CryptoFirewall Technology Introduction



Similar documents
PUF Physical Unclonable Functions

MXMedia CipherStream. Preliminary Assessment. Copyright 2012 Farncombe 1.0. Author: T F

Side Channel Analysis and Embedded Systems Impact and Countermeasures

On Security Evaluation Testing

Embedded Java & Secure Element for high security in IoT systems

Reviving smart card analysis

Trusted Platforms for Homeland Security

IoT Security Platform

UNCLASSIFIED Version 1.0 May 2012

Securing Host Operations with a Dedicated Cryptographic IC - CryptoCompanion

CycurHSM An Automotive-qualified Software Stack for Hardware Security Modules

Secure Hardware PV018 Masaryk University Faculty of Informatics

M-Shield mobile security technology

Software Hardware Binding with Quiddikey

WHITE PAPER. FortiWeb and the OWASP Top 10 Mitigating the most dangerous application security threats

MovieLabs Specification for Enhanced Content Protection Version 1.0

Security in ST : From Company to Products

Cryptographic Rights Management of FPGA Intellectual Property Cores

SECURE IMPLEMENTATIONS OF CONTENT PROTECTION (DRM) SCHEMES ON CONSUMER ELECTRONIC DEVICES

PowerKey Conditional Access System Phase 1.0. System Overview. Revision 1.0

BroadSAFE Enhanced IP Phone Networks

ADVANCED IC REVERSE ENGINEERING TECHNIQUES: IN DEPTH ANALYSIS OF A MODERN SMART CARD. Olivier THOMAS Blackhat USA 2015

VASCO Data Security International, Inc. DIGIPASS GO-7. FIPS Non-Proprietary Cryptographic Module Security Policy

What is Really Needed to Secure the Internet of Things?

Arnab Roy Fujitsu Laboratories of America and CSA Big Data WG

Java Card. Smartcards. Demos. . p.1/30

Joint Interpretation Library

VICTORIA UNIVERSITY OF WELLINGTON Te Whare Wānanga o te Ūpoko o te Ika a Māui

SECURITY PRACTICES FOR ADVANCED METERING INFRASTRUCTURE Elif Üstündağ Soykan, Seda Demirağ Ersöz , ICSG 2014

Secure application programming in the presence of side channel attacks. Marc Witteman & Harko Robroch Riscure 04/09/08 Session Code: RR-203

05.0 Application Development

Cutting Edge Practices for Secure Software Engineering

Hardware Trojans Detection Methods Julien FRANCQ

Pervasive Computing und. Informationssicherheit

Payment Card Industry (PCI) Terminal Software Security. Best Practices

Plain English Guide To Common Criteria Requirements In The. Field Device Protection Profile Version 0.75

Where every interaction matters.

Full Drive Encryption Security Problem Definition - Encryption Engine

Enhancing Organizational Security Through the Use of Virtual Smart Cards

Using BroadSAFE TM Technology 07/18/05

Broadcasting encryption or systematic #FAIL? Phil

Hardware Security Modules for Protecting Embedded Systems

Information Supplement: Requirement 6.6 Code Reviews and Application Firewalls Clarified

Confidentio. Integrated security processing unit. Including key management module, encryption engine and random number generator

Vehicular On-board Security: EVITA Project

Top Ten Security and Privacy Challenges for Big Data and Smartgrids. Arnab Roy Fujitsu Laboratories of America

OMAP platform security features

Microsemi Security Center of Excellence

Horst Görtz Institute for IT-Security

Atmel s Self-Programming Flash Microcontrollers

SecureDoc Disk Encryption Cryptographic Engine

PrivyLink Cryptographic Key Server *

CHASE Survey on 6 Most Important Topics in Hardware Security

Application Intrusion Detection

90% of data breaches are caused by software vulnerabilities.

IoT Security Concerns and Renesas Synergy Solutions

Supporting Document Guidance. Security Architecture requirements (ADV_ARC) for smart cards and similar devices. April Version 2.

W ith an estimated 14 billion devices connected to

What is a Smart Card?

Local Heating Attacks on Flash Memory Devices. Dr Sergei Skorobogatov

SENSE Security overview 2014

Windows Embedded Security and Surveillance Solutions

How To Protect A Web Application From Attack From A Trusted Environment

PFP Technology White Paper

DIGITAL RIGHTS MANAGEMENT SYSTEM FOR MULTIMEDIA FILES

Introduction to Digital System Design

Frontiers in Cyber Security: Beyond the OS

Initial Roadmap: Point-to-Point Encryption Technology and PCI DSS Compliance

Digitale Signalverarbeitung mit FPGA (DSF) Soft Core Prozessor NIOS II Stand Mai Jens Onno Krah

