Upload
dangthien
View
226
Download
0
Embed Size (px)
Citation preview
1
Renesas Electronics America Inc.
© 2010 Renesas Electronics America Inc. All rights reserved.
ID 911C: Case studies for Embedded Security
D. Pochet
Manager, Marketing Security Products
14 October 2010Rev 1.0
Hello everyone.
This session is 911C –
This session focuses on Machine-to-Machine authentication, an emerging Security IC market offering exciting new opportunities for the embedded system vendors.
2
2 © 2010 Renesas Electronics America Inc. All rights reserved.
Mr. Denis Pochet
� Sr Product Marketing Manager, Secure MCU
� Responsible for Marketing, Business Development
and Product Management within REA –
Consumer & Industrial group.
PREVIOUS EXPERIENCE:
� Eleven years in Smart card industry (dual interface (Contact/Cless) for
ID & Banking) and Digital Security (Embedded Systems (PCI-PED POS,
FIPS140-2 Authentication device,..)).
� Expertise in Security solutions: security IC, software applications, PKI
technology and provisioning solutions
� Master degree in computer sciences from “Ecole des Mines de St
Etienne” University (France)
I
3
3 © 2010 Renesas Electronics America Inc. All rights reserved.
Renesas Technology and Solution Portfolio
Microcontrollers& Microprocessors#1 Market share
worldwide *
Analog andPower Devices#1 Market share
in low-voltage
MOSFET**
Solutions
for
Innovation
Solutions
for
InnovationASIC, ASSP& MemoryAdvanced and
proven technologies
* MCU: 31% revenue basis from Gartner
"Semiconductor
Applications Worldwide
Annual Market Share:
Database" 25
March 2010
** Power MOSFET: 17.1%
on unit basis from
Marketing Eye 2009
(17.1% on unit basis).
In the session 110C, Renesas Next Generation Microcontroller and Microprocessor Technology Roadmap, Ritesh Tyagi introduces this high level image of where the Renesas Products fit. The big picture.
4
4 © 2010 Renesas Electronics America Inc. All rights reserved.
4
Renesas Technology and Solution Portfolio
Microcontrollers& Microprocessors
#1 Market share
worldwide *
Analog andPower Devices#1 Market share
in low-voltage
MOSFET**
ASIC, ASSP& MemoryAdvanced and
proven technologies
* MCU: 31% revenue basis from Gartner
"Semiconductor
Applications Worldwide
Annual Market Share:
Database" 25
March 2010
** Power MOSFET: 17.1%
on unit basis from
Marketing Eye 2009
(17.1% on unit basis).
Solutions
for
Innovation
Solutions
for
Innovation
This is where our session, ID 911C: Case studies for Embedded Security , is focused within the ‘Big picture of Renesas Products’
5
5 © 2010 Renesas Electronics America Inc. All rights reserved.
5
Microcontroller and Microprocessor Line-up
Superscalar, MMU, Multimedia� Up to 1200 DMIPS, 45, 65 & 90nm process
� Video and audio processing on Linux
� Server, Industrial & Automotive
� Up to 500 DMIPS, 150 & 90nm process
� 600uA/MHz, 1.5 uA standby
� Medical, Automotive & Industrial
� Legacy Cores
� Next-generation migration to RX
High Performance CPU, FPU, DSC
Embedded Security
� Up to 10 DMIPS, 130nm process
� 350 uA/MHz, 1uA standby
� Capacitive touch
� Up to 25 DMIPS, 150nm process
� 190 uA/MHz, 0.3uA standby
� Application-specific integration
� Up to 25 DMIPS, 180, 90nm process
� 1mA/MHz, 100uA standby
� Crypto engine, Hardware security
� Up to 165 DMIPS, 90nm process
� 500uA/MHz, 2.5 uA standby
� Ethernet, CAN, USB, Motor Control, TFT Display
High Performance CPU, Low Power
Ultra Low PowerGeneral Purpose
Here are the MCU and MPU Product Lines, I am not going to cover any specific information on these families, but rather I want to show you where this session is focused
6
6 © 2010 Renesas Electronics America Inc. All rights reserved.
