SHE Secure Hardware Extension - ESCRYPT
SHE Secure Hardware Extension - ESCRYPT
SHE Secure Hardware Extension - ESCRYPT
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
<strong>SHE</strong><br />
<strong>Secure</strong> <strong>Hardware</strong> <strong>Extension</strong><br />
Data Security for Automotive Embedded Systems<br />
Workshop on Cryptography and Embedded Security<br />
Embedded World @ Nuremberg, February 2012<br />
INTERNAL USE ONLY<br />
Copyright 2012 FUJITSU SEMICONDUCTOR EUROPE GMBH
Content<br />
� Data Security - What does it mean for Automotive?<br />
� <strong>SHE</strong> - <strong>Secure</strong> <strong>Hardware</strong> <strong>Extension</strong> - A new Standard?<br />
� <strong>SHE</strong> - Implementation<br />
� Outlook<br />
INTERNAL USE ONLY<br />
1<br />
Copyright 2012 FUJITSU SEMICONDUCTOR EUROPE GMBH
Data Security<br />
What does it mean for Automotive?<br />
� Areas of Use<br />
� Applications<br />
� EVITA Security Categories<br />
INTERNAL USE ONLY<br />
2<br />
Copyright 2012 FUJITSU SEMICONDUCTOR EUROPE GMBH
Areas with Demand for Security<br />
� It’s not only onboard electronics that have an impact<br />
INTERNAL USE ONLY<br />
3<br />
Copyright 2012 FUJITSU SEMICONDUCTOR EUROPE GMBH
In-Vehicle Data Security<br />
� Data Security on the road today<br />
� On-chip Flash/ROM read-out protection against unauthorized access<br />
� Solution by Fujitsu: Flash/ROM security<br />
• Available on 16LX,16FX, FR, FCR4<br />
� Future, Enhanced Data Security<br />
� Protect entire car system<br />
• not limited to Flash/ROM read-out prevention<br />
� Authentication, <strong>Secure</strong> Communication and Data Storage<br />
• within vehicle<br />
• between vehicles (C2C)<br />
• between vehicle and infrastructure (C2X)<br />
� En-/Decryption is key for future state-of-the-art MCUs<br />
• Embedded and ASSP solutions will find their market segment<br />
� Complexity of security implementations scales with use case<br />
INTERNAL USE ONLY<br />
4<br />
Copyright 2012 FUJITSU SEMICONDUCTOR EUROPE GMBH
Target Applications<br />
� Theft protection / Immobilizer<br />
� Prevent unauthorized operation of vehicle<br />
� Disable ignition and alike<br />
� Component Protection<br />
� Membership validation of all ECUs built in a particular vehicle<br />
� Exchanging 1 ECU without authentication<br />
• degrades functionality as unauthenticated functions will not work<br />
• stops operation of all networked ECUs at next system start<br />
INTERNAL USE ONLY<br />
• E.g. when engine control ECU is affected<br />
� Feature Activation<br />
� Enables certain functions in the delivered SW-package<br />
� Gives OEM opportunity in after sales revenues<br />
5<br />
Copyright 2012 FUJITSU SEMICONDUCTOR EUROPE GMBH
ECUs to be protected by Cryptography<br />
� Gateway<br />
� Body Computer Module 1<br />
� Body Computer Module 2<br />
� Climate Control<br />
� Thermo Management Unit<br />
� Active Engine Mount<br />
� Instrument Cluster<br />
� Night Vision<br />
� Battery Management System<br />
� Charger<br />
� Safety Computer<br />
INTERNAL USE ONLY<br />
� Adaptive Cruise Control<br />
� Engine Control<br />
� Gear Box<br />
� Electronic Steering Column Lock<br />
� Power Electronics Hybrid<br />
