ST Securing IoT with SMT32 and STSAFE

25/11/2016
OAI : oai:www.see.asso.fr:17640:17648
DOI :
contenu protégé  Document accessible sous conditions - vous devez vous connecter ou vous enregistrer pour accéder à ou acquérir ce document.
- Accès libre pour les ayants-droit
 

Résumé

ST Securing IoT with SMT32 and STSAFE

Métriques

32
8
5.93 Mo
 application/pdf
bitcache://1d7fc09d3c02f52df07a3ac226a0f77e6dc4d58e

Licence

Creative Commons Aucune (Tous droits réservés)

Sponsors

Partenaires

logo-rte.jpg
enedis.jpg
telecombretagne_logo.jpg

Sponsors

logo_pole_cyber.png
cybercni-logo-fr-bd.jpg
<resource  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                xmlns="http://datacite.org/schema/kernel-4"
                xsi:schemaLocation="http://datacite.org/schema/kernel-4 http://schema.datacite.org/meta/kernel-4/metadata.xsd">
        <identifier identifierType="DOI">10.23723/17640/17648</identifier><creators><creator><creatorName>Fabrice Gendreau</creatorName></creator></creators><titles>
            <title>ST Securing IoT with SMT32 and STSAFE</title></titles>
        <publisher>SEE</publisher>
        <publicationYear>2016</publicationYear>
        <resourceType resourceTypeGeneral="Text">Text</resourceType><dates>
	    <date dateType="Created">Thu 1 Dec 2016</date>
	    <date dateType="Updated">Thu 1 Dec 2016</date>
            <date dateType="Submitted">Wed 19 Sep 2018</date>
	</dates>
        <alternateIdentifiers>
	    <alternateIdentifier alternateIdentifierType="bitstream">1d7fc09d3c02f52df07a3ac226a0f77e6dc4d58e</alternateIdentifier>
	</alternateIdentifiers>
        <formats>
	    <format>application/pdf</format>
	</formats>
	<version>30119</version>
        <descriptions>
            <description descriptionType="Abstract"></description>
        </descriptions>
    </resource>
.