6
Microcontroller and Microprocessor Line-up
Superscalar, MMU, Multimedia� Up to 1200 DMIPS, 45, 65 & 90nm process
� Video and audio processing on Linux
� Server, Industrial & Automotive
� Up to 500 DMIPS, 150 & 90nm process
� 600uA/MHz, 1.5 uA standby
� Medical, Automotive & Industrial
� Legacy Cores
� Next-generation migration to RX
High Performance CPU, FPU, DSC
Embedded Security
� Up to 10 DMIPS, 130nm process
� 350 uA/MHz, 1uA standby
� Capacitive touch
� Up to 25 DMIPS, 150nm process
� 190 uA/MHz, 0.3uA standby
� Application-specific integration
� Up to 25 DMIPS, 180, 90nm process
� 1mA/MHz, 100uA standby
� Crypto engine, Hardware security
� Up to 165 DMIPS, 90nm process
� 500uA/MHz, 2.5 uA standby
� Ethernet, CAN, USB, Motor Control, TFT Display
High Performance CPU, Low Power
Ultra Low PowerGeneral Purpose
Embedded Security
These are the products where this presentation applies
7
7 © 2010 Renesas Electronics America Inc. All rights reserved.
Innovation
Server
Router
Extended boards
PKI Strong Mutual
authentication
Anti-cloning protection
8
8 © 2010 Renesas Electronics America Inc. All rights reserved.
Renesas Board ID Solution
Renesas Board ID solution is ideally suited for applications
needing strong authentication and for web connected devices.
Renesas, in partnership with Avnet, provides a unique and
complete solution to Embedded Systems vendors of any size to
deploy cost effectively this powerful PKI authentication
technology.
Renesas Board ID solution is ideally suited for applications needing strong authentication and for web
connected devices.
Renesas, in partnership with Avnet, provides a unique and complete solution to Embedded Systems
vendors of any size to deploy cost effectively this powerful PKI authentication technology.
9
9 © 2010 Renesas Electronics America Inc. All rights reserved.
Agenda
� Renesas in the Security IC market
� Authentication basics
� Board ID security
� Board ID use case examples
� Board ID solution support
� Q&A
Here is today’s agenda.
Introduction: Renesas in the Security IC market
Authentication basics
Board ID security
Board ID use case examples
Board ID solution support
Q&A
10
10 © 2010 Renesas Electronics America Inc. All rights reserved.
Key Takeaways
By the end of this session you will be able to:
� Understand Renesas position in the security IC market
� Know the basic about authentication
� Sell the benefits of a strong security technology to your
customers and to your company management
� Understand how to implement a strong authentication with
Renesas solution
You will discover that we are, on top of being the world leading MCU vendor, a world leading SECURE
MCU vendor.
Then you will learn the basics about authentication
About the Board ID solution
And how to build a strong authentication solution with our technology
11
11 © 2010 Renesas Electronics America Inc. All rights reserved.
Security application examples: everywhere!
Authentication< Closed system >
Server
Router Switch
Storage
Ink Cartridge
Battery
Consumer Electronics
AuthenticationThrough Network< Open system >
USB Key
EFTPOSPC
STB/DVR
Medical
Bank card
SIM
SIM
SIM card
NFC payment
ETC
Enterprise
Innovation highlight
Renesas is the first supplier providing a total PKI solution for embedded systems. Our solution
includes Security IC, firmware and the provisioning of the keys/certs
It is a standards based solution (X509), supported by Avnet, a global partner.
Available, cost effective and deployable NOW.
� Ideally suited for applications requiring strong authentication and/or web
connectivity: very large growth projected for the next decade.
� Companies of any size (small or large) can deploy this technology and
participate in this high growth market requiring strong security.
� Companies wanting to protect their IP and reduce drastically business risks
12
12 © 2010 Renesas Electronics America Inc. All rights reserved.
M to M Authentication
• Embedded
interface (I2C)
• Small package
N Series* Under
development
NFC
NFC Series*
Renesas in the Secure MCU market
ContactSmart Card
AE4 Series
AE5 Series
RS4 Series
Banking, ID card
ContactlessSmart Card
AE41R
RS4X Series*
Banking card Mobile Phone
GeneralPromotion Selected OEM support only
Embedded
For traditional contact smart card application such SIM card and banking card, we offer wide range of products from both 16bit AE4 series and 32 bit AE5 series depending on market requirements.
