1. Renesas Electronics America Inc. © 2010 Renesas Electronics America Inc. All rights reserved. ID 930L: Board ID Embedded Security Lab Shotaro Saito Application Engineer Version: 1.1 14 October 2010

2. 2 © 2010 Renesas Electronics America Inc. All rights reserved. Mr. Shotaro Saito Application Engineer, Secure MCU Responsible for development environment of secure MCU product line. Developed the Board ID demo kit with SH version of the Board ID Security Stack PREVIOUS EXPERIENCE: 10+ years of embedded programming and development tools support at Yokogawa Electric Corp. 3+ years of secure MCU application development with biometrics enabled Smartcard

3. 3 © 2010 Renesas Electronics America Inc. All rights reserved. Renesas Technology and Solution Portfolio Microcontrollers & Microprocessors #1 Market share worldwide * Analog and Power Devices #1 Market share in low-voltage MOSFET** Solutions for Innovation ASIC, ASSP & Memory Advanced and proven technologies * MCU: 31% revenue basis from Gartner "Semiconductor Applications Worldwide Annual Market Share: Database" 25 March 2010 **Power MOSFET: 17.1% on unit basis from Marketing Eye 2009 (17.1% on unit basis).

4. 4 © 2010 Renesas Electronics America Inc. All rights reserved. 4 Renesas Technology and Solution Portfolio Microcontrollers & Microprocessors #1 Market share worldwide * Analog and Power Devices #1 Market share in low-voltage MOSFET** ASIC, ASSP & Memory Advanced and proven technologies * MCU: 31% revenue basis from Gartner "Semiconductor Applications Worldwide Annual Market Share: Database" 25 March 2010 **Power MOSFET: 17.1% on unit basis from Marketing Eye 2009 (17.1% on unit basis). Solutions for Innovation

5. 5 © 2010 Renesas Electronics America Inc. All rights reserved. 5 Microcontroller and Microprocessor Line-up Superscalar, MMU, Multimedia  Up to 1200 DMIPS, 45, 65 & 90nm process  Video and audio processing on Linux  Server, Industrial & Automotive  Up to 500 DMIPS, 150 & 90nm process  600uA/MHz, 1.5 uA standby  Medical, Automotive & Industrial  Legacy Cores  Next-generation migration to RX High Performance CPU, FPU, DSC Embedded Security  Up to 10 DMIPS, 130nm process  350 uA/MHz, 1uA standby  Capacitive touch  Up to 25 DMIPS, 150nm process  190 uA/MHz, 0.3uA standby  Application-specific integration  Up to 25 DMIPS, 180, 90nm process  1mA/MHz, 100uA standby  Crypto engine, Hardware security  Up to 165 DMIPS, 90nm process  500uA/MHz, 2.5 uA standby  Ethernet, CAN, USB, Motor Control, TFT Display High Performance CPU, Low Power Ultra Low Power General Purpose

6. 6 © 2010 Renesas Electronics America Inc. All rights reserved. Innovation Phonograph CD Player VCRDVDBlu-Ray Portable Media Player Contents Providers Cloud Attack

7. 7 © 2010 Renesas Electronics America Inc. All rights reserved. Our Secure MCU Solution Renesas provides you practical secure MCU solutions for “Cloud Age” of embedded products. The Board ID is very flexible solution for retrofitting to your existing design and integrating to your new robust design. I’ll hack itNo way!

8. 8 © 2010 Renesas Electronics America Inc. All rights reserved. Agenda Quick Test Embedded systems security overview Public key authentication for embedded systems Lab session Setup Use case tryouts Setting up the authentication parameters Porting the authentication firmware Q&A

9. 9 © 2010 Renesas Electronics America Inc. All rights reserved. Key Takeaways By the end of this session you will be able to: Think as hackers do (a little) Identify the security threats against your design Identify how the Board ID secures your products

