Security and Cryptography at NXP

Ventzislav NikovNXP Semiconductors Research Laboratory LeuvenCenter of Competence System Security and DRM

29.05.2008

2

Outline

Products – Domains, – Telematics, – Product Security

Cryptography – Trends, – Assumptions, – Challenges

Conclusions

3

ProductsDomains

4

NXP Semiconductors Established in 2006 (formerly the Semiconductor division of Philips)

Key focus areas:

Owner of NXP Software: an independent software solutions company

Mobile and Personal Home Automotive and Identification

5

Mobile & Personal Nexperia Mobile Solutions

Security-SIM-Smartcard

User Interface-Cameras-Audio accessories (USB headsets)-Display, Keyboard-Sensors-Speakers, Microphones

Multimedia Processing-Multimedia co-processors-Application Software

Cellular Pipe-Baseband Processor incl. Telecom Software-PMU-PA-RF

Connectivity Pipes-Bluetooth-GPS-WLAN-UWB-USB-NFC-Wireless USB

Broadcast Pipes-Digital Radio Broadcast-AM/FM-TV-GPS

6

Home & Car Platform SecurityDTV, STB, PC TV, Car entertainmentDigital Rights ManagementIn-Vehicle Networks,

Car immobilizers and keyless entry/go

internet

Contentserver

Rights managerlicense server

Acquisition License and

ContentTransfer

License and ContentStorage

Streaming

7

Identification

NFC & RFID technology (more than 3 billion ICs shipped)

More than 80% of the world’s e-passports projects use our ICs

Contactless SmartCard schemes for electronic ticketing, banking, automatic fare collection,…

A global leader in smart card technology and security (over 1 billion ICs shipped). It is not so surprising that WE are the first to get EAL5+ for our smart card ICs.

#1 in Contactless, PKI and EMV solutions and Java Card.

NXP product family SmartMX for the payment market

8

NFC Applications in Mobile Phones

TransactionsPayment

everywhere:Mobile phone

= POS

TransactionsAccess to public transport:Mobile phone = transport card

TransactionsAccess Control:

Mobile phone = key

ConnectivityExchange informationMobile phone= electronic

business card

Service DiscoveryTake info

from poster:Mobile phone

= ticket counter

TransactionsMicro-payments:Mobile phone = debit card

9

Products Telematics

10

Telematics: Road Pricing System Overview

Transport & payment card

Services Server

Vignette

OBUGPS SatelliteSecure

Positioning

Secure Payment

Secure ID

Secure Services

Secure Physical Link

11

Car Identification

PrivacyOBU

Active

SecurePayment Positioning

Secure

Road Pricing Security Service DomainsSet of security mechanismstargeting a same objective

Domains are loosely linked to allow parallel design and analysis

Secure LifecycleMan

ufactu

ring

Regist

ration

Activa

tion

Termina

tion

Diagno

stic

Secure Software

Secure Communication

Root of Trust

12

Secure Positioning in Road PricingProtecting integrity of unauthenticated GNSS services

Police Checks Checkpoints

Car-to-Car Communications

Car Sensors (odometer, gauge, tachymeter…)

GSM Trilateration

OBU Compass,accelerometer…

Infrastructure-less

Infrastructure-basedSmart Roads

13

Actors & Potential Privacy Attackers

Road Price Operator

Government

Driver / Car Owner

------------------

------------------

Mobile Network Operator

Family

3rd-Parties

14

Privacy Sensitive Data

TimeFee

LocalizationIdentity

Enforcement vs. Privacy-Preserving System

Therefore the system must provide a mean to revoke driver anonymity!

15

Products Product Security

16

Product security – what is it aboutProduct security is business driven to address identified risks as appropriate

Product security development - similar to any product development project. Security follows the “classic” product life cycle steps

– Requirements– Architecture– Specification and Design– Implementation– Testing + [Certification]– Maintenance

Security must be fully integrated with the product functional life cycle– Cost-effectiveness– User friendliness

Security is a process of continuous improvement based on the Plan Do Check Act model

Plan

Check

ActDo

17

Product Security Architecture (simplified)

18

Product security implementation

Specification and design of product security – To be integrated with full product specification & design on different levels

– Secure Manufacturing – Application security– Platform security– Hardware security– …

– Supporting security services • Key management (e.g., generation, key distribution, storage , maintenance

and renewal/revocation)• Other trust services such as “time stamping”, code signing

– Supporting security test specification

Product Implementation & Testing

Product maintenance

19

You created your secure software…– Stored the key in some on-chip fuses, so eavesdropping of wires does not

reveal the key.– Made sure that there are no buffer overflow conditions.– Made sure that at no moment in time the key is left on the stack.– Used strong virtualization techniques.

What can possibly go wrong?

Is Your Product Really Secure? HW-SW Co-Designed? Cracking Security at the Weakest Link

Suppose: You need to create a system to operate securely in a hostile environment…

(CE)device device device

as opposed to

20

Common Criteria approachBusiness justification

Create confidence towards customers, (new) service providers, regulators, etc…

“Assurance” label in a future open market with different suppliers

Based on a worldwide accepted security evaluation standard in all industry sectors

Adequate basis to drive marketing and possible standardization

21

CryptographyTrends, Assumption and Challenges

22

Cryptography ≠ Security

Crypto is only a tiny piece of the security puzzle– but an important one

Most systems break elsewhere – weakest link– incorrect requirements or specifications– implementation errors– application level– social engineering

Trends – Side Channel Attacks (past Smart Cards - now STB – next !?

Mobile)– Common Criteria – EAL 4+/5+– Going to more and more restricted environments

23

Light weight crypto – case study

AES hardware implementation - Most compact version about 3K gates

Stream ciphers (until recently nearly all broken – just 1 or 2 exceptions)

Now 10 to 20 stream ciphers are still surviving the attacks– But their hardware implementation requires 1.5-3K

gates

The smallest block ciphers - PRESENT requires 1.8K gates

The smallest MAC algorithm - SQUASH around 0.5K gates

24

Security Layers: How everything stacks up…

Cryptographic AlgorithmsAES, SHA, RSA

Cryptographic PrimitivesCBC mode, HMAC, Digital signatures

Security ProtocolsSSL, IPSec, DTCP, OCSP

Secure Services PKI, DRM, Timestamping

Applications

Few, Generic and Mathematically secure

Many, Ad hoc, Complex, Multiple compromises

Cryptographic ProtocolsKey Establishment, Distributed Computing

25

Assumptions

Black box crypto – is it a correct assumption?

Side channel leaks / attacks

White box crypto – too hard to defend!

So, where are we exactly?

26

Challenges

Security in longer term (50-100 years)

Encryption/Integrity/Authentication of ultra-high speed networks

Ultra-low footprint algorithms (few hundred gates)

The power challenge

Cost efficient

Agility of the algorithms

27

Challenges

How to make “secure” SW/HW in the non black box model.

SW IP protection

Privacy

Standardization – either too few or too many.

Infrastructure requirements - efficiency

New more realistic security models – Algorithms/Protocols secure in such models

28

Conclusion

Crypto is Science

Security is Economics

Crypto Research can help (a lot) although can not solve all problems.

29