Embed Size (px)
Citation preview
Secure • Process • Connect
Security
Cloud Connectivity
STM32 High Performance
Secure Element
STM32 Security
Tool Box
STSAFE Secure
Element
Ecosystem
PartnersDemo
STM32-based IoT Node
IoT Node
Sensor MCU
Communications
Device
STM32
Communication
Device
Sensor
MCU
Classes of Attacks
IoT
Device
ATTACKS
Internet
Misuse of network protocols• Exploit communication protocol errors
Flaws in software design / implementation
Software
Attack
Cloud Service
Device de-packaged• Circuit analysis and probing
Fault injection• Laser beam
Silicon-Level
Attack
BOX
With the case opened / removed• Test / debug port access
• Inter device bus and IO probing
• Reset, clock attacks
• Power analysis
• Temperature / electrical attacks (glitch,
overvoltage)
Board-Level
Attack
The platform’s integrity is based on STM32 security tools
Platform Security
Sensor MCU
Communications
Device
STM32
Communication
Device
Sensor
MCU
Security Tool Box
STM32 Family Security Tools
ST
Family
Security Features D
eb
ug
Acce
ss
Po
rt
RE
SE
T
Regis
ter
FL
AS
H
WR
P
FL
AS
H
Ma
ss
ER
AS
E
Ta
mp
er
Pin
s
CR
C
Hard
wa
re
96
-Bit
Un
iqu
e ID
Cry
pto
Lib
rary
Su
pp
ort
Me
mo
ry
Pro
tectio
n
Un
it(M
PU
)
FL
AS
H
RD
P
TR
NG
AE
S
Hard
wa
re
Acce
lera
tor
FL
AS
H
PC
RO
P
HA
SH
Hard
wa
re
Acce
lera
tor
Firew
all
SR
AM
RD
P
FL
AS
H
EC
C
Sys C
lock
(MH
z)
AR
M
Cort
ex
®
STM32 F1 72 M3
STM32 F3 72 M4
STM32 F0 48 M0
STM32 L1 32 M3
STM32 F2 120 M3
STM32 F4 180 M4
STM32 F7 216 M7
STM32 L0 32 M0+
STM32 L4 80 M4
Crypto Hardware
• Use the STM32 Security Tools
to develop a layered security
solution
7
Lockable Debug Ports
Memory Segmentation / Protection
Secure Firmware Update
Tamper Detection
Secure Provisioning
Trusted / Certified Libraries
Secure Boot
Security Tool Box
Fortified
Your
IoT
Application
Security Framework
Secure Solutions
• STSAFE-A Optimized authentication solution• Authentication
• Secure communications, Secure data storage
• Secure key provision service
• EAL5+ Common criteria certified chip
• STSAFE-J Flexible Java-based solution• Trusted network access with Authentication
• Secure Data storage, Secure communication
• Personalization services
• Common criteria and BSI certification
• STSAFE-TPM Standardized solution• Platform integrity , Authentication
• Secure Boot, Secure Firmware upgrade
• Secure data storage and Secure communication
• Solution CC EAL4+ and TCG 1.2 / 2.0 certified
STSAFE enabling end-to-end security
Cloud Service
Classes of Attacks
IoT
Device
BOX
Internet
With the case opened / removed• Test / debug port access
• Inter device bus and IO probing
• Reset, clock attacks
• Power analysis
• Temperature / electrical attacks (glitch,
overvoltage)
Misuse of network protocols• Exploit communication protocol errors
Flaws in software design / implementation
Device de-packaged• Circuit analysis and probing
Fault injection• Laser beam
Board Level
Attack
Remote
Software
Attack
Silicon Level
Attack
ATTACKS
Enhanced Platform Security
Sensor MCU
Communications
Device
STM32
Communication
Device
Sensor
MCUSecure
Element
STSAFE
Secure Element
STSAFE adding enhanced tamper-resistance
Adding a Secure Element
STM32
• A Secure Element is designed to thwart silicon invasive
attacks
• Independently assessed, achieving very high standards
like EAL5+ Common Criteria Certified chip
• Protects keys and performs cryptographic functions
(ECDH, ECDSA, AES)
• For Secure Communications, Boot and Firmware Updates
• Provides up to 6K bytes Secure Data Store
• Secure keys and certificates are provisioned during the
manufacturing process
• STM32 SDK available
STSAFE-A100
STSAFE Supporting Secure Boot, Firmware Updates and Communication
Performance Benchmarking
0
100
200
300
400
500
600
700
ECC 256 key gen ECDHE 256agree
ECDSA 256 sign ECDSA 256 verify
Avg T
ime (
ms)
Benchmark - Time
SW
ST-SAFE
Faster is better !