White Paper 40-nm FPGAs and the Defense Electronic Design Organization

Alice. Software as a Service(SaaS) Delivery Platform. innovation is simplicity

Today. Important From Last Time. Old Joke. Computer Security. Embedded Security. Trusted Computing Base

FIPS Non Proprietary Security Policy: Kingston Technology DataTraveler DT4000 Series USB Flash Drive

ST19NP18-TPM-I2C. Trusted Platform Module (TPM) with I²C Interface. Features

Digital Video Broadcasting Conditional Access Architecture

W.A.R.N. Passive Biometric ID Card Solution

MANAGED FILE TRANSFER: 10 STEPS TO SOX COMPLIANCE

NVM memory: A Critical Design Consideration for IoT Applications

CMSC 421, Operating Systems. Fall Security. URL: Dr. Kalpakis

Wireless Microcontrollers for Environment Management, Asset Tracking and Consumer. October 2009

Key Management Interoperability Protocol (KMIP)

Module 1: Facilitated e-learning

Security IC Platform Protection Profile

Secure Network Communications FIPS Non Proprietary Security Policy

Juniper Networks Secure

SAST, DAST and Vulnerability Assessments, = 4

CHANCES AND RISKS FOR SECURITY IN MULTICORE PROCESSORS

Keyscan Hosted Services A C e n t r a l l y M a n a g e d A c c e s s C o n t r o l S o l u t i o n

Relay Attacks on Passive Keyless Entry and Start Systems in Modern Cars

Card Management System Integration Made Easy: Tools for Enrollment and Management of Certificates. September 2006

CONNECT PROTECT SECURE. Communication, Networking and Security Solutions for Defense

Best Practises for LabVIEW FPGA Design Flow. uk.ni.com ireland.ni.com

Adaptive Bitrate Multicast: Enabling the Delivery of Live Video Streams Via Satellite. We Deliver the Future of Television

Database Security. The Need for Database Security

---Information Technology (IT) Specialist (GS-2210) IT Security Competency Model---

Virtual KNX/EIB devices in IP networks

Transcription:

CryptoFirewall Technology Introduction Cryptography Research, Inc. www.cryptography.com 575 Market St., 21 st Floor, San Francisco, CA 94105 1998-2007 Cryptography Research, Inc. Protected under issued and/or pending US and/or international patents. All trademarks are the property of their respective owners. The information contained in this presentation is provided for illustrative purposes only, and is provided without any guarantee or warranty whatsoever, and does not necessarily represent official opinions of CRI or its partners. Unauthorized copying, use or redistribution is prohibited. S p e c i a l i s t s i n S o l v i n g C o m p l e x D a t a S e c u r i t y P r o b l e m s 1 About Cryptography Research, Inc. Founded in 1995 Provide security technology and services to companies that build and use security products Seek to anticipate long-term trends and develop must have solutions to complex problems Products designed by CRI engineers secure over $100 billion annually Our focus is solving complex fraud and digital piracy problems S p e c i a l i s t s i n S o l v i n g C o m p l e x D a t a S e c u r i t y P r o b l e m s 2 1

Our business Technology Licensing DPA: Hardware tamper resistance CryptoFirewall: Protecting Pay-TV signals (satellite, cable) and other tamper-resistance applications SPDC/BD+: Renewable security platform for digital content Services Product/technology evaluation Security design assistance Education Primary Industries Served Financial Services Pay Television Wireless/Telecom Internet PC hardware/software Smart Card Entertainment S p e c i a l i s t s i n S o l v i n g C o m p l e x D a t a S e c u r i t y P r o b l e m s 3 CryptoFirewall Overview S p e c i a l i s t s i n S o l v i n g C o m p l e x D a t a S e c u r i t y P r o b l e m s 4 2

The tamper resistance problem Effective hardware security difficult in high-risk environments Applications: Anti-piracy/pay TV, printer consumables, value transfer Determined adversaries willing to reinvest profits from past attacks Business models depend on robust hardware Hardware replacements are expensive or impossible Adversaries have physical possession of security device If security fails, attackers can reverse engineer, emulate, clone system A hard problem: Many past tamper resistant designs have failed Bug exploitation (buffer overflow, protocol failure ) Non-invasive attacks (timing, power analysis, glitching/fault induction ) Invasive attacks (decap and reverse engineering, die extraction ) Academic papers about security hardware (smart cards, TPMs, etc.) are published in the proceedings of the Cryptographic Hardware and Embedded Systems (CHES) conference. S p e c i a l i s t s i n S o l v i n g C o m p l e x D a t a S e c u r i t y P r o b l e m s 5 CryptoFirewall overview A HW core that ensures cryptographic security and tamper resistance. Technology objectives Robust enforcement of critical policies Complement existing security systems & design processes High assurance, designed for open review Design team Leader in tamper resistance technology & research Cryptography, design assurance, system robustness Field proven >50M fielded devices, piracy eliminated in deployments S p e c i a l i s t s i n S o l v i n g C o m p l e x D a t a S e c u r i t y P r o b l e m s 6 3

