SHE Secure Hardware Extension - ESCRYPT

SHE 

Secure Hardware Extension 

Data Security for Automotive Embedded Systems 

Workshop on Cryptography and Embedded Security 

Embedded World @ Nuremberg, February 2012 

INTERNAL USE ONLY 

Copyright 2012 FUJITSU SEMICONDUCTOR EUROPE GMBH

Content 

� Data Security - What does it mean for Automotive? 

� SHE - Secure Hardware Extension - A new Standard? 

� SHE - Implementation 

� Outlook 


1 


Data Security 

What does it mean for Automotive? 

� Areas of Use 

� Applications 

� EVITA Security Categories 


2 


Areas with Demand for Security 

� It’s not only onboard electronics that have an impact 


3 


In-Vehicle Data Security 

� Data Security on the road today 

� On-chip Flash/ROM read-out protection against unauthorized access 

� Solution by Fujitsu: Flash/ROM security 

• Available on 16LX,16FX, FR, FCR4 

� Future, Enhanced Data Security 

� Protect entire car system 

• not limited to Flash/ROM read-out prevention 

� Authentication, Secure Communication and Data Storage 

• within vehicle 

• between vehicles (C2C) 

• between vehicle and infrastructure (C2X) 

� En-/Decryption is key for future state-of-the-art MCUs 

• Embedded and ASSP solutions will find their market segment 

� Complexity of security implementations scales with use case 


4 


Target Applications 

� Theft protection / Immobilizer 

� Prevent unauthorized operation of vehicle 

� Disable ignition and alike 

� Component Protection 

� Membership validation of all ECUs built in a particular vehicle 

� Exchanging 1 ECU without authentication 

• degrades functionality as unauthenticated functions will not work 

• stops operation of all networked ECUs at next system start 


• E.g. when engine control ECU is affected 

� Feature Activation 

� Enables certain functions in the delivered SW-package 

� Gives OEM opportunity in after sales revenues 

5 


ECUs to be protected by Cryptography 

� Gateway 

� Body Computer Module 1 

� Body Computer Module 2 

� Climate Control 

� Thermo Management Unit 

� Active Engine Mount 

� Instrument Cluster 

� Night Vision 

� Battery Management System 

� Charger 

� Safety Computer 


� Adaptive Cruise Control 

� Engine Control 

� Gear Box 

� Electronic Steering Column Lock 

� Power Electronics Hybrid 

� Central Computer 

� Rear Seat Entertainment 

� Sound 

� DVDC 

� TV-Tuner 

21 ECU in total SOP 2014 

6 


EVITA 

� European research project June 2008 –Dec 2011 

� E-safety vehicle intrusion protected applications 

� Objective: 

Design, verify, and prototype an architecture for automotive on-board 

networks where security-relevant components are protected against 

tampering and sensitive data are protected against compromise when 

transferred inside a vehicle. 

� More found at http://evita-project.org/index.html 

7 

Copyright 2012 FUJITSU SEMICONDUCTOR EUROPE GMBH 

INTERNAL USE ONLY

Security Models - Categorization 

Full EVITA HSM Medium EVITA HSM Light EVITA HSM 

V2X communication On-board communication On-board communication 

Maximum level of 

functionality, 

security and performance 

Asymmetric 

cryptographic engine 

& 

Hash engine 

User-programmable 

functionality 


Maximum level of 

functionality and 

security 

Symmetric 


User-programmable 

functionality 

8 

Optimized for low cost 

HW-solution 

Symmetric 


e.g. AES-128 

Pre-defined functionality 

Secure CPU @ 100 MHz Secure CPU @ 25 MHz Secure Zone 

no CPU needed 

64k 64k Optional NV Memory 

512k 512k Optional NV RAM 

PRNG with TRNG seed PRNG with TRNG seed Optional T/PRNG 

Security LT > 20 years 



Secure Hardware Extension – A New Standard? 

� SHE - Security Objectives 

� SHE - Building Blocks 

� SHE - Performance Requirements 


9 


HIS - SHE 

� HIS = Hersteller Initiative Software 

� SHE = Secure Hardware Extension - meets ‘Light EVITA HSM’ 

� Specification by HIS 

� Concept: 

� Add a Secure Zone 

� Prevent user access to 

security functions other 

than those given by logic 

� Link to HIS & SHE: 


HIS portal on Security 

10 


SHE - Security Objectives 

� Protect cryptographic keys from software attacks 

� Provide an authentic software environment 

� Let the security only depend on the strength of the underlying 

algorithm and the confidentiality of the keys 

� Allow for distributed key ownerships 

� Keep the flexibility high and the costs low 


11 


SHE – Building Blocks (1) 

� MCU with 

Secure Zone 

� SHE data storage 

- volatile 

- non-volatile 

- for KEY & MAC 

� Access only via 

defined command 

interface 


12 


SHE – Perspective from Specification (2) 