� Central Computer<br />
� Rear Seat Entertainment<br />
� Sound<br />
� DVDC<br />
� TV-Tuner<br />
21 ECU in total SOP 2014<br />
6<br />
Copyright 2012 FUJITSU SEMICONDUCTOR EUROPE GMBH
EVITA<br />
� European research project June 2008 –Dec 2011<br />
� E-safety vehicle intrusion protected applications<br />
� Objective:<br />
Design, verify, and prototype an architecture for automotive on-board<br />
networks where security-relevant components are protected against<br />
tampering and sensitive data are protected against compromise when<br />
transferred inside a vehicle.<br />
� More found at http://evita-project.org/index.html<br />
7<br />
Copyright 2012 FUJITSU SEMICONDUCTOR EUROPE GMBH<br />
INTERNAL USE ONLY
Security Models - Categorization<br />
Full EVITA HSM Medium EVITA HSM Light EVITA HSM<br />
V2X communication On-board communication On-board communication<br />
Maximum level of<br />
functionality,<br />
security and performance<br />
Asymmetric<br />
cryptographic engine<br />
&<br />
Hash engine<br />
User-programmable<br />
functionality<br />
INTERNAL USE ONLY<br />
Maximum level of<br />
functionality and<br />
security<br />
Symmetric<br />
cryptographic engine<br />
User-programmable<br />
functionality<br />
8<br />
Optimized for low cost<br />
HW-solution<br />
Symmetric<br />
cryptographic engine<br />
e.g. AES-128<br />
Pre-defined functionality<br />
<strong>Secure</strong> CPU @ 100 MHz <strong>Secure</strong> CPU @ 25 MHz <strong>Secure</strong> Zone<br />
no CPU needed<br />
64k 64k Optional NV Memory<br />
512k 512k Optional NV RAM<br />
PRNG with TRNG seed PRNG with TRNG seed Optional T/PRNG<br />
Security LT > 20 years<br />
Copyright 2012 FUJITSU SEMICONDUCTOR EUROPE GMBH
<strong>SHE</strong><br />
<strong>Secure</strong> <strong>Hardware</strong> <strong>Extension</strong> – A New Standard?<br />
� <strong>SHE</strong> - Security Objectives<br />
� <strong>SHE</strong> - Building Blocks<br />
� <strong>SHE</strong> - Performance Requirements<br />
INTERNAL USE ONLY<br />
9<br />
Copyright 2012 FUJITSU SEMICONDUCTOR EUROPE GMBH
HIS - <strong>SHE</strong><br />
� HIS = Hersteller Initiative Software<br />
� <strong>SHE</strong> = <strong>Secure</strong> <strong>Hardware</strong> <strong>Extension</strong> - meets ‘Light EVITA HSM’<br />
� Specification by HIS<br />
� Concept:<br />
� Add a <strong>Secure</strong> Zone<br />
� Prevent user access to<br />
security functions other<br />
than those given by logic<br />
� Link to HIS & <strong>SHE</strong>:<br />
INTERNAL USE ONLY<br />
HIS portal on Security<br />
10<br />
Copyright 2012 FUJITSU SEMICONDUCTOR EUROPE GMBH
<strong>SHE</strong> - Security Objectives<br />
� Protect cryptographic keys from software attacks<br />
� Provide an authentic software environment<br />
� Let the security only depend on the strength of the underlying<br />
algorithm and the confidentiality of the keys<br />
� Allow for distributed key ownerships<br />
� Keep the flexibility high and the costs low<br />
INTERNAL USE ONLY<br />
11<br />
Copyright 2012 FUJITSU SEMICONDUCTOR EUROPE GMBH
<strong>SHE</strong> – Building Blocks (1)<br />
� MCU with<br />
<strong>Secure</strong> Zone<br />
� <strong>SHE</strong> data storage<br />
- volatile<br />
- non-volatile<br />
