A Cryptographically Secure On-chip Firewall for Memory Address Space Control

Similar documents
The Internet of Things: Opportunities & Challenges

Embedded Java & Secure Element for high security in IoT systems

DesignWare IP for IoT SoC Designs

NVM memory: A Critical Design Consideration for IoT Applications

Secure Containers. Jan Imagination Technologies HGI Dec, 2014 p1

15 th TF-Mobility Meeting Sensor Networks. Torsten Braun Universität Bern

Wireless Sensor Network Security. Seth A. Hellbusch CMPE 257

What is Really Needed to Secure the Internet of Things?

Internet of Things. Opportunities for device differentiation

ZigBee Technology Overview

CycurHSM An Automotive-qualified Software Stack for Hardware Security Modules

Demystifying Wireless for Real-World Measurement Applications

CHANCES AND RISKS FOR SECURITY IN MULTICORE PROCESSORS

IT Networking and Security

Internet of Things (IoT): Security Awareness. Sandra Liepkalns, CRISC

MEPTEC. Ecosystem for MCU, Sensors and MEMS for IoT Tony Massimini Chief of Technology Semico Research Corp. May 20, 2015

CONNECT PROTECT SECURE. Communication, Networking and Security Solutions for Defense

From Bus and Crossbar to Network-On-Chip. Arteris S.A.

The Impact of IoT on Semiconductor Companies

Protocol Security Where?

Security in ST : From Company to Products

Optimizing Configuration and Application Mapping for MPSoC Architectures

SECURE IMPLEMENTATIONS OF CONTENT PROTECTION (DRM) SCHEMES ON CONSUMER ELECTRONIC DEVICES

Security Frameworks. An Enterprise Approach to Security. Robert Belka Frazier, CISSP

Understand Electronic-Meter Design to Better Craft Intelligent and Secure Systems

12/3/08. Security in Wireless LANs and Mobile Networks. Wireless Magnifies Exposure Vulnerability. Mobility Makes it Difficult to Establish Trust

Mobile and Embedded/IoT market Overview and Trends. June 2014

S E P T E M B E R

Internet of things (IOT) applications covering industrial domain. Dev Bhattacharya

Contactless Smart Cards vs. EPC Gen 2 RFID Tags: Frequently Asked Questions. July, Developed by: Smart Card Alliance Identity Council

End-to-End Security in Wireless Sensor Networks (WSNs) Talk by Claudio Anliker Supervised by Dr. Corinna Schmitt University of Zurich

IPv6 Based Sensor Home Networking

M-Shield mobile security technology

Side Channel Analysis and Embedded Systems Impact and Countermeasures

An Overview of ZigBee Networks

Wireless Microcontrollers for Environment Management, Asset Tracking and Consumer. October 2009

NanopowerCommunications: Enabling the Internet of Things OBJECTS TALK

Lecture Objectives. Lecture 8 Mobile Networks: Security in Wireless LANs and Mobile Networks. Agenda. References

PUF Physical Unclonable Functions

Network Security 網 路 安 全. Lecture 1 February 20, 2012 洪 國 寶

Mobile and Sensor Systems

Chapter 1: Introduction

W ith an estimated 14 billion devices connected to

Chapter 8 Security. IC322 Fall Computer Networking: A Top Down Approach. 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012

920MHz Band Multi-hop Wireless Network System

7a. System-on-chip design and prototyping platforms

Connecting IPv6 capable Bluetooth Low Energy sensors with the Internet of Things

Credential Management for Cloud Computing

RIOT CONTROL The Art of Managing Risk for Internet of Things

Problems of Security in Ad Hoc Sensor Network

A Transport Protocol for Multimedia Wireless Sensor Networks

In the pursuit of becoming smart

CS 665: Computer System Security. Network Security. Usage environment. Sources of vulnerabilities. Information Assurance Module

Building A Secure Microsoft Exchange Continuity Appliance

Security for Ubiquitous and Adhoc Networks

Security Issues with Integrated Smart Buildings

RF-Enabled Applications and Technology: Comparing and Contrasting RFID and RF-Enabled Smart Cards

Data Management in Sensor Networks

Triathlon of Lightweight Block Ciphers for the Internet of Things

Networked Embedded Systems: Design Challenges

Overview of the Internet of Things {adapted based on Things in 2020 Roadmap for the Future by EU INFSO D.4 NETWORKED ENTERPRISE & RFID}

Distributed Systems. Security concepts; Cryptographic algorithms; Digital signatures; Authentication; Secure Sockets

M-Shield Mobile Security Technology: making wireless secure

Recommended Wireless Local Area Network Architecture

What is a Smart Card?

