STORAGE AND SECURITY – A PERFECT CHANCE FOR SYSTEM...

IOT-Design conference 2015

STORAGE AND SECURITY –A PERFECT CHANCE FOR SYSTEM SECURITY

SPEAKER: HUBERTUS GROBBEL, SWISSBIT


KEY FACTS & FIGURES

Established 1992 SIEMENS HL Business Unit2001 Swissbit – Management Buyout

Headquarter Bronschhofen, Switzerland

R & D sites Switzerland and Germany

Production plants:COB production, test & assembly Berlin / Germany

Production capacity > 1M products / month

Financial strength Privately held company with > 60 % equity ratio

2

IOT-Design conference 2015 www.swissbit.com

DRAM MODULES−DRAM modules for industrial applications−Extended Temperature, legacy and customization

BUSINESS UNITS

FLASH PRODUCTS−NAND Flash Products for industrial applications−Focus on endurance and reliability−Industrial, long term availability, dedicated usage and customization

SYSTEM IN PACKAGE (SiP)−Small and complex form factors−Focus on small form factors−MCPs and advanced features

SWISSBIT SECURITY−Hardware based security functions for Mobile Government, Mobile Office, Mobile Banking, Secure Voice, IOT and Industrial. −Customized Security Firmware and Drivers, Logo Printing and Personalization.

3


INTERNET OF THINGS

www.swissbit.com4

Internet of

Things

Infrastructure•Home

automation•Power plants•Hospitals•Traffic lights

Mobile/Portable•Smart Phone•Media Player•Ebook reader•Wearables…

Classic Internet Equipment•Printer•PC•Tablet•Laptop

Vehicles•Car•Airplane•Train


• it is an embedded device, has a CPU, RAM, ROM, IO ports

• it has a firmware, boot loader, operating system

• Trend: dedicated controller firmware is replaced by standard OS like embedded Linux, Android, Windows 10 (?)

• Trend: for cost reasons standardized hardware like industrial PCs, COTS hardware, reference designs are used

Disciplines like • Know How protection and copy protection (SW and HW)• Attack resistance• Data protection• Firmware integrity • Counterfeit protection

now require special attention!

-> Obscurity is no longer an option …

WHAT IS COMMON FOR ALL IOT DEVICES

www.swissbit.com5


Prevent from FW change : Ensure constant boot environment -> read only access, CD-ROM principle

Prevent from malicous code execution or counterfeit: Ensure authenticity-> Code signing

Prevent from reverse engineering: Know How protection against reverse engineering-> Encryption

Monetize Know How: Licensing -> code encryption with various keys, authenticity check during run time

-> Security targets should be specified as early as possible in the specification phase!

EXAMPLES OF SECURTY TARGETS AND SUITABLEMETHODS

www.swissbit.com6


EXAMPLE: STAGED SECURE BOOT

www.swissbit.com7

Hardware, Pre-Boot

Bootloader

Operating System

Application

Verify, Decrypt, Execute Verify

Verify, Decrypt, Execute Verify

Verify, Decrypt , Execute Verify

Security SW / HSM

Secure!


WHAT GLOBAL PLATFORM SAYS …

SECURITY OPTIONS

Source: http://www.globalplatform.org/mediaguidetee.asp

Security SW / HSM

8


−The Flash Controller routes data to the flash memory or the smart card.

−The flash controller is able to encrypt and modify data on the fly depending on the configuartion of the firmware.

−The secure element allows data to be stored securely or be encrypted through secure methods according standards like Java Card and Global Platform

SWISSBIT APPROACH: SECURE STORAGE

Flash dieSmart Card

Flash dieFlash Controller

microSD PCB

Mold compound

Flash Memory

(encrypted, read-only, WORM, …)

SD

ISO

781

6

Secure Element

Flash Controller

with Swissbit Firmware

Customer

Customer sourcecode

9


IOT USE CASES WITHSECURE FLASH CARDS

www.swissbit.com10

Secure Flash Card provides identity

controls value chainprevents from malware

enforces policy

True RandomNumbers

Code Storage and Signing

Secure Storageand Cloud Backup

Telemetry DataEncryption

Device / Boot protection

LicenseProtection


SWISSBIT SECURITY FOCUS

USE

CASE

Partner and

customersolutions

(likeapplications,

services, middleware,

licensecontrol)

Secure key storage by Secure Element or Security Firmware in Flash Controller under control of customer

Secure functions•Sign (), verifiy()•Encrypt(), decrypt()•Authenticate()

Flash memory security•Customer Data protection•FW know how protetction•Trusted Boot•…under control of customer

Swissbit caresCustomer cares

Swissbit API

Joint API(Customer / Swissbit)

Customer sourcecode

11


HARMONISED SECURITY INTERFACE

Various form factorsSame interfaceSame security

…

Swissbit API

Joint API(Customer / Swissbit)

12


SECURITY OPTIONS FROM SWISSBIT

HSM

TEE Trustzone

Memory PLUS Secure Element

Secure microSD

Secure SD

Secure SSD

Secure Compact Flash

Secure eMMC

…

Secure Element

SIM

Embedded Secure Element

SSOP20 …Pure SW

implementation

Swissbit ProductOffering

Internet of

Things

Infra-structure

Mobile/ Portable

Classic Internet Equip-ment

Vehicles

13


SWISSBIT SECURITY EXTENSION

Swissbit provides a component thatevery embedded system needs and

offers an additional hardware secureelement with it

New Market Opportunities

by Secure Storage

Internet of

Things

Infra-structure

Mobile/ Portable

Classic Internet Equip-ment

Vehicles

14


−The optional secure element inside the security product family meetshighest security requirements. The chip is CC EAL 5+ certified and theOS is CC EAL 5+ certified.

SWISSBIT OFFERS HIGHEST SECURITY

The secure run time environmentunder your control with latest Java Card API pluggable into any platform

RSA up to 2048 bitECC up to 521 bitSHA up to 512 bitAES up to 256 bitTrue Random Number GeneratorKey generation in cardSecure key storage...

15


Hubertus GrobbelHead BU Security

[email protected]

More info under www.swissbit.com

www.swissbit.com16

mailto:[email protected]

http://www.swissbit.com/

STORAGE AND SECURITY – A PERFECT CHANCE FOR SYSTEM...

Documents

Transcript of STORAGE AND SECURITY – A PERFECT CHANCE FOR SYSTEM...