For growing contactless market, we have contactless chips and dualway chips which has both contact and contactless interface on single chip. These Contactless chips can operate by only power provided through antenna of card readers.
We are also developing a new RS series secure core which consumes lower power that is important for future contactless requirements.
We are also developing the product for coming Near Filed Communication application. The product to be available in early next year will be one chip NFC which includes both RF and secure element function in one chip.
For embedded machine to machine authentication application, based on smart card chip technology, we have N series products which have standard embedded host MCU or MPU interface such i2C or SPI. The Board ID solution presented here has a I2C serial interface.
13
13 © 2010 Renesas Electronics America Inc. All rights reserved.
1980 1990 2000
Banking Card (Visa, MasterCard, Debit card)
GSM, 3G SIM Card
ETC SAM
Contactless Card
M to M
Authentication
2009
ETC SAM : Electric Toll Collection Secure Authentication Module
M to M : Machine to Machine
2010
SIM
SIM
3 B milestone
Renesas in the Secure IC market
Renesas is one of the first company introducing the smart card technology in early 80s starting for banking card.
In 90s, we started shipping smartcard chip for GSM SIM application which is very large volume in Europe and Asian countries. Advanced SIM technology is used for today’s 3G phone and Renesas is currently producing 32bit large non volatile memory on chip smart card chip for this market.
ETC, electric toll collection system has been introduced into all most all highway system in Japan. Renesas has more than 50% of share for secure authentication module installed in the vehicle.
For contactless technology, Renesas has 100% share in the mobile Felica system in Japan which is mobile phone with contactless card function. Now we are entering Paypass contactless card in US market.
For machine to machine authentication, we offer the dedicated security chips in volume for embedded security application (machine-to-machine authentication).
Last year, we achieved 3.0 billion units cumulative shipped and quality of Renesas security chip has been highly accepted in the industry. Today, we are supplying more than 300 million security ICs every year.
14
14 © 2010 Renesas Electronics America Inc. All rights reserved.
From simple ID to strong authentication
SIM
SIM
Name Name + ID Authentication
Small groups
Largersociety
Networked society
Today
UserStrong user authentication
Historically the need for strong USER authentication has grown as the complexity of networks and more sophisticated services increased.
15
15 © 2010 Renesas Electronics America Inc. All rights reserved.
SIM
SIM
Strong user authentication
Small groups
Largersociety
Networked society
Today
User
M2M Authentication app. opportunities
UserM2M
From simple ID to strong authentication
Similarly Renesas anticipates that the need for stronger MACHINE-TO-MACHINE authentication will increase over time, and we want to position our company as the leading provider of robust solution in that market.
We also want to help you address this emerging market with our Security solution.
16
16 © 2010 Renesas Electronics America Inc. All rights reserved.
Hacks can affect almost any product
High tech industrial
High tech consumer
Public infrastructure
designs without strong
security at high risk
www.HackADay.comPOOR SECURITY
=HIGH RISK
Hackers can attack and damage almost any product across all segments. Here are some examples made public in the recent years:
(top left pic) Consumer segment: In China, close to 15 % of phones working in the telecom network are counterfeited devices.
(bottom left pic) Industrial segment: This cover page title is ‘FAKES: can you tell the difference?’among two network equipment devices
(bottom right) Public infrastructure: this was on TV news earlier this year. Hackers managed to enter road sign control systems across several states and create this prank… a threat to public safety
(top right): this is an example of a social networking sites for hackers. There are 100s of similar places, where communities of hackers exchange freely ideas, software downloads to attack all sorts of products…
This highlight the fact that product designed with poor security or no security are highly at risk.
17
17 © 2010 Renesas Electronics America Inc. All rights reserved.
Benefits of a design with Strong Security
Protection against:
� Liability
� Breach of License & Brand
� Revenue Loss
� Unfair Competition
� …
and improved credibility with partners and customers
Security MUST be designed in!
Yes, you will see through this presentation that security is becoming real concern in the high tech world.
After all, a company’s strength and competitiveness reside in the uniqueness and quality of its products.
