NOVeA White Paper

8/6/2019 NOVeA White Paper

1/8

Security Made Solid with Non-Volatile NOVeA

Synopsis:

Security, a buzzword and concept once perceived as a magical panacea, is now a termthat is familiar to many logic designers. Some have even developed expertise in this area.The increased interest in security stems from two main factors: First, the need to reducethreats and damage resulting from security breaches and second the opportunity to deploynew revenue-generating applications. USB flash drives have exhibited remarkablegrowth, while enhancing the level of security. According to leading analysts, high-endphones will increase market share from 5% in 2004 to over 20% in 2008, showing over50% annual growth, while integrating hardware-based security into the baseband orapplication processors.

Changes in the application landscape are the driving force behind the advances in the

upcoming generation of handset processors and micro-controllers used for storagedevices and dongles. Mobile handsets have evolved into fully developed computingdevices, which bring together functionality that had previously been associated withmedia players, personal digital assistants, credit cards, flash drives and even laptops.As a result, the requirements of flash controllers are changing to meet the demands ofthese new applications. These include storage protection, digital content protection andauthentication tokens.

Many of these secure applications involve sensitive information that changes over time,including PIN fail counter, e-cash balance and digital rights play-credit counter. Toensure that such stateful information is not illegally altered, it is often complemented by

integrity checksums. However, one simple attack can easily bypass such protection,enabling undetected tampering. By reprogramming the flash with a previously storedimage, i.e. reflashing the flash memory, the attacker can restore any desired value that hassince been altered. In this manner, a $100 e-cash balance can be consumed, but thenreused endlessly without actually having to reload the balance. Similarly, a PIN attemptscounter can be restored to circumvent PIN protection, and a play-counter of a digitalrights management system protecting a popular Britney Spears song (with a countdowncounter) can restore a previous counter value.

To counteract this rather simple attack, anti-reflash protection must be applied. Thisinvolves storing a special value that reflects the current state in on-chip storage designed

to withstand reflash attacks. This value needs to be updated after any correspondingchange to one of the values it protects, such as after any change in e-cash balance. Patentpending Discretix technology enables reflash-resistant protection of arbitrarily largestorage by saving a relatively small, but cryptographically sufficient integrity checksum.

This is where the joint solution from Virage Logic and Discretix comes into play. Usingthe technology developed by Discretix, Virages NOVeA is effectively used toimplement a secure storage mechanism which provides complete security services. 256


2/8

bits of NOVeA memory suffice for achieving confidentiality, data integrity and anti-reflash protection of arbitrarily large memory. NOVeA is integrated in the controller orprocessor chip and is not part of the flash memory susceptible to reflash attacks. Discretixsecurity solutions, comprised of hardware cryptographic engines, security middlewareand device applications, rely on NOVeA for an optimal level of hardware-based security.

Discretix has already successfully deployed security solutions based on NOVeA. Theyhave been proven to effectively address security needs and be easily integrated intostorage devices and handset chipsets.


3/8

Embedded Security Market Grows

Recent trends in the world of embedded devices require the enhancement of securityattributes and features. Both mass storage devices and high-end handset chipsets areexperiencing an exceptional compound average growth rate (CAGR) of over 40%, while

enhancing the security infrastructure to address new security requirements. Hundreds ofmillions of flash storage devices are already shipping annually. Application processorsare expected to grow at a phenomenal rate (CAGR) of almost 50% in the coming years,reaching almost $3 billion in 2008.One of the key drivers for this trend is the constant evolution of handsets supporting moreand more features, larger memory storage and, ultimately, converged functionality thatintegrates functions of which until now have been on separate devices: Multimediaplayers for playing premium songs and video clips, credit cards and e-wallets to avoidfumbling for the card or coins, flash storage embedded on board or inserted into thedevice expansion slot, and even full laptop applications that may contain presentations,pricing information and more.

Security-Aware Applications Prevail

As todays smartphones are tomorrows feature phones, the converged deviceapplications are becoming a reality. Smartphones, enhanced phones and PDAs can runnumerous, security-conscious applications. Figure 1 shows some emerging applicationssuch as personal secure storage, corporate secure storage, Digital Rights Management(DRM) for content and software, user authentication, SIM-lock protection, securefirmware updates, M-commerce and M-banking.

