Presentation is loading. Please wait.

Presentation is loading. Please wait.

ID 911C: Case studies for Embedded Security

Similar presentations


Presentation on theme: "ID 911C: Case studies for Embedded Security"— Presentation transcript:

1 ID 911C: Case studies for Embedded Security
Hello everyone. This session is 911C – This session focuses on Machine-to-Machine authentication, an emerging Security IC market offering exciting new opportunities for the embedded system vendors. D. Pochet Manager, Marketing Security Products Rev 1.0 14 October 2010 © 2010 Renesas Electronics America Inc. All rights reserved.

2 Mr. Denis Pochet Sr Product Marketing Manager, Secure MCU
Responsible for Marketing, Business Development and Product Management within REA – Consumer & Industrial group. PREVIOUS EXPERIENCE: Eleven years in Smart card industry (dual interface (Contact/Cless) for ID & Banking) and Digital Security (Embedded Systems (PCI-PED POS, FIPS140-2 Authentication device,..)). Expertise in Security solutions: security IC, software applications, PKI technology and provisioning solutions Master degree in computer sciences from “Ecole des Mines de St Etienne” University (France) I © 2010 Renesas Electronics America Inc. All rights reserved.

3 Renesas Technology and Solution Portfolio
Microcontrollers & Microprocessors #1 Market share worldwide * Solutions for Innovation Analog and Power Devices #1 Market share in low-voltage MOSFET** ASIC, ASSP & Memory Advanced and proven technologies In the session 110C, Renesas Next Generation Microcontroller and Microprocessor Technology Roadmap, Ritesh Tyagi introduces this high level image of where the Renesas Products fit. The big picture. * MCU: 31% revenue basis from Gartner "Semiconductor Applications Worldwide Annual Market Share: Database" 25 March 2010 ** Power MOSFET: 17.1% on unit basis from Marketing Eye 2009 (17.1% on unit basis). © 2010 Renesas Electronics America Inc. All rights reserved.

4 Renesas Technology and Solution Portfolio
Microcontrollers & Microprocessors #1 Market share worldwide * Solutions for Innovation ASIC, ASSP & Memory Advanced and proven technologies Analog and Power Devices #1 Market share in low-voltage MOSFET** This is where our session, ID 911C: Case studies for Embedded Security , is focused within the ‘Big picture of Renesas Products’ * MCU: 31% revenue basis from Gartner "Semiconductor Applications Worldwide Annual Market Share: Database" 25 March 2010 ** Power MOSFET: 17.1% on unit basis from Marketing Eye 2009 (17.1% on unit basis). 4 © 2010 Renesas Electronics America Inc. All rights reserved.

5 Microcontroller and Microprocessor Line-up
Up to 1200 DMIPS, 45, 65 & 90nm process Video and audio processing on Linux Server, Industrial & Automotive Superscalar, MMU, Multimedia Up to 500 DMIPS, 150 & 90nm process 600uA/MHz, 1.5 uA standby Medical, Automotive & Industrial High Performance CPU, Low Power Up to 165 DMIPS, 90nm process 500uA/MHz, 2.5 uA standby Ethernet, CAN, USB, Motor Control, TFT Display High Performance CPU, FPU, DSC Legacy Cores Next-generation migration to RX H8S H8SX M16C R32C Here are the MCU and MPU Product Lines, I am not going to cover any specific information on these families, but rather I want to show you where this session is focused General Purpose Ultra Low Power Embedded Security Up to 10 DMIPS, 130nm process 350 uA/MHz, 1uA standby Capacitive touch Up to 25 DMIPS, 150nm process 190 uA/MHz, 0.3uA standby Application-specific integration Up to 25 DMIPS, 180, 90nm process 1mA/MHz, 100uA standby Crypto engine, Hardware security 5 © 2010 Renesas Electronics America Inc. All rights reserved.

