Using a cryptographic IC for key management and logistical support

These security needs start with verifying the internal integrity of individual products, but they do not end there. Most products today interact on a scale that is larger than their own attached components. They communicate with peripherals, other embedded systems, and outside data sources. With interconnection of systems come the security needs of verification of attached peripherals, authentication of remote sources, and protection or verification of data communications. The first solution will explore how an onboard cryptographic IC in each embedded system can provide solutions for individual and multi-system security needs. The second areas that will be addressed are the logistical needs for overall management of product lines and manufacturing processes. Logistical support problems that are addressed by this document fall into two general areas: production or manufacturing support, and product licensing support. The solution outlined will give manufacturers the ability to control how and where their products are used, which geographic areas they are supplied to, and/or who is licensed or authorised to use them. Companies that use multiple subcontractors in their manufacturing environment can achieve control of the access to secrets, the numbers of products being produced, and restrict the markets which their products are used in. This document will explore how the same cryptographic IC recommended by the first solution for security in each embedded system can enable the product owner to maintain control over production, licensing, and use of their products. Managing security for embedded devices Security of embedded devices in the simplest description comes down to using complex math equations (algorithms) to prove who the participants of the digital conversation are (authentication), provide confidentiality of the communication between the participants (encryption), and ensure that communication has not be intercepted in transit and changed (integrity). To ensure that algorithms are strong enough to protect from the most advanced attacker, strong algorithm equations have been created and standardised by government and technical organisations. These standard algorithms then are used in many places and are the same for each system that uses them. In order to enable two or more systems to be unique and to allow communication only between their trusted end systems, the algorithms are designed with a unique changeable piece. The cryptographic term used to describe the changeable portion of an algorithm is a "key". Figure 1 – Simple method of challenge and response authentication Cryptographic keys, much like the keys to your car or house, have to be protected and kept safely away from anyone you do not want to have access to your property. In the case of your house, you are protecting furniture and personal items you call your own property. In the case of a digital system, the key would protect your sensitive personal files. These would be the small pieces of data that would define who you are. Compromising these items may allow someone to steal your personal identity. Management of the keys in digital systems is a very important aspect of today's technological age. Many product lines have been hacked simply by someone discovering the key that is used in every system of the product line. In many cases, the theft of large amounts of information and large redevelopment costs could have been avoided had the system architects implemented robust key management and cryptographic protection in their product designs. Successful key management requires a secure method of storing, exchanging, and renewing keys. In addition, systems need to be able to cryptographically verify that the keys have the same value as expected, without exposing the value of the key itself. When communicating from a system to a peripheral or between multiple systems, the same cryptographic operations performed in each system or peripheral need to produce the same result. To implement stronger levels of security, the systems should also have a method to change key values often and/or have a method to derive keys from secrets that are never accessible. The key management model should encompass the entire product line, incorporating methods of managing multiple product models. Strength of cryptographic IC storage Why use a cryptographic IC in the first place? Is it not possible to do the same cryptographic operations in software? The problem with software implementations is that they are written in software, and the software program has to be saved in the system. This exposes the keys and secrets in some form in unsecured memory. Protection from this vulnerability is the central strength of the cryptographic IC. Secured memory locations are accessible only after the configured access prerequisites are met, while some other memory locations are never accessible. The memory locations are encrypted and protected by layers of physical security all underneath an active metal shielding. Hardware cryptographic ICs provide all the features needed for a high security key management implementation within a system, as well as between multiple systems or systems to peripherals. Unlike software only security implementations, the secrets inside cryptographic IC used for key management are not accessible to the system processes. Thus the secrets are as secure as possible. Types of storage The cryptographic memory storage enables a variety of use cases as well as varying levels of protection. A read only memory resource makes it possible to store manufacturer or model information. The owner of this data may not care if it is read, but would not want it to be altered. A read/write memory resource is only valuable in a cryptographic or secrets management scheme if there are restrictions to who has access to write the memory resource. It is valuable for the cryptographic IC to provide previously setup security controls for these types of memories, limiting who has access and how they can use the memory resource. The most valuable type of memory resource in a cryptographic IC is the memory resource configured as non-readable and non-writeable. These memory contents are only known to restricted persons and/or systems, and are used to authenticate the IC as well as to verify the contents of other types of memories. Secret memory configuration As mentioned earlier, keys to cryptographic algorithms are very sensitive. Keeping them away from unauthorised access is the centre of any key management strategy. To meet this requirement in the most robust fashion, these keys should always be stored in non-readable/non-writeable memory and never stored in unprotected memory. The cryptographic IC is designed specifically to protect these types of high value secrets. System security needs vary and an adept cryptographic IC should provide the capability to have multiple