SHE Secure Hardware Extension
SHE Secure Hardware Extension Data Security for Automotive Embedded Systems Workshop on Cryptography and Embedded Security Embedded World @ Nuremberg, February 2012 INTERNAL USE ONLY Copyright 2012 FUJITSU SEMICONDUCTOR EUROPE GMBH Content Data Security - What does it mean for Automotive? SHE - Secure Hardware Extension - A new Standard? SHE - Implementation Outlook INTERNAL USE ONLY 1 Copyright 2012 FUJITSU SEMICONDUCTOR EUROPE GMBH Data Security What does it mean for Automotive? Areas of Use Applications EVITA Security Categories INTERNAL USE ONLY 2 Copyright 2012 FUJITSU SEMICONDUCTOR EUROPE GMBH Areas with Demand for Security It’s not only onboard electronics that have an impact INTERNAL USE ONLY 3 Copyright 2012 FUJITSU SEMICONDUCTOR EUROPE GMBH In-Vehicle Data Security Data Security on the road today On-chip Flash/ROM read-out protection against unauthorized access Solution by Fujitsu: Flash/ROM security • Available on 16LX,16FX, FR, FCR4 Future, Enhanced Data Security Protect entire car system • not limited to Flash/ROM read-out prevention Authentication, Secure Communication and Data Storage • within vehicle • between vehicles (C2C) • between vehicle and infrastructure (C2X) En-/Decryption is key for future state-of-the-art MCUs • Embedded and ASSP solutions will find their market segment Complexity of security implementations scales with use case INTERNAL USE ONLY 4 Copyright 2012 FUJITSU SEMICONDUCTOR EUROPE GMBH Target Applications Theft protection / Immobilizer Prevent unauthorized operation of vehicle Disable ignition and alike Component Protection Membership validation of all ECUs built in a particular vehicle Exchanging 1 ECU without authentication • degrades functionality as unauthenticated functions will not work • stops operation of all networked ECUs at next system start • E.g. when engine control ECU is affected Feature Activation Enables certain functions in the delivered SW-package Gives OEM opportunity in after sales revenues INTERNAL USE ONLY 5 Copyright 2012 FUJITSU SEMICONDUCTOR EUROPE GMBH ECUs to be protected by Cryptography Gateway Body Computer Module 1 Body Computer Module 2 Climate Control Thermo Management Unit Active Engine Mount Instrument Cluster Night Vision Battery Management System Charger Safety Computer 21 ECU in total INTERNAL USE ONLY Adaptive Cruise Control Engine Control Gear Box Electronic Steering Column Lock Power Electronics Hybrid Central Computer Rear Seat Entertainment Sound DVDC TV-Tuner SOP 2014 6 Copyright 2012 FUJITSU SEMICONDUCTOR EUROPE GMBH EVITA European research project June 2008 –Dec 2011 E-safety vehicle intrusion protected applications Objective: Design, verify, and prototype an architecture for automotive on-board networks where security-relevant components are protected against tampering and sensitive data are protected against compromise when transferred inside a vehicle. More found at http://evita-project.org/index.html INTERNAL USE ONLY 7 Copyright 2012 FUJITSU SEMICONDUCTOR EUROPE GMBH Security Models - Categorization Full EVITA HSM Medium EVITA HSM Light EVITA HSM V2X communication On-board communication On-board communication Maximum level of functionality, security and performance Maximum level of functionality and security Optimized for low cost HW-solution Asymmetric cryptographic engine & Hash engine Symmetric cryptographic engine Symmetric cryptographic engine e.g. AES-128 User-programmable functionality User-programmable functionality Pre-defined functionality Secure CPU @ 100 MHz