6 Microcontroller and Microprocessor Line-up
Up to 1200 DMIPS, 45, 65 & 90nm process Video and audio processing on Linux Server, Industrial & Automotive Superscalar, MMU, Multimedia Embedded Security Up to 500 DMIPS, 150 & 90nm process 600uA/MHz, 1.5 uA standby Medical, Automotive & Industrial High Performance CPU, Low Power Up to 165 DMIPS, 90nm process 500uA/MHz, 2.5 uA standby Ethernet, CAN, USB, Motor Control, TFT Display High Performance CPU, FPU, DSC Legacy Cores Next-generation migration to RX H8S H8SX M16C R32C These are the products where this presentation applies General Purpose Ultra Low Power Embedded Security Up to 10 DMIPS, 130nm process 350 uA/MHz, 1uA standby Capacitive touch Up to 25 DMIPS, 150nm process 190 uA/MHz, 0.3uA standby Application-specific integration Up to 25 DMIPS, 180, 90nm process 1mA/MHz, 100uA standby Crypto engine, Hardware security 6 © 2010 Renesas Electronics America Inc. All rights reserved.

7 Innovation Anti-cloning protection Server Extended boards Router
PKI Strong Mutual authentication © 2010 Renesas Electronics America Inc. All rights reserved.

8 Renesas Board ID Solution
Renesas Board ID solution is ideally suited for applications needing strong authentication and for web connected devices. Renesas, in partnership with Avnet, provides a unique and complete solution to Embedded Systems vendors of any size to deploy cost effectively this powerful PKI authentication technology. Renesas Board ID solution is ideally suited for applications needing strong authentication and for web connected devices. Renesas, in partnership with Avnet, provides a unique and complete solution to Embedded Systems vendors of any size to deploy cost effectively this powerful PKI authentication technology. © 2010 Renesas Electronics America Inc. All rights reserved.

9 Renesas in the Security IC market Authentication basics
Agenda Renesas in the Security IC market Authentication basics Board ID security Board ID use case examples Board ID solution support Q&A Here is today’s agenda. Introduction: Renesas in the Security IC market Authentication basics Board ID security Board ID use case examples Board ID solution support Q&A © 2010 Renesas Electronics America Inc. All rights reserved.

10 Key Takeaways By the end of this session you will be able to:
Understand Renesas position in the security IC market Know the basic about authentication Sell the benefits of a strong security technology to your customers and to your company management Understand how to implement a strong authentication with Renesas solution You will discover that we are, on top of being the world leading MCU vendor, a world leading SECURE MCU vendor. Then you will learn the basics about authentication About the Board ID solution And how to build a strong authentication solution with our technology © 2010 Renesas Electronics America Inc. All rights reserved.

11 < Closed system >
Security application examples: everywhere! Authentication < Closed system > Authentication Through Network < Open system > Router Switch USB Key Server ETC Storage Battery EFTPOS PC Innovation highlight Renesas is the first supplier providing a total PKI solution for embedded systems. Our solution includes Security IC, firmware and the provisioning of the keys/certs It is a standards based solution (X509), supported by Avnet, a global partner. Available, cost effective and deployable NOW.  Ideally suited for applications requiring strong authentication and/or web connectivity: very large growth projected for the next decade.  Companies of any size (small or large) can deploy this technology and participate in this high growth market requiring strong security.  Companies wanting to protect their IP and reduce drastically business risks Medical NFC payment Ink Cartridge STB/DVR Bank card Enterprise SIM Consumer Electronics SIM card © 2010 Renesas Electronics America Inc. All rights reserved.