If the products can be easily copied, it can:
Reduce margins and create losses,
Affect negatively the reputation of the company,
Bring unwanted and dangerous competitors…
Security MUST be designed in!
18
18 © 2010 Renesas Electronics America Inc. All rights reserved.
Symmetric key architecture
A: Who are you?
B: I am Bob
A: Prove it to me by responding to my
question ( if you know my secret you’ll be able to respond )
RISK:The Secret MUST be stored
In a tamperproof IC, otherwise the entire network can be
compromised as ALL share the same secret.
Rely on shared ‘secret’among parties
Authentication basic:
There are two types of architectures. The first one is built with ‘symmetric’ keys.
The reason for that name is that both ends use the same exact ‘key’ in order to perform this type of authentication.
This highly simplified diagram explains the principle behind this mechanism.
Party A asks Party B ‘who are you’?
Party B: responds ‘I am XYZ’
Party A; says ‘prove it to me by answering my question’ (I know the secret key we share, you should be able to answer)
Of course the real cryptographic exchange is more elaborate than that, but this is in essence the principle of this method. Once A recognizes the response from B, the authentication is performed positively, and A nd B can proceed further. .
As you can see, this method relies on ‘shared secrets’ and this carries a lot of risks if the secrets are not well protected.
19
19 © 2010 Renesas Electronics America Inc. All rights reserved.
Asymmetric* key architecture
A: Who are you?
B: I am Bob
A: Prove it to me by showing me a valid ID ( which you received in the past and is
unforgeable ) and I will check it is genuine
PKI strength:Only legitimate owners of VALID IDs will be accepted. If one deviceis compromised, only that single
device is bad. ALL others are not affected.
Rely on a‘chain of Trust’among parties
(*) also called PKI : Public Key Infrastructure Technology
The second type of architecture is called ‘asymmetric key architecture’
This method is slightly different, a little bit more complex than the previous one, but has lots of advantages.
Party A asks: who are you?
Party B responds; I am XYZ
This time party A request a valid ID (a badge if you will than cannot be forged) and will check that the badge is genuine, and party B is indeed the legitimate owner of this ID
Again, the real cryptographic exchange is more complicated than this, but the goal of the exchange is this.
Here we do not have the risky ‘shared secret’ mechanism (think about thousands or millions of users or devices)…
If, after having spent enormous $ effort, a hacker manages to break 1 badge, he will have compromised only one device, not the entire system.
20
20 © 2010 Renesas Electronics America Inc. All rights reserved.
Cryptographic Algorithms for Security
� SHA-1 / SHA-256 (Atmel, Maxim)� Simple message digest� Not “true” encryption
– Mostly used for digital signature signing� SHA-1 not approved by US government
� Symmetrical Cryptography� Proprietary, DES, 3DES, AES
– 64 (i.e. crypto-memory), 128, 256 bit keys� Symmetrical keys used on both sides
– Keys must be handled with the highest security– Sharing of common keys can lead to compromise– Any key compromise affects every unit
� Asymmetrical Cryptography� RSA, ECC� 1024, 2048 bit keys� Uses public / private key pairs
– Private keys are all different– Compromise of a single key only affects a single unit
� Can be more complex to implement
SHA-1 / SHA-256 (Atmel, Maxim)
Simple message digest
Not “true” encryption
Mostly used for digital signature signing
SHA-1 retired from use by US government
Symmetrical Cryptography
Proprietary, DES, 3DES, AES
64 (i.e. crypto-memory), 128, 256bit keys
Symmetrical keys used on both sides
Keys must be handled with the highest security
Sharing of common keys can lead to compromise
Any key compromise affects every unit
Asymmetrical Cryptography
RSA, ECC
1024, 2048 bit keys
Uses public / private key pairs
Private keys are all different
Compromise of a single key only affects a single unit
Can be more complex to implement
21
21 © 2010 Renesas Electronics America Inc. All rights reserved.