Secure CPU @ 25 MHz Secure Zone no CPU needed 64k 64k Optional NV Memory 512k 512k Optional NV RAM PRNG with TRNG seed PRNG with TRNG seed Optional T/PRNG Security LT > 20 years INTERNAL USE ONLY 8 Copyright 2012 FUJITSU SEMICONDUCTOR EUROPE GMBH SHE Secure Hardware Extension – A New Standard? SHE - Security Objectives SHE - Building Blocks SHE - Performance Requirements INTERNAL USE ONLY 9 Copyright 2012 FUJITSU SEMICONDUCTOR EUROPE GMBH HIS - SHE HIS = Hersteller Initiative Software SHE = Secure Hardware Extension - meets ‘Light EVITA HSM’ Specification by HIS Concept: Add a Secure Zone Prevent user access to security functions other than those given by logic Link to HIS & SHE: HIS portal on Security INTERNAL USE ONLY 10 Copyright 2012 FUJITSU SEMICONDUCTOR EUROPE GMBH SHE - Security Objectives Protect cryptographic keys from software attacks Provide an authentic software environment Let the security only depend on the strength of the underlying algorithm and the confidentiality of the keys Allow for distributed key ownerships Keep the flexibility high and the costs low INTERNAL USE ONLY 11 Copyright 2012 FUJITSU SEMICONDUCTOR EUROPE GMBH SHE – Building Blocks (1) MCU with Secure Zone SHE data storage - volatile - non-volatile - for KEY & MAC Access only via defined command interface INTERNAL USE ONLY 12 Copyright 2012 FUJITSU SEMICONDUCTOR EUROPE GMBH SHE – Perspective from Specification (2) SHE specifies Secure Zone components and algorithms Cryptography • En-/decryption unit • AES 128 algorithm ROM • Secret key storage SECRET_KEY • Unique key storage UID Cryptography RAM NV-Memory ROM RAM • RAM key storage • PRNG key storage NV-Memory • Boot key & MAC storage • Master key, general purpose key storage INTERNAL USE ONLY 13 Copyright 2012 FUJITSU SEMICONDUCTOR EUROPE GMBH SHE – Perspective from Specification (3) Cryptography carries Encryption unit • AES 128-based Applicable Standard Decryption unit Cryptography RAM • AES 128-based CMAC NV-Memory ROM • Cipher-based Message Authentication Code generator Miyaguchi-Preneel • One-way compression function; compressed data cannot be recovered • Input requests 128-bit wide chunks of data stream • Outputs Hash-values to en-/decoding unit INTERNAL USE ONLY 14 Copyright 2012 FUJITSU SEMICONDUCTOR EUROPE GMBH SHE – Perspective from Specification (3) Cryptography carries Encryption unit • AES 128-based Applicable Standard Decryption unit RAM NV-Memory • AES 128-based CMAC ROM • Cipher-based Message Authentication Code generator Miyaguchi-Preneel • One-way compression function; compressed data cannot be recovered • Input requests 128-bit wide chunks of data stream • Outputs Hash-values to en-/decoding unit INTERNAL USE ONLY 15 Copyright 2012 FUJITSU SEMICONDUCTOR EUROPE GMBH SHE – Perspective from Specification (4) RAM carries RAM_KEY • Temporary key used for arbitrary operations PRNG_KEY Cryptography RAM NV-Memory ROM • Key used by the Pseudo Random Number Generator PRNG_STATE • Keeps status of Pseudo Random Number Generator INTERNAL USE ONLY 16 Copyright 2012 FUJITSU SEMICONDUCTOR EUROPE GMBH SHE – Perspective from Specification (4) RAM carries RAM_KEY • Temporary key used for arbitrary operations PRNG_KEY Cryptography NV-Memory ROM • Key used by the Pseudo Random Number Generator PRNG_STATE • Keeps status of Pseudo Random Number Generator INTERNAL USE ONLY 17 Copyright 2012 FUJITSU SEMICONDUCTOR EUROPE GMBH SHE – Perspective from Specification (5) ROM carries SECRET_KEY • Unique key • Used for im-/export of all other keys • Has to be created with