Secure production programming - Connected Communities · Download Windows PC OR User Setup/...
Transcript of Secure production programming - Connected Communities · Download Windows PC OR User Setup/...
© 2015 Microsemi Corporation. Company Proprietary 1
Power Matters.TM
Preventing Overbuilding and Cloning of Electronic Systems Secure production programming
Peter Trott Snr FAE - Microsemi
Power Matters.TM 2© 2015 Microsemi Corporation. Company Proprietary
The Cost of Overbuilding & Cloning What does the SPPS do? SPPS Flow Overbuild Protection Hardware Security Module (HSM) HSM Server
• Types, Structure, Procurement, Provisioning Supply chain assurance – the missing link
Overview
Power Matters.TM 3© 2015 Microsemi Corporation. Company Proprietary
The U.S. Chamber of Commerce estimates that intellectual property (IP) threats cost domestic companies more than $250 billion per year in lost revenues. Add to that the loss of approximately 750,000 jobs
The annual revenue loss due to IP theft equates to current annual level of U.S. exports to Asia — more than $300 billion. Over 55 million jobs in the U. S. are supported by IP intensive industries.
The Cost of Overbuilding & Cloning
Power Matters.TM 4© 2015 Microsemi Corporation. Company Proprietary
IP-Theft Example – Code-LiftingAmerican Superconductor Corp.
…
Nov. 2011: Wind turbine parts maker AMSC slashed its work force by an additional 20% in order to lower its cash usage …The moves comes after the company disclosed plans in August to reduce its work force by 30%.
October. 2015: AMSC hasn’t fully recovered
http://tinyurl.com/6prsc4x
… Worse, the software revealed that Sinovel had complete access to AMSC’s proprietary source code. In short, Sinovel didn’t really need AMSC anymore.
Power Matters.TM 5© 2015 Microsemi Corporation. Company Proprietary
Counterfeit or “Knock-off” products
Lockheed Martin unknowingly sells $250K Chinese counterfeit “Cisco” routers to Navy In another case, eGlobe solutions distributed $788K counterfeit equipment to:
• US Naval Acadamy, US Naval Air Warfare Center, US Naval Underseas Warfare Center, US Air Bases, Bonneville Power Administration, General Services Administration, and Defense Contractors (e.g., Raytheon)
According to an Alliance for Gray Market and Counterfeit Abatement (AGMCA) and KPMG white paper:• 1 in 10 IT products sold are counterfeit• $100B/yr
Power Matters.TM 6© 2015 Microsemi Corporation. Company Proprietary
The Secured Production Programming Solution (SPPS) automatically prevents overbuilding when programming SmartFusion2/Igloo2 devices in an untrusted environment
SPPS uses:• Simple software interfaces and Hardware Security Modules• Leverages underlying security protocols of SmartFusion2/Igloo2 and
Igloo2
Additional SPPS Security Features• Programming content assurance
– Is MY bitstream programmed?• Counterfeit part detection• Secured key management
What does the SPPS do?
Power Matters.TM 7© 2015 Microsemi Corporation. Company Proprietary
Preparing for Secure Production
User / Design Centre
User-HSM ServerU-HSM
Manufacturing-HSM ServerM-HSM
Manufacturing Location
Power Matters.TM 8© 2015 Microsemi Corporation. Company Proprietary
SPPS Flow
Job File Created
Job Manager
Job File Received
FlashPro Express
Programmer
User / Design Center / Customer Location
Manufacturing Location
User-HSM Server
Manufacturing-HSM Server
Device Limit Count FPGA Bitstream
Generate KeysEncrypt Bitstream Encrypt Device Limit Count
Device Limit Count Secure key injection
Transmit or Deliver Job File
I want to program my design into
XX devices
Power Matters.TM 9© 2015 Microsemi Corporation. Company Proprietary
Encrypted Bit Stream• Encrypted with KIP (random key)
– Generated by the HSM
Device Limit Count Various keys that are encrypted And more data..
Job File Contents
Power Matters.TM 10© 2015 Microsemi Corporation. Company Proprietary
Each SmartFusion2/Igloo2 device contains a unique Device Serial Number (DSN)
Each device contains a unique Factory Key (FK)
Each Customer who buys a HSM receives a • Diversified Factory Key (DFK) Database
– Which is a list of all device factory keys diversified by the customer UUID– UUID is used to diversify each FK by using a key tree algorithm– UUID is assigned during the HSM provisioning process
Diversified Factory Key Database
DFK File
FK UUID
Key Tree Algorithm
These are injected into device during
manufacturingby our HSM’s
DFK accessed by Secure web portal
+ DSN & FK
Unique User ID (UUID)
Power Matters.TM 11© 2015 Microsemi Corporation. Company Proprietary
Automatic Overbuilding Prevention
Overbuilding Problem Solved!