12 Renesas in the Secure MCU market
General Promotion Selected OEM support only M to M Authentication Embedded interface (I2C) Small package N Series RS4 Series RS4X Series* NFC Series* AE5 Series * Under development AE4 Series AE41R For traditional contact smart card application such SIM card and banking card, we offer wide range of products from both 16bit AE4 series and 32 bit AE5 series depending on market requirements. For growing contactless market, we have contactless chips and dualway chips which has both contact and contactless interface on single chip. These Contactless chips can operate by only power provided through antenna of card readers. We are also developing a new RS series secure core which consumes lower power that is important for future contactless requirements. We are also developing the product for coming Near Filed Communication application. The product to be available in early next year will be one chip NFC which includes both RF and secure element function in one chip. For embedded machine to machine authentication application, based on smart card chip technology, we have N series products which have standard embedded host MCU or MPU interface such i2C or SPI. The Board ID solution presented here has a I2C serial interface. Contact Smart Card Contactless Smart Card NFC Embedded Banking, ID card Banking card Mobile Phone © 2010 Renesas Electronics America Inc. All rights reserved.

13 Renesas in the Secure IC market
3 B milestone ETC SAM : Electric Toll Collection Secure Authentication Module M to M : Machine to Machine M to M Authentication Contactless Card ETC SAM SIM GSM, 3G SIM Card Renesas is one of the first company introducing the smart card technology in early 80s starting for banking card. In 90s, we started shipping smartcard chip for GSM SIM application which is very large volume in Europe and Asian countries. Advanced SIM technology is used for today’s 3G phone and Renesas is currently producing 32bit large non volatile memory on chip smart card chip for this market. ETC, electric toll collection system has been introduced into all most all highway system in Japan. Renesas has more than 50% of share for secure authentication module installed in the vehicle. For contactless technology, Renesas has 100% share in the mobile Felica system in Japan which is mobile phone with contactless card function. Now we are entering Paypass contactless card in US market. For machine to machine authentication, we offer the dedicated security chips in volume for embedded security application (machine-to-machine authentication). Last year, we achieved 3.0 billion units cumulative shipped and quality of Renesas security chip has been highly accepted in the industry. Today, we are supplying more than 300 million security ICs every year. Banking Card (Visa, MasterCard, Debit card) 1980 1990 2000 2009 2010 © 2010 Renesas Electronics America Inc. All rights reserved.

14 Strong user authentication
From simple ID to strong authentication Small groups Larger society Networked society Today User Strong user authentication SIM Historically the need for strong USER authentication has grown as the complexity of networks and more sophisticated services increased. Name Name + ID Authentication © 2010 Renesas Electronics America Inc. All rights reserved.

15 Strong user authentication
From simple ID to strong authentication Small groups Larger society Networked society Today User User Strong user authentication M2M SIM Similarly Renesas anticipates that the need for stronger MACHINE-TO-MACHINE authentication will increase over time, and we want to position our company as the leading provider of robust solution in that market. We also want to help you address this emerging market with our Security solution. M2M Authentication app. opportunities © 2010 Renesas Electronics America Inc. All rights reserved.

16 designs without strong security at high risk Public infrastructure
Hacks can affect almost any product High tech consumer designs without strong security at high risk POOR SECURITY = HIGH RISK Public infrastructure High tech industrial Hackers can attack and damage almost any product across all segments. Here are some examples made public in the recent years: (top left pic) Consumer segment: In China, close to 15 % of phones working in the telecom network are counterfeited devices. (bottom left pic) Industrial segment: This cover page title is ‘FAKES: can you tell the difference?’ among two network equipment devices (bottom right) Public infrastructure: this was on TV news earlier this year. Hackers managed to enter road sign control systems across several states and create this prank… a threat to public safety (top right): this is an example of a social networking sites for hackers. There are 100s of similar places, where communities of hackers exchange freely ideas, software downloads to attack all sorts of products… This highlight the fact that product designed with poor security or no security are highly at risk. © 2010 Renesas Electronics America Inc. All rights reserved.

17 Benefits of a design with Strong Security
Protection against: Liability Breach of License & Brand Revenue Loss Unfair Competition and improved credibility with partners and customers Yes, you will see through this presentation that security is becoming real concern in the high tech world. After all, a company’s strength and competitiveness reside in the uniqueness and quality of its products. If the products can be easily copied, it can: Reduce margins and create losses, Affect negatively the reputation of the company, Bring unwanted and dangerous competitors… Security MUST be designed in! Security MUST be designed in! © 2010 Renesas Electronics America Inc. All rights reserved.

