Microsemi Security Center of Excellence

Transcription

1 Microsemi Security Center of Excellence Sales and FAE Training August 24,

2 Outline What is the Security Center of Excellence (SCoE)? Overview of Microsemi s Security capabilities and expertise Threat driven risk assessment and protection design Red and blue team security evaluations Side-channel analysis and mitigation capabilities Security engineering capabilities with application examples 2

3 Security Center of Excellence Proactively addressing security issues across vertical markets Overview Experienced team of security and systems analysts, cryptography, hardware, and software engineers providing security services to solve customer security challenges. Services Risk Assessments: System vulnerability and threat modeling Protection Planning: Protection design using a threat driven approach Red and Blue Teaming: System security analysis white hat hacking Side-channel Analysis: Measurable and objective leakage analysis Security Engineering: Custom solution development and implementation Background Past customer engagements have been the most effective when they involve security services including protection designs or blue team activities 3

4 Capabilities Analysis and Design Overview Threat analysis Extensive knowledge of system attacks and means of preventing such Experience analyzing large systems as well as single board computers Identification of threats, mitigations and residual vulnerabilities Expertise with real-time embedded systems Various form factors and processors PowerPC, ARM, x86/x64, Microcontrollers Experience with a broad range of bus interfaces Serial, PCI-X, PCIe, AHB, AXI, RS-232/422, 1553 FPGA design security Productized through EnforcIT Inline memory encryption IP for ASIC and FPGA designs Secure Boot and execution of SoC FPGA environments Automated threat detection IP cores designed to be portable to ASIC Cyber Security Network system analysis 4

5 Capabilities Analysis and Design Overview Automated software analysis Expertise pulling apart binaries Productized in EnforcIT-S and CodeSEAL Analysis of code injection/modification vulnerabilities Data and control flow analysis Code insertion Software protection design and implementation Real-time operating system security Expertise with a wide range of operating systems Application level security EDA tools, oil exploration, defense applications Cryptography analysis and design Whitebox cipher analysis Key management and protocol analysis Side-channel analysis Protocol design and analysis Defense applications, financial industry, DRM Proprietary algorithm whitebox implementation 5

6 Threat Driven Protection Design A Systematic Approach Threat Driven Risk Assessments Analyze a customer s design to enumerate threats, their likelihood of occurrence, and their corresponding consequences Analyze the design from a system, hardware, and software perspective Requires customer trust: must convey that we will safeguard their information Protection Design Services Leverage system risk assessment to identify viable mitigations Continue applying mitigations until all residual vulnerabilities are at an acceptable risk 6

7 Threat Driven Security A Generic Example 7

8 Blue and Red Teaming Assessing System Vulnerabilities INPUTS OUTPUTS Customer Design Information Customer Implementation/Widget Security Engineers Blue Team collaborative Successful exploits Recommendations Threat Analysis Customer Implementation/Widget Security Engineers Red Team independent Successful exploits Recommendations 8

9 Blue and Red Teaming Examples Custom DoD systems Numerous military vehicles and aircraft analyses, designs, and protection implementations Reviewed and approved by DoD V&V team Industrial equipment Analyzed advanced sapphire furnace Identified security threats and mitigations to control system based on Siemens hardware Developed and implemented custom solution using protection and encryption tools Performed analysis and reverse engineering of proprietary DRM scheme Successfully extracted root DRM encryption key Developed a tool to remove DRM from protected IP FPGA EDA tool security assessment and attack Assessed the security of the EDA tool IP protection implementation Bypassed existing security measures to gauge level of attack effort Results used to improve the security of the tool Led to business with existing partner and created value for the customer Competed in capture the flag event for FPGAs Three independent teams prepared a protection Each protection was distributed to all teams Objective was to obtain an embedded secret message from the system Only team to successfully capture the flag 9

10 Side Channel Analysis ICs contain transistors, which consume electricity as they operate Total power consumption of an IC and its Electromagnetic (EM) emissions depends on the activity of its individual transistors Freescale MC908AZ60A password attack Plot courtesy of CRI Plot courtesy of Sergei Skorobogatov 10

11 Third Party DPA Independent Test Lab CRI representative DPA resistant Suite-B IP Cores DPA Workstation (DPAWS) sales Referral partner for DPA patent licensees Access to CRI patents DPA Workstation Extensible research platform Evaluates device resistance to side-channel attacks, including SPA, DPA, HO-DPA, and EMA Built from extensive DPA experience Microsemi is the only US-based, independent test lab for Differential Power Analysis 11

12 Value Proposition Security needs and threats are growing - Embedded systems, including IoT, are touching every part of our lives and infrastructure Aircraft, autos, defense systems, medical devices, and even thermostats are vulnerable Most comprehensive security portfolio Secure FPGA/SoC s, Secure Crypto IP, Authentication, Data at Rest solutions, Software Security, Secure time and positioning solutions with the industry's most secure supply chain Strong technical team with unmatched problem solving skills and system architecture expertise. Strong capability to develop highly differentiated solutions built on hardware, firmware, software, and cryptography technologies Embedded System Security From Silicon to Software 12

13 Questions? 13

14 Security Solutions