ID 911C: Case studies for Embedded Security · ID 911C: Case studies for Embedded Security D....

1

Renesas Electronics America Inc.

© 2010 Renesas Electronics America Inc. All rights reserved.

ID 911C: Case studies for Embedded Security

D. Pochet

Manager, Marketing Security Products

14 October 2010Rev 1.0

Hello everyone.

This session is 911C –

This session focuses on Machine-to-Machine authentication, an emerging Security IC market offering exciting new opportunities for the embedded system vendors.

2

2 © 2010 Renesas Electronics America Inc. All rights reserved.

Mr. Denis Pochet

� Sr Product Marketing Manager, Secure MCU

� Responsible for Marketing, Business Development

and Product Management within REA –

Consumer & Industrial group.

PREVIOUS EXPERIENCE:

� Eleven years in Smart card industry (dual interface (Contact/Cless) for

ID & Banking) and Digital Security (Embedded Systems (PCI-PED POS,

FIPS140-2 Authentication device,..)).

� Expertise in Security solutions: security IC, software applications, PKI

technology and provisioning solutions

� Master degree in computer sciences from “Ecole des Mines de St

Etienne” University (France)

I

3


Renesas Technology and Solution Portfolio

Microcontrollers& Microprocessors#1 Market share

worldwide *

Analog andPower Devices#1 Market share

in low-voltage

MOSFET**

Solutions

for

Innovation

Solutions

for

InnovationASIC, ASSP& MemoryAdvanced and

proven technologies

* MCU: 31% revenue basis from Gartner

"Semiconductor

Applications Worldwide

Annual Market Share:

Database" 25

March 2010

** Power MOSFET: 17.1%

on unit basis from

Marketing Eye 2009

(17.1% on unit basis).

In the session 110C, Renesas Next Generation Microcontroller and Microprocessor Technology Roadmap, Ritesh Tyagi introduces this high level image of where the Renesas Products fit. The big picture.

4


4

Renesas Technology and Solution Portfolio

Microcontrollers& Microprocessors

#1 Market share

worldwide *

Analog andPower Devices#1 Market share

in low-voltage

MOSFET**

ASIC, ASSP& MemoryAdvanced and

proven technologies

* MCU: 31% revenue basis from Gartner

"Semiconductor

Applications Worldwide

Annual Market Share:

Database" 25

March 2010

** Power MOSFET: 17.1%

on unit basis from

Marketing Eye 2009

(17.1% on unit basis).

Solutions

for

Innovation

Solutions

for

Innovation

This is where our session, ID 911C: Case studies for Embedded Security , is focused within the ‘Big picture of Renesas Products’

5


5

Microcontroller and Microprocessor Line-up

Superscalar, MMU, Multimedia� Up to 1200 DMIPS, 45, 65 & 90nm process

� Video and audio processing on Linux

� Server, Industrial & Automotive

� Up to 500 DMIPS, 150 & 90nm process

� 600uA/MHz, 1.5 uA standby

� Medical, Automotive & Industrial

� Legacy Cores

� Next-generation migration to RX

High Performance CPU, FPU, DSC

Embedded Security

� Up to 10 DMIPS, 130nm process

� 350 uA/MHz, 1uA standby

� Capacitive touch


� 190 uA/MHz, 0.3uA standby

� Application-specific integration

� Up to 25 DMIPS, 180, 90nm process

� 1mA/MHz, 100uA standby

� Crypto engine, Hardware security



� Ethernet, CAN, USB, Motor Control, TFT Display

High Performance CPU, Low Power

Ultra Low PowerGeneral Purpose

Here are the MCU and MPU Product Lines, I am not going to cover any specific information on these families, but rather I want to show you where this session is focused

6


6

Microcontroller and Microprocessor Line-up

Superscalar, MMU, Multimedia� Up to 1200 DMIPS, 45, 65 & 90nm process

� Video and audio processing on Linux

� Server, Industrial & Automotive

� Up to 500 DMIPS, 150 & 90nm process


� Medical, Automotive & Industrial

� Legacy Cores

� Next-generation migration to RX

High Performance CPU, FPU, DSC

Embedded Security


� 350 uA/MHz, 1uA standby

� Capacitive touch


� 190 uA/MHz, 0.3uA standby

� Application-specific integration

� Up to 25 DMIPS, 180, 90nm process

� 1mA/MHz, 100uA standby

� Crypto engine, Hardware security



� Ethernet, CAN, USB, Motor Control, TFT Display

High Performance CPU, Low Power

Ultra Low PowerGeneral Purpose

Embedded Security

These are the products where this presentation applies

7


Innovation

Server

Router

Extended boards

PKI Strong Mutual

authentication

Anti-cloning protection

8


Renesas Board ID Solution

Renesas Board ID solution is ideally suited for applications

needing strong authentication and for web connected devices.

