Hardware Security Modules for Protecting Embedded Systems

Similar documents
Vehicular Security Hardware The Security for Vehicular Security Mechanisms

CycurHSM An Automotive-qualified Software Stack for Hardware Security Modules

Embedded Security for Modern Building Automation Systems

Secure Key Management A Key Feature for Modern Vehicle Electronics

Patterns for Secure Boot and Secure Storage in Computer Systems

Hardware Security for Trustworthy C2X Applications Marko Wolf

NEXT GENERATION OF AUTOMOTIVE SECURITY: SECURE HARDWARE AND SECURE OPEN PLATFORMS

Enhancing Organizational Security Through the Use of Virtual Smart Cards

Cisco Trust Anchor Technologies

Secure Hardware PV018 Masaryk University Faculty of Informatics

Vehicular On-board Security: EVITA Project

Using BroadSAFE TM Technology 07/18/05

PrivyLink Cryptographic Key Server *

Plain English Guide To Common Criteria Requirements In The. Field Device Protection Profile Version 0.75

SECURITY PRACTICES FOR ADVANCED METERING INFRASTRUCTURE Elif Üstündağ Soykan, Seda Demirağ Ersöz , ICSG 2014

Smart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi

Secure Data Exchange Solution

CHANCES AND RISKS FOR SECURITY IN MULTICORE PROCESSORS

Trusted Platforms for Homeland Security

Embedded Java & Secure Element for high security in IoT systems

Digital Rights Management Demonstrator

Embedding Trust into Cars Secure Software Delivery and Installation

PCI Security Standards Council

Application Note. Atmel CryptoAuthentication Product Uses. Atmel ATSHA204. Abstract. Overview

SECURE IMPLEMENTATIONS OF CONTENT PROTECTION (DRM) SCHEMES ON CONSUMER ELECTRONIC DEVICES

Side Channel Analysis and Embedded Systems Impact and Countermeasures

BroadSAFE Enhanced IP Phone Networks

Data Protection: From PKI to Virtualization & Cloud

IoT Security Concerns and Renesas Synergy Solutions

Technical Brief Distributed Trusted Computing

Certification Report

Chapter 1: Introduction

USB Portable Storage Device: Security Problem Definition Summary

WHITE PAPER. FortiWeb and the OWASP Top 10 Mitigating the most dangerous application security threats

Complying with PCI Data Security

Security Technology for Smartphones

DRAFT Standard Statement Encryption

Recipe for Mobile Data Security: TPM, Bitlocker, Windows Vista and Active Directory

M-Shield mobile security technology

HOW SECURE ARE CURRENT MOBILE OPERATING SYSTEMS?

Threat Model for Software Reconfigurable Communications Systems

UNCLASSIFIED Version 1.0 May 2012

Mitigating Server Breaches with Secure Computation. Yehuda Lindell Bar-Ilan University and Dyadic Security

PLATFORM ENCRYPTlON ARCHlTECTURE. How to protect sensitive data without locking up business functionality.

Chap. 1: Introduction

VICTORIA UNIVERSITY OF WELLINGTON Te Whare Wānanga o te Ūpoko o te Ika a Māui

Using BitLocker As Part Of A Customer Data Protection Program: Part 1

Understanding the Role of Hardware Data Encryption in EMV and P2PE from the CEO s Perspective

MPOS: RISK AND SECURITY

Digital identity: Toward more convenient, more secure online authentication

BitLocker Drive Encryption Hardware Enhanced Data Protection. Shon Eizenhoefer, Program Manager Microsoft Corporation

05.0 Application Development

Security Technical. Overview. BlackBerry Enterprise Service 10. BlackBerry Device Service Solution Version: 10.2

Developing Secure Software in the Age of Advanced Persistent Threats

Secure Network Communications FIPS Non Proprietary Security Policy

SENSE Security overview 2014

Cryptographic Modules, Security Level Enhanced. Endorsed by the Bundesamt für Sicherheit in der Informationstechnik

Certification Practice Statement

PUF Physical Unclonable Functions

A PRACTICAL APPROACH TO INCLUDE SECURITY IN SOFTWARE DEVELOPMENT

CHOOSING THE RIGHT PORTABLE SECURITY DEVICE. A guideline to help your organization chose the Best Secure USB device

EVITA-Project.org: E-Safety Vehicle Intrusion Protected Applications

PRIME IDENTITY MANAGEMENT CORE

The relevance of cyber-security to functional safety of connected and automated vehicles

Safeguarding Data Using Encryption. Matthew Scholl & Andrew Regenscheid Computer Security Division, ITL, NIST

Advanced Authentication

Initial Roadmap: Point-to-Point Encryption Technology and PCI DSS Compliance

IoT Security Platform

Windows Server 2008 R2 Boot Manager Security Policy For FIPS Validation

Index. BIOS rootkit, 119 Broad network access, 107

TPM Key Backup and Recovery. For Trusted Platforms

Investigation and Development of a Hypervisor-based Security Architecture utilising a State-of-the-art Hardware Trust Anchor

