Securing IoT devices with STSAFE family

01/12/2017
OAI : oai:www.see.asso.fr:20892:20896
DOI : You do not have permission to access embedded form.
contenu protégé  Document accessible sous conditions - vous devez vous connecter ou vous enregistrer pour accéder à ou acquérir ce document.
- Accès libre pour les ayants-droit
 

Résumé

Securing IoT devices with STSAFE family

Métriques

16
0
3.2 Mo
 application/pdf
bitcache://2016b2316a8cfa337c721ee0eda958df5f8656ae

Licence

Creative Commons Aucune (Tous droits réservés)

Sponsors

Sponsors

<resource  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                xmlns="http://datacite.org/schema/kernel-4"
                xsi:schemaLocation="http://datacite.org/schema/kernel-4 http://schema.datacite.org/meta/kernel-4/metadata.xsd">
        <identifier identifierType="DOI">10.23723/20892/20896</identifier><creators><creator><creatorName>Fabrice Gendreau</creatorName></creator></creators><titles>
            <title>Securing IoT devices with STSAFE family</title></titles>
        <publisher>SEE</publisher>
        <publicationYear>2017</publicationYear>
        <resourceType resourceTypeGeneral="Text">Text</resourceType><dates>
	    <date dateType="Created">Mon 4 Dec 2017</date>
	    <date dateType="Updated">Mon 4 Dec 2017</date>
            <date dateType="Submitted">Sat 17 Feb 2018</date>
	</dates>
        <alternateIdentifiers>
	    <alternateIdentifier alternateIdentifierType="bitstream">2016b2316a8cfa337c721ee0eda958df5f8656ae</alternateIdentifier>
	</alternateIdentifiers>
        <formats>
	    <format>application/pdf</format>
	</formats>
	<version>35296</version>
        <descriptions>
            <description descriptionType="Abstract"></description>
        </descriptions>
    </resource>
.