STSAFE-A100 improves TLS performance
STSAFE integrated with WolfSSL
Security Ecosystem Partners
Ecosystem of unique technologies, services and solutions
Together, helping to realize
your secure product solution
• Firmware Libraries
• Consultancy and Engineering Services
• Training and Tools
• Security Assessment
• Modules and Cloud Solutions
• Device Provisioning/Personalization
Security Ecosystem Partners
uLoadXL+ STSAFE
• Boot Loader uses STSAFE for crypto off-load,
PKI attestation, and secure data storage
• Windows based Software Update
Management Station generates STSAFE key
material
• SE Profile Station personalizes the STSAFE,
using custom STSAFE test fixture
Cypherbridge’s custom STSAFE
Cypherbridge®
Trusted, safe and secure
Secured By STSAFE
• Secure Boot Loader managing multiple
images
• Managed safe / secure software update
• Anti-cloning, system integrity and safety
• Application image encryption, hash integrity
and authentication, code sign and verify
• System Availability provides application
integrity, auto-rollback, failsafe boot
Install from Micro SD, USB Flash drive, serial port, SPI Flash or network distribution
ActivateCode
SystemImage
Standard Tool chainCompile and Link
STM32
System Image in
MCU Flash
Cipher Keys
Safely transmit encrypted file by
email, FTP, network
SecureManaged
Image
uLoadXL
STSAFE
RootKey PIN
KeyMaterial
ActivateCode
Offline Provisioning
CypherbridgeSoftware Manage Station
Key Material
Software Update
Cypherbridge SE Profile Station
Cypherbridge®
Trusted, safe and secure
uLoadXL + SE Solution
Process
Connect
Sense
Cloud Connectivity - Out Of The Box!
AWS IoT Microsoft Azure IoT
IBM Watson IoTSTM32L475
Discovery Kit IoT Node
Pre-integrated ST Firmware Packages
Single board using ST Hardware Building Blocks
STM32L475 Discovery kit IoT node
AWS IoT Demo
Main features
• Expandable to allow ST sensor technology (Motion MEMS) data to be
published to the cloud for data analysis
• AWS IoT Core or AWS Greengrass connection
• Ready to run firmware example using Wi-Fi connectivity to
support quick evaluation and development of AWS IoT cloud
applications
• Amazon FreeRTOS and AWS IoT Device SDK Firmware
packages (X-CUBE-AWS)
• Ready to run firmware example using Wi-Fi connectivity to
support quick evaluation and development of Microsoft Azure
IoT
• Azure IoT device SDK packages available (X-CUBE-AWS,
FP-CLD-AZURE1 also compatible with Microsoft IoT Central)
Microsoft Azure IoT Demo
STM32L475 Discovery kit IoT node
Main features
• Expandable to allow ST sensor technology (Motion MEMS) data to be
published to the cloud for data analysis
• Ready-to-use binaries to connect the IoT node to STM32ODE IoT web
dashboard running on Microsoft Azure, for sensor data visualization,
LED control and device management (FW Over-The-Air Update)
IBM Watson IoT Demo
STM32L475 Discovery kit IoT node
Main features
• Expandable to allow ST sensor technology (Motion MEMS) data to be
published to the cloud for data analysis
• Bidirectional communication examples between the board, acting as a
device, and the IBM Watson IoT™ platform
• Ready-to-run firmware example using Wi-Fi connectivity to
support quick evaluation and development of applications on
the IBM Watson IoT platform
• IBM Watson IoT Embedded C SDK packages available
(X-CUBE-WATSON, FP-CLD-WATSON1)
B-L475E-IOT01A
SW Libraries for STM32L4 MCU & Sensors
Low-power, long-range communication
Environmental awareness: humidity, pressure, temp
Direct Wi-Fi connection to cloud servers
Detection hub: motion, proximity, audio
STM32L4 Discovery kit IoT node, low-power wireless, BLE, NFC, SubGHz, Wi-Fi
Audio Front End
STM32 High Performance
USB
STM32F7 with 2-microphone speech recognition
based on Sensory’ s trigger-word recognition and
DSP-Concepts audio front end
Audio Front end with Acoustic Echo Cancellation,
Beamforming, Source Localization and Noise
Reduction
The STM32 audio front end connected via gateway to
AVS