- for KEY & MAC<br />
� Access only via<br />
defined command<br />
interface<br />
INTERNAL USE ONLY<br />
12<br />
Copyright 2012 FUJITSU SEMICONDUCTOR EUROPE GMBH
<strong>SHE</strong> – Perspective from Specification (2)<br />
� <strong>SHE</strong> specifies <strong>Secure</strong> Zone components and algorithms<br />
� Cryptography<br />
• En-/decryption unit<br />
• AES 128 algorithm<br />
� ROM<br />
• Secret key storage<br />
SECRET_KEY<br />
• Unique key storage<br />
UID<br />
� RAM<br />
• RAM key storage<br />
• PRNG key storage<br />
� NV-Memory<br />
• Boot key & MAC storage<br />
INTERNAL USE ONLY<br />
RAM<br />
ROM<br />
• Master key, general purpose key storage<br />
13<br />
Crypto-<br />
graphy<br />
NV-Memory<br />
Copyright 2012 FUJITSU SEMICONDUCTOR EUROPE GMBH
<strong>SHE</strong> – Perspective from Specification (3)<br />
� Cryptography carries<br />
� Encryption unit<br />
• AES 128-based<br />
Applicable Standard<br />
� Decryption unit<br />
• AES 128-based<br />
� CMAC<br />
• Cipher-based<br />
Message<br />
Authentication<br />
Code generator<br />
INTERNAL USE ONLY<br />
RAM<br />
ROM<br />
� Miyaguchi-Preneel<br />
• One-way compression function; compressed data cannot be recovered<br />
• Input requests 128-bit wide chunks of data stream<br />
• Outputs Hash-values to en-/decoding unit<br />
14<br />
Crypto-<br />
graphy<br />
NV-Memory<br />
Copyright 2012 FUJITSU SEMICONDUCTOR EUROPE GMBH
<strong>SHE</strong> – Perspective from Specification (3)<br />
� Cryptography carries<br />
� Encryption unit<br />
• AES 128-based<br />
Applicable Standard<br />
� Decryption unit<br />
• AES 128-based<br />
� CMAC<br />
• Cipher-based<br />
Message<br />
Authentication<br />
Code generator<br />
INTERNAL USE ONLY<br />
RAM<br />
ROM<br />
� Miyaguchi-Preneel<br />
• One-way compression function; compressed data cannot be recovered<br />
• Input requests 128-bit wide chunks of data stream<br />
• Outputs Hash-values to en-/decoding unit<br />
15<br />
NV-Memory<br />
Copyright 2012 FUJITSU SEMICONDUCTOR EUROPE GMBH
<strong>SHE</strong> – Perspective from Specification (4)<br />
� RAM carries<br />
� RAM_KEY<br />
• Temporary key<br />
used for arbitrary<br />
operations<br />
� PRNG_KEY<br />
• Key used by the<br />
Pseudo Random<br />
Number Generator<br />
� PRNG_STATE<br />
• Keeps status of<br />
Pseudo Random<br />
Number Generator<br />
INTERNAL USE ONLY<br />
RAM<br />
ROM<br />
16<br />
Crypto-<br />
graphy<br />
NV-Memory<br />
Copyright 2012 FUJITSU SEMICONDUCTOR EUROPE GMBH
<strong>SHE</strong> – Perspective from Specification (4)<br />
� RAM carries<br />
� RAM_KEY<br />
• Temporary key<br />
used for arbitrary<br />
operations<br />
� PRNG_KEY<br />
• Key used by the<br />
Pseudo Random<br />
Number Generator<br />
� PRNG_STATE<br />
• Keeps status of<br />
Pseudo Random<br />
Number Generator<br />
INTERNAL USE ONLY<br />
ROM<br />
17<br />
Crypto-<br />
graphy<br />
NV-Memory<br />
Copyright 2012 FUJITSU SEMICONDUCTOR EUROPE GMBH
<strong>SHE</strong> – Perspective from Specification (5)<br />
� ROM carries<br />
� SECRET_KEY<br />
• Unique key<br />
• Used for im-/export<br />
of all other keys<br />
• Has to be created<br />
with true random<br />
number generator<br />
(off-chip TRNG )<br />