18 Symmetric key architecture
A: Who are you? B: I am Bob Rely on shared ‘secret’ among parties A: Prove it to me by responding to my question ( if you know my secret you’ll be able to respond ) Authentication basic: There are two types of architectures. The first one is built with ‘symmetric’ keys. The reason for that name is that both ends use the same exact ‘key’ in order to perform this type of authentication. This highly simplified diagram explains the principle behind this mechanism. Party A asks Party B ‘who are you’? Party B: responds ‘I am XYZ’ Party A; says ‘prove it to me by answering my question’ (I know the secret key we share, you should be able to answer) Of course the real cryptographic exchange is more elaborate than that, but this is in essence the principle of this method. Once A recognizes the response from B, the authentication is performed positively, and A nd B can proceed further. . As you can see, this method relies on ‘shared secrets’ and this carries a lot of risks if the secrets are not well protected. RISK: The Secret MUST be stored In a tamperproof IC, otherwise the entire network can be compromised as ALL share the same secret. © 2010 Renesas Electronics America Inc. All rights reserved.

19 Asymmetric* key architecture
A: Who are you? (*) also called PKI : Public Key Infrastructure Technology B: I am Bob Rely on a ‘chain of Trust’ among parties A: Prove it to me by showing me a valid ID ( which you received in the past and is unforgeable ) and I will check it is genuine The second type of architecture is called ‘asymmetric key architecture’ This method is slightly different, a little bit more complex than the previous one, but has lots of advantages. Party A asks: who are you? Party B responds; I am XYZ This time party A request a valid ID (a badge if you will than cannot be forged) and will check that the badge is genuine, and party B is indeed the legitimate owner of this ID Again, the real cryptographic exchange is more complicated than this, but the goal of the exchange is this. Here we do not have the risky ‘shared secret’ mechanism (think about thousands or millions of users or devices)… If, after having spent enormous $ effort, a hacker manages to break 1 badge, he will have compromised only one device, not the entire system. PKI strength: Only legitimate owners of VALID IDs will be accepted. If one device is compromised, only that single device is bad. ALL others are not affected. © 2010 Renesas Electronics America Inc. All rights reserved.

20 Cryptographic Algorithms for Security
SHA-1 / SHA-256 (Atmel, Maxim) Simple message digest Not “true” encryption Mostly used for digital signature signing SHA-1 not approved by US government Symmetrical Cryptography Proprietary, DES, 3DES, AES 64 (i.e. crypto-memory), 128, 256 bit keys Symmetrical keys used on both sides Keys must be handled with the highest security Sharing of common keys can lead to compromise Any key compromise affects every unit Asymmetrical Cryptography RSA, ECC 1024, 2048 bit keys Uses public / private key pairs Private keys are all different Compromise of a single key only affects a single unit Can be more complex to implement SHA-1 / SHA-256 (Atmel, Maxim) Simple message digest Not “true” encryption Mostly used for digital signature signing SHA-1 retired from use by US government Symmetrical Cryptography Proprietary, DES, 3DES, AES 64 (i.e. crypto-memory), 128, 256bit keys Symmetrical keys used on both sides Keys must be handled with the highest security Sharing of common keys can lead to compromise Any key compromise affects every unit Asymmetrical Cryptography RSA, ECC 1024, 2048 bit keys Uses public / private key pairs Private keys are all different Compromise of a single key only affects a single unit Can be more complex to implement © 2010 Renesas Electronics America Inc. All rights reserved.