uses in a single IC. Flexible IC configuration options offer developers the ability to implement the following memory configurations: 1. Limited use or single use secrets 2. Link secrets together in parent/child relationships 3. Authenticate one secret prior to read/write or encrypted read/write of another secret 4. Combine multiple secrets into a rolling authentication 5. Password storage and verification 6. Provide incremental counters 7. One time programmable memory blocks 8. Individual programmable OTP bits for consumption logging In some configurations it is valuable to have cryptographic keys that are never written down or saved in any way. Imagine instead that each key is recreated every time it is needed for use. This configuration could utilise non-readable memory in the cryptographic IC. It would create the keys for each use by starting with a random input and using the cryptographic IC to combine the random input with the secret in unreadable memory. The cryptographic IC output would in turn be used as the temporary session key. This would be valuable when many nodes need to utilise the same key and need to change keys often. If each node or system contained the same cryptographic IC they could seamlessly change keys on a network while exchanging only encrypted values that look random to any viewer. Temporary session keys should only be valid for a short amount of time. Figure 2 – More complex authentication example for a mobile phone battery Key management strategies using a cryptographic IC Cryptographic ICs provide a secure method to store secrets; the data stored in the secure memory depends on the implementation and may vary according to the system needs. Choosing an IC that provides versatile configuration options is important for strong overall product key management. A versatile key management IC will have the ability to store multiple secrets, configure some as internal secrets, store some as read only, and store some with restricted read/write access. Integrating product line management Cryptographic ICs contain and protect the product's secrets of the owner. These secrets need to be programmed into the cryptographic IC for use in the end product systems. Programming the IC with custom secrets effectively matches the products functionality and/or IP directly to the physical cryptographic IC. Each system is required to have a physical cryptographic IC in order to operate. Thus subcontract manufacturers can only produce the number of products for which they have been provided physical ICs. Using such a process, product owners have the capability to control who is approved to make their products, and how many they can make. They can allocate allowed product model types, allowed feature sets, and/or limit usage intervals. An example of a possible logistics support model could be implemented using four sections or zones of memory in the cryptographic IC. The first section/zone would contain a secret programmed by the product owner and not accessible to any licensee or subcontract manufacturers. The second section/zone would contain a secret programmed uniquely for each licensee or sub-contract manufacturer and would be kept confidential between that manufacturer and product owner. The third section/zone would contain readable manufacturer identification information, and the forth section/zone would contain model information about the product itself. To authenticate a valid product, product owner, licensee, and/or sub-contract manufacturer, cryptographic operations can be performed on each secret separately or cumulatively. Data items for supported models, geographic areas allowed for operation, supply organisation tracking, allowed usage dates, or time in supply system could all be added into the products cryptographic IC memory locations. Systems can verify that each data component has not been tampered with and that it matches the product owner's desired use cases. If any of the information does not match the desired product usage requirements, systems can assume that they are counterfeit or have been tampered with and restrict their usage. Advanced models can update systems in the field to blacklist serial numbers of items that have been compromised or produced by subcontractors that are no longer in good standing with the product owner. Cryptographic ICs can be used to place user restrictions on the product, peripheral, or subcomponent. They can be used to restrict use of a component to only a single user or system. They can be configured to match local settings on first use to prevent multiple systems using the same component. Products that are network connected can implement component registration, collect data, track usage, and/or user trends. Product owners and OEMs can now achieve ultimate control over the usage of their products in the field. Product control and licensing Cryptographic ICs provide the ability to authenticate and verify beyond a shadow of a doubt that the item or information received is what it is expected to be. This capability provides an exceptional product management tool. When each product is developed around the cryptographic IC, companies and organisations then have a scalable management tool to manage all products in the field as if they were a single system. Whether the need is to have the products communicating and acting like a large system or to simply keep track of them as they pass through supply chains, the cryptographic IC can become the product manager's best friend. The business model to license designs or peripheral interfaces for use by other manufacturers and designers has become commonplace in today's global market environment. Companies rarely manufacturer every piece of the systems they market. Often times, system designers or standards organisations do not manufacture any concrete products whatsoever. Instead, they license designs, intellectual property (IP), and/or knowledge of protocols for communicating to other manufacturers so that other companies can profit from expanding markets which they themselves could not satisfy. The challenges in licensing and manufacturing products include how to verify that both trusted and untrusted parties are utilising IP and restricted interfaces in accordance with the product owners licensing requirements. Enforcing the use of a cryptographic IC in each product gives the product owner a method of managing how many products are manufactured, where each product is supplied, timeframes for product supply and usage, and price or market controls. As a result, product owners can control manufacturing flow and track the efficiency of product licensee or manufacturing subcontractors. Cryptographic IC manufacturers like Atmel have designed their ICs with customers' logistical needs in mind. They offer methods of secure programming such that the product owner's secrets are inserted in an encrypted format. This ensures that the OEM secrets are only known to the OEMs themselves.