integrated sims the next after embedded sim - docbox.etsi.org · shared vision for a secure future,...
TRANSCRIPT
1
ETSI Security WeekDynamic Nature of Tech
Integrated SIMs – The next after Embedded SIM
Dr. Stephan Spitz 20th of June 2019
3
Characteristics of a classical UICC OS
▪ Smaller functional evolution steps; JavaCard was the biggest 20 years ago
▪ Third party code execution only via a Java VM abstraction layer
▪ Designed around a low-bandwidth ISO7816 I/O-Interface; USB never made it into mobiles
▪ Single-thread OS without multitasking located on a separate piece of silicon
▪ Sophisticated security measurements against side channel attacks, fault injection attacks and
tampering in conjunction with a well-established certification process e.g. Common Criteria.
▪ A classical smart card chip has to ensure integrity of transactions and frequent access to NVM (Non
Volatile Memory)
▪ The whole smart card is processed in secure manufacturing lines, starting already with security
measurements during silicon manufacturing up to individualization and personalisation processes in
highly secure environments
4
What‘s Next
5
What security requires a 5G device ?
6
What security requires a 5G device ?
▪ The highly interconnected world of a fragmented device landscape requires flexible and adaptive security solutions
▪ 5G with the concept of network slicing supports three main categories of devices
▪ High end mobile devices in the Enhanced Mobile Broadband slice
▪ Low end, long range IoT devices in the Massive IoT slice
▪ Connected cars, manufacturing plants (IIoT), etc. in the Critical Communications slices
▪ An integrated and flexible security solution, which is tightly interfacing with the System-on-Chip (SoC).
▪ Multiple applications and services require concurrent security support and asynchronous process execution in the Secure
OS
▪ A wholistic security concept already taken into consideration during the device development phase
▪ A Root-of-Trust (RoT) has to be anchored in a Secure Boot for the whole device
▪ Most of the devices are not manufactured and personalized in highly secure environments
▪ A security concept is required, which allows a secure seeding of a RoT with generic purpose silicon and device
manufacturing
7
Seeding of a Root-of-Trust
8
Security Functions anchored in the RoT
▪ Verification of the SoC/device identity and integrity also for remote verification
▪ Integrity protection of code and data during loading and runtime, especially protection of
the Secure OS
▪ Secure remote download of user data (personalization) and mobile network profiles
▪ Secure disabling of the chip or device e.g. over production control and grey market
prevention
▪ Establishment of end-2-end secure communication channels for any kind of life-cycle
operation e.g. configuration or firmware update
▪ Authentication and authorization of user access, configuration changes, new code or
any other administrative actions
▪ Delegation of rights and permission to authorized third parties
9
A wholistic approach to securityDEVELOP
MANUFACTURE
MANAGE
Certificate Hierarchy
Development
Test
Mastering
OEM Management
System
UserManagement
System
Cloud Provider Devices
Factory Management
SystemDesktop Factory
Trust Anchors
We are working on:
Security from Inception
Security SW development flow
Deploy ManageManufacture
Develop
Security
Context
Build SBM,
Provision
device
TestDevelop
application
Create your Security Context, Build the
Secure Boot Manager and Provision the
device
0010111101001111010
1001000101111010011
1111010110101010001
1110101011010101101
1011010101001010010
0100101101010010100
1000111010001001011
0010111101000001111
0010110100101010101
100101001110111100
0101101001011
00101110110101
00100010101001
01110010111101
11110100111100
10101010011010
11000010111100
Develop and Test the application
using development keysBuild using production keys,
then Deploy to Manufacturing
0010111101
0011110101
0010001011
1101001111
0101001011
0010111101
0011110101
0010111100
0010111101
0011110101
0010001011
1101001111
0101001011
0010111101
0011110101
0010111100
0101001011
0010111101
0011110101
0010111100
Mastered
Application
SBM
• Device key pairs (used for
authentication), SW signing keys (used
for SW updates, etc.)
• Create device certificate templates and
certificate chains
• Configure SBM options and security
policies
• Build the SBM code image and
provision (program) the device
• Develop using the standard IDE workflow
• Development keys and certs are used
• The application is automatically mastered
and encrypted
• The secure app image is processed by the
SBM
• Production export (Production keys &
Certs are used)
• OEM Security Context (keys, certs,
templates), OEM Secure Content (SBM,
application), Programming Context
(scripts, access rights) securely wrapped
and transferred to HSM
Shared vision for a secure future, based on three
fundamental beliefs:
1. Security must be integrated from inception- Adding security late in the development process rarely works.
2. IoT security needs to be straightforward, scalable and
sustainable- Building security into the design process is the best way to achieve
long-term robust and scalable security.
3. By making security implementation easier, we will help our
customers secure their intellectual assets, accelerate
trustworthy product delivery and transform security from a
cost to a benefit.
By delivering on this vision, we will:
• Make superior security available for all by leveraging our
respective heritages and technological leadership
• Build a secure and sustainable future for connected
devices, because threats won’t stop
• Beyond protecting IP, make security the bedrock of value
across the enterprise
• Transform an entire industry
• …
The raising of the next generation of SoC integrated security solutions has an impact on
the whole SmartCard and UICC industry.
Paradigm shifts with the Secure OS, the silicon architecture and related processes offer
opportunities for new businesses, but also replace existing technologies and processes.
New ways of developing security software and security functions are required, the
personalization processes is no longer bound to the secure premises of a smart card
manufacturer
A robust Root-of-Trust becomes essential for the secure life-cycle management of the
device.
Summary