Future proof your products with secure provisioning

Agenda

Problem StatementRequirements for a Secure

Framework• Root of Trust• Mastering

Secure ProvisioningSummary

Problem Statement

Evolving Threats & Legislation• No system will ever be completely protected• Security threats are constantly changing• Legislation is beginning to make an impact• Codes of Practice require system updates

after products are deployed into the field

What is needed?• A secure system framework to enable theupdating of software on a connecteddevice/product.

• Secure updating of a product requires:– A Root of Trust– Software update policy (anti-rollback)– Methodology to encrypt/decrypt and sign software updates– Communication channel

o Deliver encrypted software (e.g. OTA¹)

¹OTA – Over-the-Air

Requirements for a Secure Update framework

Root of Trust detail The Security of an IoT device starts by having a secure “Root of Trust”

(RoT) The RoT typically consists of four key items:

• Unique identity• Unique product asymmetric key pair • Immutable boot path• Authentication path - PKI Certificate

The RoT is realized in a Secure Boot Manager The RoT must be securely provisioned into the product

Root of Trust creation• Embedded Trust includes a simple Wizard to configure a Secure Boot

Manager.• The Secure Boot Manager utilises the target devices’ security technology

to implement a Root of Trust

Create

What did I create?A new memory map

& Secure Boot Manager

IdentityPrivate

IdentityPublic

ECC-256 CryptographicKey pairs

Identity keys

An update policy

GroupPrivate

GroupPublic

Software update validation keys

What did I create?

Certificate chain of trust PKI certificate chain

In Summary….• In 4 steps, the wizard created:

– A Secure Boot Managero Designed to take full advantage of target device technology

o Immutable booto Secure memory (e.g. TrustZone)o Debug and JTAG access disable

– Unique identity– PKI chain of trust– Asymmetric cryptographic key pairs– A software update policy

– So what’s missing?

Encrypting my software• Encrypting your software image ready for sending to your remote device is

a process called Mastering.

– Mastering (for development) is the process of creating a secure package of encrypted data (software and keys) that includes the current version of the application software

– Mastering (for production) is the process of:o Exchanging all keys and certificates used during the development process with

production environment security keys and certificates (part of the “zero trust” philosophy)

o Creating a secure package of encrypted data (software and keys) that includes the release version of the application software

Mastering the User Application

Generate Encrypted User Application

Cloud Service

Secure Provisioning

Root of Trust programmingSecure Desktop Provisioner ensures that the Root of Trust is securely programmed (provisioned) into the target device.

Export Direct to Production

Sign & authorisemanufacturing

Provisioning details

Secure ProductionPackage

Security Appliance

• Security Appliance– Unwraps production package– Generates identity keys– Creates device certificate & signs– Only releases key quantity specified in production count

Secret Data

Target device

Secure Provisioning

Summary• We make security simple• We future proof your product by enabling

secure updates• We provide tools to securely program the

Root of Trust