� SHE specifies Secure Zone components and algorithms 

� Cryptography 

• En-/decryption unit 

• AES 128 algorithm 

� ROM 

• Secret key storage 

SECRET_KEY 

• Unique key storage 

UID 

� RAM 

• RAM key storage 

• PRNG key storage 

� NV-Memory 

• Boot key & MAC storage 


RAM 

ROM 

• Master key, general purpose key storage 

13 

Crypto- 

graphy 

NV-Memory 



� Cryptography carries 

� Encryption unit 

• AES 128-based 

Applicable Standard 

� Decryption unit 


� CMAC 

• Cipher-based 

Message 

Authentication 

Code generator 


RAM 

ROM 

� Miyaguchi-Preneel 

• One-way compression function; compressed data cannot be recovered 

• Input requests 128-bit wide chunks of data stream 

• Outputs Hash-values to en-/decoding unit 

14 

Crypto- 

graphy 

NV-Memory 



� Cryptography carries 

� Encryption unit 


Applicable Standard 

� Decryption unit 


� CMAC 

• Cipher-based 

Message 

Authentication 

Code generator 


RAM 

ROM 

� Miyaguchi-Preneel 

• One-way compression function; compressed data cannot be recovered 

• Input requests 128-bit wide chunks of data stream 

• Outputs Hash-values to en-/decoding unit 

15 

NV-Memory 



� RAM carries 

� RAM_KEY 

• Temporary key 

used for arbitrary 

operations 

� PRNG_KEY 

• Key used by the 

Pseudo Random 

Number Generator 

� PRNG_STATE 

• Keeps status of 

Pseudo Random 



RAM 

ROM 

16 

Crypto- 

graphy 

NV-Memory 



� RAM carries 

� RAM_KEY 

• Temporary key 

used for arbitrary 

operations 

� PRNG_KEY 

• Key used by the 

Pseudo Random 


� PRNG_STATE 

• Keeps status of 

Pseudo Random 



ROM 

17 

Crypto- 

graphy 

NV-Memory 



� ROM carries 

� SECRET_KEY 

• Unique key 

• Used for im-/export 

of all other keys 

• Has to be created 

with true random 

number generator 

(off-chip TRNG ) 

at production 

� UID 

• Unique identifier 

• Authenticates MCU 


RAM 

ROM 

� Both SECRET_KEY and UID have to be fixed at production time 

• 16 byte for SECRET_KEY and ≤15 byte for UID 

18 

Crypto- 

graphy 

NV-Memory 



� ROM carries 

� SECRET_KEY 

• Unique key 

• Used for im-/export 

of all other keys 

• Has to be created 

with true random 

number generator 

(off-chip TRNG ) 

at production 

� UID 

• Unique identifier 

• Authenticates MCU 


RAM 

� Both SECRET_KEY and UID have to be fixed at production time 

• 16 byte for SECRET_KEY and ≤15 byte for UID 

19 

Crypto- 

graphy 

NV-Memory 



� NV-Memory carries 

� MASTER_ECU_KEY 

• Set up by OEM 

(owner) 

• Enables change of 

other keys 

� BOOT_MAC_KEY 

• Enables particular 

boot request and 

thus establishing 

secure boot 

� BOOT_MAC 

• Authentication of 

boot code 

� KEY_ 

• Dedicated key storage 

for arbitrary functions 

• 3 – 10 keys 

� PRNG_SEED 

• Starting value for pseudo 

random number generator 


RAM 

ROM 

� Irreversible Write Protection of keys in NV-memory 

• Any key in NV-memory area shall not be changeable throughout life time of the device once 

write-protection was applied by user 

20 

Crypto- 

graphy 

NV-Memory 



� NV-Memory carries 

� MASTER_ECU_KEY 

• Set up by OEM 

(owner) 

• Enables change of 

other keys 

� BOOT_MAC_KEY 

• Enables particular 

boot request and 

thus establishing 

secure boot 

� BOOT_MAC 

• Authentication of 

boot code 

� KEY_ 

• Dedicated key storage 

for arbitrary functions 

• 3 – 10 keys 

� PRNG_SEED 

• Starting value for pseudo 

random number generator 


RAM 

ROM 

� Irreversible Write Protection of keys in NV-memory 

• Any key in NV-memory area shall not be changeable throughout life time of the device once 

write-protection was applied by user 

21 

Crypto- 

graphy 


SHE - Performance Requirements 

� Start-up / Secure Boot is Critical Path 

� All SHE-equipped nodes have to perform secure boot process 

� Availability to be established before 1 sec elapses 

� MAC latency according SHE 

� < 2 µsec for a 128-bit block 

• MAC = Message Authentication Code 

� Authentication of Flash contents at power up 

�


Implementation 

� SHE System 

� SHE Integration 

� SHE Implementation 


23 


SHE System Diagram 

Host System 

EEFLASH 


Public Secured 

NV_MEM IF 

SHECO 

24 


SHE Firmware 

Host Interface 

Data IF Command IF 

SHE Host Driver 


SHE - System Integration (ATLAS-L/TITAN) 

Debug / 

Trace 

Cortex R4 

CPU 

TCFlash 

System 

Controller 

Watchdog 

RTC 

External 

Interrupt 


MPU 

Sec. 