IoT Conference Call December 18, :30 GMT

SoC: Security-on-chip!

Use of the ZENA MiWi and P2P Packet Sniffer

A Model-based Methodology for Developing Secure VoIP Systems

IoT Security Concerns and Renesas Synergy Solutions

OMAP platform security features

What is Web Security? Motivation

CS5490/6490: Network Security- Lecture Notes - November 9 th 2015

On-Chip Communications Network Report

Home Automation and Cybercrime

Industrial Networks & Databases

1. Fault Attacks for Virtual Machines in Embedded Platforms. Supervisor: Dr Konstantinos Markantonakis,

CS 4803 Computer and Network Security

IMPROVISED SECURITY PROTOCOL USING NEAR FIELD COMMUNICATION IN SMART CARDS

WiSER: Dynamic Spectrum Access Platform and Infrastructure

Overview of the Internet of things

IT Networking and Security

A-307. Mobile Data Terminal. Android OS Platform Datasheet

Trusted Platforms for Homeland Security

MXMedia CipherStream. Preliminary Assessment. Copyright 2012 Farncombe 1.0. Author: T F

IoT: New Opportunities for Semiconductor Industry Growth. Andrew C. Russell Vice President Marketing Greater China

Making Sense of Internet of Things Protocols and Implementations

Technical Article. NFiC: a new, economical way to make a device NFC-compliant. Prashant Dekate

Optimizing Networks for NASPI

Client Server Registration Protocol

IPsec Details 1 / 43. IPsec Details

Internet of Things (IoT): A vision, architectural elements, and future directions

Reducing Configuration Complexity with Next Gen IoT Networks

Network Security Administrator

Introduction Chapter 1. Uses of Computer Networks

Development of a wireless home anti theft asset management system. Project Proposal. P.D. Ehlers Study leader: Mr. D.V.

Atmel Crypto Elements Atmel Corporation

Current and Future Trends in Hybrid Cellular and Sensor Networks

Pervasive Computing und. Informationssicherheit

RSA SecurID Ready Implementation Guide

Transcription:

A Cryptographically Secure On-chip Firewall for Memory Address Space Control Roberto Rivoir Director of Security Development Rambus France IoT & Security Innovation Day Sophia Antipolis, France 26 November 2015

Outline IoTs, Smart Connected Objects vs. Security Threats Systems-On-Chip, Networks-On-Chip and HW Security Challenges for IoTs A Cryptographically Secure On-Chip Firewall for Memory Address Space Control Embedded Security Platforms for IoTs Conclusions and Challenges 2

IoTs, Smart Connected Objects vs. Security Threats Next-Gen Smart Connected Objects Different devices: - Interconnected objects, IoT - Wireless Sensor Networks - Smart Micro-Systems - M2M - Paradigms: Smart Intercommunicating Everything, from Smartdust to Big Data Smart: sensing, actuating, processing, storing data Autonomous: energy harvesting, inductive coupling, wireless charging, vibrational, thermo-electric, PVT Ubiquitous, Multi-mode Connectivity Technologies: - Cellular (for M2M) - Wireless LAN (Wi-Fi) - Wireless PAN (BT) - Wireless BAN (BT LE) - Contactless (NFC) - Contact, Human Body Communications (HBC) 3 4 2014 Rambus Inc. Confidential Security Threats are Softw are Firmw Apple ts OS Hardware IC Software Attacks: - Most common and easy ones to implement - Low-cost attacks - Aiming at memory data theft or device malfunctioning - High impact on volume of attacked devices - Powerful SW attacks may penetrate deeper layers of embedded systems BUT ALSO Hardware Attacks - Tampering HW, ex.: Applications: e-health, telemedicine, rehabilitation, assisted living, energy meters, cameras for sport & fitness, well-being, food & beverage, environment, industrial control, surveillance, implantedrobotics, smart grid, energy metering, civil engineering, smart buildings & city, wearable devices, etc. home appliance, automotive & avionics, video-surveillance, harsh environment, - Very high potential impact oil-gas pipelines, safety plants, homeland security, military, defense and consequences on safety, security, privacy, health, financial damages, etc.