Renesas, in partnership with Avnet, provides a unique and

complete solution to Embedded Systems vendors of any size to

deploy cost effectively this powerful PKI authentication

technology.

Renesas Board ID solution is ideally suited for applications needing strong authentication and for web

connected devices.

Renesas, in partnership with Avnet, provides a unique and complete solution to Embedded Systems

vendors of any size to deploy cost effectively this powerful PKI authentication technology.

9


Agenda

� Renesas in the Security IC market

� Authentication basics

� Board ID security

� Board ID use case examples

� Board ID solution support

� Q&A

Here is today’s agenda.

Introduction: Renesas in the Security IC market

Authentication basics

Board ID security

Board ID use case examples

Board ID solution support

Q&A

10


Key Takeaways

By the end of this session you will be able to:

� Understand Renesas position in the security IC market

� Know the basic about authentication

� Sell the benefits of a strong security technology to your

customers and to your company management

� Understand how to implement a strong authentication with

Renesas solution

You will discover that we are, on top of being the world leading MCU vendor, a world leading SECURE

MCU vendor.

Then you will learn the basics about authentication

About the Board ID solution

And how to build a strong authentication solution with our technology

11


Security application examples: everywhere!

Authentication< Closed system >

Server

Router Switch

Storage

Ink Cartridge

Battery

Consumer Electronics

AuthenticationThrough Network< Open system >

USB Key

EFTPOSPC

STB/DVR

Medical

Bank card

SIM

SIM

SIM card

NFC payment

ETC

Enterprise

Innovation highlight

Renesas is the first supplier providing a total PKI solution for embedded systems. Our solution

includes Security IC, firmware and the provisioning of the keys/certs

It is a standards based solution (X509), supported by Avnet, a global partner.

Available, cost effective and deployable NOW.

� Ideally suited for applications requiring strong authentication and/or web

connectivity: very large growth projected for the next decade.

� Companies of any size (small or large) can deploy this technology and

participate in this high growth market requiring strong security.

� Companies wanting to protect their IP and reduce drastically business risks

12


M to M Authentication

• Embedded

interface (I2C)

• Small package

N Series* Under

development

NFC

NFC Series*

Renesas in the Secure MCU market

ContactSmart Card

AE4 Series

AE5 Series

RS4 Series

Banking, ID card

ContactlessSmart Card

AE41R

RS4X Series*

Banking card Mobile Phone

GeneralPromotion Selected OEM support only

Embedded

For traditional contact smart card application such SIM card and banking card, we offer wide range of products from both 16bit AE4 series and 32 bit AE5 series depending on market requirements.

For growing contactless market, we have contactless chips and dualway chips which has both contact and contactless interface on single chip. These Contactless chips can operate by only power provided through antenna of card readers.

We are also developing a new RS series secure core which consumes lower power that is important for future contactless requirements.

We are also developing the product for coming Near Filed Communication application. The product to be available in early next year will be one chip NFC which includes both RF and secure element function in one chip.

For embedded machine to machine authentication application, based on smart card chip technology, we have N series products which have standard embedded host MCU or MPU interface such i2C or SPI. The Board ID solution presented here has a I2C serial interface.

13


1980 1990 2000

Banking Card (Visa, MasterCard, Debit card)

GSM, 3G SIM Card

ETC SAM

Contactless Card

M to M

Authentication

2009

ETC SAM : Electric Toll Collection Secure Authentication Module

M to M : Machine to Machine

2010

SIM

SIM

3 B milestone

Renesas in the Secure IC market

Renesas is one of the first company introducing the smart card technology in early 80s starting for banking card.