Figure 1: Flash Storage Application Landscape


4/8

Digital Rights Management (DRM)

DRM addresses content protection, to ensure that content consumption (playback) canonly be performed according to predefined policy, generally defined in a usage rights orin a rules object. Two of the most common DRM schemes for mobile devices are theOpen Mobile Alliance (OMA) DRM V2.0 and the Microsoft Windows Media DRM.

While these current schemes are handset-centric, another scheme - Content Protection forRemovable Media (CPRM) defined by the 4C Entity, is starting to gain momentum forsystems with a Secure Digital (SD) card. It is likely that other storage-card-centric DRMschemes will be supported as well in the coming months. In such schemes, the content isbound to the card, and the card owner has full flexibility to play the content on otherdevices (e.g. an audio system that is not connected to any network). Some companies areengaged in developing an OMA DRM V2.0-like application that endows the storage cardwith some of its policy-handling capabilities.

All of these applications need device credentials to be stored securely so that even therightful device owner cannot gain access to these secret keys. This is a requirement as adishonest user may have incentive to hack the protected digital content and potentiallypublish it on the Internet.

Mobile Payment Applications

Several mobile payment schemes have come into common use. In Japan, NTT DoCoMosold over 3 million handsets equipped with Sonys Felica contactless (proximity) IC chipcard. Felica users simply have to wave their handset across a dedicated reader to pay forgoods and services. The handset acts as a mobile wallet. MasterCard has conductedphone-based trials for its PayPass contactless payment technology and is expected to

expand these trials next year. In Korea the MONETA contactless mobile paymentssystem works in a similar fashion.In Europe, a large-scale initiative, SimPay, reduced their inter-operator pan-Europeaninitiative to a smaller, local-operator scale. It is likely that the reason for this was that thisscheme was too large and expensive in scale. Other, smaller-scale schemes will benefitfrom the fall of SimPay, as it is likely to take several years for pan-European schemes tobe resurrected.Figure 2 shows a typical mobile-payments system. While in some schemes a singlemobile operator is responsible for all financial settlements, in other, more complex,schemes, several operators may interoperate and use a clearing house to settle inter-operator transactions.

Apparently, proximity contactless-based schemes such as those mentioned abovecurrently succeed more than over the air payments alternative schemes. From asecurity standpoint, regardless of the exact scheme, robust secure storage is required torespond to two main threats: device loss and fraud attempts, including attempts by theuser to restore a depleted e-cash balance.


5/8

Figure 2: Encrypted Storage Applications

When sensitive information is stored on media such as USB Flash Drives (UFDs) ormobile handsets, encrypted disks come into play. Personal secure storage enables a singleuser to store any information on the target storage device securely. Such information mayinclude personal credentials, passwords, financial or healthcare-related information.Enterprises can also rely on this application to enable their employees to carry sensitiveinformation that is protected in case the UFD or mobile device is unattended or lost.

Corporate secure storage is another such example. In such applications, multiple userscan use the same physical storage device (i.e. the storage device is operated at differenttimes by different users, including a remote administrator). A secure storage system mustensure that users obtain their predefined access privileges to their correspondinginformation. This application not only protects information in case of loss, but alsoprotects information held by a particular user and owned by a different user.

Requirements from Secure Storage

What are the requirements from robust secure storage? It is well understood that any

sensitive credential or key must be stored encrypted in secure storage, otherwise it will beprone to hacking or tampering. Surprisingly, only limited attention is paid to integrityprotection in general and to anti-reflash protection in particular, to ensure data has notbeen tampered with or restored from a previous image.

Hardware-based secure storage is needed since flash storage is susceptible to physicalexamination. The content can easily be scanned using standard lab tools (e.g. flashprogrammers). Consequently, any application involving sensitive information must


6/8

encrypt such information before it is stored. The user may also arbitrarily modify thestored data without prior knowledge of the result. The user may change the encrypteddata suspected of encoding an e-cash balance for example, later examining if the balancehas increased or decreased. In case it has gone down, the attacker tries again until ahigher balance is achieved. Adequate integrity protection foils such attacks, since

arbitrary changes of encrypted data are unlikely to hit the corresponding integritychecksums.However, in a similar fashion, scanned flash images can be reflashed, i.e. restored in

whole or in part.