UNCLASSIFIED CPA SECURITY CHARACTERISTIC SOFTWARE FULL DISK ENCRYPTION. Version 1.1. Crown Copyright 2011 All Rights Reserved

CRYPTOGRAPHY AS A SERVICE

Payment Card Industry (PCI) PIN Security. Requirements and Testing Procedures. Version 2.0. December 2014

USB Portable Storage Device: Security Problem Definition Summary

Penetration Testing Windows Vista TM BitLocker TM

MXMedia CipherStream. Preliminary Assessment. Copyright 2012 Farncombe 1.0. Author: T F

October 2014 Issue No: 2.0. Good Practice Guide No. 44 Authentication and Credentials for use with HMG Online Services

Passing PCI Compliance How to Address the Application Security Mandates

Pervasive Computing und. Informationssicherheit

Threat Modeling. Frank Piessens ) KATHOLIEKE UNIVERSITEIT LEUVEN

Brainloop Cloud Security

The New Key Management:

Network Security 101 Multiple Tactics for Multi-layered Security

Secure Data Management in Trusted Computing

Cryptographic and Security Testing Laboratory. Deputy Laboratory Director, CST Laboratory Manager

SecureD Technical Overview

Part I. Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai Siemens AG 2001, ICN M NT

OWASP Mobile Top Ten 2014 Meet the New Addition

WebSphere DataPower Release FIPS and NIST SP a support.

VASCO Data Security International, Inc. DIGIPASS GO-7. FIPS Non-Proprietary Cryptographic Module Security Policy

Applying Cryptography as a Service to Mobile Applications

Secure USB Flash Drive. Biometric & Professional Drives

Transcription:

Hardware Security Modules for Protecting Embedded Systems Marko Wolf, ESCRYPT GmbH Embedded Security, Munich, Germany André Weimerskirch, ESCRYPT Inc. Embedded Security, Ann Arbor, USA 1 Introduction & Motivation Being able to trust another IT system that it always acts as expected requires consecutive trust into all layers, which are involved in creating a trustworthy IT system. Figure 1 depicts the pyramid of trust for a typical IT system, where trust into the whole IT system requires that each layer can rely on the effective security of its underlying layer without being able to verify it directly. This means for instance that a perfect software and hardware security solution could be rendered useless by a weak underlying security system design. Moreover, potential weakness in the system design cannot be detected nor prevented by the upper hardware and software layers. Figure 1: Hardware security layer as part of the trust pyramid In contrast to typical backend IT systems, the hardware layer of embedded systems is often directly exposed to physical attacks, which manipulate hardware or software functions by physical means (e.g., manipulate flash memory or deactivate alarm functions). One approach to make such physical attacks more difficult is to apply especially tamper-protected hardware security modules (HSM) as shown in Figure 2. Such an HSM protects critical information (e.g., personal identification number = PIN, secret cryptographic key) and critical operations (e.g., PIN verification, data encryption), for instance by a strong physical shielding. How a typical HSM looks like, and what else such an HSM can do to improve the security of an embedded system, will be presented in the following. This whitepaper further clarifies in which situations HSMs cannot help and it gives a basic market overview.

2 How a Typical Hardware Security Modules Looks Like Figure 2 displays the core features of a typical hardware security module (HSM). Figure 2: Hardware-security-enabled embedded systems architecture Secure memory little non-volatile data storage (i.e., some kb) inside the tamper protected HSM to prevent unauthorized readout, manipulation, or deletion of critical information such as cryptographic keys, cryptographic certificates, or authentication data (e.g., PINs or passwords). The secure memory portion of the HSM further contains all HSM configuration information, for instance, information about HSM ownership or access authorizations to secured internals. Secure cryptography cryptographic algorithms used for data encryption and decryption (e.g., AES or 3DES), data integrity enforcement (e.g., MAC or HMAC) or data origin verification (e.g., by using digital signature algorithms such as RSA or ECC), and all related cryptographic activities (e.g., key generation, key verification). Secure functions comprise all shielded functions, which are not directly related to cryptography, where the HSM serves as physically protected trust anchor. This could be, for instance, a physically protected clock signal, an internal random number generator, a bootstrap protection mechanism, or any critical application function (e.g., to realize a secure dongle). Interface and control finally refers to the internal HSM logic, which implements the HSM communication with the outside world and which manages the operation of all the HSMinternal building blocks as aforementioned. Tamper-protection All functional building blocks of a hardware security module as described above are enclosed by a continuous physical (or logical) boundary, which prevents that internal data and processes can be intercepted, copied/cloned, or manipulated yielding to non-authorized use or compromise of internal secrets. This cryptographic boundary is usually implemented with algorithmic and physical side-channel countermeasures and with dedicated tamper-protection measures (e.g., special shielding or coatings) to enable sidechannel-resistance, tamper-evidence, tamper-resistance, or tamper-response.