Case Study (from a US partner)
� Background� Large, well known camera manufacturer
� Battery Cloning Issues
– Direct Revenue Loss
– Warranty Issues
– LiIon Battery Safety Issues
� Solution� Low cost SHA-1 based security device
� Result� Camera firmware hacked to obtain keys
� Low cost microcontroller used to imitate security device
� Cloned batteries available within 3 months
BackgroundLarge, well known camera manufacturer
Battery Cloning Issues
Direct Revenue Loss
Warranty Issues
LiIon Battery Safety Issues
SolutionLow cost SHA-1 based security device
ResultCamera firmware hacked to obtain keys
Low cost microcontroller used to imitate security device
Cloned batteries available within 3 months
The choice of a low cost security solution was clearly a failure in this case. .
22
22 © 2010 Renesas Electronics America Inc. All rights reserved.
Web authentication – 1 (users)
Public Key Certificate
(Authenticator)
Private Key + Certificate
(Remote service provider)
PKI authentication performed
before Ecommerce, or online
banking services are enabled
Proven with Billions of Users
Secure, Trusted Authentication Method
Conforms to IT, Internet and Enterprise
Authentication standards
Let us look at what is happening in the internet space. There are today more than 1 billion (human) users on the web performing commonly transaction, online banking, ecommerce, or sharing or providing sensitive data.
How is that possible when we all know that the Internet is not a ‘trusted’ network.
The secret is: P K I ( Public Key Infrastructure / Technology) which allows any PC users to perform very reliably such transaction on the web,. It is based on digital certificates.
23
23 © 2010 Renesas Electronics America Inc. All rights reserved.
Web authentication – 2 (users)
Public Key Certificate
(Authenticator)
In fact if you look at your own PC (example by going to (IE user) Internet option / content / Certificates) you will find that your computer is equipped with these certificates. These components are needed for you (as a user) to make sure that you are indeed interacting with your bank, your ecommerce site, or the DMV site to perform securely any transaction.
24
24 © 2010 Renesas Electronics America Inc. All rights reserved.
Levels of security
Software security
BAD
Memory chip security
Almost as BAD
Board ID
SECURE
Strong crypto
Tamper proof
PKI for Embedded Systems
Avnet VAS
Keys NOT protected CPU intensive (can be
OK for PKI comp. by the host)
(encryption alone is
NOT security)
Outdated key lengths
(like a ‘2 digits’PIN code)
We bring proven Web user authentication technology to Embedded Systems
Broadly speaking, there are 3 levels / categories of security technologies for embedded devices:
-Software only: can be copied, does not protect sensitive keys, and is computation intensive.. (can be only suitable for PKI authentication as host). One common mistake is about encryption: encryption alone IS NOT security (the key MUST be protected).
-Memory chip: outdated key length (most memory chips use key short key lengths broken decades ago; NIST does not recommend any such algorithms)
-Secure IC / Board ID chip: built wit the same security as what is mandated by banks, government ID, enterprise access control, and equipped with PKI technology.
In fact we, Renesas, the proven web user authentication technology (Billion users +) to the world of Embedded Systems.
In addition you will see, that our solution is very complete, and includes a critical VAS component provided by Avnet.
25
25 © 2010 Renesas Electronics America Inc. All rights reserved.
Board ID use examples
Board ID chips
I2C
There are 4 typical use cases for our technology:
(progressing clockwise from top left):
1- Single board use: a MCU authenticates the Board ID before providing any service, or activating a license)
2- A main unit authentication a peripheral or accessory unit before providing services. The process ensures that only legitimated, valid, certified peripheral units are accepted
3- A variation of the previous one: same operation performed in both ways (mutual authentication)
4- Authentication is performed by a central server across a network. We see more and more demand for this type of use cases.
26
26 © 2010 Renesas Electronics America Inc. All rights reserved.
Case 1: Anti-Cloning
� Business case
� Implementation example
� Renesas solution with Board ID
27
27 © 2010 Renesas Electronics America Inc. All rights reserved.
Board ID Example 2 – Anti-Clone System
Counterfeited routers
Main CPU
I2C
Security storage
Plug-in router card modules
Board ID Chips
Router main board
28
28 © 2010 Renesas Electronics America Inc. All rights reserved.
Case 2: Anti-cloning, Usage control
� Business case
� Implementation example
� Renesas solution with Board ID
29
29 © 2010 Renesas Electronics America Inc. All rights reserved.
