Post on 19-Jan-2022
transcript
EncapsulationTamper Protection
Secure BootKey Handling
Device Identification
BASIC SECURITY REQUIREMENTS
InterfaceMainline BSP
Network Security
RUNTIME SECURITY
PHYSICALSECURITY
Security for Embedded Systems
With increasing digitalization and networking, the protection of embedded systems against unauthorized access and targeted attacks is more important than ever. Gua-ranteeing this type of security, along with functional security, is a major challenge in electronics design. PHYTEC supports you in minimizing risks by considering security requirements during the development of our hardware and board support packages. On top of these deployment ready solutions, we support you with individual project consulting on complex security principles. We will be happy to discuss the various deployment methods and support you in establishing the appropriate processes.
Security Pyramid
CUSTOMER APPLICATION
FILESYSTEM
Trusted ROM-BOOT-
LOADER
BOOT-LOADER
KERNEL-IMAGE
verifies verifies verifies
Device Identification When it comes to communicating with your devices in networks, secure device identification is a fundamental prerequisite. Among other things, we are working on a process for secure crypto-chip initialization for device identification.
Secure BootSecure boot is used to ensure that only trustworthy, signed soft-ware can be launched on the controller. This is the first stage of the Chain-of-Trust. With the Chain-of-Trust, signed programs are always started by other previously verified programs. This ensures that even the end application at the highest layer is trustworthy.
Basic Security Requirements
TPM and Secure BootTPM chips (or Crypto-chips) are a good way to store and manage cryptographic keys, but cannot be used for secure boot with ARM. The ROM Bootloader must first verify the software and has no way to communicate with the TPM chip to perform this verification.
• Suitable for a Secure Boot from the bootloader• Tamper-proof unique identification number (Unique ID) for device identification• Secure storage option for symmetric encryption keys and/or private keys• Manipulation pins to detect physical attacks• Certified Random Number Generator (RNG)• Cryptographic acceleration (CPU relief)• Key Generator & Encryption algorithms
Crypto-chips have the advantage of taking over these functions regardless of the operating system used later. Many processors already support similar functions.
Characteristics:• Trusted ROM Bootloader verifies software image before they are executed• Use of RSA-4096 key pairs and SHA-256 signatures• We already meet future BSI (Bundesamt für Sicherheit in der Informationstechnik) and NIST (National Institute of Standards and Technology) requirements up to 2030 and beyond.• Basis for a Trusted Execution Environment (TEE) set up
Chain-of-Trust
PHYTEC | Security for Embedded Systems
Runtime Security
Client Hello
Verify Server Certificate
Acknowledge Client
Server Hello
Verify Client CertificateServers Public Key
Decrypt Pre-Master KeyEncrypted Pre-Master Key
Use Pre-Master Key to Create Shared Secret
Use Pre-Master Key to Create Shared Secret
Symmetric Shared SecretSymmetric Shared Secret
C O N F I D E N T I A L & A U T H E N T I C A T E D C H A N N E L
CLIENT SERVER
Servers Public Key
Servers Private Key
Network SecurityWhen devices communicate with a server or with each other, the connection must be secure. TLS offers a protocol and application-independent solution. The TLS handshake is the most common method for establishing an encrypted connection.• Establish secure connection independent of used application or protocol • TLS (SSL) is recognized as a best practice and industry standard for encrypted communication
Further Recommendations• Run only the services you really need on your device• Close all ports and open ports selectivity as needed• Always use password login (including COM & Telnet interfaces)• Use standard protocols for transferring data• Use known (open-source) implementation of encryption methods (no proprietary developments)
Mainline Linux is our first choice as an operating system for industrial series use. One of PHYTEC's clear goals is to provide our custo-mers with the advantages of a Mainline board support package as early as possible: stable code, fast bug/security fixes, and the maintenance and further development of Mainline drivers by the community.
TLS Handshake
Mainline guarantees the maintenance of current operating system versions many years after they have been installed. We often pro-vide both a vendor and Mainline BSP at the same time. This way, you can decide when you want to start with Mainline.
• Mainline BSPs for PHYTEC Boards• Annual BSP updates with all security patches from the Mainline• The latest kernel version with current security patches included• The latest Yocto-Minor releases
• LTS-Kernel in the BSPs for the PHYTEC products• Customer-specific Continuous Integration Testing
InterfacesAll interfaces accessible in the end product are a potential secu-rity risk for embedded systems. Our recommendations for basic protection of the interfaces include:• Connect only the interfaces you really need• User-dependent access control to the interfaces• Always use communication encryption
Security for Embedded Systems | PHYTEC
Texas Instruments NXP Rockchip ST
Description
HWSupportPresent
AM571xAM572x
AM574
AM654x*(PP)
i.MX6UL
i.MX6ULL
iMX6ULZ*(PP)
iMX6Solo &DualLight
i.MX6Dual &Quad
i.MX7Solo
i.MX7dual
i.MX8(PP)
i.MX8M(PP)
i.MX8MMini(PP) RK3288
STM32MP15
B a s i c S e c u r i t y R e q u i r e m e n t s
Secure Boot
Ensure thatonly verifiedSoftware islaunched
yes ✘ *
Premi-um
✔
Stan-dard
✔
Stan-dard
✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔condi-tions un-known
HardwareAccelera-tion
Hardware-basedencryptionsupport
yes ✔ *
limited
? ✔ ✔ ✔ *
limited
✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔
SecureDebug
DebugAccess toSecurity-RelevantSystemPartsPrevented
indivi-duallychecked
✘ ✔ ? ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔
True Random Generator
✘ ✔ ✔ ✘ ✔ ✔ ✔ ✔ ✔ ✘PRNGcerti-fiable by the CAVP of the NIST
✔ ✘ ✔
SecurityCo-Processor
Completelyindependentsecurity unit
indivi-duallychecked
✘ ✘ ✔ ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✔ ✘ ✘ ✘ ✘
Boot Fuses Boot medium and order can be set by FUSES
✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔
Cortex-M4for Safety
Cortex-M4 f. S.