Systems-On-Chip, Networks-On-Chip and HW Security Challenges for IoTs

IoT and SoC Interconnect/Security Challenges Energy Harvesting RF RX/TX, freq. conversion Power Management Mod/demod, Scrambling, coding RF, Analog Digital HBC Actuators RF/ Radio Channel Clock System Base-Band Processing Need to connect trust multi-vendor IPs target initiator Need to implement security mechanisms (i.e. access credentials between IPs communications) RAM target NVM Too many different buses ( spaghetti ) ROM MCU Core Sensors Drivers Amplifiers (D/A) SI Sensor Interfaces (A/D) DSP Noise shaping, filtering Intelligent Data Processing initiator Data fusion, auto-learning, Interconnects between IPs increasing in quantity/density create issues in physical design / P&R 5

Networks-On-Chip (NoCs) CPU Secure CPU GPU Creating an interconnect infrastructure between different IPs Pack et- Switch N oc INI INI INI TNI TNI TNI RAM ROM Peripherals Initiators Network Interfaces P acket R outing Nodes P acket R outing Nodes Targets Network Interfaces Transport: network link, routing nodes Interface: Initiators Network Interfaces (INI), Target Network Interfaces (TNI) Protocol: packetization, serialization Each IP receives an ID but security mechanisms still missing 6

Adding Security on NoCs: HW Firewalls Pack et- Switch N oc 7 CPU Secure CPU GPU INI INI INI FW FW FW TNI TNI TNI RAM ROM Peripherals Initiators Network Interfaces P acket R outing Nodes F irewalls on R outing Nodes Targets Network Interfaces Protecting data or information that is private, secure or valuable and is available unencrypted: financial information, personal health, clinical data, How do HW firewalls work? - Embedded in NoCs interconnects - Partitioning Initiator and Target IPs in different security domains - On-the-fly re-programming access policy or hardcoded rules

Programming On-Chip HW Firewalls Initiator1 Initiator2 Initiator3 Initiator4 Programming Agent INI INI INI INI INI Programming Sequence (SW) TNI TNI TNI TNI Target1 Target2 Target3 Target4 8

Programming On-Chip HW Firewalls Initiator1 Initiator2 Initiator3 Initiator4 Programming Agent INI INI INI INI INI Programming Sequence (SW) TNI TNI TNI TNI Need of a Trusted Execution Environment (TEE) and Authentication Target1 Target2 Target3 Target4 9

Security Threats in NoCs & Attacks on Firewalls Traditional attacks on NoCs Hijacking: writing to restricted addresses of LUT to change system configuration Extraction of secret information: reading from secure addresses Denial of Service: reducing system throughput by Replying of forging request over the NoC Firewalls Attacks Request path (by glitching a packet header or impersonate an authorized initiator) Firewall reprogramming path (impersonating the reprogramming agent) Firewall state at rest (modifying previously stored data in registers/lut at rest) 10

A Cryptographically Secure On-chip Firewall for Memory Address Space Control

Cryptographically Secure HW Firewall for Memory Address Space Control HW / connectivity feature security feature Interconnect compatible with Network-On-Chips 2 to 16 initiators HMAC-SHA256 algorithm for programming authentication Cryptographically Secure HW Firewall Secure SW 1 to 15 targets Address space width from 12-bits (4kB) to 48-bits (256TB) HW/SW KMS HW or SW Key Management System Integrity checking of secret key and firewall regions Replay attacks prevention 12

Example of Embedded Security Platform for IoTs Energy Harvesting RF RX/TX, freq. conversion Power Management Mod/demod, Scrambling, coding RF, Analog Digital Security HBC Actuators Sensors RF/ Radio Channel Clock System Drivers Amplifiers (D/A) SI Sensor Interfaces (A/D) Base-Band Processing DSP Noise shaping, filtering Encrypt Block Chiper- Modes Decrypt RAM Intelligent Data Processing Data fusion, auto-learning, Security credentials monitoring NVM Security credentials monitoring ROM Cryptographi- Cally Firewall Secure HW Secured MCU Core KMS 13

Conclusion and Challenges Complete system level Software-Firmware-Hardware security solutions required for IoTs Highest level of embedded security in Hardware is crucial Specific security functionalities for IoTs such as cryptographically secure HW firewalls, authenticated encryption modes, TEE, KMS, etc. are necessary in the embedded security sub-system Challenge: how to fill the gap between security technology platforms, IoT devices and many verticals applications and services - 14

Thank you

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information