In 90s, we started shipping smartcard chip for GSM SIM application which is very large volume in Europe and Asian countries. Advanced SIM technology is used for today’s 3G phone and Renesas is currently producing 32bit large non volatile memory on chip smart card chip for this market.

ETC, electric toll collection system has been introduced into all most all highway system in Japan. Renesas has more than 50% of share for secure authentication module installed in the vehicle.

For contactless technology, Renesas has 100% share in the mobile Felica system in Japan which is mobile phone with contactless card function. Now we are entering Paypass contactless card in US market.

For machine to machine authentication, we offer the dedicated security chips in volume for embedded security application (machine-to-machine authentication).

Last year, we achieved 3.0 billion units cumulative shipped and quality of Renesas security chip has been highly accepted in the industry. Today, we are supplying more than 300 million security ICs every year.

14


From simple ID to strong authentication

SIM

SIM

Name Name + ID Authentication

Small groups

Largersociety

Networked society

Today

UserStrong user authentication

Historically the need for strong USER authentication has grown as the complexity of networks and more sophisticated services increased.

15


SIM

SIM

Strong user authentication

Small groups

Largersociety

Networked society

Today

User

M2M Authentication app. opportunities

UserM2M

From simple ID to strong authentication

Similarly Renesas anticipates that the need for stronger MACHINE-TO-MACHINE authentication will increase over time, and we want to position our company as the leading provider of robust solution in that market.

We also want to help you address this emerging market with our Security solution.

16


Hacks can affect almost any product

High tech industrial

High tech consumer

Public infrastructure

designs without strong

security at high risk

www.HackADay.comPOOR SECURITY

=HIGH RISK

Hackers can attack and damage almost any product across all segments. Here are some examples made public in the recent years:

(top left pic) Consumer segment: In China, close to 15 % of phones working in the telecom network are counterfeited devices.

(bottom left pic) Industrial segment: This cover page title is ‘FAKES: can you tell the difference?’among two network equipment devices

(bottom right) Public infrastructure: this was on TV news earlier this year. Hackers managed to enter road sign control systems across several states and create this prank… a threat to public safety

(top right): this is an example of a social networking sites for hackers. There are 100s of similar places, where communities of hackers exchange freely ideas, software downloads to attack all sorts of products…

This highlight the fact that product designed with poor security or no security are highly at risk.

17


Benefits of a design with Strong Security

Protection against:

� Liability

� Breach of License & Brand

� Revenue Loss

� Unfair Competition

� …

and improved credibility with partners and customers

Security MUST be designed in!

Yes, you will see through this presentation that security is becoming real concern in the high tech world.

After all, a company’s strength and competitiveness reside in the uniqueness and quality of its products.

If the products can be easily copied, it can:

Reduce margins and create losses,

Affect negatively the reputation of the company,

Bring unwanted and dangerous competitors…

Security MUST be designed in!

18


Symmetric key architecture

A: Who are you?

B: I am Bob

A: Prove it to me by responding to my

question ( if you know my secret you’ll be able to respond )

RISK:The Secret MUST be stored

In a tamperproof IC, otherwise the entire network can be

compromised as ALL share the same secret.

Rely on shared ‘secret’among parties

Authentication basic:

There are two types of architectures. The first one is built with ‘symmetric’ keys.

The reason for that name is that both ends use the same exact ‘key’ in order to perform this type of authentication.

This highly simplified diagram explains the principle behind this mechanism.

Party A asks Party B ‘who are you’?

Party B: responds ‘I am XYZ’

Party A; says ‘prove it to me by answering my question’ (I know the secret key we share, you should be able to answer)

Of course the real cryptographic exchange is more elaborate than that, but this is in essence the principle of this method. Once A recognizes the response from B, the authentication is performed positively, and A nd B can proceed further. .

As you can see, this method relies on ‘shared secrets’ and this carries a lot of risks if the secrets are not well protected.

19


Asymmetric* key architecture

A: Who are you?

B: I am Bob

A: Prove it to me by showing me a valid ID ( which you received in the past and is

unforgeable ) and I will check it is genuine

PKI strength:Only legitimate owners of VALID IDs will be accepted. If one deviceis compromised, only that single

device is bad. ALL others are not affected.