Smart grid cybersecurity event Rennes, November 25th 2016 Fabrice Gendreau Secure MCUs Marketing & Application Manager About ST Internet of Things Security Needs STSAFE Solutions for Securing IoT Presentation 2 3 4 • Approximately 43,200 employees worldwide • Approximately 8,300 people working in R&D • 11 manufacturing sites • Over 75 sales & marketing offices • A global semiconductor leader • 2015 revenues of $6.90B • Listed: NYSE, Euronext Paris and Borsa Italiana, Milan Front-End Back-End Research & Development Main Sales & Marketing 5 Safer Greener More connected Smart Industry Smart City Smart Things Smart Home The leading provider of products and solutions for Smart Driving and the Internet of Things Ultra low power devices Security at all levels Cost effective platform Compact electronics Highly integrated solutions Devices requirements 6 IoT Devices come in many form factors…but their needs are the same 7 ST offers the simplest, fastest and most robust way to develop Smart Things for the IoT 8 10 product series / More than 40 product lines More than 40,000 customers Cellular connectivity Secure driving Smart City Smart Industry MobileWearable Smart Home Brand protection TPM Secure transactions ST54 Automotive secure communication ST32 & ST33 Authentication STSAFE 9 Developer community and support Compatibility with free and commercial Development Environments STM32 Nucleo development boards STM32 Nucleo expansion boards Sensors – motion, environment, light .. Ultra-low power connectivity ULP Memories and NFC Tags Analog and mixed signal components Power and energy management STM32Cube expansion software STM32Cube development software Function packs Set of function examples for some of the most common application cases Meeting the Needs of Developers With STM32 Open Development Environment 10 11 12 IoT is a movement where any system is able to leverage the Internet and its eco-system Cloud computing – Low cost embedded computers – Explosion of reliable wireless connectivity – Rapid innovation of low cost sensors Nodes Gateways Cloud Smart Things (With intelligence) Simple Things (Send raw data) Gateway Network infrastructure (Switch / Router) Servers (Big data & cloud) Sense – Process – Connect – Power - Secure Process – Connect – Power - Secure Process – Power - Secure Security is a key enabler for IoT 13 Attacks examples Oct 21st - DDoS attack on Dyn came from 100,000 infected devices 14 Data security, 37% of respondents Privacy concerns, 33% of respondents Data quality, 34% of respondents Use of legacy systems, 34% of respondents Insufficient skills of technology staff, 35% of respondents Reported by Genpack Research Institute Risks on Data privacy Data authenticity Counterfeiting OTHER OTHER According to a panel of senior executives from worldwide manufacturing companies Threats Needs User data corruption & eavesdropping Data privacy & confidentiality Secure Data storage Secure Data communication Encryption & signature Device counterfeiting Resistance against cloning, hacking Device authentication Device to device Device to server Device malfunction Service & network access corruption Prevent denial of service Platform Integrity Secure boot Secure firmware upgrade Answer 15 16 Authentication Authentication of one entity by the other • Prover holds a secret • Prover releases to the verifier a proof without exposing secret, using a cryptographic algorithm • Asymmetric cryptography challenge response Authentication Process Certificate Secure data communication Data is encrypted and transferred from one entity to the other • Both entities hold the same secret (key) • Symmetric cryptography Security mechanism rely on secrets Secrets are keys 17 Level of Security depends on how secrets are generated, stored, and handled 18 Strong trusted components • Highly secure solution Hardware & System on Chip • Certified (Common criteria, EMVCo, ...) • Proven against all attacks Non invasive, semi-invasive and invasive Infrastructure and rules • Secure development methodology • Secure process • Secure supply chain • Site certified Common criteria Security minded people • Cryptographic experts Inventors of crypto algorithms Keccak SHA-3 / AES • Security architects • Secure system advisers APPROVED Computer firmware General Purpose MCU Secure MCU Crypto-memory Attacks Robustness Assurance level MMY SMD Partners MCD Secure MCUs – State of the art Security offer A secure MCU has a superior and proven ability to store and manipulate keys Box BOX ATTACKS Internet 19 With the case opened / removed • Test / debug port access • Inter device bus and IO probing • Reset, clock attacks • Power analysis • Temperature / electrical attacks (glitch, overvoltage) Device de-packaged • Circuit analysis and probing Fault injection • Laser beam injection Misuse of network protocols • Exploit communication protocol errors Flaws in software design / implementation Remote software attack Board level attack Silicon level attack 20 Box BOX Internet Add a Certified (CC EAL5+) Secure Element for security improvements. which guaranties optimum security against Remote, Board and silicon level attacks Adding STSAFE Use a MCU’s security features offering various security levels linked to FW security development knowhow by customers Solution with STM32 SOLUTIONS Remote software attack Board level attack Silicon level attack • Specific countermeasures against silicon level attacks • Strong authentication / crypto services • Secure key Storage and handling • Secure code storage and execution inside SE • Secure certified key provisioning • Memory Protection • Read out protection level • Write protection • Execute only PCROP • Crypto Hardware (AES, T-RNG) • Secure Firmware install • Backup RAM memory ATTACKS Scaling Security across IoT Markets Cost-effective resistance based on risk management 21 Smart Cards Telecom SIM Mobile NFC Identity, Banking Standalone Secure Solution For highest Security & Application & Personalization Resistant to highly sophisticated attacks Proven and Certified security level Approved by Regulation & Certification driven STM32 & Secure Element For secrets storage and critical security functions Customer security policy driven STM32 MCU family with internal security features Memory protection, HW firewall, JTAG fuse, unique ID STM32 Standard IOT Devices Home Appliance Health & Fitness Wearable 22 Application General Purpose MCU (STM32) KeySensors Radio Device Secure element (STSAFE-A) Application General Purpose MCU (STM32) Sensors Radio Device Keys stored in general purpose MCU (STM32) or in a key container as a secure element (STSAFE-A) Key Key Key 23 24 • For Platform integrity • Based on TCG standard • Solution CC EAL4+ / TPM1.2 and 2.0 certified STSAFE-TPM standardized • Flexible Java Card platform • Available with dedicated applets • Solution CC EAL4+ / BSI certified STSAFE-J flexible • Native implemention • Optimized crypto services • Hardware CC EAL5+ certified STSAFE-A optimized STSAFE-TPM : Solution overview Standardized Trusted Platform Module solution for platform integrity 25 TPM on board Small and flexible Secure Firmware upgrade Secure Data storage & Secure communication Secure Boot Trusted network access with Authentication TPM 1.2 & 2.0 Trust Computing Group certified STSAFE-J : Solution Overview Flexible Java Card platform for Gateways 26 Flexible Crypto Services with dedicated applets Trusted network access with Authentication Personalization services Secure Data storage & Secure communication Ecosystem with expansion boards and middleware Solution Common Criteria EAL4+ and BSI certified STSAFE-A : Solution Overview Highly secure & cost optimized solution for connected devices 27 Authentication Secure Firmware update Secure key provisioning service Secure Data storage & Secure communication Seamless integration with GP MCUEAL5+ Common Criteria certified chip 28 IoT developer focuses on applications, the secure element handles the secrets Sensors General Purpose MCU STSAFE-A COMMUNICATION APPLICATION SECURITY General Purpose MCU STSAFE-A secure element I2C 29 Certified Secure MCU Certified Secure MCU Secure memory Secure MCU Standard MCU + crypto libraries Barcode Memory/RFIDHologram Bus protection Secret protection Certified security STSAFE-A AuthenticationIdentification EAL5+ AVA-VAN5 EAL4 EAL3 EAL2 EAL1 Fact base security evaluated by independent third parties – CC EAL5+ 30 A comprehensive set of tools and services Secure MCU + Secure OS Personalization service Host library STM32 Nucleo board Example codes MBED TLS STSA100 Expansion BoardsSTM32 Nucleo Board MB TLS STSAFE-A 100 Commands Wrapper STSAFE-A 100 Example Applications MB I2C I2C ARM additional MBED DriversMBED I2C Drv 31 Security Personalization service Tools Features • Certified CC EAL5+ HW • ECC NIST and Brainpool curves 256 and 384 bits • Authentication • Secure communication (TLS) • Secure data strorage • Secure firmware update • STM32 expansion board • Host library (Mbed) • Example code (authentication, TLS) • 10kpcs MOQ Key differentiators Broad MCU offer Accessible ecosystem for application development Secure MCU 32 Products & Tools to match IoT market trends Smart Things Smart Things Ultra-low power Processing power Smart Home Short-range connectivity Advanced peripherals Smart City Long-range connectivity Smart peripherals Smart Industry Security features and certification Educational Programs & MOOC MarketTrendsSTOffer STM32 Nucleo development kits STM32 Nucleo expansion boards for connectivity, sensing, actuating Free SW platforms for all OSes