security and cryptography at nxp ecrypt'08 v0.2...product security development - similar to any...
TRANSCRIPT
Security and Cryptography at NXP
Ventzislav NikovNXP Semiconductors Research Laboratory LeuvenCenter of Competence System Security and DRM
29.05.2008
2
Outline
Products – Domains, – Telematics, – Product Security
Cryptography – Trends, – Assumptions, – Challenges
Conclusions
3
ProductsDomains
4
NXP Semiconductors Established in 2006 (formerly the Semiconductor division of Philips)
Key focus areas:
Owner of NXP Software: an independent software solutions company
Mobile and Personal Home Automotive and Identification
5
Mobile & Personal Nexperia Mobile Solutions
Security-SIM-Smartcard
User Interface-Cameras-Audio accessories (USB headsets)-Display, Keyboard-Sensors-Speakers, Microphones
Multimedia Processing-Multimedia co-processors-Application Software
Cellular Pipe-Baseband Processor incl. Telecom Software-PMU-PA-RF
Connectivity Pipes-Bluetooth-GPS-WLAN-UWB-USB-NFC-Wireless USB
Broadcast Pipes-Digital Radio Broadcast-AM/FM-TV-GPS
6
Home & Car Platform SecurityDTV, STB, PC TV, Car entertainmentDigital Rights ManagementIn-Vehicle Networks,
Car immobilizers and keyless entry/go
internet
Contentserver
Rights managerlicense server
Acquisition License and
ContentTransfer
License and ContentStorage
Streaming
7
Identification
NFC & RFID technology (more than 3 billion ICs shipped)
More than 80% of the world’s e-passports projects use our ICs
Contactless SmartCard schemes for electronic ticketing, banking, automatic fare collection,…
A global leader in smart card technology and security (over 1 billion ICs shipped). It is not so surprising that WE are the first to get EAL5+ for our smart card ICs.
#1 in Contactless, PKI and EMV solutions and Java Card.
NXP product family SmartMX for the payment market
8
NFC Applications in Mobile Phones
TransactionsPayment
everywhere:Mobile phone
= POS
TransactionsAccess to public transport:Mobile phone = transport card
TransactionsAccess Control:
Mobile phone = key
ConnectivityExchange informationMobile phone= electronic
business card
Service DiscoveryTake info
from poster:Mobile phone
= ticket counter
TransactionsMicro-payments:Mobile phone = debit card
9
Products Telematics
10
Telematics: Road Pricing System Overview
Transport & payment card
Services Server
Vignette
OBUGPS SatelliteSecure
Positioning
Secure Payment
Secure ID
Secure Services
Secure Physical Link
11
Car Identification
PrivacyOBU
Active
SecurePayment Positioning
Secure
Road Pricing Security Service DomainsSet of security mechanismstargeting a same objective
Domains are loosely linked to allow parallel design and analysis
Secure LifecycleMan
ufactu
ring
Regist
ration
Activa
tion
Termina
tion
Diagno
stic
Secure Software
Secure Communication
Root of Trust
12
Secure Positioning in Road PricingProtecting integrity of unauthenticated GNSS services
Police Checks Checkpoints
Car-to-Car Communications
Car Sensors (odometer, gauge, tachymeter…)
GSM Trilateration
OBU Compass,accelerometer…
Infrastructure-less
Infrastructure-basedSmart Roads
13
Actors & Potential Privacy Attackers
Road Price Operator
Government
Driver / Car Owner
------------------
------------------
Mobile Network Operator
Family
3rd-Parties
14
Privacy Sensitive Data
TimeFee
LocalizationIdentity
Enforcement vs. Privacy-Preserving System
Therefore the system must provide a mean to revoke driver anonymity!
15
Products Product Security
16
Product security – what is it aboutProduct security is business driven to address identified risks as appropriate
Product security development - similar to any product development project. Security follows the “classic” product life cycle steps
– Requirements– Architecture– Specification and Design– Implementation– Testing + [Certification]– Maintenance
Security must be fully integrated with the product functional life cycle– Cost-effectiveness– User friendliness
Security is a process of continuous improvement based on the Plan Do Check Act model
Plan
Check
ActDo
17
Product Security Architecture (simplified)
18
Product security implementation
Specification and design of product security – To be integrated with full product specification & design on different levels
– Secure Manufacturing – Application security– Platform security– Hardware security– …
– Supporting security services • Key management (e.g., generation, key distribution, storage , maintenance
and renewal/revocation)• Other trust services such as “time stamping”, code signing
– Supporting security test specification
Product Implementation & Testing
Product maintenance
19
You created your secure software…– Stored the key in some on-chip fuses, so eavesdropping of wires does not
reveal the key.– Made sure that there are no buffer overflow conditions.– Made sure that at no moment in time the key is left on the stack.– Used strong virtualization techniques.
What can possibly go wrong?
Is Your Product Really Secure? HW-SW Co-Designed? Cracking Security at the Weakest Link
Suppose: You need to create a system to operate securely in a hostile environment…
(CE)device device device
as opposed to
20
Common Criteria approachBusiness justification
Create confidence towards customers, (new) service providers, regulators, etc…
“Assurance” label in a future open market with different suppliers
Based on a worldwide accepted security evaluation standard in all industry sectors
Adequate basis to drive marketing and possible standardization
21
CryptographyTrends, Assumption and Challenges
22
Cryptography ≠ Security
Crypto is only a tiny piece of the security puzzle– but an important one
Most systems break elsewhere – weakest link– incorrect requirements or specifications– implementation errors– application level– social engineering
Trends – Side Channel Attacks (past Smart Cards - now STB – next !?
Mobile)– Common Criteria – EAL 4+/5+– Going to more and more restricted environments
23
Light weight crypto – case study
AES hardware implementation - Most compact version about 3K gates
Stream ciphers (until recently nearly all broken – just 1 or 2 exceptions)
Now 10 to 20 stream ciphers are still surviving the attacks– But their hardware implementation requires 1.5-3K
gates
The smallest block ciphers - PRESENT requires 1.8K gates
The smallest MAC algorithm - SQUASH around 0.5K gates
24
Security Layers: How everything stacks up…
Cryptographic AlgorithmsAES, SHA, RSA
Cryptographic PrimitivesCBC mode, HMAC, Digital signatures
Security ProtocolsSSL, IPSec, DTCP, OCSP
Secure Services PKI, DRM, Timestamping
Applications
Few, Generic and Mathematically secure
Many, Ad hoc, Complex, Multiple compromises
Cryptographic ProtocolsKey Establishment, Distributed Computing
25
Assumptions
Black box crypto – is it a correct assumption?
Side channel leaks / attacks
White box crypto – too hard to defend!
So, where are we exactly?
26
Challenges
Security in longer term (50-100 years)
Encryption/Integrity/Authentication of ultra-high speed networks
Ultra-low footprint algorithms (few hundred gates)
The power challenge
Cost efficient
Agility of the algorithms
27
Challenges
How to make “secure” SW/HW in the non black box model.
SW IP protection
Privacy
Standardization – either too few or too many.
Infrastructure requirements - efficiency
New more realistic security models – Algorithms/Protocols secure in such models
28
Conclusion
Crypto is Science
Security is Economics
Crypto Research can help (a lot) although can not solve all problems.
29