Rely on a‘chain of Trust’among parties

(*) also called PKI : Public Key Infrastructure Technology

The second type of architecture is called ‘asymmetric key architecture’

This method is slightly different, a little bit more complex than the previous one, but has lots of advantages.

Party A asks: who are you?

Party B responds; I am XYZ

This time party A request a valid ID (a badge if you will than cannot be forged) and will check that the badge is genuine, and party B is indeed the legitimate owner of this ID

Again, the real cryptographic exchange is more complicated than this, but the goal of the exchange is this.

Here we do not have the risky ‘shared secret’ mechanism (think about thousands or millions of users or devices)…

If, after having spent enormous $ effort, a hacker manages to break 1 badge, he will have compromised only one device, not the entire system.

20


Cryptographic Algorithms for Security

� SHA-1 / SHA-256 (Atmel, Maxim)� Simple message digest� Not “true” encryption

– Mostly used for digital signature signing� SHA-1 not approved by US government

� Symmetrical Cryptography� Proprietary, DES, 3DES, AES

– 64 (i.e. crypto-memory), 128, 256 bit keys� Symmetrical keys used on both sides

– Keys must be handled with the highest security– Sharing of common keys can lead to compromise– Any key compromise affects every unit

� Asymmetrical Cryptography� RSA, ECC� 1024, 2048 bit keys� Uses public / private key pairs

– Private keys are all different– Compromise of a single key only affects a single unit

� Can be more complex to implement

SHA-1 / SHA-256 (Atmel, Maxim)

Simple message digest

Not “true” encryption

Mostly used for digital signature signing

SHA-1 retired from use by US government

Symmetrical Cryptography

Proprietary, DES, 3DES, AES

64 (i.e. crypto-memory), 128, 256bit keys

Symmetrical keys used on both sides

Keys must be handled with the highest security

Sharing of common keys can lead to compromise

Any key compromise affects every unit

Asymmetrical Cryptography

RSA, ECC

1024, 2048 bit keys

Uses public / private key pairs

Private keys are all different

Compromise of a single key only affects a single unit

Can be more complex to implement

21


Case Study (from a US partner)

� Background� Large, well known camera manufacturer

� Battery Cloning Issues

– Direct Revenue Loss

– Warranty Issues

– LiIon Battery Safety Issues

� Solution� Low cost SHA-1 based security device

� Result� Camera firmware hacked to obtain keys

� Low cost microcontroller used to imitate security device

� Cloned batteries available within 3 months

BackgroundLarge, well known camera manufacturer

Battery Cloning Issues

Direct Revenue Loss

Warranty Issues

LiIon Battery Safety Issues

SolutionLow cost SHA-1 based security device

ResultCamera firmware hacked to obtain keys

Low cost microcontroller used to imitate security device

Cloned batteries available within 3 months

The choice of a low cost security solution was clearly a failure in this case. .

22


Web authentication – 1 (users)

Public Key Certificate

(Authenticator)

Private Key + Certificate

(Remote service provider)

PKI authentication performed

before Ecommerce, or online

banking services are enabled

Proven with Billions of Users

Secure, Trusted Authentication Method

Conforms to IT, Internet and Enterprise

Authentication standards

Let us look at what is happening in the internet space. There are today more than 1 billion (human) users on the web performing commonly transaction, online banking, ecommerce, or sharing or providing sensitive data.

How is that possible when we all know that the Internet is not a ‘trusted’ network.

The secret is: P K I ( Public Key Infrastructure / Technology) which allows any PC users to perform very reliably such transaction on the web,. It is based on digital certificates.

23


Web authentication – 2 (users)

Public Key Certificate

(Authenticator)

In fact if you look at your own PC (example by going to (IE user) Internet option / content / Certificates) you will find that your computer is equipped with these certificates. These components are needed for you (as a user) to make sure that you are indeed interacting with your bank, your ecommerce site, or the DMV site to perform securely any transaction.

24


Levels of security

Software security

BAD

Memory chip security

Almost as BAD

Board ID

SECURE

Strong crypto

Tamper proof

PKI for Embedded Systems

Avnet VAS

Keys NOT protected CPU intensive (can be

OK for PKI comp. by the host)

(encryption alone is

NOT security)

Outdated key lengths

(like a ‘2 digits’PIN code)

We bring proven Web user authentication technology to Embedded Systems

Broadly speaking, there are 3 levels / categories of security technologies for embedded devices:

-Software only: can be copied, does not protect sensitive keys, and is computation intensive.. (can be only suitable for PKI authentication as host). One common mistake is about encryption: encryption alone IS NOT security (the key MUST be protected).