10. 10 © 2010 Renesas Electronics America Inc. All rights reserved. Quick Test I change my password at least every three months Company policy forces me to do so but I never change ones for my personal accounts even my banking accounts My passwords consist of at least ten characters including upper-case letters, numbers and symbols And it is written on a Post-it and attached on my LCD monitor I always lock my PC when I leave my cubicle/office But going to bathroom is an exception I know how SSL works during my online shopping And I believe any online shopping site with SSL is safe for shopping I always read terms and conditions / EULA before I ‘agree’ And you click ‘agree’ button for “Death and Repudiation” license… I always check all doors and windows before I leave home And just in case for my kids, I leave the key under the door mat If you say ‘yes’ for more than three times, you are ready to go forward

11. © 2010 Renesas Electronics America Inc. All rights reserved. 11 Embedded Systems Security Overview

12. 12 © 2010 Renesas Electronics America Inc. All rights reserved. Secure Mindset And Trusted Entity I think, therefore I am No security exists unless you are aware of it Being paranoid – the first step Don’t trust even your colleagues “Being skeptical” is the key = Hacker’s mentality Nothing is too extreme to secure your system (but it costs) Defining the security perimeter Don’t design a vault with unbreakable padlock without reinforced drywall PLM (Product life-cycle management) with proper security measures Trusted Entities A chain of trust (Security is a process, not a product) – From device to enclosure, supply chain and sales channel – Key generation, insertion and management

13. 13 © 2010 Renesas Electronics America Inc. All rights reserved. Security Threats And Countermeasures Clone and counterfeit products – Anti Cloning Mandate physical existence of the Board ID for proper operation Any system without proper key pairs will be rejected Genuine yet unauthorized products (1) – Anti Cloning Overproducing – Order for 10K units: 50K units in the market – Restrict the number of products with Board ID devices Genuine yet unauthorized products (2) – Secure Tracking Importing/Exporting genuine peripheral from cheaper region – Authentication with country (region) code – ‘Oversea’ peripherals won’t work with local host system Overuse or misuse of product – Usage control Restrict the number of use in the product lifecycle Hacking – IP protection Escalation – Purchase low-end product, hack and make it a high-end – Authentication with ‘feature’ code

14. © 2010 Renesas Electronics America Inc. All rights reserved. 14 Public Key Authentication for Embedded System

15. 15 © 2010 Renesas Electronics America Inc. All rights reserved. What Is Public Key Authentication? Bases on asymmetrical cryptography (i.e. RSA) Utilizes a pair of ‘public’ and ‘private’ key Digital signature = Encrypting a message digest with a private key Signature verification = Decrypting the signature with a public key Authentication if (Decrypted signature == original message digest) { Ownership of the private key is proven; }

16. 16 © 2010 Renesas Electronics America Inc. All rights reserved. Why Public Key, Not Symmetrical Key? Sharing identical key everywhere = higher risk Compromise one = compromise all Key delivery is always an issue All entities must be secured In the real world Symmetrical cryptography (i.e. AES) is used as a part of SSL – Asymmetrical cryptography for exchanging session keys – AES for stream cipher For low-cost consumables – Where cost for security does matter

17. 17 © 2010 Renesas Electronics America Inc. All rights reserved. Pros And Cons of Public Key Authentication Pros No key distribution issue No need to hold ‘secret’ key on the host side Proven technology with daily on-line transaction (SSL) Cons Computing power intensive = more resource requirements – Embedded hardware accelerator Requires infrastructure (PKI) – Trusted entity (Avnet) takes care of it However, the Board ID solution eliminate all cons

18. © 2010 Renesas Electronics America Inc. All rights reserved. 18 Lab Session with The Demo Kit

19. 19 © 2010 Renesas Electronics America Inc. All rights reserved. Start the Lab Keep your dice turned to the section of the lab you are on. (Instructions are provided in the lab handout) Please refer to the Lab Handout and let’s get started!

20. 20 © 2010 Renesas Electronics America Inc. All rights reserved. Checking Progress We are using the dice to keep track of where everyone is in the lab. Make sure to update it as you change sections. When done with the lab, your dice will have the 6 pointing up as shown here.

21. 21 © 2010 Renesas Electronics America Inc. All rights reserved. Questions?

22. 22 © 2010 Renesas Electronics America Inc. All rights reserved. Innovation Phonograph CD Player VCRDVDBlu-Ray Portable Media Player Contents Providers Cloud Attack

23. © 2010 Renesas Electronics America Inc. All rights reserved. 23 Thank You!

24. Renesas Electronics America Inc.