W ith an estimated 14 billion devices connected to

Similar documents
IoT Security Concerns and Renesas Synergy Solutions

SECURITY PRACTICES FOR ADVANCED METERING INFRASTRUCTURE Elif Üstündağ Soykan, Seda Demirağ Ersöz , ICSG 2014

Cisco Trust Anchor Technologies

What is Really Needed to Secure the Internet of Things?

90% of data breaches are caused by software vulnerabilities.

UNCLASSIFIED Version 1.0 May 2012

Mitigating Server Breaches with Secure Computation. Yehuda Lindell Bar-Ilan University and Dyadic Security

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

Developing Secure Software in the Age of Advanced Persistent Threats

Information Security Services

IoT Security Platform

Protecting Your Organisation from Targeted Cyber Intrusion

Application Security in the Software Development Lifecycle

SENSE Security overview 2014

The Panoptix Building Efficiency Solution: Ensuring a Secure Delivery of Building Efficiency

KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES.

Virtualization System Security

Where every interaction matters.

Chapter 6: Fundamental Cloud Security

SAFECode Security Development Lifecycle (SDL)

Security Goals Services

Post-Access Cyber Defense

Embedded Java & Secure Element for high security in IoT systems

Why should I care about PDF application security?

Industrial Security Solutions

Security Guide. BlackBerry Enterprise Service 12. for ios, Android, and Windows Phone. Version 12.0

2. From a control perspective, the PRIMARY objective of classifying information assets is to:

Building A Secure Microsoft Exchange Continuity Appliance

Using Remote Desktop Clients

SECURE IMPLEMENTATIONS OF CONTENT PROTECTION (DRM) SCHEMES ON CONSUMER ELECTRONIC DEVICES

Juniper Networks Secure

External Supplier Control Requirements

FINAL DoIT v.4 PAYMENT CARD INDUSTRY DATA SECURITY STANDARDS APPLICATION DEVELOPMENT AND MAINTENANCE PROCEDURES

Plain English Guide To Common Criteria Requirements In The. Field Device Protection Profile Version 0.75

Teradata and Protegrity High-Value Protection for High-Value Data

Beyond the Hype: Advanced Persistent Threats

Hardware Security Modules for Protecting Embedded Systems

CS 356 Lecture 25 and 26 Operating System Security. Spring 2013

Enhancing Organizational Security Through the Use of Virtual Smart Cards

Gerard Fianen. Copyright 2014 Cypherbridge Systems LLC Page 1

SECURITY IN THE INTERNET OF THINGS

BroadSAFE Enhanced IP Phone Networks

Telecom Testing and Security Certification. A.K.MITTAL DDG (TTSC) Department of Telecommunication Ministry of Communication & IT

That Point of Sale is a PoS

CycurHSM An Automotive-qualified Software Stack for Hardware Security Modules

CMSC 421, Operating Systems. Fall Security. URL: Dr. Kalpakis

EC Council Certified Ethical Hacker V8

WHITEPAPER. Smart Grid Security Myths vs. Reality

Hong Kong Information Security Outlook 2015 香 港 資 訊 保 安 展 望

Passing PCI Compliance How to Address the Application Security Mandates

Perspectives on Cybersecurity in Healthcare June 2015

AMI security considerations

PrivyLink Cryptographic Key Server *

Anti-exploit tools: The next wave of enterprise security

Dell Client BIOS: Signed Firmware Update

Threat Modeling. Frank Piessens ) KATHOLIEKE UNIVERSITEIT LEUVEN

WHITE PAPER AUGUST Preventing Security Breaches by Eliminating the Need to Transmit and Store Passwords

Course Content Summary ITN 261 Network Attacks, Computer Crime and Hacking (4 Credits)

IBM Managed Security Services Vulnerability Scanning:

Gold Lock Desktop White Paper

Hands on, field experiences with BYOD. BYOD Seminar

Taxonomic Modeling of Security Threats in Software Defined Networking

Data Protection: From PKI to Virtualization & Cloud

ICTN Enterprise Database Security Issues and Solutions

Security for Mac Computers in the Enterprise

Open Data Center Alliance Usage: Provider Assurance Rev. 1.1

On the features and challenges of security and privacy in distributed internet of things. C. Anurag Varma CpE /24/2016

A New Layer of Security to Protect Critical Infrastructure from Advanced Cyber Attacks. Alex Leemon, Sr. Manager

Our Key Security Features Are:

Comprehensive Security for Internet-of-Things Devices With ARM TrustZone

EC-Council. Certified Ethical Hacker. Program Brochure

Practical Threat Intelligence. with Bromium LAVA

Media Shuttle s Defense-in- Depth Security Strategy

BYOD Guidance: BlackBerry Secure Work Space

Network Security - ISA 656 Review

Security Principles. Related to. Handset Theft

Protecting against DoS/DDoS Attacks with FortiWeb Web Application Firewall

Network Security 101 Multiple Tactics for Multi-layered Security

CPSC 467: Cryptography and Computer Security

VASCO Data Security International, Inc. DIGIPASS GO-7. FIPS Non-Proprietary Cryptographic Module Security Policy

Is Drupal secure? A high-level perspective on web vulnerabilities, Drupal s solutions, and how to maintain site security

Data Security Concerns for the Electric Grid

CS5008: Internet Computing

Payment Card Industry (PCI) Terminal Software Security. Best Practices

Why self-signed certificates are much costlier and riskier than working with a trusted security vendor

White Paper How Noah Mobile uses Microsoft Azure Core Services

Security. CLOUD VIDEO CONFERENCING AND CALLING Whitepaper. October Page 1 of 9

IINS Implementing Cisco Network Security 3.0 (IINS)

Host Hardening. Presented by. Douglas Couch & Nathan Heck Security Analysts for ITaP 1

Windows Operating Systems. Basic Security

CPA SECURITY CHARACTERISTIC SECURE VOIP CLIENT

CHANCES AND RISKS FOR SECURITY IN MULTICORE PROCESSORS

MCTS Guide to Microsoft Windows 7. Chapter 7 Windows 7 Security Features

SecureCom Mobile s mission is to help people keep their private communication private.

12 Security Camera System Best Practices - Cyber Safe

Data Security using Encryption in SwiftStack

Cyber Security Risk Mitigation Checklist

Transcription:

Renesas Synergy Security Portfolio Delivers Comprehensive Protection from Industrial and IoT Threats Advanced capabilities give developers tools to counter attacks W ith an estimated 14 billion devices connected to the Internet today and an estimated 50 billion connected devices by 2020, the Internet of Things (IoT) offers a tremendous market opportunity. But it also presents a major security risk. Why? First and foremost, the vast majority of all connected devices in use today have inadequate security. A recent report from the Open Web Security Application Project (OWSAP) gives some insight into the scope of the problem.