-Memory chip: outdated key length (most memory chips use key short key lengths broken decades ago; NIST does not recommend any such algorithms)

-Secure IC / Board ID chip: built wit the same security as what is mandated by banks, government ID, enterprise access control, and equipped with PKI technology.

In fact we, Renesas, the proven web user authentication technology (Billion users +) to the world of Embedded Systems.

In addition you will see, that our solution is very complete, and includes a critical VAS component provided by Avnet.

25


Board ID use examples

Board ID chips

I2C

There are 4 typical use cases for our technology:

(progressing clockwise from top left):

1- Single board use: a MCU authenticates the Board ID before providing any service, or activating a license)

2- A main unit authentication a peripheral or accessory unit before providing services. The process ensures that only legitimated, valid, certified peripheral units are accepted

3- A variation of the previous one: same operation performed in both ways (mutual authentication)

4- Authentication is performed by a central server across a network. We see more and more demand for this type of use cases.

26


Case 1: Anti-Cloning

� Business case

� Implementation example

� Renesas solution with Board ID

27


Board ID Example 2 – Anti-Clone System

Counterfeited routers

Main CPU

I2C

Security storage

Plug-in router card modules

Board ID Chips

Router main board

28


Case 2: Anti-cloning, Usage control

� Business case



29


Board ID Example – Usage Control

Medical Device unit and probe(s)

Doctor prescribes Treatment (usage of probes)

Medical probe(s)

�� Security IC in the probe enforces the usage prescribed (no overuse / misuse possible)

Unalterable Usage Control info processed by the Security chip

Main CPU

Board ID chip

Main Unit

I2C

Peripheral unit (disposable)

Board ID chip

30


Case 3: Secure Tracking, IP protection

� Business case



31


Board ID Example – Protect Licensing Model

Medical system vendor

Approved Partner Co

$

Main CPU

Board ID chip

Main Unit

I2C

accessory unit

Accessory MCU

32


Medical Device business risks:� Liability (HIPAA)

� Service Level Agreement (HIPAA)

� Revenue loss (HIPAA)

� Unfair competition

� Increased costs of operations

� License and brand protection

� Credibility with partners and customers

� Security breaches (HIPAA)

� Device effectiveness (HIPAA)

Medical Applications requiring strong data protection, authentication, security (HIPAA):

Networking, Web connected devices and systems,Probes/devices used by patient, Remote monitoring, Etc

HIPAA: Health Insurance Portability and Accountability Act

HIPAA HITECH: HIPAA Health Information Technology for Economic and Clinical Health Act

Board ID Solution for Medical Application

33


Benefits of security IC bring in a networked environment

Security features With Security IC No Security IC

Secure storage* of key (i.e. tamper proof device)

Y N

Strong authentication*

Public key (RSA, ECC)

Symmetric key (TDES,..)

Authentication Process as per Industry Standards

Y

Y (possible)

Y (possible)

Y

N

N

N

N

FIPS certification*

(US govt security certification)

Y (possible) N

Secure key/X509 cert provisioning* Y N

Secure remote download/upgrade* Y Proprietary solution

Secure connectivity to networks* (with X 509 certificate)

Y Proprietary solution

Strong hardware enforcement option Y N

(*) security features recommended in the NIST Cyber-security guidelines for Smart Grid devices published in 2010

34


Details on Renesas solution

� Secure IC

� Firmware and Security application

� Demo kit and reference software

� Key management and provisioning services

� Technical assistance and support

Secure IC

Firmware and Security application

Demo kit and reference software

Key management and provisioning services

Technical assistance and support

35


Conventional MCU or memory chip vs. Board ID

Board IDConventional MCU or memory chip

Attacker can read

data by monitoring

current consumption

Current consumption is

scrambled by internal

noise generator

data cannot be extracted

by current monitoring

Attacker can capture

data by probing

metal patterns

Chip is protected with:

“active” metal shield to

prevent data capture

randomized layout

These are only few examples: many more advanced security features are implemented in the Board ID chip

Chip spec

On chip detectorsworks

Voltage

Frequency

Boundary of normal operation

Chip specVoltage

Frequency

Boundary of normal operation

On chip detectors

force to stop

operation under

abnormal conditions

Attacker can read

data under

abnormal

operating

conditions

Comparison between conventional IC technology and Security IC technology.