For I = 1 to Device Limit CountHSM generates Authorization CodeProgrammer sends Authorization Code to SF2 deviceSF2 use authorization code to decrypt bitstream and programs device
End if
Device Limit Count from Job FileDecrypted in HSM
Job File
DSN (Index to DFK Database)
+ DSN & FK
DFK Database
FlashPro Express
M-HSM Server
ProgrammerDevice Serial Number (DSN)Factory Key (FK)
Power Matters.TM 12© 2015 Microsemi Corporation. Company Proprietary
HSM generated proofs that all is well• Device Authenticity Check
– Every programming action will read Device Certificate and validate it– Every initial programming key loading will check validity of the DFK value– Programming action will be stopped if any of the above checks fail
• Certificate of Conformance (CoC)– Proof that the device was programmed with the design in the job file
– Consists of digests from every bitstream component received by the device during programming.
– CoC is cryptographically protected and can be validated by the U-HSM • Job End Certifier
– This assures user that no more devices can be programmed from the job file even if programming counters did not reach the max allowed values– All job ticket information becomes erased in the HSM module – Job End Certifier can be validated by U-HSM
Auditing Features
Power Matters.TM 13© 2015 Microsemi Corporation. Company Proprietary
HSM Server Capabilities
Function U-HSM Server M-HSM Server
Create Jobs +
Encrypt bitstreams +
Manages keys +
Generates bitstreams +
Key Injection + +
Overbuilding protection + +
Generate audit data + +
U-HSM has same features As M-HSM so customers can
debug their flow
U-HSM is the user/customer HSM and M-HSM is the Manufacturing-HSM
Power Matters.TM 14© 2015 Microsemi Corporation. Company Proprietary
The HSM is a core component of the HSM Server
An HSM is a tamper-resistant device designed to:• Generate keys securely• Store keys (encrypted) securely outside the module• Facilitate the use of sensitive key material• Execute standard and custom algorithms requiring use of
protected keys
Microsemi is an official reseller of the Thales modules:• nShield Edge, a USB-attached device• nShield Solo, a module with a PCIe interface
The Solo or Edge can be used as either a U-HSM or M-HSM
Hardware Security Module (HSM)
Thales nShield Solo
Thales nShield Edge
Power Matters.TM 15© 2015 Microsemi Corporation. Company Proprietary
Thales Products
nShield Edge• MSRP $9999• OPN - MSCNC4031U-10• Designed in the UK• Manufactured in the UK
nShield Solo• MSRP $19999• OPN - MSCNC4433E-500• Designed in the UK• Manufactured in the USA
Power Matters.TM 16© 2015 Microsemi Corporation. Company Proprietary
HSM Comparison
Edge Solo
FIPS140-2 Level 3 Yes Yes
Form Factor USB Device PCIe Add in Card
USB 1.x/2.x Compliant Yes N/A
PCIe Single Lane 1.2/2.0 Compliant N/A Yes
2048 bit RSA Signing Performance 2 tps 150 tps
4096 bit RSA Signing Performance 0.2 tps 80 tps
Part Number (one HSM) MSCNC4031U-10 MSCNC4433E-500
MSRP (one HSM) $9,999 $19,999
Warranty 1 yr. 1 yr.
“tps” affects HSM Throughputtps = transactions per second
Power Matters.TM 17© 2015 Microsemi Corporation. Company Proprietary
U-HSM Bitstream Encryption (mins)
Device Density Edge Solo
005 2.81 .14
010 5.61 .28
025 12.85 .64
050 26.15 1.31
060 23.23 1.31
090 40.00 2.00
150 67.82 3.39
Bitstream Encryption (mins)
Power Matters.TM 18© 2015 Microsemi Corporation. Company Proprietary
Before using a HSM it must belong to a “Security World”
• A Security World is an isolated security domain:– configured to match the security policies of the business (or application)– administered by a single group of security card holders.