Tamper Protection• Protect sensitive data such as Encryption or Private Keys• Permanently deletes data when device is tampered with• Several operating modes supported
Encapsulation (Resin Casting)• Physical access to components is impossible• Chip-Identification (recognizing used components) is more difficult• Electrical Measurements are impossible to reverse engineer
Physical Security
In addition to attacks on the hardware via interfaces or the network, direct hardware manipulation also represents a security risk. In order to protect your electronics against physical attacks, we support the following procedures:
PHYTEC | Security for Embedded Systems
C o m p a r i s o n T a b l e : P H Y T E C C o n t r o l l e r S e c u r i t y F e a t u r e s
contact@phytec.dewww.phytec.de
Texas Instruments NXP Rockchip ST
Description
HWSupportPresent
AM571xAM572x
AM574
AM654x*(PP)
i.MX6UL
i.MX6ULL
iMX6ULZ*(PP)
iMX6Solo &DualLight
i.MX6Dual &Quad
i.MX7Solo
i.MX7dual
i.MX8(PP)
i.MX8M(PP)
i.MX8MMini(PP) RK3288
STM32MP15
R u n t i m e S e c u r i t y
One-TimeProgramming
One-timesetting ofsecurityparameters
yes ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔
Cryptographicacceleration
Cryptographiccoprocessor(CPU relief)
yes ✔ ✔ ✔ ✔ ✔ *limit-ed
✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔CAAM
✘ ✘
Secure On-ChipRAM
RAMdirectly onthe controller
yes ✘ ? ✔ ✔ ✘ ? ✔ ✔ ✔ ✔ ? ? ✔ ✘ ?
TrustedExecutionEnvironment
Hardware-securedarea in theoperatingsystem
yes ✔ ✔ ? ✔ ✔ ? ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔
P h y s i c a l S e c u r i t y
External Memory Protection
Accessprotectionfor built-inRAM
indivi-duallychecked
✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✘
TamperPINs
TamperProtectionimplementa-tion (TamperDetection)
indivi-duallychecked
✘ ? ? ✔ *
G3 Only
✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✘ ✔
C o m p a r i s i o n T a b l e L e g e n d : ✔ = Feature supported by the controller ✘ = Feature not supported by the controller ? = Information is not currently known due to: (PP) = Pre-Production, Features may change · (Premium) = Secure Boot with Key Handling from TI only (with a min. number of pieces) · (Standard) = Secure Boot with any usable, seperate part number · Deployment Ready Solutions Available · Deployment Ready Solutions Not Planned / Not Possible · Implementation on Request
Your
C o m p a r i s o n T a b l e : P H Y T E C C o n t r o l l e r S e c u r i t y F e a t u r e s
Your SECURIT Y PROJECT
Do you have questions about security or need specific support
for your project?
Our security experts are happy to help!
Security for Embedded Systems | PHYTEC
Most methods for securing devices and software are based on asymmetric cryptography using a connected public key infrastructure (PKI). To do this, you often need a different number of certificates, with public and private keys. Managing and protecting these certi-ficates and private keys is a big challenge. The private keys must be protected throughout their entire lifecycle.
PHYTEC is your partner for these tasks and can guarantee the security of your private keys and other secrets with its production concept.
PHYTEC you can trust! As a reliable partner for the implementation of your business ideas, we make protecting your secrets a top priority. We ensure the encrypted and verified trans-mission of your information for the realisation of your projects.
We protect your company secrets throughout the entire product lifecycle. We ensure safe storage on a specially developed system that is not connected to the company network. Strict access controls ensure maximum security.
• Strict access controls• Not on the company network• Physically separated network connection to production (software installation)
Key Handling Concept
PARTNERSHIP BUILDS TRUST
SECURE STOR AGE
PHYTEC | Security for Embedded Systems
––
–––––––
––
––
––
––
Security for Embedded Systems | PHYTEC
In order to guarantee secure device initialization, PHYTEC is planing a secure zone at our new manufacturing site currently under construction. All security relevant features of your device will be enabled within the secure zone. The use of special Hardware Security Modules (HSM) during the import process ensures that your know-how remains confidential. The transfer of cryptographic keys to your end device takes place in the security zone with special access controls. This allows us to guaran-tee the highest level of security: whether patent-protected software, cryptographic keys for verifying software updates, or certificates for unique device identification on the Internet. We bring your solutions securely onto your product!
• No direct access to private keys in the test environment• Use of HSM modules to protect private keys• Physically independent network for the entire process
We take care of the protection of your products during the entire production process and during storage, after installation of your customer software. We design the procedure up to the agreed delivery time according to your requirements.
SAFE INTRODUC T ION INTO THE PRODUC T
PROTEC T YOUR PRODUC T UNT IL DEL IVERY
PHYTEC | Deutschland +49 6131 9221-32 · contact@phytec.de · www.phytec.de | Europa · www.phytec.eu
Your Contact:Maik Otto · Head of Security
maik.otto@phytec.de+ 49 (0) 6131/ 9221-32
PHYTEC | Security for Embedded Systems
Benefit from our security services throughout the entire lifecycle of your products
Let's talk about your project!
Device Identification
Mainline BSP with LTS-
Kernel
Product Lifecycle
Management
Made in Germany