STORAGE AND SECURITY – A PERFECT CHANCE FOR SYSTEM...
Transcript of STORAGE AND SECURITY – A PERFECT CHANCE FOR SYSTEM...
IOT-Design conference 2015
STORAGE AND SECURITY –A PERFECT CHANCE FOR SYSTEM SECURITY
SPEAKER: HUBERTUS GROBBEL, SWISSBIT
IOT-Design conference 2015
KEY FACTS & FIGURES
Established 1992 SIEMENS HL Business Unit2001 Swissbit – Management Buyout
Headquarter Bronschhofen, Switzerland
R & D sites Switzerland and Germany
Production plants:COB production, test & assembly Berlin / Germany
Production capacity > 1M products / month
Financial strength Privately held company with > 60 % equity ratio
2
IOT-Design conference 2015 www.swissbit.com
DRAM MODULES−DRAM modules for industrial applications−Extended Temperature, legacy and customization
BUSINESS UNITS
FLASH PRODUCTS−NAND Flash Products for industrial applications−Focus on endurance and reliability−Industrial, long term availability, dedicated usage and customization
SYSTEM IN PACKAGE (SiP)−Small and complex form factors−Focus on small form factors−MCPs and advanced features
SWISSBIT SECURITY−Hardware based security functions for Mobile Government, Mobile Office, Mobile Banking, Secure Voice, IOT and Industrial. −Customized Security Firmware and Drivers, Logo Printing and Personalization.
3
IOT-Design conference 2015
INTERNET OF THINGS
www.swissbit.com4
Internet of
Things
Infrastructure•Home
automation•Power plants•Hospitals•Traffic lights
Mobile/Portable•Smart Phone•Media Player•Ebook reader•Wearables…
Classic Internet Equipment•Printer•PC•Tablet•Laptop
Vehicles•Car•Airplane•Train
IOT-Design conference 2015
• it is an embedded device, has a CPU, RAM, ROM, IO ports
• it has a firmware, boot loader, operating system
• Trend: dedicated controller firmware is replaced by standard OS like embedded Linux, Android, Windows 10 (?)
• Trend: for cost reasons standardized hardware like industrial PCs, COTS hardware, reference designs are used
Disciplines like • Know How protection and copy protection (SW and HW)• Attack resistance• Data protection• Firmware integrity • Counterfeit protection
now require special attention!
-> Obscurity is no longer an option …
WHAT IS COMMON FOR ALL IOT DEVICES
www.swissbit.com5
IOT-Design conference 2015
Prevent from FW change : Ensure constant boot environment -> read only access, CD-ROM principle
Prevent from malicous code execution or counterfeit: Ensure authenticity-> Code signing
Prevent from reverse engineering: Know How protection against reverse engineering-> Encryption
Monetize Know How: Licensing -> code encryption with various keys, authenticity check during run time
-> Security targets should be specified as early as possible in the specification phase!
EXAMPLES OF SECURTY TARGETS AND SUITABLEMETHODS
www.swissbit.com6
IOT-Design conference 2015
EXAMPLE: STAGED SECURE BOOT
www.swissbit.com7
Hardware, Pre-Boot
Bootloader
Operating System
Application
Verify, Decrypt, Execute Verify
Verify, Decrypt, Execute Verify
Verify, Decrypt , Execute Verify
Security SW / HSM
Secure!
IOT-Design conference 2015 www.swissbit.com
WHAT GLOBAL PLATFORM SAYS …
SECURITY OPTIONS
Source: http://www.globalplatform.org/mediaguidetee.asp
Security SW / HSM
8
IOT-Design conference 2015 www.swissbit.com
−The Flash Controller routes data to the flash memory or the smart card.
−The flash controller is able to encrypt and modify data on the fly depending on the configuartion of the firmware.
−The secure element allows data to be stored securely or be encrypted through secure methods according standards like Java Card and Global Platform
SWISSBIT APPROACH: SECURE STORAGE
Flash dieSmart Card
Flash dieFlash Controller
microSD PCB
Mold compound
Flash Memory
(encrypted, read-only, WORM, …)
SD
ISO
781
6
Secure Element
Flash Controller
with Swissbit Firmware
Customer
Customer sourcecode
9
IOT-Design conference 2015
IOT USE CASES WITHSECURE FLASH CARDS
www.swissbit.com10
Secure Flash Card provides identity
controls value chainprevents from malware
enforces policy
True RandomNumbers
Code Storage and Signing
Secure Storageand Cloud Backup
Telemetry DataEncryption
Device / Boot protection
LicenseProtection
IOT-Design conference 2015 www.swissbit.com
SWISSBIT SECURITY FOCUS
USE
CASE
Partner and
customersolutions
(likeapplications,
services, middleware,
licensecontrol)
Secure key storage by Secure Element or Security Firmware in Flash Controller under control of customer
Secure functions•Sign (), verifiy()•Encrypt(), decrypt()•Authenticate()
Flash memory security•Customer Data protection•FW know how protetction•Trusted Boot•…under control of customer
Swissbit caresCustomer cares
Swissbit API
Joint API(Customer / Swissbit)
Customer sourcecode
11
IOT-Design conference 2015 www.swissbit.com
HARMONISED SECURITY INTERFACE
Various form factorsSame interfaceSame security
…
Swissbit API
Joint API(Customer / Swissbit)
12
IOT-Design conference 2015 www.swissbit.com
SECURITY OPTIONS FROM SWISSBIT
HSM
TEE Trustzone
Memory PLUS Secure Element
Secure microSD
Secure SD
Secure SSD
Secure Compact Flash
Secure eMMC
…
Secure Element
SIM
Embedded Secure Element
SSOP20 …Pure SW
implementation
Swissbit ProductOffering
Internet of
Things
Infra-structure
Mobile/ Portable
Classic Internet Equip-ment
Vehicles
13
IOT-Design conference 2015 www.swissbit.com
SWISSBIT SECURITY EXTENSION
Swissbit provides a component thatevery embedded system needs and
offers an additional hardware secureelement with it
New Market Opportunities
by Secure Storage
Internet of
Things
Infra-structure
Mobile/ Portable
Classic Internet Equip-ment
Vehicles
14
IOT-Design conference 2015 www.swissbit.com
−The optional secure element inside the security product family meetshighest security requirements. The chip is CC EAL 5+ certified and theOS is CC EAL 5+ certified.
SWISSBIT OFFERS HIGHEST SECURITY
The secure run time environmentunder your control with latest Java Card API pluggable into any platform
RSA up to 2048 bitECC up to 521 bitSHA up to 512 bitAES up to 256 bitTrue Random Number GeneratorKey generation in cardSecure key storage...
15
IOT-Design conference 2015
Hubertus GrobbelHead BU Security
More info under www.swissbit.com
www.swissbit.com16