Protect Your Hardware from Hacking and Theft Class 2: How Do You Implement Secure Hardware? How do you implement secure hardware? This class will cover the key techniques used by modern devices to protect design IP from the most common threats. Starting with simple approaches to tamper protection, and then moving on to protection from copying, and cloning this class will begin to introduce key devices and features needed to successfully protect your design. 11/11/2014 Warren Miller
This Week’s Agenda 11/10/14 Stealing and Hacking Your Design- Easy 11/11/14 How Do You Implement Secure Hardware? 11/12/14 Secure Devices- An Overview 11/13/14 Protecting Your System in the Field 11/14/14 An Example Design- in Detail
Course Description Your IP… Easy to steal... Must protect it… This course provides a practical and implementation oriented follow-on to a previous class, given in Dec 2013, that introduced many high level security concepts. You CAN protect your design from reverse engineering or theft.
Today’s Topics and Goals Protection- What is Required? Simple Example The Concept of a Secure Root of Trust Know what this means for your designs Available Devices Overview MCUs, Specialized devices, FPGAs Know about the key advantages and disadvantages of each
Technology to Thwart Threats Typical Hardware (for this course) MCU, FPGA, ASIC, Analog, Standard Devices, etc All interconnected on a circuit board Can be accessed when used in the field Thwarting Threats (Keep design secret) MCU code, FPGA code, Flash memory contents Secret keys, SRAM data, Data going on/off board Devices used, Board layout, Tamper detection More detailed set-up for device specifics
Protect Your Design- An Example Simple Sensor and Display MCU Overall control Serial Flash Display images SPI Interface Sensor (Temp, Magnetic, Gyro, etc) Battery LCD MCU Serial Flash Sensor Battery UART Aggregation Hub
Security Concepts- Review Secret Keys Symmetric Keys Asymmetric Keys Public Key System Protection of Secret Keys Secure Storage Tamper Detection Standard Algorithms “Difficult” Problems Encryption Decryption Authentication Certificates
Attacking Security Keys Side Channel Analysis Attacks Differential Power Analysis (x1 gain) Typical single trace Obvious difference leaks secret First published in 1999 by Paul Kocher and his associates at Cryptography Research, Inc. (now a division of Rambus) Over 7 billion chips per year under license. Observe a series of cryptographic transactions Apply statistical tests to correlations in computational intermediates – Compare results from key hypotheses Results recover the key and other secrets https://www.youtube.com/watch?v=cPDDNVKo43w#t=264 https://www.youtube.com/watch?v=bR0oPRiZMsk http://www.cryptography.com/technology/dpa/fpga-board-video.html http://soc.microsemi.com/videos/SmartFusion_CRI.html Correct key guess (an 8-bit portion of key) Shows correlation peaks (x100 gain) Random low correlation (x100 gain) Incorrect key guess [Paul Kocher et al, Proc. CRYPTO 1999]
Secure Root of Trust You must have a secure starting point to implement a secure system Once you have a secure starting point you can extend trust to the rest of the system What do you need? Hardware that operates as expected every time Secure storage- security keys, IDs, certificates, etc. Security routines- AES, SHA, etc.
Protect MCUs MCU has Code in Flash so… Protect Code Access Via JTAG, Via Debug, Via Reads, etc Can be difficult/inconvenient to protect memory Programming during manufacturing? Protect from Tampering Passwords, Lock Bits, Secure memory blocks Voltage levels, Clock failure, Traces lifted, De-cap Just an overview at this point
MCUs- What’s Available? Regular MCUs Flash on chip Can make OTP, Turn-off JTAG, etc. Secure MCUs Additional security capabilities Crypto, Tamper detection, Zeroization, Key storage Specific applications (often) ST, Renesas, TI, Maxim, etc
Protect FPGAs FPGA has Configuration Bit Stream Protect from Tampering External memory? Internal memory (Flash)? Debug, JTAG, etc Encrypt configuration (Protect your secret keys!) Protect from Tampering Passwords and Lock bits, Secure address space, Battery Back-up, De-cap Detect, Circuit tricks Just an overview at this point
FPGAs- What’s Available? SRAM FPGAs Configure SRAM-based fabric via external NVM Some can use battery back-up to store keys On-chip security hardware Flash FPGAs Configure via fabric-based NVM Keys stored via on-chip NVM
Protect Your Circuit Board Typical HW Hack- Divide and Conquer Separate modules by lifting traces Control clocks, Power Snoop at interfaces Inject fake data Power and timing monitoring Use Tamper Detection Traces and Layers Capacitance change? Signal noise? Traces broken? Just an overview at this point
How Do You Protect The Design? MCU Copy Protect Serial Flash Encrypt Data Board Tamper Detection Data LCD MCU Serial Flash Sensor Battery UART Protect Code Access Via JTAG, Via Debug, Via Reads, etc Can be difficult/inconvenient to protect memory Programming during manufacturing? Protect from Tampering Passwords, Lock Bits, Secure memory blocks Voltage levels, Clock failure, Traces lifted, De-cap Typical HW Hack- Divide and Conquer Separate modules by lifting traces Control clocks, Power Snoop at interfaces Inject fake data Power and timing monitoring Use Tamper Detection Traces and Layers Capacitance change? Signal noise? Traces broken? Aggregation Hub
Additional Resources Previous Course: http://www.designnews.com/lecture.asp?doc_id=269699 “Securing Your Embedded System” Security Blog, Schneier on Security: https://www.schneier.com Department of Homeland Security- Federal Network Resilience SIA Report on Counterfeiting Coursera Cryptography Courses: www.coursera.org (Search for Cryptography) Digi-Key TechZone Article Library: MCUs , Securing MCU Designs, 11/06/2013
This Week’s Agenda 11/10/14 Stealing and Hacking Your Design- Easy 11/11/14 How Do You Implement Secure Hardware? 11/12/14 Secure Devices- An Overview 11/13/14 Protecting Your System in the Field 11/14/14 An Example Design- in Detail