1

Adding Security to your Workflow to Deliver Trustworthy IoT Solutions

Steve Pancoast – VP EngineeringSteve.Pancoast@securethingz.com

Founding Member

2

Vulnerable IoT – “Internet of Threats”

The eight Bluetooth-related

vulnerabilities affect an

estimated 5.3 billion Android,

iOS, Linux, and Windows devices

3

Hacking Isn’t The Only Risk

0 5000 10000 15000 20000 25000 30000

Jewellery (71)

Pharmaceuticals (30)

Toys (95)

Perfumery and cosmetics (33)

Clothing, non knitted or crocheted (62)

Instruments, optical, medical etc. (90)

Watches (91)

Electrical machinery and equipment…

Articles of leather (42)

Clothing, knitted or crocheted (61)

Footwear (64)

Counterfeit Goods Seizures 2

1: OECD, April 2016. Trade in Counterfeit &Pirated Goods Mapping The Economic Impact2: OECD, April 2015. http://dx.doi.org/10.1787/888933345913

Privacy & GDPR

Minimum fine €10M or 2% of annual turnover – whichever is larger

Deliberate actions fine €20M or 4% of annual turnover

Counterfeiting

$500B+ per year1

GDP of Ireland & Netherlands combined

Electronic devices highest by value

4

Product Security Touches Many Areas,A Chain of Trust is required…

Creating secure IoT products starts with the software development…

– How is the Root of Trust established? Product Identity formed? Certificates created?

Market Deploymt

Customer(OEM Updates)

OEMContractManufacturing

ProgrammingFacility

OEMProduct

Development

Silicon Vendor(SE’s, MCU’s)

OEM RoT

It continues with how the products are manufactured / programmed…– Security compromised during provisioning? Keys leaked?

Product identities cloned?, Software IP theft?

And persists after the product was manufactured…– Secure software updates? System compromised?

Customer data protected?

5

A “Root of Trust” Must be Established

There are typically 4 requirements that must be addressed in order to

establish a “Root of Trust” in a device / product and to securely use it:

SE

“Root of Trust” is defined as:“The minimal set of software, hardware and data that is implicitly trusted in the platform ...”

– Unique Product Keys: Product key pairs and other secure data in the product must be setup / provisioned, immutable and protected.

– Unique Product Identity: Unique product identity can be verified using cryptographic means (usually via certificate chain back to CA).

– Authentication: Immutable cryptographic method to authenticate that the product contains the private key that matches the product cert.

– Platform Integrity: Secure MCU execution environment and an immutable boot path to a RoT Boot Manager that verifies subsequent software before execution.

6

What is Embedded Trust?

Embedded Trust helps make security easier for OEM’s. Provides a security solution in 4 areas:

1. Creating the Root of Trust (RoT) & Product Identity

2. Simplifying the Security Development Process

3. Streamlining the Secure Manufacturing Process

4. Enables Secure Lifecycle Software Updates

Embedded Trust is unique to offer a complete solution:From Development … To Manufacturing

7

Embedded Trust Development Workflow

The ET Development workflow consists of 4 steps:

1. Define the various product RoT keys and product certificates

2. Configure the Security World & Secure Boot Manager (SBM) with the RoT ...

3. Build the SBM

4. Customer’s application SW is automatically mastered

Create Keys(Cert, Prod, Mastering)

Create Prod Identity

Certificate

ProvisionedMCU with

SBM

OEM AppSecurely

Programmedvia SBM

and loaded into the MCU

SBM Code

Sec World

OEM Application

AutomaticallyMasteredOEM App

Sec World

and Program / Provision into the MCU

SBM Image

8

Embedded Trust Simplifies the Process

The Embedded Trust editor enables the user to easily:

• Define the product certificate including the supporting chains

• Define the cryptographic product keys and certificate keys

• Visually edit the hierarchies

• Specify the various key & certificate parameters

• The definition of these items form the “Security World” context that is configured into the SBM