According to the report: 60% of devices with user interfaces are vulnerable to issues such as weak credentials. 70% of devices use unencrypted network services 70% of devices, along with cloud and mobile applications, enable an attacker to identify valid user accounts through account enumeration 80% of all devices, along with cloud and mobile applications, fail to enforce a policy requiring passwords of sufficient length and complexity As more devices and systems connect to the network, the potential risk and implications of a security breach continue to climb. A Denial of Service (DoS) or Distributed Denial of Service (DDoS) attack on an industrial plant could result in a system overload, leading to the unavailability of important services and notifications at a critical time. For instance, an industrial cooling system that provides critical temperature notifications could be severely compromised if the notifications to system operator or commands from the operator are blocked due to DoS/DDoS attack(s) on the connected temperature monitoring and control system. Similarly, a DoS/ DDoS attack can interfere with road traffic control systems resulting in massive gridlock in the area it serves. From a national security perspective, the implications are even more frightening. The National Security Administration (NSA) admitted in 2014 that the US is in a de-facto state of cyber warfare and that hackers had already infiltrated systems in reconnaissance missions. Senior military officers reported that a number of countries now have the capability to shut down the US power and financial services industries. From an individual user s standpoint, consumers are becoming more vulnerable as they increasingly rely on connected devices. The use of connected healthcare devices such as baby monitors, glucose readers and pacemakers leaves the health and well-being of consumers exposed to malicious add-ons that could render those devices useless, or worse, administer incorrect doses of medication. As consumers increase the intelligence and interconnectivity of their homes, the risk of hackers stealing personal data increases exponentially. To get a sense of the scope of the problem, Renesas recently asked its customers what they see as the most dangerous threats in the IoT marketplace. They identified the following six types of threats: An untrusted contract manufacturer cloning software or firmware, or the security configuration of an MCU or product Hackers disrupting a product by replacing a genuine firmware during the installation phase with malware A hacker mounting an eavesdropping attack during firmware installation, especially if security parameters are exchanged in the clear Privacy threats created when system firmware is not physically protected and an attacker can then extract security parameters Attackers using an add-on program to damage or steal information Hackers taking advantage of a simple software update session to replace firmware with malware For the designers of the Renesas Synergy Platform, one thing was immediately clear. To ensure devices built around the Renesas Synergy Platform were truly safe and secure, they had to address all of these threats. They would need to build security features into the platform that would provide protection at each stage of the product lifecycle (safety-critical features and services are reviewed in another article). 2

To address potential threats in virtually any application, Renesas engineers developed an integrated hardware/software platform that offers an unprecedented lineup of security capabilities. Many of these new functions are implemented in hardware where they are less susceptible to attack. For example, when each MCU in the Renesas Synergy family is manufactured, it is assigned a unique 128-bit ID which can be used to generate keys to protect applications and assist provisioning. Providing a significant improvement over pseudo-random generators, the Renesas Synergy random number generator meets the latest NIST SP 800-90 specifications and is tightly integrated into the MCUs cryptographic accelerators and key generators. All MCUs in the Renesas Synergy product family, including the S1, S3, S5 and S7 Series controllers, feature accelerators for symmetric cryptography, HASH, a true random number generator and the ability to limit JTAG access. At the higher-performance end of the Renesas Synergy product line, the S7 and S5 Series add accelerators for asymmetric cryptography, asymmetric key generation and key secure storage. To ensure that certain areas of memory can be accessed only by those with the right privileges, Secure Memory Protection Units (MPUs) in the Renesas Synergy are used. The Renesas Synergy Platform plays a key role in ensuring the integrity and availability of systems. For example, the separation of stakeholders is crucial to the integrity of many connected systems. By separating session keys and user data from equipment data and allowing the system to create a separate sandbox for configuration data, the Secure MPU available on the Renesas Synergy MCUs, allows users to operate multiple stakeholders at the same time. Unique ID True Random Number Gen Crypto HASH Functions Symmetric Key Crypto Asynmetric Key Crypto Secure Key Storage Read-Out Protection Security Software Library Threat Product cloning Best Best Better Good Product disruption with malware injection during update Eaves-dropping during update Privacy threat by firmware/data exposure Add-on program to damage or steal Best Best Better Good Best Best Better Good Best Best Best Good Best Best Best Limited Renesas Synergy Security Protection Renesas Synergy Platform offers a broad range of security features. 3