Board ID Example – Usage Control
Medical Device unit and probe(s)
Doctor prescribes Treatment (usage of probes)
Medical probe(s)
���� Security IC in the probe enforces the usage prescribed (no overuse / misuse possible)
Unalterable Usage Control info processed by the Security chip
Main CPU
Board ID chip
Main Unit
I2C
Peripheral unit (disposable)
Board ID chip
30
30 © 2010 Renesas Electronics America Inc. All rights reserved.
Case 3: Secure Tracking, IP protection
� Business case
� Implementation example
� Renesas solution with Board ID
31
31 © 2010 Renesas Electronics America Inc. All rights reserved.
Board ID Example – Protect Licensing Model
Medical system vendor
Approved Partner Co
$
Main CPU
Board ID chip
Main Unit
I2C
accessory unit
Accessory MCU
32
32 © 2010 Renesas Electronics America Inc. All rights reserved.
Medical Device business risks:� Liability (HIPAA)
� Service Level Agreement (HIPAA)
� Revenue loss (HIPAA)
� Unfair competition
� Increased costs of operations
� License and brand protection
� Credibility with partners and customers
� Security breaches (HIPAA)
� Device effectiveness (HIPAA)
Medical Applications requiring strong data protection, authentication, security (HIPAA):
Networking, Web connected devices and systems,Probes/devices used by patient, Remote monitoring, Etc
HIPAA: Health Insurance Portability and Accountability Act
HIPAA HITECH: HIPAA Health Information Technology for Economic and Clinical Health Act
Board ID Solution for Medical Application
33
33 © 2010 Renesas Electronics America Inc. All rights reserved.
Benefits of security IC bring in a networked environment
Security features With Security IC No Security IC
Secure storage* of key (i.e. tamper proof device)
Y N
Strong authentication*
Public key (RSA, ECC)
Symmetric key (TDES,..)
Authentication Process as per Industry Standards
Y
Y (possible)
Y (possible)
Y
N
N
N
N
FIPS certification*
(US govt security certification)
Y (possible) N
Secure key/X509 cert provisioning* Y N
Secure remote download/upgrade* Y Proprietary solution
Secure connectivity to networks* (with X 509 certificate)
Y Proprietary solution
Strong hardware enforcement option Y N
(*) security features recommended in the NIST Cyber-security guidelines for Smart Grid devices published in 2010
34
34 © 2010 Renesas Electronics America Inc. All rights reserved.
Details on Renesas solution
� Secure IC
� Firmware and Security application
� Demo kit and reference software
� Key management and provisioning services
� Technical assistance and support
Secure IC
Firmware and Security application
Demo kit and reference software
Key management and provisioning services
Technical assistance and support
35
35 © 2010 Renesas Electronics America Inc. All rights reserved.
Conventional MCU or memory chip vs. Board ID
Board IDConventional MCU or memory chip
Attacker can read
data by monitoring
current consumption
Current consumption is
scrambled by internal
noise generator
data cannot be extracted
by current monitoring
Attacker can capture
data by probing
metal patterns
Chip is protected with:
“active” metal shield to
prevent data capture
randomized layout
These are only few examples: many more advanced security features are implemented in the Board ID chip
Chip spec
On chip detectorsworks
Voltage
Frequency
Boundary of normal operation
Chip specVoltage
Frequency
Boundary of normal operation
On chip detectors
force to stop
operation under
abnormal conditions
Attacker can read
data under
abnormal
operating
conditions
Comparison between conventional IC technology and Security IC technology.
Simply not comparable: Board ID is built with Security IC technology.
Provides an incomparable level of security. For example:
- Data cannot be extracted by current monitoring,
- Active shield, randomized layout prevent successful probing/spying
- If the chip is taken out of its normal operating environment ( temperature, voltage, frequency) it will not respond (assumes it is attacked).
Conventional chips would leak out data easily under such conditions or attempts (not designed to protect data in this manner)
36
36 © 2010 Renesas Electronics America Inc. All rights reserved.
