The dynamic portion of the zero-knowledge key is provisioned by contacting a Rubicon Labs Distributed Device Activation Server. Once contacted, signed entropy is sent to the device and subsequently used for zero-knowledge key derivation. Once the secret is set the first time, the server-supplied entropy input may be saved along with its signature to a local persistent storage device. This allows the device to re-initialize the secret on subsequent power cycles without having to communicate again with the server.

8 8 Distributed device activation Device activation is designed for distributed cooperation with untrusted parties. This prevents any one party from having full control of device activation, and addresses any concerns with single points of compromise for cryptographic activation keys. Rubicon Labs patented distributed device activation is accomplished by building on zero-knowledge key derivatives, along with cryptographic key splitting. No single part of the activation key can be used without assembling it from multiple independently sourced parts. A policy can be defined to allow for a threshold of keys to be available (N of M in a set) before key reconstruction is mathematically possible. This allows a hardware vendor to have an untrusted relationship with a service provider, but still enable secure activation across multiple independent security boundaries.

9 9 Zero-knowledge certificate authority The device activation server can be leveraged as a powerful certificate authority. It brokers trust relationships between devices and has a foundation of zero-knowledge keys. This is a simplification to the key and identity-provisioning problem that has challenged vendors as networks have grown. Universal Architecture The Rubicon Labs technology is fully portable, and interoperable with any CPU architecture because it secures data, not addresses. The solution is built with NIST algorithms and does not require new CPU instructions or compilers. If an IoT device requires security, then this solution is designed to provide it. Secure Identity Once provisioned with a zero-knowledge key, we build secure identity on top of it. Identity verification and management can then be used for authentication, authorization and secure communication. Identity management is accomplished by brokering relationships through the Rubicon Labs IoT Device Server. The Device Server has the ability to recreate and use the zero-knowledge keys it has provisioned to the IoT devices. This service provides identity and trust to the network, and once trust has been brokered between two devices, independent and secure communication is unlocked and enabled.

10 10 Signing Signing is used when it is important to detect forgery or tampering of data. Digital signatures validate that a known Rubicon Labs IoT Device has created messages or data, and accomplished by using the keyed hash functionality in conjunction with a derivative of the zero-knowledge secret. The signing function can take an arbitrary amount of data and append a signed hash to the output. This data can be sent to another device, or to a Rubicon Labs Device Server for data aggregation or sensor analytics. Authentication When bi-directional identity is established between two devices, the receiver can authenticate signed data. Digital signatures assure the receiver that messages and data were not altered in transit, are bound to the sender, and the sender is prevented from denying the transmission. Authentication is simply signature validation using a key derived from a device s embedded zeroknowledge key. Encryption Data privacy is provided via encryption. Similar to signing and authentication, the zero-knowledge key is used as the foundation for establishing protection. Session keys are derived through an innovative key exchange that is brokered through the Rubicon Labs Device Server. Keyed hash functions are used with zeroknowledge keys to rapidly derive symmetric session keys for protecting communication.

11 11 Renewability Critical for breach recovery, Rubicon Labs unique and patented two-part hardware secret allows key revocation and renewal by re-writing the dynamic half of the secret, while allowing the permanent half of the secret to remain unchanged. Scalable security All IoT Security Platform cryptographic operations are based on symmetric key cryptography and one-way hash functions. This is fundamental to the low gate count achieved by the platform, and also allows for the security to scale. The solution is strong enough to protect high-value keys in the data center, but flexible enough that it can be deployed to the lowest-end sensors. It is a licensed solution that supports scaled pricing based on device and data value. Low power Rubicon Labs simple, efficient symmetric encryption and hash blocks save vast numbers of computational cycles, and power and energy compared with traditional computationally complex asymmetric cryptography. In comparison to handshakes setup with SSL using RSA 2048 keys, Rubicon Labs approach is roughly 3,000 times more computationally efficient. This has profound benefits for the increasingly crucial issue of energy consumption in IoT. Powerful ecosystem Rubicon is enabling an ecosystem by making its hardware architecture readily available to semiconductor device suppliers on a royalty-free basis. Rubicon Labs is committed to enabling the widest possible use cases for its IoT Security Platform. Device platforms will range from Simple embedded state machines to microcontrollers, to more Complex embedded processors. The Rubicon Labs Device Server can be hosted or colocated and will enable a secure network of Rubicon-compliant devices. This will provide a foundation of security for the Internet of Things to fulfill its promise of broad innovation while becoming part of the fabric of everyday life.