Protection across the Product Lifecycle The risk of IP theft begins in the manufacturing phase as soon as the MCU leaves the hands of the design team. For example, imagine your design team is building a glucose reader. A less-than-honest contract manufacturer can reverse engineer a copyrighted algorithm to create counterfeit glucose reader MCUs to sell to competitors. This form product cloning threatens to undermine sales revenue. It can also damage the original manufacturer s reputation when lower quality devices hit the market and create support issues for partners who unknowingly purchased cloned parts. Enable a Certifiable Root of Trust Measures and verifies software boot chain Performs device authentication CPU CPU Flash Flash RAM RAM Secure Secure F/W F/W Secure Secure Data Data F/W F/W Data Data Secure Key Provisioning and Generation Keys can be provisioned prior to manufacturing in order to secure devices Generate keys via integrated Asymmetric Key Generation Unit Protects cryptographic keys MCU MCU To protect against this threat, the Renesas Synergy Platform integrates two innovative features into each MCU to help authenticate each device and minimize the threat of cloning. In the earliest stages of the manufacturing process, developers using the Renesas Synergy MCUs have the option of choosing Renesas or a third-party key injection service. Key injection essentially assigns a unique identifier or birth certificate to each MCU. Early key injection allows code to be locked to a device. From that point forward, a checksum of the code must achieve a known value to be accepted. The earlier MPU MPU Keys held in secured and isolated memory Access Mgmt Crypto Crypto module module Unique ID Unique ID Solution: Early and Secure IP Protection New features like key injection service and certifiable root of trust offer a solid defense against product cloning. 4

in the manufacturing process this unique identifier is assigned, the more difficult it is for anyone to steal the MCU s identity. Today, the Renesas Synergy S7 Series is one of a select few controllers offering key storage and generation on the MCU. The second feature on the Renesas Synergy Platform that addresses product cloning is a certifiable root of trust. The root of trust serves as the basic foundation for security upon which other security components are built. It includes the key components in an embedded system that the operating system must trust and must operate immediately out of reset, including secure firmware, data, access management, the cryptography module, and the device s unique ID. The root of trust serves three key functions. First, it must measure and verify the software boot chain. This requires that it exist separately and underneath any system boot chain. Second, the root of trust must protect the cryptographic keys. This means that the root keys must be provisioned early and securely. The Renesas Synergy Platform s early key injection, secure storage and limited JTAG access capabilities ensure it meets these requirements. Third, the root of trust must perform device authentication. The Synergy platform performs this task via asymmetric key generation, the using asymmetric crypto-accelerator, the true random number generator, and the symmetric crypto engine. Once an IoT device is deployed in the field, every remote patch, software update or lifecycle maintenance routine poses a potential threat. Each of these functions must be performed remotely and securely. To protect against malicious overwrites, the Renesas Synergy Platform offers an authenticated boot capability that places code and its key in a secured flash area in the MCU s on-chip memory. In the diagram below, the traditional MCU on the left has simply allocated the customer s authentication code to user flash. The code is therefore under the threat of being overwritten. The Renesas Synergy Platform s counter measure on the right side of the diagram makes it far more difficult to hack by restricting JTAG access and protecting the authentication code in a secured flash zone of the Memory Protection Unit. The rest of the user flash security load remains unchanged. In this example, the BLOB payload would still likely be an update. The signed HASH authenticates that the update comes from a trusted source and the expected size (HASH) to ensure nothing has been added. Renesas Synergy s authenticated boot feature can extend product life by ensuring a device continues to be protected in the event of a susceptibility. Once a susceptibility is identified, authenticated boot will only allow the correctly identified owner to perform device updates. It will only allow updates on signed and verified code from the server, and will inhibit roll-backs of software to previous versions. In a post-deployment environment, users of connected devices or systems are constantly facing hacking threats. Hackers breaching networked smart homes can steal private data and undermine the operational capability of equipment on the network. Similarly, hackers attacking smart factories can slow or halt production or create a catastrophic failure. 5