3 When Hardware Security Modules Can Help This section provides a short overview how an HSM can improve the security of an embedded product solution. Shield security assets against software vulnerabilities Hardware security modules protect critical information (e.g., identities, signing keys, or encryption keys) by the physical shielding, which cannot be circumvented by any software vulnerability. Deter, detect, or hinder physical, offline and insider (POI) attacker Hardware security modules can help to deter, detect, or hinder powerful POI attackers by implementing effective side-channel-resistance and tamper-protection barriers, which (amongst others) have strong access restrictions even for authorized users (e.g., some information will always remain exclusively inside the HSM). Accelerate computationally intense security Hardware security modules can accelerate security mechanisms by applying dedicated acceleration circuitry. Reduce security costs Hardware security modules might reduce security costs by adding some highly optimized special circuitry (e.g., for standardized cryptography) instead of costly overall upgrade of general-purpose hardware and by avoiding costly physical sealing of a complete ECU. 4 When Hardware Security Cannot Help As already mentioned during the introduction, even a perfect HSM cannot serve as the only necessary panacea since the security of any embedded system depends just as well on the effective security of the organizational security layer or on the system security layer. Hence, this section gives a short overview which security threats an HSM cannot prevent. Prevent software security vulnerabilities An HSM can check the integrity and authenticity of the software layers above (e.g., via secure boot) and provide low-level security functionality as a trusted anchor for more complex software-based security functionality. However, an HSM cannot prevent that the software layer contains security vulnerabilities (e.g., overseen buffer overflows), which can be exploited by hackers or malware at runtime. Prevent inherent system design or organizational security weaknesses In order to serve as trusted base for the software security layer above, an HSM in turn has to rely on its below layers, that is, a proper security design and an effective organizational security. Thus, an HSM cannot help if the security can be broken at system level (e.g., a forgotten, but mandatory security measure) or at organizational level (e.g., a too simple password to access, for instance, the root sign key). Prevent POI attacks Assuming a sufficient large attack budget, all hardware security modules can be broken. In the end, it is a matter of finding a good balance between the attack costs required to successfully compromise the HSM and the value of the secrets that are protected by the HSM.

5 Hardware Security Modules for Embedded Systems Hardware security modules are already variously deployed in today s embedded systems and the fields of application will continue to grow rapidly. In the following application examples, a short market overview, HSM evaluations, and certifications are presented. Application examples A well-known application example for HSMs are smart meters (e.g., electricity meters) to prevent manipulation of the digital measurement and of the meter reporting. HSMs are also already used to protect vehicular components (e.g., head unit, V2X communication, engine control, anti-theft, tachograph) to prevent unauthorized modifications, theft or exchange, counterfeits, or espionage. Liability and safety concerns drive the application of HSMs for medical devices (e.g., medical equipment or medical implants). Another prominent application example for HSMs in embedded systems are consumer devices to prevent counterfeits or to protect business models that, for instance, are based on subscription models as known for mobile phones or TV set-top boxes. Solutions overview Today s available solutions of dedicated hardware security modules for embedded systems are rather limited. Well-known solutions are SHE (HIS: Secure Hardware Extension (SHE) Functional Specification v1.1), EVITA concept (EVITA: D3.2 Secure Onboard Architecture Specification v1.3) and (with some limitations regarding embedded systems) the TPM (TCG: Trusted Platform Module Main Specification v1.2). Another important approach to realize HSMs are so-called security controllers. These are standard embedded systems processors with security enhanced memory management and processer extensions to provide an isolated runtime environment (e.g., ARM TrustZone) and/or small separated internal memory (e.g., FreeScale i.mx series). Sometimes such security controllers also provide integrated cryptographic engines (e.g., AES encryption) or dedicated tamperprotection measures (e.g., special coatings). Finally, up to a certain degree, also common cryptographic co-processors (e.g., IBM CryptoCards) or smartcards can be used as HSMs. However, they are often limited in terms of security functionality, cryptographic performance, or level of security (e.g., they do not provide secure memory or apply only insecure communication to the main processor). Security evaluation and certification To evaluate, validate and compare the effectiveness and correctness of a certain HSM realization, public authorities and industry consortiums have established security evaluation and certification standards. The dominant standards are the US-driven NIST FIPS 140 standard Security Requirements for Cryptographic Modules and the more recent and globally accepted Common Criteria for Information Technology Security Evaluation (ISO 15408).

6 Conclusion and Outlook Hardware security modules are a strong component to improve the protection and trust of embedded systems. They help to protect central security-critical assets and functionalities against software vulnerabilities. HSMs might also reduce security cost and they can help to deter, detect, or hinder powerful POI attackers. Furthermore, an HSM is able to accelerate computationally intense security algorithms. Even though adding an HSM alone cannot countervail against all security threats to an embedded system, HSMs are already deployed in various embedded applications while the potential fields of application and corresponding markets will continue to grow rapidly. Contact & Further Information Email Web info@escrypt.com www.escrypt.com ESCRYPT GmbH Embedded Security Lise-Meitner-Allee 4 44801 Bochum, Germany Phone: +49 234 43870-219 ESCRYPT Inc. Embedded Security 315 E Eisenhower Parkway, Suite 214 Ann Arbor, MI 48108, USA Phone: +1 734 418-2797

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information