at production<br />
� UID<br />
• Unique identifier<br />
• Authenticates MCU<br />
INTERNAL USE ONLY<br />
RAM<br />
ROM<br />
� Both SECRET_KEY and UID have to be fixed at production time<br />
• 16 byte for SECRET_KEY and ≤15 byte for UID<br />
18<br />
Crypto-<br />
graphy<br />
NV-Memory<br />
Copyright 2012 FUJITSU SEMICONDUCTOR EUROPE GMBH
<strong>SHE</strong> – Perspective from Specification (5)<br />
� ROM carries<br />
� SECRET_KEY<br />
• Unique key<br />
• Used for im-/export<br />
of all other keys<br />
• Has to be created<br />
with true random<br />
number generator<br />
(off-chip TRNG )<br />
at production<br />
� UID<br />
• Unique identifier<br />
• Authenticates MCU<br />
INTERNAL USE ONLY<br />
RAM<br />
� Both SECRET_KEY and UID have to be fixed at production time<br />
• 16 byte for SECRET_KEY and ≤15 byte for UID<br />
19<br />
Crypto-<br />
graphy<br />
NV-Memory<br />
Copyright 2012 FUJITSU SEMICONDUCTOR EUROPE GMBH
<strong>SHE</strong> – Perspective from Specification (6)<br />
� NV-Memory carries<br />
� MASTER_ECU_KEY<br />
• Set up by OEM<br />
(owner)<br />
• Enables change of<br />
other keys<br />
� BOOT_MAC_KEY<br />
• Enables particular<br />
boot request and<br />
thus establishing<br />
secure boot<br />
� BOOT_MAC<br />
• Authentication of<br />
boot code<br />
� KEY_<br />
• Dedicated key storage<br />
for arbitrary functions<br />
• 3 – 10 keys<br />
� PRNG_SEED<br />
• Starting value for pseudo<br />
random number generator<br />
INTERNAL USE ONLY<br />
RAM<br />
ROM<br />
� Irreversible Write Protection of keys in NV-memory<br />
• Any key in NV-memory area shall not be changeable throughout life time of the device once<br />
write-protection was applied by user<br />
20<br />
Crypto-<br />
graphy<br />
NV-Memory<br />
Copyright 2012 FUJITSU SEMICONDUCTOR EUROPE GMBH
<strong>SHE</strong> – Perspective from Specification (6)<br />
� NV-Memory carries<br />
� MASTER_ECU_KEY<br />
• Set up by OEM<br />
(owner)<br />
• Enables change of<br />
other keys<br />
� BOOT_MAC_KEY<br />
• Enables particular<br />
boot request and<br />
thus establishing<br />
secure boot<br />
� BOOT_MAC<br />
• Authentication of<br />
boot code<br />
� KEY_<br />
• Dedicated key storage<br />
for arbitrary functions<br />
• 3 – 10 keys<br />
� PRNG_SEED<br />
• Starting value for pseudo<br />
random number generator<br />
INTERNAL USE ONLY<br />
RAM<br />
ROM<br />
� Irreversible Write Protection of keys in NV-memory<br />
• Any key in NV-memory area shall not be changeable throughout life time of the device once<br />
write-protection was applied by user<br />
21<br />
Crypto-<br />
graphy<br />
Copyright 2012 FUJITSU SEMICONDUCTOR EUROPE GMBH
<strong>SHE</strong> - Performance Requirements<br />
� Start-up / <strong>Secure</strong> Boot is Critical Path<br />
� All <strong>SHE</strong>-equipped nodes have to perform secure boot process<br />
� Availability to be established before 1 sec elapses<br />
� MAC latency according <strong>SHE</strong><br />
� < 2 µsec for a 128-bit block<br />
• MAC = Message Authentication Code<br />
� Authentication of Flash contents at power up<br />
�
<strong>SHE</strong><br />
Implementation<br />
� <strong>SHE</strong> System<br />
� <strong>SHE</strong> Integration<br />