21 Case Study (from a US partner)
Background Large, well known camera manufacturer Battery Cloning Issues Direct Revenue Loss Warranty Issues LiIon Battery Safety Issues Solution Low cost SHA-1 based security device Result Camera firmware hacked to obtain keys Low cost microcontroller used to imitate security device Cloned batteries available within 3 months FAIL Background Large, well known camera manufacturer Battery Cloning Issues Direct Revenue Loss Warranty Issues LiIon Battery Safety Issues Solution Low cost SHA-1 based security device Result Camera firmware hacked to obtain keys Low cost microcontroller used to imitate security device Cloned batteries available within 3 months The choice of a low cost security solution was clearly a failure in this case. . © 2010 Renesas Electronics America Inc. All rights reserved.

22 Web authentication – 1 (users)
PKI authentication performed before Ecommerce, or online banking services are enabled Private Key + Certificate (Remote service provider) Public Key Certificate (Authenticator) Let us look at what is happening in the internet space. There are today more than 1 billion (human) users on the web performing commonly transaction, online banking, ecommerce, or sharing or providing sensitive data. How is that possible when we all know that the Internet is not a ‘trusted’ network. The secret is: P K I ( Public Key Infrastructure / Technology) which allows any PC users to perform very reliably such transaction on the web,. It is based on digital certificates. Proven with Billions of Users Secure, Trusted Authentication Method Conforms to IT, Internet and Enterprise Authentication standards © 2010 Renesas Electronics America Inc. All rights reserved.

23 Web authentication – 2 (users)
In fact if you look at your own PC (example by going to (IE user) Internet option / content / Certificates) you will find that your computer is equipped with these certificates. These components are needed for you (as a user) to make sure that you are indeed interacting with your bank, your ecommerce site, or the DMV site to perform securely any transaction. Public Key Certificate (Authenticator) © 2010 Renesas Electronics America Inc. All rights reserved.

24 Levels of security SECURE
Software security BAD Memory chip security Almost as BAD Board ID SECURE Keys NOT protected CPU intensive (can be OK for PKI comp. by the host) (encryption alone is NOT security) Broadly speaking, there are 3 levels / categories of security technologies for embedded devices: Software only: can be copied, does not protect sensitive keys, and is computation intensive.. (can be only suitable for PKI authentication as host). One common mistake is about encryption: encryption alone IS NOT security (the key MUST be protected). Memory chip: outdated key length (most memory chips use key short key lengths broken decades ago; NIST does not recommend any such algorithms) Secure IC / Board ID chip: built wit the same security as what is mandated by banks, government ID, enterprise access control, and equipped with PKI technology. In fact we, Renesas, the proven web user authentication technology (Billion users +) to the world of Embedded Systems. In addition you will see, that our solution is very complete, and includes a critical VAS component provided by Avnet. Outdated key lengths (like a ‘2 digits’ PIN code) Strong crypto Tamper proof PKI for Embedded Systems Avnet VAS We bring proven Web user authentication technology to Embedded Systems © 2010 Renesas Electronics America Inc. All rights reserved.

25 Board ID use examples Board ID chips I2C
There are 4 typical use cases for our technology: (progressing clockwise from top left): 1- Single board use: a MCU authenticates the Board ID before providing any service, or activating a license) 2- A main unit authentication a peripheral or accessory unit before providing services. The process ensures that only legitimated, valid, certified peripheral units are accepted 3- A variation of the previous one: same operation performed in both ways (mutual authentication) 4- Authentication is performed by a central server across a network. We see more and more demand for this type of use cases. Board ID chips © 2010 Renesas Electronics America Inc. All rights reserved.

26 Case 1: Anti-Cloning Business case Implementation example
Renesas solution with Board ID © 2010 Renesas Electronics America Inc. All rights reserved.

27 Board ID Example 2 – Anti-Clone System
Counterfeited routers Router main board Plug-in router card modules Main CPU I2C Board ID Chips Security storage © 2010 Renesas Electronics America Inc. All rights reserved.

28 Case 2: Anti-cloning, Usage control
Business case Implementation example Renesas solution with Board ID © 2010 Renesas Electronics America Inc. All rights reserved.