true random number generator (off-chip TRNG ) at production Cryptography RAM NV-Memory ROM UID • Unique identifier • Authenticates MCU Both SECRET_KEY and UID have to be fixed at production time • 16 byte for SECRET_KEY and ≤15 byte for UID INTERNAL USE ONLY 18 Copyright 2012 FUJITSU SEMICONDUCTOR EUROPE GMBH SHE – Perspective from Specification (5) ROM carries SECRET_KEY • Unique key • Used for im-/export of all other keys • Has to be created with true random number generator (off-chip TRNG ) at production Cryptography RAM NV-Memory UID • Unique identifier • Authenticates MCU Both SECRET_KEY and UID have to be fixed at production time • 16 byte for SECRET_KEY and ≤15 byte for UID INTERNAL USE ONLY 19 Copyright 2012 FUJITSU SEMICONDUCTOR EUROPE GMBH SHE – Perspective from Specification (6) NV-Memory carries MASTER_ECU_KEY • Set up by OEM (owner) • Enables change of other keys BOOT_MAC_KEY • Enables particular boot request and thus establishing secure boot BOOT_MAC Cryptography RAM NV-Memory ROM • Authentication of boot code KEY_<n> • Dedicated key storage for arbitrary functions • 3 – 10 keys PRNG_SEED • Starting value for pseudo random number generator Irreversible Write Protection of keys in NV-memory • Any key in NV-memory area shall not be changeable throughout life time of the device once write-protection was applied by user INTERNAL USE ONLY 20 Copyright 2012 FUJITSU SEMICONDUCTOR EUROPE GMBH SHE – Perspective from Specification (6) NV-Memory carries MASTER_ECU_KEY • Set up by OEM (owner) • Enables change of other keys BOOT_MAC_KEY • Enables particular boot request and thus establishing secure boot BOOT_MAC Cryptography RAM ROM • Authentication of boot code KEY_<n> • Dedicated key storage for arbitrary functions • 3 – 10 keys PRNG_SEED • Starting value for pseudo random number generator Irreversible Write Protection of keys in NV-memory • Any key in NV-memory area shall not be changeable throughout life time of the device once write-protection was applied by user INTERNAL USE ONLY 21 Copyright 2012 FUJITSU SEMICONDUCTOR EUROPE GMBH SHE - Performance Requirements Start-up / Secure Boot is Critical Path All SHE-equipped nodes have to perform secure boot process Availability to be established before 1 sec elapses MAC latency according SHE < 2 µsec for a 128-bit block • MAC = Message Authentication Code Authentication of Flash contents at power up << 100 msec for 1 MByte required Exact requirement depends on • Oscillator start-up times • Network start-up, • NM communication, • MCU initializations INTERNAL USE ONLY 22 Copyright 2012 FUJITSU SEMICONDUCTOR EUROPE GMBH SHE Implementation SHE System SHE Integration SHE Implementation INTERNAL USE ONLY 23 Copyright 2012 FUJITSU SEMICONDUCTOR EUROPE GMBH SHE System Diagram Host System SHE EEFLASH SHECO SHE Firmware Public Secured NV_MEM IF Host Interface Data IF Command IF SHE Host Driver INTERNAL USE ONLY 24 Copyright 2012 FUJITSU SEMICONDUCTOR EUROPE GMBH Timing Protection EEFlash SHE MPU MPU MPU Ethernet MediaLB CRC 32-bit AHB slave bus MPU SRAM 32-bit AHB master bus TCFlash Cache Sec. Cortex R4 CPU Boot ROM Interrupt Controller Sec. Debug / Trace 64-bit AHB slave bus SHE - System Integration (ATLAS-L/TITAN) I2S DMA USB MPU System Controller Watchdog RTC External Interrupt 32-bit AHB slave bus 64-bit Multilayer AXI bus Retention RAM Quad-SPI Peripheral bus 3 Timers Timers Timers Timers Content is protected INTERNAL USE ONLY System RAM GPIO Peripheral Protection Peripheral Peripheral BusPeripheral Bridge Bus Bridge Bus Bridge Peripheral bus 1 