� <strong>SHE</strong> Implementation<br />
INTERNAL USE ONLY<br />
23<br />
Copyright 2012 FUJITSU SEMICONDUCTOR EUROPE GMBH
<strong>SHE</strong> System Diagram<br />
Host System<br />
EEFLASH<br />
INTERNAL USE ONLY<br />
Public <strong>Secure</strong>d<br />
NV_MEM IF<br />
<strong>SHE</strong>CO<br />
24<br />
<strong>SHE</strong><br />
<strong>SHE</strong> Firmware<br />
Host Interface<br />
Data IF Command IF<br />
<strong>SHE</strong> Host Driver<br />
Copyright 2012 FUJITSU SEMICONDUCTOR EUROPE GMBH
<strong>SHE</strong> - System Integration (ATLAS-L/TITAN)<br />
Debug /<br />
Trace<br />
Cortex R4<br />
CPU<br />
TCFlash<br />
System<br />
Controller<br />
Watchdog<br />
RTC<br />
External<br />
Interrupt<br />
INTERNAL USE ONLY<br />
MPU<br />
Sec.<br />
32-bit AHB slave bus<br />
Boot ROM<br />
Cache<br />
SRAM<br />
Retention<br />
RAM<br />
Timers<br />
Timers<br />
Timers<br />
Timers<br />
Content is<br />
protected<br />
64-bit AHB slave bus<br />
GPIO<br />
Sec.<br />
Interrupt<br />
Controller<br />
Timing<br />
Protection<br />
64-bit Multilayer AXI bus<br />
System RAM<br />
EEFlash<br />
<strong>SHE</strong><br />
Peripheral bus 3<br />
Peripheral<br />
Protection<br />
Contains security<br />
config<br />
25<br />
Quad-SPI<br />
32-bit AHB master bus<br />
MPU<br />
MPU<br />
MPU<br />
Ethernet<br />
MediaLB<br />
USB<br />
Peripheral bus 1<br />
Peripheral bus 0<br />
Peripherals<br />
Peripherals<br />
Peripherals<br />
Peripherals<br />
Peripheral<br />
Peripheral<br />
Bus Peripheral Bridge<br />
Bus Bridge<br />
Bus Bridge<br />
Peripherals<br />
Peripherals<br />
Peripherals<br />
Peripherals<br />
Bus master<br />
32-bit AHB slave bus<br />
CRC<br />
I2S<br />
DMA<br />
MPU<br />
MPU PPU<br />
Subsystem<br />
Bus slave<br />
Copyright 2012 FUJITSU SEMICONDUCTOR EUROPE GMBH
<strong>SHE</strong> Implementation<br />
64-bit AHB bus<br />
INTERNAL USE ONLY<br />
Flash security<br />
HW barrier<br />
Bus master<br />
Bus slave<br />
EEFLASH<br />
Public<br />
Sectors<br />
(6 x 8 K)<br />
<strong>SHE</strong> <strong>SHE</strong>CO<br />
<strong>Secure</strong>d<br />
Sectors<br />
(2 x 8 K)<br />
TRNG<br />
NV_MEM_MASTER<br />
AES-128<br />
En-/decode<br />
CMAC<br />
Miyaguchi-Preneel<br />
PRNG<br />
Tx/Rx FIFOs<br />
AXI Master<br />
MPU<br />
Data I/F<br />
Host AXI bus<br />
26<br />
32-bit AHB bus<br />
FR60<br />
CPU<br />
AHB<br />
Host Interface<br />
D<br />
Command/Data I/F<br />
32-bit D bus<br />
I bus<br />
Register I/F<br />
ROM<br />
RAM<br />
Cycle<br />
counter<br />
PPU protection<br />
Host AHB bus<br />
Copyright 2012 FUJITSU SEMICONDUCTOR EUROPE GMBH
<strong>SHE</strong> - <strong>Secure</strong>d Key Storage (1)<br />
SECRET_KEY<br />
UID<br />
INTERNAL USE ONLY<br />
EEFLASH<br />
MASTER_ECU_KEY EMPTY FLAGS COUNTER<br />
BOOT_MAC_KEY EMPTY FLAGS COUNTER<br />
BOOT_MAC EMPTY FLAGS COUNTER<br />
KEY_ EMPTY FLAGS COUNTER<br />
PRNG_KEY<br />
PRNG_STATE<br />
EMPTY<br />
EMPTY<br />
RAM<br />
FLAGS<br />
FLAGS<br />
FLAGS<br />
FLAGS<br />
RAM_KEY FLAGS<br />
27<br />
� Common features<br />
� 32 byte large key slots<br />
� Access only by <strong>SHE</strong>CO CPU<br />
� NV memory<br />
� Empty flag to distinguish between<br />
erased keys and keys written to 0xFF<br />
� Flags and 28bit counters are stored in<br />