32-bit AHB slave bus 

Boot ROM 

Cache 

SRAM 

Retention 

RAM 

Timers 

Timers 

Timers 

Timers 

Content is 

protected 


GPIO 

Sec. 

Interrupt 

Controller 

Timing 

Protection 

64-bit Multilayer AXI bus 

System RAM 

EEFlash 


Peripheral bus 3 

Peripheral 

Protection 

Contains security 

config 

25 

Quad-SPI 

32-bit AHB master bus 

MPU 

MPU 

MPU 

Ethernet 

MediaLB 

USB 



Peripherals 

Peripherals 

Peripherals 

Peripherals 

Peripheral 

Peripheral 

Bus Peripheral Bridge 

Bus Bridge 

Bus Bridge 

Peripherals 

Peripherals 

Peripherals 

Peripherals 

Bus master 


CRC 

I2S 

DMA 

MPU 

MPU PPU 

Subsystem 

Bus slave 


SHE Implementation 

64-bit AHB bus 


Flash security 

HW barrier 

Bus master 

Bus slave 

EEFLASH 

Public 

Sectors 

(6 x 8 K) 

SHE SHECO 

Secured 

Sectors 

(2 x 8 K) 

TRNG 

NV_MEM_MASTER 

AES-128 

En-/decode 

CMAC 

Miyaguchi-Preneel 

PRNG 

Tx/Rx FIFOs 

AXI Master 

MPU 

Data I/F 

Host AXI bus 

26 

32-bit AHB bus 

FR60 

CPU 

AHB 

Host Interface 

D 

Command/Data I/F 

32-bit D bus 

I bus 

Register I/F 

ROM 

RAM 

Cycle 

counter 

PPU protection 

Host AHB bus 


SHE - Secured Key Storage (1) 

SECRET_KEY 

UID 


EEFLASH 

MASTER_ECU_KEY EMPTY FLAGS COUNTER 

BOOT_MAC_KEY EMPTY FLAGS COUNTER 

BOOT_MAC EMPTY FLAGS COUNTER 

KEY_ EMPTY FLAGS COUNTER 

PRNG_KEY 

PRNG_STATE 

EMPTY 

EMPTY 

RAM 

FLAGS 

FLAGS 

FLAGS 

FLAGS 

RAM_KEY FLAGS 

27 

� Common features 

� 32 byte large key slots 

� Access only by SHECO CPU 

� NV memory 

� Empty flag to distinguish between 

erased keys and keys written to 0xFF 

� Flags and 28bit counters are stored in 

the same slot as the key 

� SECRET_KEY and UID slots are write 

protected before device delivery 

� No PRNG_SEED storage needed 

since on-chip TRNG is implemented 

� RAM 

� PRNG_KEY is calculated from 

SECRET_KEY during 

CMD_INIT_RNG command and 

stored in RAM slot 


SHE - Secured Key Storage (2) 


Empty 

SECRET_KEY F 1 T 2 � 3 � 3 

UID F 1 T 2 

MASTER_ECU_KEY � 4 � � � � 

BOOT_MAC_KEY � 4 � � � 

BOOT_MAC � 4 � � � 

Write-protection 

KEY_ � 4 � � � � � 

PRNG_KEY � 5 

PRNG_STATE � 5 

Flags to be used for keys 

RAM_KEY � 5 � 

Secure boot failure 

1 

Empty flags for SECRET_KEY and UID are set after the keys have been written (by Fujitsu) 

2 

Write-protection flags for SECRET_KEY and UID are set after the keys have been written (by Fujitsu) 

3 

SECRET_KEY inherits its protection flags from MASTER_ECU_KEY 

4 

The initial value after production will be TRUE 

5 

The initial value after power-up/HW-Reset will be TRUE 

28 

Debugger activation 

Wildcard UID 

Key usage 

Plain key 

� – used 

F – used, always false 

T – used, always true 


SHE – Software (Firmware) 

� SHE firmware 

� Implements SHE control logic + EEPROM emulation for key storage 

� Is ROM based (no modification possible!) 

� No debugging possible 

� Entirely developed by Fujitsu 

� Secure Boot 

� Extension of FCR4 Boot-ROM for Secure Boot 

� Validation of boot loader with support of SHE and DMA 

� Block length configured by of SHE_BL_SIZE (SHE parameter) 

� SHE evaluates the status via valid BOOT_MAC_KEY 


29 


SHE – Software (AUTOSAR Driver) 

� AUTOSAR driver V4.xx 

� Implements SHE user accessible 

functions 

� Handles hardware Interaction 

� E.g I/F error handling 

� Host driver for SHE will become 

a Fujitsu product 


30 


Outlook 

� Cryptography becomes general trend for embedded systems 

� Majority of ECU/MCU will have to support en-/decryption 

� Data security will become mandatory feature for automotive 

applications 

� Scaled between low-cost solutions like SHE for many ECUs and 

� High protection requirements for a subset of ECUs 

� SHE will be on the road in 2014 


31 


Thank you for your attention 


32 



33

SHE Secure Hardware Extension - ESCRYPT

Create successful ePaper yourself

Delete template?

Save as template?