Securing IoT devices with STSAFE family European Cyberweek 2017 – Dec 1st 2017 Fabrice Gendreau Secure MCUs Marketing & Application Manager – EMEA Region Broad MCU offer Accessible ecosystem for application development Secure MCU STMicroelectronics Products & Tools to match IoT market needs 2 Smart Things Ultra-low power Processing power Smart Home & City Short-range connectivity Smart peripherals Smart Industry Security features and certification Educational Programs & MOOC ST Offer STM32 Nucleo development kits STM32 Nucleo expansion boards for connectivity, sensing, actuating Free SW platforms for all OSes Secure Markets & Applications 3 Smart Cards for Banking, Transport, PayTV & ID ST23 & ST31 Secure MCU Certified according to the standards Secure Elements for Internet of Things STSAFE family & custom solutions for security in IoT connectivity Secure Element & NFC controllers for Mobile security, M2M, Automotive & Wearables ST33, ST54 & ST21NFC Secure MCU for mobile and wearables 3 Security is the degree of resistance to, or protection from, harm. It applies to any vulnerable and valuable assets, such as a person, dwelling, community, nation, or organization. Wikipedia Security – Definition 5  Confidentiality • Information is not made available or disclosed to unauthorized individuals, entities, or processes.  Integrity • Maintain and assure the accuracy and completeness of data over its entire life-cycle. Data cannot be modified in an unauthorized or undetected manner.  Availability • Information available when needed. Security – CIA properties Protecting assets is to ensure Building a fortified solution 6 • Understand the value of the Assets you are going to protect, taking into account all stake holders • Understand your Threats and Vulnerabilities • Develop a security strategy to reduce Risk, using right level of security for the value of the Assets being protected • Make use of the integrity and cryptographic tools available is all about risk management Security Analysis 7 Embedded systems are part of the overall system security analysis • Functions critical for the security of the overall system typically handled within embedded systems • Embedded systems typically contain some of the overall system’s security assets Threat Vulnerability Embedded systems Cloud Service Network End Nodes Compromised Servers Data communication Eavesdropping or Manipulation Compromised Devices Fake Devices Mobile Gateway Security Analysis 8 • List all impacted System Assets • Think about potential Vulnerabilities in system assets Clone/Fake Servers Compromised Gateway Clone/Fake Gateway IoT System example Internet of Things – Threats and Needs Threats Needs User data corruption & eavesdropping • Data travel in clear over the network and expose some personal data • An corrupted measurement is sent to the cloud Data privacy & confidentiality Secure Data storage Secure Data communication Encryption & signature Device Cloning & Counterfeiting • A cloned device compromises OEM revenues • A counterfeited device compromises OEM brand • IoT network or cloud application is polluted by fake devices sending erroneous data Resistance against cloning, hacking Device authentication Device to device Device to server Prevent denial of service Device malfunction • An erroneous command is sent to an actuator by a fake server • A malware is injected in a device to modify its behavior Platform Integrity Secure Boot Secure Firmware Upgrade Answer 8 Authentication and Encryption strength depends on how well keys are protected Identify the classes of Attacks ATTACKS 10 Box Internet Misuse of network protocols • Exploit communication protocol errors • Flaws in software design / implementation Remote software attack BOX With the case opened / removed • Test / debug port access • Inter device bus and IO probing • Reset, clock attacks • Power analysis • Temperature / electrical attacks (glitch, overvoltage) Board level attack Device de-packaged • Circuit analysis and probing • Laser fault injection Silicon level attack Implementation Vulnerabilites 11 • A good crypto algorithm, with a proper key length and functionally-correctly implemented is not always enough  • Implementations might still be vulnerable to  Side-channel-attacks (SCA)  Fault-attacks  Invasive, chip-level attacks • Whether or not such threats are relevant and should be addressed depend on the application, global system architecture, and assets  System Security Analysis Make use of Cryptographic tools Cryptography is the mathematical toolbox providing security services to build secure systems Whatever Symmetric (AES) or Asymmetric (RSA, ECC) cryptography Security mechanism rely on secrets Secrets are keys 12 Level of Security depends on how secrets are generated, stored, and handled IoT devices – Possible architectures 13 Application General Purpose MCU Key Sensors Radio Device Secure Element Application General Purpose MCU Sensors Radio Device Keys stored in General Purpose MCU or in dedicated Secure Element Key Key Key OR Use MCU’s embedded security features offering protection against non-invasive attacks Add a Certified (CC EAL5+) Secure Element which guarantees state of the art security protection against physical and logical attacks A Secure Element (SE): • is a tamper-resistant platform (typically a one chip secure microcontroller) • capable of securely hosting applications and storing their confidential and cryptographic data • in accordance with the rules and security requirements set forth by a set of well-identified trusted authorities 14 Definition Secure Element Secure Element 15 Board level Side channels : SPA/DPA Power Analysis Emission Analysis Timing Analysis Fault injection : External glitches, laser, light, UV, Xrays Memory probing • Environment Sensors • Integrity checkers • Code Signature • Internal Clock Integrity • OS features: MPU,.. • Jittered Clocks • Data whitening • Randomization • Secured crypto-engines • Design Flow Major attacks Countermeasures Hardware & Software Silicon level µ-Probing Focused Ion Beam Delayering Advanced microscopy • Physical Shield • Glue Logic Layout • Bus & Memory Scrambling • Bus & Memory Encryption • Anti-reverse • Advanced Lithography Software Local or remote Open ports SW bugs Debug Interfaces • No external debug interface on SMD products (Jtag) • Hardware secure crypto fast computing • Enhanced security of MCU with physical isolation of security toolbox (secure key storage, secure & trusted execution in secure element) Complete set of countermeasures answering to all attacks levels Trusted Security – Validated by the most demanding security schemes ZKA  Security evaluated by independent 3rd party laboratories according to defined rules and rankings 16 Secure Element STSAFE™ Secure Elements family 17 TCG compliant OS TPM 1.2 or 2.0 commands set CC