Future proof your products with secure provisioning · • Encrypting your software image ready for...
Transcript of Future proof your products with secure provisioning · • Encrypting your software image ready for...
Future proof your products with secure provisioning
Agenda
Problem StatementRequirements for a Secure
Framework• Root of Trust• Mastering
Secure ProvisioningSummary
Problem Statement
Evolving Threats & Legislation• No system will ever be completely protected• Security threats are constantly changing• Legislation is beginning to make an impact• Codes of Practice require system updates
after products are deployed into the field
What is needed?• A secure system framework to enable theupdating of software on a connecteddevice/product.
• Secure updating of a product requires:– A Root of Trust– Software update policy (anti-rollback)– Methodology to encrypt/decrypt and sign software updates– Communication channel
o Deliver encrypted software (e.g. OTA¹)
¹OTA – Over-the-Air
Requirements for a Secure Update framework
Root of Trust detail The Security of an IoT device starts by having a secure “Root of Trust”
(RoT) The RoT typically consists of four key items:
• Unique identity• Unique product asymmetric key pair • Immutable boot path• Authentication path - PKI Certificate
The RoT is realized in a Secure Boot Manager The RoT must be securely provisioned into the product
Root of Trust creation• Embedded Trust includes a simple Wizard to configure a Secure Boot
Manager.• The Secure Boot Manager utilises the target devices’ security technology
to implement a Root of Trust
Create
What did I create?A new memory map
& Secure Boot Manager
IdentityPrivate
IdentityPublic
ECC-256 CryptographicKey pairs
Identity keys
An update policy
GroupPrivate
GroupPublic
Software update validation keys
What did I create?
Certificate chain of trust PKI certificate chain
In Summary….• In 4 steps, the wizard created:
– A Secure Boot Managero Designed to take full advantage of target device technology
o Immutable booto Secure memory (e.g. TrustZone)o Debug and JTAG access disable
– Unique identity– PKI chain of trust– Asymmetric cryptographic key pairs– A software update policy
– So what’s missing?
Encrypting my software• Encrypting your software image ready for sending to your remote device is
a process called Mastering.
– Mastering (for development) is the process of creating a secure package of encrypted data (software and keys) that includes the current version of the application software
– Mastering (for production) is the process of:o Exchanging all keys and certificates used during the development process with
production environment security keys and certificates (part of the “zero trust” philosophy)
o Creating a secure package of encrypted data (software and keys) that includes the release version of the application software
Mastering the User Application
Generate Encrypted User Application
Cloud Service
Secure Provisioning
Root of Trust programmingSecure Desktop Provisioner ensures that the Root of Trust is securely programmed (provisioned) into the target device.
Export Direct to Production
Sign & authorisemanufacturing
Provisioning details
Secure ProductionPackage
Security Appliance
• Security Appliance– Unwraps production package– Generates identity keys– Creates device certificate & signs– Only releases key quantity specified in production count
Secret Data
Target device
Secure Provisioning
Summary• We make security simple• We future proof your product by enabling
secure updates• We provide tools to securely program the
Root of Trust