29 Board ID Example – Usage Control
Medical probe(s) Unalterable Usage Control info processed by the Security chip Medical Device unit and probe(s) Doctor prescribes Treatment (usage of probes)  Security IC in the probe enforces the usage prescribed (no overuse / misuse possible) Board ID chip Main Unit Peripheral unit (disposable) Board ID chip I2C Main CPU © 2010 Renesas Electronics America Inc. All rights reserved.

30 Case 3: Secure Tracking, IP protection
Business case Implementation example Renesas solution with Board ID © 2010 Renesas Electronics America Inc. All rights reserved.

31 Board ID Example – Protect Licensing Model
Medical system vendor $ Approved Partner Co Main Unit accessory unit Board ID chip I2C Main CPU Accessory MCU © 2010 Renesas Electronics America Inc. All rights reserved.

32 Board ID Solution for Medical Application
Medical Device business risks: Liability (HIPAA) Service Level Agreement (HIPAA) Revenue loss (HIPAA) Unfair competition Increased costs of operations License and brand protection Credibility with partners and customers Security breaches (HIPAA) Device effectiveness (HIPAA) Medical Applications requiring strong data protection, authentication, security (HIPAA): Networking, Web connected devices and systems, Probes/devices used by patient, Remote monitoring, Etc HIPAA: Health Insurance Portability and Accountability Act HIPAA HITECH: HIPAA Health Information Technology for Economic and Clinical Health Act © 2010 Renesas Electronics America Inc. All rights reserved.

33 Benefits of security IC bring in a networked environment
Security features With Security IC No Security IC Secure storage* of key (i.e. tamper proof device) Y N Strong authentication* Public key (RSA, ECC) Symmetric key (TDES,..) Authentication Process as per Industry Standards Y (possible) FIPS certification* (US govt security certification) Secure key/X509 cert provisioning* Secure remote download/upgrade* Proprietary solution Secure connectivity to networks* (with X 509 certificate) Strong hardware enforcement option (*) security features recommended in the NIST Cyber-security guidelines for Smart Grid devices published in 2010 © 2010 Renesas Electronics America Inc. All rights reserved.

34 Details on Renesas solution
Secure IC Firmware and Security application Demo kit and reference software Key management and provisioning services Technical assistance and support Secure IC Firmware and Security application Demo kit and reference software Key management and provisioning services Technical assistance and support © 2010 Renesas Electronics America Inc. All rights reserved.

35 Conventional MCU or memory chip vs. Board ID
These are only few examples: many more advanced security features are implemented in the Board ID chip Conventional MCU or memory chip Board ID Current consumption is scrambled by internal noise generator data cannot be extracted by current monitoring Attacker can read data by monitoring current consumption Attacker can capture data by probing metal patterns Chip is protected with: “active” metal shield to prevent data capture randomized layout Comparison between conventional IC technology and Security IC technology. Simply not comparable: Board ID is built with Security IC technology. Provides an incomparable level of security. For example: - Data cannot be extracted by current monitoring, - Active shield, randomized layout prevent successful probing/spying - If the chip is taken out of its normal operating environment ( temperature, voltage, frequency) it will not respond (assumes it is attacked). Conventional chips would leak out data easily under such conditions or attempts (not designed to protect data in this manner) Chip spec Voltage Frequency Boundary of normal operation Chip spec On chip detectors works Voltage Frequency Boundary of normal operation Attacker can read data under abnormal operating conditions On chip detectors force to stop operation under abnormal conditions © 2010 Renesas Electronics America Inc. All rights reserved.

36 BoardID Secure Products Positioning
Value of IP to be protected High$ BoardID N series Secure MCUs Med$ Lab Certified TPM Crypto Memory & CryptoRF Lab Certified Low$ EEPROM & LF RFID Low Medium High Security FIPS140-2 level3 © 2010 Renesas Electronics America Inc. All rights reserved.