Simply not comparable: Board ID is built with Security IC technology.

Provides an incomparable level of security. For example:

- Data cannot be extracted by current monitoring,

- Active shield, randomized layout prevent successful probing/spying

- If the chip is taken out of its normal operating environment ( temperature, voltage, frequency) it will not respond (assumes it is attacked).

Conventional chips would leak out data easily under such conditions or attempts (not designed to protect data in this manner)

36


BoardID Secure Products Positioning

Low$

High$

Med$

Value of IP to be protected

SecurityLow Medium High

EEPROM&

LF RFID

CryptoMemory

&CryptoRF

Lab Certified

LabCertified

TPM

BoardID

N series Secure MCUs

FIPS140-2

level3

37


Board ID 2.0 Specs summary

Hardware Specification

Operating Voltage 1.8V - 3.3V

Communication interface I2C (100kHz) ( Internal oscillator )

Operating Temperature - 20°C to +75°CWTR option (please consult with us)

Package QFN20 (4.2mm x 4.2mm)

SecurityPhysical protectionSecure manufacturing centerSecure programming process

Software Specification

Authentication AlgorithmPKI (RSA 1024 / 2048 bits) mutual authentication possible

Anti-Cloning PKI (Certificate and signature verification)

Usage ControlLimit counter (1 to 4, 294, 967, 295 times)

Secure Tracking 4 bytes (32bits) of condition value

IP Protection 4 bytes (32bits) of condition value

Secure Storage64 bytes X 8 pages (512bytes total) with advanced protection features

Here is diagram explaining the firmware and the security applications implemented in the Board ID device

Here is a summary outlining the key specification items of the product.

You will find more details in our web site: america.renesas.com/boardid

We will provide you the chip with a suite of firmware and application components to make your design easy and robust.

38


Response

What are the benefits of Board ID solution

compared with Software security?

Software: CPU intensive, key NOT protected, (it may be OK to compute PKI on the host side)

Board ID:

Complete authentication,

External to MCU with key totally protected,

Strong PKI crypto

Q and A

39


Response

What are the differences of a Crypto

memory Solution compared with a

Board ID solution for a customer?

Crypto memory: inexpensive, NOT protected, weak (out dated) key length

Board ID:

Complete authentication with strong PKI crypto

Physical protection

Smart card / Secure IC technology

Q and A

40


Characteristics of a Secure Solution

� Must be based on strong cryptography

� Must provide for secure key storage

� Must provide a defense against physical attacks

� Physical attack on bare die

� Voltage

� Frequency

� Temperature

� Must include a secure supply chain

� Key generation / provisioning

� Device Programming

Must be based on strong cryptography

Must provide for secure key storage

Must provide a defense against physical attacks

Physical attack on bare die

Voltage

Frequency

Temperature

Must include a secure supply chain

Key generation / provisioning

Device Programming

We offer a total solution with our partner Avnet

41


Standard based PKI security technology cost effective and accessible now to vendors of all sizes (small and large) operating globally.

A complete one-stop-shop solution

Please attend ID 910Cpresented by Avnet

Please visit also our booths

Avnet VAS; Value Added Services.

This figure presents the overall flow of product and sensitive data needed to produce a complete solution that the end customer can assemble and use in their products.

It starts with the customer and its authorized CMs.

The customer must provide product ID, and customer data which specific to the use of the security device in their environment.

Renesas manufactures the chip in their secure manufacturing center. The security firmware is included in the chip and the product is locked when it leaves Renesas premises.

Then Avnet provides the critical PKI VAS needed to deploy this technology by generating, on the customer’s behalf, the digital certificates and keys unique to each chip and fully compliant with industry standards.

Certificates are then programmed on each chip per customer requirements. It should be noted that only Avnet as an approved VAS provider can unlock the chip and perform this programming. Avnet then provides the secure logistics services and keeps detailed audit records for all operations that have been performed to provide this service

Avnet is a one-stop-shop for Board ID product and Services. By working with Avnet in this manner, Renesas makes PKI technology accessible to a large community of vendors in the global market place.