EAL4+ certified FIPS 140-2 certified Java Card OS 3.0.4 Global Platform 2.1.1 CC EAL5+ certified Hardware Firmware Native OS Providing dedicated Crypto Services Secure Core CPU / ROM or FLASH memory / Hardware Crypto Accelerators RSA, ECC, DES, AES CC EAL5+ or EAL6+ certified Secure Microcontroller Key Function Running Specific Applications Authentication, Encryption, Signature, Secure Storage STSAFE-J Flexible Java Card SE STSAFE-A Optimized SE Platform integrity measurement and reporting STSAFE-TPM Standardized SE Complete solutions for end to end secure IoT network STSAFE-A Secure Element 18 Sensors General Purpose MCU COMMUNICATION APPLICATION SECURITY Demonstration & Prototyping Tools Host software libraries Secure System on chip with Personalization General Purpose MCU I2C / SPI / ISO STSAFE-A Secure Element Key Key Easy of use security services for IoT developers STSAFE-A: Key features overview 19 Authentication (devices to servers) Signature verification (Secure Boot & Secure Firmware update) Secure key provisioning service Secure communication / Key establishment (Integrity & Confidentiality) Seamless integration with GP MCU EAL5+ Common Criteria certified chip Secure Data storage Highly secure & cost optimized solution for connected devices 20 STSAFE-A: State-of-the-art Security Fact base security evaluated by independent third parties CUSTOMER Hardware Development Firmware Development Development Phase Package Pre- personalization Personalization Diffusion & Test Fabrication & personalization phases Approved by ST factory personalization Interaction with customer • Configuration • Customer certificate Personalize product : • Put secret keys • Store certificates Hardware Security Module Configure administration and transport keys Compute customer secrets 21 CERTIFICATIONS Securing & simplifying IoT devices keys provisioning STSAFE-A: Personalization service STSAFE-A: Seamless integration with MCU 22 Personalization service Host library Example codes STSAFE Toolkit PC application STSAFE Nucleo Expansion A comprehensive set of tools and services Cloud Service Network End Nodes Compromised Servers Data communication Eavesdropping or Manipulation Compromised Devices Clone/Fake Devices Mobile Gateway Security Analysis 23 • Risk: eavesdropping or manipulating data exchanges • Mitigation: authenticated & encrypted communication channels IoT System example Clone/Fake Servers Compromised Gateway Clone/Fake Gateway ² Applicative-layer end-to-end secure links Applicative-layer end-to-end secure links ² Device authentication 24 Requests IOT Certificate Return Signature Read(Index 0) IOT Certificate CA Certificate Remote server Uses CA certificate to verify IOT Certificate Generates Random generate signature(random) Signs Random with secret private key Verifies signature using IOT certificate If signature is verified, IOT device is authenticated Secure Element GP MCU IOT device I2C IOT Certificate Return Certificate Provides X509 certificate from data partition Index 0 Wire or wireless connection USB, WiFi, Lora… CA Certificate Return Signature Read certificate Request authentication(random) Return IOT device X509 Certificate Securing data communication TLS Handshake V1.2 (RFC 5246) 25 Verifies IOT Device certificate and authenticate IOT device Replies algorithms choices Server Hello (server random) Host Certificate Remote server Client Hello (client random) Server Hello done () CA Certificate Certificate (), signed server random Change Cipher Spec () Client provides supported TLS version, algorithms and a random Server Finished () Client Key Exchange () Certificate (), signed client random Certificate Request () Server Key Exchange () Certificate Verify () Change Cipher Spec () Client Finished () Provides X509 certificate and signed random Request IOT device X509 certificate Provides EC public key and the curve to use Processing - Verify Server host certificates with CA certificate - Authenticate server verifying signature - Generate ephemeral EC key pairs - Computes shared secret using Remote server public key Provides IOT device X509 certificate and signed random Provides ephemeral public key Computes Diffie-Hellman shared secret Starts exchange ciphering Starts exchange ciphering Wire or wireless connection USB, WiFi, Lora… GP MCU IOT device I2C CA Certificate Secure Element IOT Certificate STSAFE-A100 secure and ease devices registration to Amazon Web Services Secure Cloud Connectivity with STSAFE-A 26 Device by device registration with STSAFE-A100 standard personalization for evaluation Devices JIT(just in time) registration to AWS with STSAFE-A100 preconfigured for AWS Allow mass devices automatic registration to AWS STSAFE-A100 TLS secure connection establishment STSAFE-A100 evaluation Kit Security for Amazon Web Services Secure Sigfox ReadyTM Connectivity powered by STSAFE-A, S2-LP & STM32 S2-LP Ultra-low power, high performance, Sub-1GHz RF transceiver STSAFE-A1SX Plug and play certified security HW CC EAL5+ STM32L Ultra-low-power MCU portfolio S2-LP evaluation Kit STEVAL-FKI868V1(*) – 868MHZ STEVAL-FKI915V1(*) - 915MHz + PA (*) SIGFOX End Product certified STSAFE-A1SX evaluation Kit Security for Sigfox ReadyTM Ultra-low-power Sensor-to-Cloud Connectivity out-of-the-box 28 28 Gemalto, Murata and STMicroelectronics to deliver Secure Turn key Solutions for LoRaWANTM devices Secure LoRaWANTM Connectivity powered by STSAFE-A & STM32L STM32 STSAFE-A STSAFE-A secure element attached to STM32 general-purpose microcontroller Ultra compact low cost stand-alone LoRaWAN module Join Server / Key Management System Scalable Security Platform for IoT Devices powered by STSAFE, ProvenCore-M & STM32 STM32L4 MCU For faster, reliable and robust applications development ProvenCore™-M Secure Operating System For application isolation, stability and integrity of the platform STSAFE™-A Secure Element Providing secure storage, crypto-services to strengthen secure boot & firmware update Ensuring platform integrity 27 Conclusion: Secure Element added values • Device Authentication  Customers might prefer STSAFE SE due to its Common Criteria certified security level  High Security assurance of device identity protection • Keys management without exposition  ST takes care of keys provisioning within the chip using smart card best practices  Customers don’t have to deal with protecting secrets within their manufacturing process • Device automatic registration and secure connectivity to clouds  Automatic devices registration to clouds with device certificate already pre-configured  TLS key establishment with ECC cryptography offloaded to the STSAFE SE • GP MCU’s best friend to secure IoT devices  Complementary and not a substitute to MCU security 30 Secure Solutions Ensuring your peace of mind http://www.st.com/en/secure-mcus/authentication-secure-iot.html