• “Security World” is a Thales e-Security defined Architecture
Customers must setup the HSM’s to operate in a “Security World”• Part of the installation or provisioning steps
Thales “Security World”
Power Matters.TM 19© 2015 Microsemi Corporation. Company Proprietary
HSM HW modules are purchased
U-HSM Server Steps
Purchase
U-HSM Server
HSM Installation Package
Download
Windows PC
OR
User
Setup/ Provisioning
nShield Solo HSM ModuleMSCNC4433E-500
nShield Edge HSM ModuleMSCNC4031U-10
Quick Start Guide points to URLOn web for all docs needed to
install and setup HSM’s
USB/PCie
Power Matters.TM 20© 2015 Microsemi Corporation. Company Proprietary
U-HSM Server : Components
USB/PCIe
Windows PC
Secure Execution Environment (SEE) Firmware implementingSmartFusion2/Igloo2 Security Protocols for U-HSM
Standard Thales nShield SoftwareContaining API’s to communicate with U-HSM
Encrypt
Decrypt
Sha256
Job Manager client communicates via .NET framework, GSOAP, etc
Server Software (Thales Provided)SQL LiteFTP.Net Framework
U-HSM HW Module
or
Power Matters.TM 21© 2015 Microsemi Corporation. Company Proprietary
HSM HW modules are purchased then provisioned and shipped to the Manufacturer
M-HSM Server Setup
HSM Installation Package
Download
User Manufacturer
Purchase
nShield Solo HSM ModuleMSCNC4433E-500
nShield Edge HSM ModuleMSCNC4031U-10
OR
Quick Start Guide points to URLOn web for all docs needed to
install and setup HSM’s M-HSM Server
Windows PC
USB/PCieSetup/
ProvisioningSetup/
Provisioning
Power Matters.TM 22© 2015 Microsemi Corporation. Company Proprietary
M-HSM Server : Components
M-HSM HW Module
USB/PCIe
Windows PC
Secure Execution Environment (SEE) Firmware implementingSmartFusion2/Igloo2 Security Protocols for M-HSM
Standard Thales nShield SoftwareContaining API’s to communicate with M-HSM
Encrypt
Decrypt
Sha256
FlashPro Express client communicates via .NET framework
Server Software (Thales Provided)SQL LiteFTP.Net Framework
or
Power Matters.TM 23© 2015 Microsemi Corporation. Company Proprietary
Following applies to U-HSM and M-HSM:
• nShield Edge HSM Module– USB 2.0 interface– Windows 7 x64– Windows Server 2008 x64
• nShield Solo HSM Module– PCIe– Windows 7 x64– Windows Server 2008 x64
HSM Server Operating Systems
MSCNC4433E-500
MSCNC4031U-10
Power Matters.TM 24© 2015 Microsemi Corporation. Company Proprietary
Supply Chain Assurance
Power Matters.TM 25© 2015 Microsemi Corporation. Company Proprietary
Microsemi - Supply Chain Assurance
Wafer Sort
Package Test
Secure Production
Programming Solution
HSM Product Used : Thales Solo
HSM Product Used : Thales Solo
HSM Product Used : Thales Solo or Edge
Power Matters.TM 26© 2015 Microsemi Corporation. Company Proprietary
Microsemi Manufacturing HSM’sWafer Sort The HSM authenticates the wafer
• Is this SmartFusion2/Igloo2 or Igloo2?
The wafer authenticates the HSM• Is this a Microsemi HSM?
If everyone agrees, the HSM will inject keys into good die Wafer
HSM
Power Matters.TM 27© 2015 Microsemi Corporation. Company Proprietary
Microsemi Manufacturing HSM’sPackage Test The HSM authenticates the
SmartFusion2/Igloo2 device.• Is this still a Microsemi device?
SmartFusion2/Igloo2 authenticates the HSM• Is this a Microsemi HSM?
If everyone agrees, The HSM will inject the device certificate into the packaged part
The device certification is a proof that this is a genuine Microsemi FPGA that has passed final test
HSM
Power Matters.TM 28© 2015 Microsemi Corporation. Company Proprietary
SPPS Flow
Job File Created
Job Manager
Job File Received
FlashPro Express
Programmer
User / Design Center / Customer Location
Manufacturing Location
User-HSM Server
Manufacturing-HSM Server
Device Limit Count FPGA Bitstream
Generate KeysEncrypt Bitstream Encrypt Device Limit Count
Device Limit Count Secure key injection
Transmit or Deliver Job File
I want to program my design into XX
devices
Power Matters.TM 29© 2015 Microsemi Corporation. Company Proprietary
Available with Libero 11.7 (January)• Installation / Provisioning Guide • Users Manuals• Video for Customers • Webinar Training• SPPS software includes new Job Manger tool and also adds SPPS
functions to the existing tools:– Libero– FlashPro Express – and in the future for Smart Debug.
HSM’s available Now• Beta versions of SPPS Available
Availability and Resources
Power Matters.TM 30© 2015 Microsemi Corporation. Company Proprietary
HSM SPPS flow automates the process controlling the manufacturing build process• Customers controls all the action
– Setup to teardown– No need to have complicated processes and procedures for every CM– No need to go on quarterly or yearly auditing trips– No temptation by CM’s to overbuild– Protects your IP
Customer spends $40K (2 HSM’s) to save possibly hundreds of thousands of dollars, if not millions.
Customers and CMs who adopt can lower their compliance costs and protect their revenue stream and brand
Summary