Peripheral bus 0 Peripherals Peripherals Peripherals Peripherals Contains security config 25 MPU PPU Subsystem Peripherals Peripherals Peripherals Peripherals Bus master Bus slave Copyright 2012 FUJITSU SEMICONDUCTOR EUROPE GMBH SHE Implementation SHE SHECO TRNG I bus En-/decode Flash security 64-bit AHB bus EEFLASH CMAC FR60 CPU AHB Secured Sectors (2 x 8 K) RAM Cycle counter D Miyaguchi-Preneel Public Sectors (6 x 8 K) ROM 32-bit D bus AES-128 32-bit AHB bus NV_MEM_MASTER HW barrier PRNG Tx/Rx FIFOs Register I/F AXI Master PPU protection Data I/F Command/Data I/F Host Interface Bus master MPU Bus slave Host AXI bus INTERNAL USE ONLY 26 Host AHB bus Copyright 2012 FUJITSU SEMICONDUCTOR EUROPE GMBH SHE - Secured Key Storage (1) Common features EEFLASH 32 byte large key slots SECRET_KEY EMPTY FLAGS UID EMPTY FLAGS MASTER_ECU_KEY EMPTY FLAGS COUNTER Empty flag to distinguish between erased keys and keys written to 0xFF BOOT_MAC_KEY EMPTY FLAGS COUNTER Flags and 28bit counters are stored in the same slot as the key BOOT_MAC EMPTY FLAGS COUNTER KEY_<n> EMPTY FLAGS COUNTER Access only by SHECO CPU NV memory SECRET_KEY and UID slots are write protected before device delivery No PRNG_SEED storage needed since on-chip TRNG is implemented RAM RAM PRNG_KEY FLAGS PRNG_STATE FLAGS RAM_KEY FLAGS INTERNAL USE ONLY PRNG_KEY is calculated from SECRET_KEY during CMD_INIT_RNG command and stored in RAM slot 27 Copyright 2012 FUJITSU SEMICONDUCTOR EUROPE GMBH SHE - Secured Key Storage (2) 4 KEY_<n> 4 PRNG_KEY 5 PRNG_STATE 5 RAM_KEY 5 UID F1 T2 MASTER_ECU_KEY 4 BOOT_MAC_KEY 4 BOOT_MAC Plain key 3 F1 Key usage Debugger activation 3 SECRET_KEY Wildcard UID Secure boot failure T2 Empty Write-protection Flags to be used for keys – used F – used, always false T – used, always true 1 Empty flags for SECRET_KEY and UID are set after the keys have been written (by Fujitsu) Write-protection flags for SECRET_KEY and UID are set after the keys have been written (by Fujitsu) 3 SECRET_KEY inherits its protection flags from MASTER_ECU_KEY 4 The initial value after production will be TRUE 5 The initial value after power-up/HW-Reset will be TRUE 2 INTERNAL USE ONLY 28 Copyright 2012 FUJITSU SEMICONDUCTOR EUROPE GMBH SHE – Software (Firmware) SHE firmware Implements SHE control logic + EEPROM emulation for key storage Is ROM based (no modification possible!) No debugging possible Entirely developed by Fujitsu Secure Boot Extension of FCR4 Boot-ROM for Secure Boot Validation of boot loader with support of SHE and DMA Block length configured by of SHE_BL_SIZE (SHE parameter) SHE evaluates the status via valid BOOT_MAC_KEY INTERNAL USE ONLY 29 Copyright 2012 FUJITSU SEMICONDUCTOR EUROPE GMBH SHE – Software (AUTOSAR Driver) AUTOSAR driver V4.xx Implements SHE user accessible functions Handles hardware Interaction E.g I/F error handling Host driver for SHE will become a Fujitsu product INTERNAL USE ONLY 30 Copyright 2012 FUJITSU SEMICONDUCTOR EUROPE GMBH Outlook Cryptography becomes general trend for embedded systems Majority of ECU/MCU will have to support en-/decryption Data security will become mandatory feature for automotive applications Scaled between low-cost solutions like SHE for many ECUs and High protection requirements for a subset of ECUs SHE will be on the road in 2014 INTERNAL USE ONLY 31 Copyright 2012 FUJITSU SEMICONDUCTOR EUROPE GMBH Thank you for your attention INTERNAL USE ONLY 32 Copyright 2012 FUJITSU SEMICONDUCTOR EUROPE GMBH INTERNAL USE ONLY 33 Copyright 2012 FUJITSU SEMICONDUCTOR EUROPE GMBH
© Copyright 2026