the same slot as the key<br />
� SECRET_KEY and UID slots are write<br />
protected before device delivery<br />
� No PRNG_SEED storage needed<br />
since on-chip TRNG is implemented<br />
� RAM<br />
� PRNG_KEY is calculated from<br />
SECRET_KEY during<br />
CMD_INIT_RNG command and<br />
stored in RAM slot<br />
Copyright 2012 FUJITSU SEMICONDUCTOR EUROPE GMBH
<strong>SHE</strong> - <strong>Secure</strong>d Key Storage (2)<br />
INTERNAL USE ONLY<br />
Empty<br />
SECRET_KEY F 1 T 2 � 3 � 3<br />
UID F 1 T 2<br />
MASTER_ECU_KEY � 4 � � � �<br />
BOOT_MAC_KEY � 4 � � �<br />
BOOT_MAC � 4 � � �<br />
Write-protection<br />
KEY_ � 4 � � � � �<br />
PRNG_KEY � 5<br />
PRNG_STATE � 5<br />
Flags to be used for keys<br />
RAM_KEY � 5 �<br />
<strong>Secure</strong> boot failure<br />
1<br />
Empty flags for SECRET_KEY and UID are set after the keys have been written (by Fujitsu)<br />
2<br />
Write-protection flags for SECRET_KEY and UID are set after the keys have been written (by Fujitsu)<br />
3<br />
SECRET_KEY inherits its protection flags from MASTER_ECU_KEY<br />
4<br />
The initial value after production will be TRUE<br />
5<br />
The initial value after power-up/HW-Reset will be TRUE<br />
28<br />
Debugger activation<br />
Wildcard UID<br />
Key usage<br />
Plain key<br />
� – used<br />
F – used, always false<br />
T – used, always true<br />
Copyright 2012 FUJITSU SEMICONDUCTOR EUROPE GMBH
<strong>SHE</strong> – Software (Firmware)<br />
� <strong>SHE</strong> firmware<br />
� Implements <strong>SHE</strong> control logic + EEPROM emulation for key storage<br />
� Is ROM based (no modification possible!)<br />
� No debugging possible<br />
� Entirely developed by Fujitsu<br />
� <strong>Secure</strong> Boot<br />
� <strong>Extension</strong> of FCR4 Boot-ROM for <strong>Secure</strong> Boot<br />
� Validation of boot loader with support of <strong>SHE</strong> and DMA<br />
� Block length configured by of <strong>SHE</strong>_BL_SIZE (<strong>SHE</strong> parameter)<br />
� <strong>SHE</strong> evaluates the status via valid BOOT_MAC_KEY<br />
INTERNAL USE ONLY<br />
29<br />
Copyright 2012 FUJITSU SEMICONDUCTOR EUROPE GMBH
<strong>SHE</strong> – Software (AUTOSAR Driver)<br />
� AUTOSAR driver V4.xx<br />
� Implements <strong>SHE</strong> user accessible<br />
functions<br />
� Handles hardware Interaction<br />
� E.g I/F error handling<br />
� Host driver for <strong>SHE</strong> will become<br />
a Fujitsu product<br />
INTERNAL USE ONLY<br />
30<br />
Copyright 2012 FUJITSU SEMICONDUCTOR EUROPE GMBH
Outlook<br />
� Cryptography becomes general trend for embedded systems<br />
� Majority of ECU/MCU will have to support en-/decryption<br />
� Data security will become mandatory feature for automotive<br />
applications<br />
� Scaled between low-cost solutions like <strong>SHE</strong> for many ECUs and<br />
� High protection requirements for a subset of ECUs<br />
� <strong>SHE</strong> will be on the road in 2014<br />
INTERNAL USE ONLY<br />
31<br />
Copyright 2012 FUJITSU SEMICONDUCTOR EUROPE GMBH
Thank you for your attention<br />
INTERNAL USE ONLY<br />
32<br />
Copyright 2012 FUJITSU SEMICONDUCTOR EUROPE GMBH
INTERNAL USE ONLY<br />
33<br />
Copyright 2012 FUJITSU SEMICONDUCTOR EUROPE GMBH