37 Board ID 2.0 Specs summary Hardware Specification Operating Voltage
Operating Voltage 1.8V - 3.3V Communication interface I2C (100kHz) ( Internal oscillator ) Operating Temperature - 20°C to +75°C WTR option (please consult with us) Package QFN20 (4.2mm x 4.2mm) Security Physical protection Secure manufacturing center Secure programming process Software Specification Authentication Algorithm PKI (RSA 1024 / 2048 bits) mutual authentication possible Anti-Cloning PKI (Certificate and signature verification) Usage Control Limit counter (1 to 4, 294, 967, 295 times) Secure Tracking 4 bytes (32bits) of condition value IP Protection Secure Storage 64 bytes X 8 pages (512bytes total) with advanced protection features Here is diagram explaining the firmware and the security applications implemented in the Board ID device Here is a summary outlining the key specification items of the product. You will find more details in our web site: america.renesas.com/boardid We will provide you the chip with a suite of firmware and application components to make your design easy and robust. © 2010 Renesas Electronics America Inc. All rights reserved.

38 Response What are the benefits of Board ID solution compared with Software security? Software: CPU intensive, key NOT protected, (it may be OK to compute PKI on the host side) Board ID: Complete authentication, External to MCU with key totally protected, Strong PKI crypto Q and A © 2010 Renesas Electronics America Inc. All rights reserved.

39 What are the differences of a Crypto memory Solution compared with a
Response What are the differences of a Crypto memory Solution compared with a Board ID solution for a customer? Crypto memory: inexpensive, NOT protected, weak (out dated) key length Board ID: Complete authentication with strong PKI crypto Physical protection Smart card / Secure IC technology Q and A © 2010 Renesas Electronics America Inc. All rights reserved.

40 Characteristics of a Secure Solution
Must be based on strong cryptography Must provide for secure key storage Must provide a defense against physical attacks Physical attack on bare die Voltage Frequency Temperature Must include a secure supply chain Key generation / provisioning Device Programming Must be based on strong cryptography Must provide for secure key storage Must provide a defense against physical attacks Physical attack on bare die Voltage Frequency Temperature Must include a secure supply chain Key generation / provisioning Device Programming We offer a total solution with our partner Avnet © 2010 Renesas Electronics America Inc. All rights reserved.

41 A complete one-stop-shop solution
Please attend ID 910C presented by Avnet Please visit also our booths Avnet VAS; Value Added Services. This figure presents the overall flow of product and sensitive data needed to produce a complete solution that the end customer can assemble and use in their products. It starts with the customer and its authorized CMs. The customer must provide product ID, and customer data which specific to the use of the security device in their environment. Renesas manufactures the chip in their secure manufacturing center. The security firmware is included in the chip and the product is locked when it leaves Renesas premises. Then Avnet provides the critical PKI VAS needed to deploy this technology by generating, on the customer’s behalf, the digital certificates and keys unique to each chip and fully compliant with industry standards. Certificates are then programmed on each chip per customer requirements. It should be noted that only Avnet as an approved VAS provider can unlock the chip and perform this programming. Avnet then provides the secure logistics services and keeps detailed audit records for all operations that have been performed to provide this service Avnet is a one-stop-shop for Board ID product and Services. By working with Avnet in this manner, Renesas makes PKI technology accessible to a large community of vendors in the global market place. Standard based PKI security technology cost effective and accessible now to vendors of all sizes (small and large) operating globally. © 2010 Renesas Electronics America Inc. All rights reserved.

42 What services are provided by Avnet to
Response What services are provided by Avnet to Board ID customers? 1- Logistics support as a Franchised distributor of the product and the Board ID demo kit 2- PKI programming services including key/cert generation 3- Technical assistance to: a- define the programming scheme, b- to help authentication code porting (MCU code) Q and A © 2010 Renesas Electronics America Inc. All rights reserved.