BoardID Secure Products Positioning
Low$
High$
Med$
Value of IP to be protected
SecurityLow Medium High
EEPROM&
LF RFID
CryptoMemory
&CryptoRF
Lab Certified
LabCertified
TPM
BoardID
N series Secure MCUs
FIPS140-2
level3
37
37 © 2010 Renesas Electronics America Inc. All rights reserved.
Board ID 2.0 Specs summary
Hardware Specification
Operating Voltage 1.8V - 3.3V
Communication interface I2C (100kHz) ( Internal oscillator )
Operating Temperature - 20°C to +75°CWTR option (please consult with us)
Package QFN20 (4.2mm x 4.2mm)
SecurityPhysical protectionSecure manufacturing centerSecure programming process
Software Specification
Authentication AlgorithmPKI (RSA 1024 / 2048 bits) mutual authentication possible
Anti-Cloning PKI (Certificate and signature verification)
Usage ControlLimit counter (1 to 4, 294, 967, 295 times)
Secure Tracking 4 bytes (32bits) of condition value
IP Protection 4 bytes (32bits) of condition value
Secure Storage64 bytes X 8 pages (512bytes total) with advanced protection features
Here is diagram explaining the firmware and the security applications implemented in the Board ID device
Here is a summary outlining the key specification items of the product.
You will find more details in our web site: america.renesas.com/boardid
We will provide you the chip with a suite of firmware and application components to make your design easy and robust.
38
38 © 2010 Renesas Electronics America Inc. All rights reserved.
Response
What are the benefits of Board ID solution
compared with Software security?
Software: CPU intensive, key NOT protected, (it may be OK to compute PKI on the host side)
Board ID:
Complete authentication,
External to MCU with key totally protected,
Strong PKI crypto
Q and A
39
39 © 2010 Renesas Electronics America Inc. All rights reserved.
Response
What are the differences of a Crypto
memory Solution compared with a
Board ID solution for a customer?
Crypto memory: inexpensive, NOT protected, weak (out dated) key length
Board ID:
Complete authentication with strong PKI crypto
Physical protection
Smart card / Secure IC technology
Q and A
40
40 © 2010 Renesas Electronics America Inc. All rights reserved.
Characteristics of a Secure Solution
� Must be based on strong cryptography
� Must provide for secure key storage
� Must provide a defense against physical attacks
� Physical attack on bare die
� Voltage
� Frequency
� Temperature
� Must include a secure supply chain
� Key generation / provisioning
� Device Programming
Must be based on strong cryptography
Must provide for secure key storage
Must provide a defense against physical attacks
Physical attack on bare die
Voltage
Frequency
Temperature
Must include a secure supply chain
Key generation / provisioning
Device Programming
We offer a total solution with our partner Avnet
41
41 © 2010 Renesas Electronics America Inc. All rights reserved.
Standard based PKI security technology cost effective and accessible now to vendors of all sizes (small and large) operating globally.
A complete one-stop-shop solution
Please attend ID 910Cpresented by Avnet
Please visit also our booths
Avnet VAS; Value Added Services.
This figure presents the overall flow of product and sensitive data needed to produce a complete solution that the end customer can assemble and use in their products.
It starts with the customer and its authorized CMs.
The customer must provide product ID, and customer data which specific to the use of the security device in their environment.
Renesas manufactures the chip in their secure manufacturing center. The security firmware is included in the chip and the product is locked when it leaves Renesas premises.
Then Avnet provides the critical PKI VAS needed to deploy this technology by generating, on the customer’s behalf, the digital certificates and keys unique to each chip and fully compliant with industry standards.
Certificates are then programmed on each chip per customer requirements. It should be noted that only Avnet as an approved VAS provider can unlock the chip and perform this programming. Avnet then provides the secure logistics services and keeps detailed audit records for all operations that have been performed to provide this service
Avnet is a one-stop-shop for Board ID product and Services. By working with Avnet in this manner, Renesas makes PKI technology accessible to a large community of vendors in the global market place.
42
42 © 2010 Renesas Electronics America Inc. All rights reserved.
Response
What services are provided by Avnet to
Board ID customers?
1- Logistics support as a Franchised distributor of the
product and the Board ID demo kit
2- PKI programming services including key/cert generation
3- Technical assistance to:
a- define the programming scheme,
b- to help authentication code porting (MCU code)
Q and A
43
43 © 2010 Renesas Electronics America Inc. All rights reserved.