42


Response

What services are provided by Avnet to

Board ID customers?

1- Logistics support as a Franchised distributor of the

product and the Board ID demo kit

2- PKI programming services including key/cert generation

3- Technical assistance to:

a- define the programming scheme,

b- to help authentication code porting (MCU code)

Q and A

43


Board ID demo kit

Board ID Device

1. Demo for each authentication use cases: anti-cloning, usage control,

secure tracking and IP protection

2. Authentication done between authenticator (SH7285) and Board ID device

3. Authenticator software (Board ID Security Stack - BSS) provided for easier porting by customers into their target MCU/MPU.

4. Low cost, $149 available from Avnet

Authenticator (SH7285 MCU)

More Details in ID 930L presented by Shotaro Saito YBIDKITSV2

RTA has developed new Board ID demonstration system combining popular Renesas MCU.

Capable to show authentication demo for each use cases (Anti-Cloning, Usage Control, Secure Tracking and IP Protection )

Authentication is done between authenticator (SH7285 MCU) and Board ID device (R5H30211 with firmware version 1.0)

Authenticator software is provided as Board ID Security Stack (BSS) for easier porting by customers into their target MCU/MPU.

Low cost, MSRP: $149, Prototype available now.

44


RDK RX62N with Board ID module

LEDs for Spinning Motor Simulation

Micro SD Card Slot

Stereo Audio Out

(ADI) Silicon Microphone

User Pot

Ethernet PHY with

IEEE1588

National Semi

10/100

Ethernet

USB Device

USB Host

USB OTG

Debug USB

Graphics Mono LCD

3 User Switches

Application Headers

On-board

Segger JLink Lite

External Power

3 Axis Accelerometer

Analog Devices Inc (ADI)

128M Serial Flash

Board ID Connector

I2C Temp Sensor

The Rx RDK includes a Board ID Module

We are also introducing at this DevCon event our latest and greatest MCU family called the Rx family.

This RX62N RDK will be equipped with a Board ID device (in a daughter board that can be plugged in easily on the RDK).

Please meet with our Rx team as well as our Ecosystem team to learn more about this new RDK.

45


Board ID section of RTA site

http://america.renesas.com/boardid/

We have now a site entirely updated:

america.renesas.com/boardid/

46


Link to Avnet site

We have also link to Avnet site presenting the services provided by Avnet for the Board ID product.

47


Question

Are there issues with Export Control?

The Board ID product is designed to meet applicable Export

Control rules and regulations.

The product can be exported to foreign countries in accordance

with applicable US laws.

The customer must ensure compliance to these laws.

Q and A

48


Summary: Strengths of the Board ID solution

1- Strong authentication (RSA 2048 Bit) with tamper-proof chip

2- Easy integration of Board ID in customer design (fast time to market)

3- Avnet support services:

- logistics and key/cert programming services (root cert

provided by customer to keep control of the chain of trust)

- unique data serialized and programmed in each chip

- strong support for all phases of development: sample

evaluation, pre-production test/validation and MP ramp up.

4- REA experience in the Security IC market

And why a customer selected Board ID recently…

1- Strong authentication (RSA 2048 Bit) with tamper-proof chip

2- Easy integration of Board ID in customer design (fast TTM)

3- Avnet support services:

- logistics and key/cert programming services (root cert

provided by customer to keep control of the chain of trust)

- unique data serialized and programmed in each chip

- strong support for all phases of development: sample

evaluation, pre-production test/validation and MP ramp up.

4- REA experience in the Security IC market

49


Questions?

50


Innovation

Server

Router

Extended boards

PKI Mutual

authentication

51

© 2010 Renesas Electronics America Inc. All rights reserved.51

Thank You!

Please visit both the Renesas and Avnet booths in the exhibit hall.

Thank you.

Please visit our booth as well as Avnet booth in the exhibit area.

52

Renesas Electronics America Inc.

ID 911C: Case studies for Embedded Security · ID 911C: Case studies for Embedded Security D....

Documents

Transcript of ID 911C: Case studies for Embedded Security · ID 911C: Case studies for Embedded Security D....