Traditional hardware security architecture I/O Interface Microprocessor Registers Bus Flash/ EEPROM ROM RAM Attack Detectors / Countermeasures Each major element is a single point of failure S p e c i a l i s t s i n S o l v i n g C o m p l e x D a t a S e c u r i t y P r o b l e m s 7 CryptoFirewall enabled architecture CryptoFirewall OTP/EE I/O Interface Microprocessor Registers Bus Flash/ EEPROM ROM RAM Attack Detectors / Countermeasures The CF is an on-chip peripheral that independently enforces security policies. S p e c i a l i s t s i n S o l v i n g C o m p l e x D a t a S e c u r i t y P r o b l e m s 8 4

Security & Compatibility Security core that does not rely on microprocessor Independent enforcement of security policies A layer of defense independent from the rest of the card No single point of failure: Piracy prevented if either standard CA elements or CryptoFirewall is intact CF ensures signal security even if other security components (e.g., set-top box, smart card, etc.) are compromised Emphasis on compatibility System architecture unchanged Pay TV: No change is required to set-top box architecture Support advanced STBs (control word encryption, DVR) Compatible with existing protocols Pay TV: Standard DVB stream (w/simulcrypt compatibility) Minimal head-end impact (none if inactive) S p e c i a l i s t s i n S o l v i n g C o m p l e x D a t a S e c u r i t y P r o b l e m s 9 CryptoFirewall Design Features S p e c i a l i s t s i n S o l v i n g C o m p l e x D a t a S e c u r i t y P r o b l e m s 10 5

Protocol architecture (Pay TV) Encrypted Key Store Trust Boundary Enc. RK Enc. CDK Device Keys + Masks Crypto [ RK ] Crypto [ OTP / EEPROM ] Personalize Untrusted System Control Word Contribution S p e c i a l i s t s i n S o l v i n g C o m p l e x D a t a S e c u r i t y P r o b l e m s 11 Key management: Rights keys (Pay TV) Access enforced by rights keys Encrypted Rights Keys (ERKs) packaged for group or individual devices Keys updated in broadcast, point-to-point, pre-stored E 2 Encrypted keys cached by (untrusted) µp Decrypted keys never leave core Crypto & ASIC prevent key tampering, cloning, cryptanalysis Low-security processes (encrypted key cache) in host µp Real-time key selection via ECM Channel & program-level control Group targeting Group 1 Group 2 Group n Individual targeting S p e c i a l i s t s i n S o l v i n g C o m p l e x D a t a S e c u r i t y P r o b l e m s 12 6

Key derivation based on user privileges Addressing modes enable efficient rights key distribution Sub-rights bitmaps enable efficient transmission of ERKs ~2 bits/device Other key attributes can be added Expiration date, usage condition Classification A Classification B.. Device ID 6154132 1 1 0 0 1 1 1 0 0 1 1 0 0... 1 1 1 0 0 0 1 1 1 0 1 1 1 1 0 0 0 0 0 1 6154133 1 1 0 0 0 0 1 0 1 1 1 0 0... 0 1 0 1 0 0 0 1 1 0 0 0 1 1 1 0 0 0 0 1 6154134 0 0 0 1 0 0 1 0 0 0 1 1 1... 0 1 0 0 1 0 1 1 1 0 1 1 0 1 0 1 0 1 1 1 6154135 0 1 0 0 0 0 0 1 1 0 0 1 1... 0 1 1 1 1 0 1 1 0 1 1 1 1 1 1 1 0 0 0 0 6154136 0 0 1 1 0 0 0 1 1 0 1 0 1... 0 0 1 0 0 0 1 1 1 1 1 1 1 1 1 0 1 0 1 0 128 Sub-channels Sub-rights Bitmap Program 1 Program 34 Program 48 Program 50 Binding of user permissions to cryptographic processing Derived keys are cryptographically bound to user permissions Key attributes cannot be altered without changing derived key Strong hardware enforcement (does not rely on software-controlled usage rules) S p e c i a l i s t s i n S o l v i n g C o m p l e x D a t a S e c u r i t y P r o b l e m s 13 Key management: Hardware keys Automated netlist generation Entropic array generator Uses cryptographically-strong seed value Leverages cell library features and layout constraints Achieves strong anti-reverse engineering properties Emulation infeasible even on workstation-class PC Works with fab-provided library, design flow Specialized / camouflage libraries supported (optional) Designed for open review... Gate configurations S p e c i a l i s t s i n S o l v i n g C o m p l e x D a t a S e c u r i t y P r o b l e m s 14 7