Board ID demo kit
Board ID Device
1. Demo for each authentication use cases: anti-cloning, usage control,
secure tracking and IP protection
2. Authentication done between authenticator (SH7285) and Board ID device
3. Authenticator software (Board ID Security Stack - BSS) provided for easier porting by customers into their target MCU/MPU.
4. Low cost, $149 available from Avnet
Authenticator (SH7285 MCU)
More Details in ID 930L presented by Shotaro Saito YBIDKITSV2
RTA has developed new Board ID demonstration system combining popular Renesas MCU.
Capable to show authentication demo for each use cases (Anti-Cloning, Usage Control, Secure Tracking and IP Protection )
Authentication is done between authenticator (SH7285 MCU) and Board ID device (R5H30211 with firmware version 1.0)
Authenticator software is provided as Board ID Security Stack (BSS) for easier porting by customers into their target MCU/MPU.
Low cost, MSRP: $149, Prototype available now.
44
44 © 2010 Renesas Electronics America Inc. All rights reserved.
RDK RX62N with Board ID module
LEDs for Spinning Motor Simulation
Micro SD Card Slot
Stereo Audio Out
(ADI) Silicon Microphone
User Pot
Ethernet PHY with
IEEE1588
National Semi
10/100
Ethernet
USB Device
USB Host
USB OTG
Debug USB
Graphics Mono LCD
3 User Switches
Application Headers
On-board
Segger JLink Lite
External Power
3 Axis Accelerometer
Analog Devices Inc (ADI)
128M Serial Flash
Board ID Connector
I2C Temp Sensor
The Rx RDK includes a Board ID Module
We are also introducing at this DevCon event our latest and greatest MCU family called the Rx family.
This RX62N RDK will be equipped with a Board ID device (in a daughter board that can be plugged in easily on the RDK).
Please meet with our Rx team as well as our Ecosystem team to learn more about this new RDK.
45
45 © 2010 Renesas Electronics America Inc. All rights reserved.
Board ID section of RTA site
http://america.renesas.com/boardid/
We have now a site entirely updated:
america.renesas.com/boardid/
46
46 © 2010 Renesas Electronics America Inc. All rights reserved.
Link to Avnet site
We have also link to Avnet site presenting the services provided by Avnet for the Board ID product.
47
47 © 2010 Renesas Electronics America Inc. All rights reserved.
Question
Are there issues with Export Control?
The Board ID product is designed to meet applicable Export
Control rules and regulations.
The product can be exported to foreign countries in accordance
with applicable US laws.
The customer must ensure compliance to these laws.
Q and A
48
48 © 2010 Renesas Electronics America Inc. All rights reserved.
Summary: Strengths of the Board ID solution
1- Strong authentication (RSA 2048 Bit) with tamper-proof chip
2- Easy integration of Board ID in customer design (fast time to market)
3- Avnet support services:
- logistics and key/cert programming services (root cert
provided by customer to keep control of the chain of trust)
- unique data serialized and programmed in each chip
- strong support for all phases of development: sample
evaluation, pre-production test/validation and MP ramp up.
4- REA experience in the Security IC market
And why a customer selected Board ID recently…
1- Strong authentication (RSA 2048 Bit) with tamper-proof chip
2- Easy integration of Board ID in customer design (fast TTM)
3- Avnet support services:
- logistics and key/cert programming services (root cert
provided by customer to keep control of the chain of trust)
- unique data serialized and programmed in each chip
- strong support for all phases of development: sample
evaluation, pre-production test/validation and MP ramp up.
4- REA experience in the Security IC market
49
49 © 2010 Renesas Electronics America Inc. All rights reserved.
Questions?
50
50 © 2010 Renesas Electronics America Inc. All rights reserved.
Innovation
Server
Router
Extended boards
PKI Mutual
authentication
51
© 2010 Renesas Electronics America Inc. All rights reserved.51
Thank You!
Please visit both the Renesas and Avnet booths in the exhibit hall.
Thank you.
Please visit our booth as well as Avnet booth in the exhibit area.
52
Renesas Electronics America Inc.