Renesas Synergy MCU USER FLASH BLOB Payload (User Application Code) Signed HASH User Application Malicious Code Customer Authentication Code Boot Firmware (Renesas) Secure Flash Programming Code Customer Key Authentication Code Placing authentication code and key in Secured Flash can provide better protection against malicious overwrites Renesas Synergy MCU USER FLASH BLOB Payload (User Application Code) SECURED FLASH AREA Boot Firmware (Renesas) Secure Flash Programming Code Signed HASH Customer Key Customer Authentication Code Authentication Code Subject to Change Solution: Authenticated Boot By placing authentication code and key in secured flash, Renesas Synergy s authenticated boot function extends product life. To protect against device hacking, the Renesas Synergy Platform adds three key security features: trusted libraries of code, sandboxing and the ThreadX RTOS. Trusted libraries of code avoid buffer overflow and code injection by constraining inputs and communication. For example, cryptography and secure boot components enable only a subset of inputs which helps create contagion control. Sandboxing is a feature which enables the Renesas Synergy Platform to maintain availability even while under attack. It allows the system to separate different aspects of the operating system and an application. Basically, it functions by using an integrated MPU to segregate the on-chip memory into areas only accessible by privileged applications and areas which are open to communication. This segmentation allows users to create supervisory and user modes and ensures that any problems in user mode do not reach supervisory mode. In addition, with sandboxing users can create areas of memory that are unreadable or unprintable. Once that division is set up, when an application goes out of bounds-as in a denial of service attack-the MCU will raise a flag in hardware to execute a handle to reset the system. That, in turn, will defend against the attack. Finally, the Renesas Synergy Platform s use of an industry-proven RTOS, Express Logic s ThreadX, offers significant security advantages. As an operating system that has been used for years by tens of thousands of users, ThreadX offers users the reassurance that it has been developed, checked and certified to meet robust security standards. 6

HOME MENU STORE VIDEO SELECT ITEM Protecting Firmware At the development and manufacturing stages of the product lifecycle, embedded systems are particularly vulnerable through their firmware. One of the primary advantages of a connected device is the ability to update the firmware remotely. But this capability also creates vulnerabilities. In a typical example, MCUs in a car assembly line programmed via firmware are injected with malware that undermines performance with potentially life-threatening consequences. The Renesas Synergy Platform protects against this type of attack with a five-step authenticated firmware management program. This process begins by verifying the digital certificate and identity of the firmware update service. The Renesas Synergy Platform authenticates its communication channel by using several technologies, including the unique ID, key secure storage, asymmetric cryptography, and asymmetric key generator. Next, to protect the Binary from tampering and interception during the download, Renesas Synergy uses a Transport Layer Security (TLS) connection which employs the True Random Number generator and the Secure Crypto Engine with HASH. Key to the Renesas Synergy Platform s ability to deliver high performance cryptography, the Secure Crypto Engine integrates a number of crucial functions, including a True Random Number Generator, a symmetric cryptography accelerator, asymmetric cryptography accelerator, HASH accelerator, stream cipher accelerator, and Secure Key Storage. Since the True Random Number Generator resides within the Secure Crypto Engine module close to the root of trust, is not software-enabled, and supports a smaller session key, it is less susceptible to attack. In step three the Renesas Synergy Platform verifies that the downloaded Binary is the same as the source Binary on the server by using its integrated HASH technology. Next, the Renesas Synergy Platform only programs the authenticated Binary using the Secure Crypto Engine. Finally, to protect the binary on Flash, the system creates a secured zone using the secure MPU and limited JTAG access. Servers 1. Authenticate Identity 2. Encrypt 4. Secure Flash Programming 3. Verify 38º 5. Secured Zone Solution: Authenticated Firmware Management Renesas Synergy Platform offers a broad range of security features. 7

Conclusion The industrial and IoT markets present security challenges that are unlike anything embedded developers have previously faced. From product cloning and eavesdropping attacks to add-on programs and firmware replacement, developers must contend with a new level of threats. The key to surviving in this market will be to invest in a product platform that delivers the tools developers need to protect their devices across the entire product lifecycle. By offering the industry s most comprehensive and robust set of security features in both hardware and software, the Renesas Synergy Platform delivers a sure path to long term product integrity. Renesas continues the development of the solutions you have just read about, making them available over time, and constantly adjusting them to meet the latest threats. Contents of this article are subject to change. Renesas Electronics America Inc. (REA). All rights reserved. All trademarks are the property of their respective owners. 8

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information