Resistance to fault injection Security boundary at edge of CF CF has independent, enforced HW state machine Where possible, external signals considered malicious CF translates/releases reset signals, etc. Manufacturing scan test circuitry not used External glitch/environmental sensors recommended but not relied upon Canaries used to detect CO gas in mines (Hollinger Mine, Ontario, 1928 ) Canary logic designed to fail first Critical path logic performs continual hash of control state Detects internal errors, provides independent control on system output S p e c i a l i s t s i n S o l v i n g C o m p l e x D a t a S e c u r i t y P r o b l e m s 15 High-assurance security High assurance design Open review encouraged Cryptographic design enables security reviews 3P review without exposing system secrets No single point of failure Critical functions perform under independent dual controls CryptoFirewall & CA system can each assume other is untrusted Aggressive feature and state management Minimize possibility of unintended functionality (design bugs) Clean design eases integration Extreme validation (10x) Custom CRI tools for extended system validation Predict, model, and anticipate internal faults Exceptional manufacturing test coverage (>99% w/o scan) S p e c i a l i s t s i n S o l v i n g C o m p l e x D a t a S e c u r i t y P r o b l e m s 16 8

Emphasis on tamper resistance Information leakage: SPA / DPA / Timing Glitching: Error handling and response Protocol attacks: Rigid command set Invasive attacks / Reverse engineering: Entropic netlist Emulation: Netlist design tools Software: µp assumed malicious Contact CRI for more information. S p e c i a l i s t s i n S o l v i n g C o m p l e x D a t a S e c u r i t y P r o b l e m s 17 CryptoFirewall Typical Deployment S p e c i a l i s t s i n S o l v i n g C o m p l e x D a t a S e c u r i t y P r o b l e m s 18 9

Typical CryptoFirewall Customer Has a major piracy / fraud exposure Sophisticated attackers Risks of protocol, non-invasive, and/or invasive attacks Revocation capability minimally effective Hardware deployment/upgrade planned in >12 months: security is critical CF purchased to extend life of new security hardware CRI manages CryptoFirewall deployment process Provides everything needed (specs, netlists, tools, IP licenses ) Helps CA vendor integrate with firmware & protocols Supports semiconductor fab with netlist integration, testing Provides security validation & support Deployment occurs with next-generation hardware If swapout, migrate high-risk subs first Results: Successful deployments & zero security problems Customer references available S p e c i a l i s t s i n S o l v i n g C o m p l e x D a t a S e c u r i t y P r o b l e m s 19 Technology licensing The CryptoFirewall architecture is protected under U.S. patents and international patents including: * 6,289,455 ( Method and apparatus for preventing piracy of digital content ) 6,640,305 ( Digital content protection method and apparatus ) 20040111631 ( Using smartcards or other cryptographic modules for enabling connected devices to access encrypted audio and visual content ) A license under the CRI DPA/tamper resistance patent portfolio is also included Selected Patents Patent 6,278,783: DES and Other Cryptographic Processes with Leak Minimization for Smartcards and Other Cryptosystems Patent 6,298,442: Secure Modular Exponentiation with Leak Minimization in Smartcards and Other Cryptosystems Patent 6,304,658: Leak Resistant Cryptographic Method and Apparatus Patent 6,327,661: Using Unpredictable Information to Minimize Leakage from Smartcards and other Cryptosystems Patent 6,381,699: Leak Resistant Cryptographic Method and Apparatus Patent 6,510,518: Balanced Cryptographic Computational Methods and Apparatus for Leak Minimization in Smartcards and other Cryptosystems Patent 6,539,092: Leak Resistant Cryptographic Indexed Key Update Patent 6,654,884: Hardware-Level Mitigation and DPA Countermeasures for Cryptographic Devices * Additional U.S. and international patents issued + pending S p e c i a l i s t s i n S o l v i n g C o m p l e x D a t a S e c u r i t y P r o b l e m s 20 10

CryptoFirewall Summary Highest possible security with standard silicon processes Enforcement of critical security policies Comprehensive integrated countermeasures Ensures security independently from the rest of the chip Design process minimizes deployment risk Includes high level of security validation & manufacturing assurance Robust, well-defined security boundary Experienced team with proven record of on-time delivery Cost-effective way to dramatically increase hardware security lifespan Extremely strong tamper hardware resistance Customized for pay TV & other applications Proven solution S p e c i a l i s t s i n S o l v i n g C o m p l e x D a t a S e c u r i t y P r o b l e m s 21 For More Information Licensing Kit Rodgers kit@cryptography.com Tel: 415-957-2601 Technology and Services Benjamin Jun ben@cryptography.com Tel: 415.397.0123 S p e c i a l i s t s i n S o l v i n g C o m p l e x D a t a S e c u r i t y P r o b l e m s 22 11

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information