43 Board ID demo kit More Details in ID 930L presented by Shotaro Saito
YBIDKITSV2 Board ID Device Authenticator (SH7285 MCU) Demo for each authentication use cases: anti-cloning, usage control, secure tracking and IP protection Authentication done between authenticator (SH7285) and Board ID device Authenticator software (Board ID Security Stack - BSS) provided for easier porting by customers into their target MCU/MPU. Low cost, $149 available from Avnet RTA has developed new Board ID demonstration system combining popular Renesas MCU. Capable to show authentication demo for each use cases (Anti-Cloning, Usage Control, Secure Tracking and IP Protection ) Authentication is done between authenticator (SH7285 MCU) and Board ID device (R5H30211 with firmware version 1.0) Authenticator software is provided as Board ID Security Stack (BSS) for easier porting by customers into their target MCU/MPU. Low cost, MSRP: $149, Prototype available now. © 2010 Renesas Electronics America Inc. All rights reserved.

44 RDK RX62N with Board ID module
3 Axis Accelerometer Analog Devices Inc (ADI) I2C Temp Sensor LEDs for Spinning Motor Simulation On-board Segger JLink Lite Graphics Mono LCD Debug USB External Power Micro SD Card Slot 10/100 Ethernet Board ID Connector Ethernet PHY with IEEE1588 National Semi 128M Serial Flash We are also introducing at this DevCon event our latest and greatest MCU family called the Rx family. This RX62N RDK will be equipped with a Board ID device (in a daughter board that can be plugged in easily on the RDK). Please meet with our Rx team as well as our Ecosystem team to learn more about this new RDK. USB Device USB Host USB OTG Stereo Audio Out 3 User Switches (ADI) Silicon Microphone The Rx RDK includes a Board ID Module User Pot Application Headers © 2010 Renesas Electronics America Inc. All rights reserved.

45 Board ID section of RTA site http://america.renesas.com/boardid/
We have now a site entirely updated: america.renesas.com/boardid/ © 2010 Renesas Electronics America Inc. All rights reserved.

46 Link to Avnet site We have also link to Avnet site presenting the services provided by Avnet for the Board ID product. © 2010 Renesas Electronics America Inc. All rights reserved.

47 Are there issues with Export Control?
Question Are there issues with Export Control? The Board ID product is designed to meet applicable Export Control rules and regulations. The product can be exported to foreign countries in accordance with applicable US laws. The customer must ensure compliance to these laws. Q and A © 2010 Renesas Electronics America Inc. All rights reserved.

48 Summary: Strengths of the Board ID solution
And why a customer selected Board ID recently… 1- Strong authentication (RSA 2048 Bit) with tamper-proof chip 2- Easy integration of Board ID in customer design (fast time to market) 3- Avnet support services: - logistics and key/cert programming services (root cert provided by customer to keep control of the chain of trust) - unique data serialized and programmed in each chip - strong support for all phases of development: sample evaluation, pre-production test/validation and MP ramp up. 4- REA experience in the Security IC market 1- Strong authentication (RSA 2048 Bit) with tamper-proof chip 2- Easy integration of Board ID in customer design (fast TTM) 3- Avnet support services: - logistics and key/cert programming services (root cert provided by customer to keep control of the chain of trust) - unique data serialized and programmed in each chip - strong support for all phases of development: sample evaluation, pre-production test/validation and MP ramp up. 4- REA experience in the Security IC market © 2010 Renesas Electronics America Inc. All rights reserved.

49 Questions? © 2010 Renesas Electronics America Inc. All rights reserved.

50 PKI Mutual authentication
Innovation Server Extended boards Router PKI Mutual authentication © 2010 Renesas Electronics America Inc. All rights reserved.

51 Please visit both the Renesas and Avnet booths in the exhibit hall.
Thank You! Thank you. Please visit our booth as well as Avnet booth in the exhibit area. Please visit both the Renesas and Avnet booths in the exhibit hall. © 2010 Renesas Electronics America Inc. All rights reserved.

52


Download ppt "ID 911C: Case studies for Embedded Security"

Similar presentations


Ads by Google