Other applications also require protection against similar threats: Corporate securestorage applications support password management that involves failed attempt counters.If not protected, these counters may even be reflashed by an attacker (or even a legaluser) to gain unlimited password fail attempts.

DRM applications often involve keeping track of a playback counter which counts downevery time content is played. Malicious users can attempt to bypass the DRM policy by

keeping a memory image which includes a given value in the playback counter, consumethe playback and then restore the previous playback credit.

Hardware-based secure storage that includes integrity and reflash protection is thereforeessential for any application that involves security-related stateful information.

Firmware Upgrades

With the advent of new features and new applications, the masked ROM of the device nolonger suffices; larger parts of the code as well as data must be stored in flash memory.Secure device boot and firmware code integrity become essential to ensure that deviceprotection cannot be circumvented by merely modifying the code. For the most flexible

verification scheme that enables new code to be introduced, the secure storageapplication should be capable of protecting code verification keys as well as supportinghardware-based signature verification capabilities.

Virage Logic and Discretix Join Forces

Discretix technology enables reflash-resistant protection of arbitrarily large storage bysaving a relatively small, but cryptographically sufficient integrity checksum.

Using patent pending Discretix technology, Virages NOVeA is effectively used to

implement a secure storage mechanism that provides complete security services. 256 bitsof NOVeA memory suffice for achieving confidentiality, data integrity and anti-reflashing protection of arbitrarily large memory. NOVeA is integrated in the controlleror processor chip and is not part of the flash memory susceptible to reflash attacks.Discretix security solutions, comprised of hardware cryptographic engines, securitymiddleware and device applications, rely on NOVeA for an optimal level of hardware-based security.


7/8

Discretix has already successfully deployed security solutions based on NOVeA, andthey have been proven to effectively address the security needs and can be easilyintegrated into storage devices and handset chipsets.

Hardware-Based Secret KeyA scalable approach to secure storage involves a small, well-kept, device-unique randomsecret, which protects arbitrarily large data. Discretixs secure storage implementation forstorage devices, which uses Virage Logic NOVeA is illustrated in Figure 3.The Secret CryptoKey is accessible only by the hardware-based AES (AdvancedEncryption Algorithm) engine and is inaccessible by any application directly. Thecryptographic services layer feeds encrypted information from the storage devices CPUor from the secure storage on the flash directly. The secure physical implementation ofthe secret key as part of the storage devices controller ensures its ability to protect thedevice against physical attacks. In certain cases it may be desirable to reprogram thesecret key in-system during the lifetime of the device which can only be supported by

NOVeA.

Figure 3: Secret CryptoKey connected to AES engine

Anti-Reflashing Protection

While integrity validation information stored in flash is sufficient to provide protection

against arbitrary data modification, it does not protect against more sophisticated reflashattacks. To thwart attempts to reuse e-cash balances, restore PIN fail counter orcircumvent a content protection license, there is a need to store integrity validation datain a physically secure location, separate from the data it protects. The same physicalmeans can be used to store the anti-reflash validation code and the secret CryptoKey (e.g.Virage Logic NOVeA). Figure 4 shows the Discretix anti-reflash solution using NOVeAto store the integrity data.


8/8

The integrity validation data can be implemented so that it can only be physicallychanged in one direction (i.e. counter), thus ensuring that even malicious software cannotchange it to a previous value. An additional code integrity protection module (secureboot) constitutes a second line of defense, assuring that no malicious code can run.

Figure 4: Anti-reflash Protection

Author Bio:

Ophir Shalitin is the Director of Product Marketing - Cards for Discretix. He brings withhim 10 years of experience in software engineering, data security, product managementand marketing from companies such as Cylink and Algorithmic Research. Shalitin

received his B.Sc. in Computer Science, B.A. in Economics and MBA from Tel-AvivUniversity and is also a graduate of the Wharton GCP program.

Documents

NOVeA White Paper