Authority Root

Authority Intermediate

Product Certificate

Product KeyPair

Cert KeyPair

Cert KeyPair

9

Embedded Trust’s Secure Boot Manager

The SBM Provides:

OEM Configurable SBM Source Code

Integrates the Security World Context

Only signed & encrypted code accepted

Supports versioning & anti-rollback

Supports modular updates

API for SBM management functions andto leverage the RoT certs & keys

Foundation Boot

Update Framework

Version Management

Modular Updates

Minimal API Interfaces

Access C

on

trol

Ap

plicati

on

Isola

tion

Syste

m I

nte

grit

y C

heck

Secure Key Storage and Management

10

From Development to Manufacturing

Embedded Trust enables you to easily move from Development to Production:

A optional secure USB based HSM is added to Embedded Trust system

Development Keys & Certificates are replaced with Production Keys & Certs

Production Keys & Certificates are created in the HSM using the security world

Same Security World

Context

Development:Keys and Certscreated in PC

Production:Keys and Certscreated in HSM

11

Embedded Trust Manufacturing Workflow

The ET Manufacturing workflow consists of 5 steps:

1. Connect the optional ET USB HSM to Embedded Trust PC System

2. Load the Security World context which will create keys & certs in secure HSM

3. Load the SBM image and ET + HSM will Provision the SBM image

4. Load the App image and ET + HSM will Master the App image

5. Images can then be programmed via ISPSec World

SBM Image

Provisioned SBM

Mastered App

App Image

Secure Transfer

SentriX SecureProgrammingManufacturing

Solution withGuardian HSM

In Sys Programming via the JTAG Probeconnected to PC

(Secure with ST SFI)

or with a high volume Sentrix

12

Secure Software Updates

The Secure Boot Manager enables a secure software update solution that helps to manage and protect the product over time.

The SBM verifies all SW updates and will only accept updates that have been “Mastered & Signed” by the keys held in the secure Mastering System.

Secure Thingz also plans to provide a secure SW update Cloud Service that will enable OEM’s with a cloud based Mastering System and provide a M2M security solution to master & sign software updates for the OEM’s products.

OEM Cloud

SW Update ReqOEM Update Req& Product Cert

Mastered & Signed SW Update

Mastered SW Update

STZ M2M Mastering Cloud Service

OEM uses STZ service and places SW updates in the cloud. For each update request, the service verifies and masters the SW update

OEMProduct

13

Summary

Embedded Trust integrates security into your SoftwareDevelopment Workflow

Manage keys and certificate structures for your product

Protection from Development to Production Manufacturing

Secure Boot Manager enables secure software updates

Embedded TrustTM

14

Thank You

15

A Holistic Approach To Security

DEV

ELO

P

MANUFACTURE

MANAGE

Certificate Hierarchy

Development

Test

Mastering

OEM Management

System

UserManagement

System

Cloud Provider Devices

Factory Management

System Desktop Factory

Trust Anchors

16

Ex: Product RoT & Certificate Chain

Root Name

Pub Key ____

Issuer Name (Same as Root Name)

Issuer Sig (root)

Pri

Ke

y

__

__

Root’s Pri key

used to self-sign

(i.e. Root Cert)

OEM Name

Pub Key ____

Issuer Name

Issuer Sig

Pri

Ke

y

__

__

Root Certificate (CA)

Root’s Pri key

also signs

Interm Cert

Intermediate

OEM Certificate

Re

fere

nce

Issu

er

OEM Prod Name

Prod Pub _ Key ____

Issuer Name

Issuer Sig Pro

d P

ri_

_

Ke

y

_

__

__

Product

OEM Certificate

Interm’s Pri key

signs Prod Cert

Signature verified

by Issuer Pub Key

OEM Prod Pri

Key securely

stored in MCU

(later used for

authentication)

OEM Prod Cert

stored in MCU

(later used to

prove identity)

Product

MCU

Re

fere

nce

Issu

er