IoT Security: Root of Trust Brings Trust

IoT Security:
Root of Trust Brings Trust
C. Tremlet, Munich May 19th 2015
Risks in Connected Devices
“Though this sounds like a joke, former Vice President Don Cheney
and his doctors were legitimately scared about him getting
assassinated via terrorists hacking into his defibrillator and causing a
heart attack. So they turned off the wireless feature so nobody would
kill him via heart hack.”
2 | Maxim Integrated | Company Confidential
Assets and Threats Examples
Assets
Patient Health
Threats
Eaves Dropping
Malware injection
Patient Privacy
Unauthorized re-use
Equipment maker
IP
3 | Maxim Integrated | Company Confidential
Counterfeiting
Importance of Secure Boot and Secure
Communication
• Any security implementation requires deep assets – threats
analysis
BUT for connected devices
• Protection against malwares is almost always required
> Secure boot is the answer
• Securing communication is often critical
4 | Maxim Integrated | Company Confidential
Secure Boot Principles And Example
Secure Boot
• Is a process
• Checking that the firmware is genuine and has not been modified
• The firmware authenticity preferably checked with cryptographic methods,
mainly digital signature
• Checks Memory
Present drivers
authenticity
BIOS Memory
Absent drivers
BIOS Memory
Present drivers
• Checks
Operating
system
• Checks
• Updates
• Application
SW
Operating
System
PC boot example
5 | Maxim Integrated | Company Confidential
Is a Software Based Secure Boot Truly Secure?
• Checks Memory
Present drivers
authenticity
✗
BIOS Memory
Absent drivers
BIOS Memory
✗Present
drivers
• Checks
Operating
System
• Checks
• Updates
• Application
SW
✗
Operating
System
• The hacker can easily replace the BIOS by a fake one
• The whole chain gets compromised
• The security of a string is the one of its weakest link!
One needs an hardware root of trust!
6 | Maxim Integrated | Company Confidential
Chain of Trust With Hardware Root of Trust
• Verifies
bootloader
Trusted
Hardware ✓
7 | Maxim Integrated | Company Confidential
Bootloader
• Verifies
Operating
System
✓
• Verifies
Applications
Operating
System ✓
Applications
✓
MAXQ1061 as a Root of Trust
Features
 Cryptographic Toolbox,
 Hardware crypto engines:
 AES-128 (GCM,ECB,CBC), up to 10Mb/s
 ECC (NIST P-521)
 Common Criteria EAL4+ compliant
ECC Engines
NIST P-521
Brainpool P512r1
16KB SRAM
64KB ROM
32KB EEPROM
TRNG
1KB OTP
TLS and crypto
toolbox
command set
DMA
Environmental
sensors
MAXQ30E
32-bit RISC Core
AES
command set
Benefits
 Hardware root of trust
 Cryptographic Keys are safely stored
 Hardware crypto engine accelerate digital
signature verification
 Protection against side channel attacks
8 | Maxim Integrated | Company Confidential
SPI (slave)
Watchdog
Internal
Oscillator
and ring
Voltage
regulator
Timer
16-bit
(x2)
Timer
PWM
16-bit
(x2)
AES-128
GCM, ECB
I²C (slave)
Securing Communications
Is not only about encryption!
Authenticity
Am I talking to the
right entity?
9 | Maxim Integrated | Company Confidential
Confidentiality
Only authorized
parties can read
messages
Integrity
Messages are not
altered
Securing Communications: TLS
Securing
Communications
• TLS/DTLS is widely adopted
> Open, no obscurity
> Benefits feed-back
• Guarantees
> Authenticity
> Confidentiality
> Integrity
• Hardware support enables
> Enhanced security as critical steps are
handled in a protected environment
> Main processor off loading for computing
intensive tasks (asymmetric crypto)
10 | Maxim Integrated | Company Confidential
MAXQ1061 as a TLS toolbox
Sync/Ack
Handshake
Data
transfer
MAXQ1061
• Accelerate encryption and
digital signature
• Protects encryption and
digital signature keys
Alert
(teardown)
MAXQ1061
• Enables certificate storage
• Securely achieves
authentication
• Accelerate authentication
operation (Public Key based)
11 | Maxim Integrated | Company Confidential
DeepCover Hardware Security Features
Secure Key Storage
Side-Channel
attacks protection
Quality Random
Numbers
Tamper detection
Flawless
implementation
Performance
12 | Maxim Integrated | Company Confidential
Hardware Security is Not Only For Paranoids
A full kit enabling side channel and fault attacks
sells today for $1520!
13 | Maxim Integrated | Company Confidential