This article is part of theCommunicationSeries:加密手册
Modern cryptographic algorithms can be implemented using dedicated cryptographic hardware or software running on general-purpose hardware. For various reasons, dedicated cryptographic hardware provides a better solution for most applications. Thetablebelow lists reasons why hardware-based cryptographic solutions are more desirable.
安全启动并安全下载- 它们是什么,为什么很重要?
Among the everyday IoT devices that use embedded hardware are:
- 家用设备:Wi-Fi摄像机,IoT恒温器和烟雾探测器
- 医疗设备
- Wearables, fitness trackers, or smart watches
- Industrial machines such as robotic arms in factories
Almost all of these devices(图。1)包含访问Internet的启动固件或可下载数据,从而使它们处于危险之中。启动固件基本上保存在设备内的非易失性内存中。这是设备的大脑。该软件会不时更新以纠正和增强某些功能。这可以是从新的入侵者检测算法的Wi-Fi摄像头或工业机器人臂的角度来更好地定位焊缝。
This article covers all of the necessary steps needed to securely boot and upload new firmware in a connected device.
为什么保护物联网设备固件或数据?
IoT devices must be trustworthy, which means the device firmware and critical data must be verified to be genuine. In a perfect world, boot firmware and configuration data would be locked down at the factory, but customers have come to expect firmware updates and reconfiguration to be available over the internet. And that’s the problem—malicious actors can use these network interfaces as a conduit for malware.
If someone gains control of an IoT device, they may take control of the device for malicious purposes. For this reason, any code that purports to come from an authorized source must be authenticated before it’s allowed to be used.
An attacker may deliver malware to an IoT device by various means(Fig. 2):
- 如果攻击者可以获得物理访问德vice, then malware may be introduced via a physical connection (such as USB, Ethernet, etc.).
- Operating systems often exhibit vulnerabilities that are closed as they’re discovered by means of a patch. If an attacker can access an unpatched system, they may be able to introduce malware.
- 通常,IoT设备会联系更新服务器,以确定是否有更新的固件或配置数据可用。攻击者可以拦截DNS请求,并将IoT设备重定向到托管恶意软件或损坏配置数据的恶意来源。
- The authentic website may be misconfigured in such a way to allow an attacker to take control of the website and replace authentic firmware with one that contains the attacker’s malware.
We can prevent infiltration and protect against malware injection by using secure boot and secure download. Thus, the IoT device can trust the updates being received from the command/control center.
Protecting from malware injection with secure boot/download means the IoT device can trust the updates received from the command/control center.
Note that if a command/control center wants to fully trust the IoT device, there’s an additional step that involves authenticating the IoT device’s data. How do we go about protecting these devices by using secure boot and secure download?
Authentication and Integrity of the Firmware
Authentication and integrity can provide a way to:
- Ensure that the targeted embedded device runs only authorized firmware or configuration data.
- Confirm that the data istrustedand随后未经修改。
- 允许密码学用于证明数据既是authenticand hasintegrity.
- Utilize cryptographicdigital signatures, like a seal or manual signature at the bottom of a letter.
With authentication and integrity, the firmware and configuration data are loaded during the manufacturing phase and all subsequent updates are digitally signed. This way, the digital signature enables trust during the device’s entire lifetime. These features of digital signature are paramount to providing security:
- 使用的数字签名必须由加密算法计算。
- To bring the highest level of security, the algorithms need to be public and well-proven.
For our secure solution, we’ll examine asymmetric cryptographic algorithms, specifically the FIBS 186 ECDSA.
不对称密码学应用于保护启动/下载
不对称加密术使用公共/私钥对进行算法计算(Fig. 3):
- 任何密钥对生成的开始都包括选择random numberto be used as the private key.
- 随机数输入到key generator并且计算开始输出公钥。
- 公钥公开(it can be distributed freely to all without any security risk).
- However, theprivate keyis critical information that must be kept confidential.
The fundamental principles of secure download in asymmetric cryptography are:
- The firmware developer uses the private key forsigning.
- An embedded device (or an IoT device) uses the public key forverification.
So why use asymmetric key cryptography?
- The advantage is that no private key is stored on the embedded device.
- 使用非对称加密时,攻击者无法检索私钥。
- Lastly, the algorithm chosen (i.e., ECDSA) makes it mathematically infeasible to derive the private key from the public key.
First, let's look at an example of what must occur at an R&D facility that utilizes asymmetric key cryptography.
R & D Facility
- 我们从完整开始firmware.
- The firmware must be put through aSHA-256 multi-block哈希计算。
- Theprivate key哈希是输入的ECDSA signing algorithm. The output is a unique signature that could have only been signed by a private key.
- Combine our firmware with the signature and send it out upon request for现场用法.
Figure 4illustrates these points in greater detail. Now let’s look at field usage.
现场用法
- 嵌入式设备接收firmware and signature.
- 固件将通过SHA-256 multi-block hash computation.
- Our embedded device will already contain thepublic key在研发设施的关键一代期间创建。
- Thesignatureand theother ingredientswill then be used as input for the ECDSA verify.
- Theresult从ECDSA验证将确定是否firmwarecan be used by the嵌入式设备.
- If the result is aPASS, then the embedded device accepts the firmware that has both authenticity and integrity.
- If the result is aFAIL, then thefirmware被拒绝。
以下视频说明了如何将固件牢固下载到远程系统:
安全启动并安全下载Using DS28C36
很多嵌入式设备没有一个安全的microcontroller with the computational capacity to perform the required calculations to verify the authenticity and integrity of downloaded firmware or data. One cost-effective hardware-based IC solution is theDS28C36DeepCover安全身份验证者(Fig. 5).
安全引导和安全下载的步骤:
- As previously discussed, a system public-private key pair for the secure boot or secure download function is established at the R&D facility. The system private key of this pair is used to sign firmware or data that ultimately is verified by the DS28C36 embedded in the end system. This system private key never leaves the controlled development environment. The system public key of this pair is installed in the DS28C36 in a key register location that has an "authority key" attribute, which is a configurable setting in the DS28C36.
- The system private key is used to compute the digital signature of the firmware or data.
- 带有预编程的系统公钥的DS28C36位于主机处理器的接口上。
- When firmware is required to be run by the processor, it’s first retrieved by the processor boot manager and delivered to the DS28C36 in sequential 64-byte blocks to compute a SHA-256 hash.
- 在DS28C36完成SHA-256哈希计算之后,处理器将提供在开发环境中计算并附加到文件上的固件或数据的ECDSA签名。
- 在DS28C36接收ECDSA签名之后,处理器发送命令以使用预装的系统公钥来执行签名验证。
- If the DS28C36 verifies the signature, a pass result parameter byte and a GPIO pin set to logic 0 is delivered to the processor. The status of this pin and parameter byte result acts as a go/no-go result to the processor to run the now known trusted firmware or data update.
- In addition, if the command/control center would like to trust the DS28C36, an extra ECDSA signature engine is optionally available.
In summary, we have shown a proven security solution for secure boot or secure download using the DS28C36 that addresses threats to IoT devices. This secure authenticator IC offloads the heavy computational math involved to prove both authenticity and integrity of firmware or data updates.
有关Maxim安全启动和安全下载解决方案的更多信息,请查看:
Go to theSecurity Labtool to execute this sequence example or use Maxim’s other additional hardware labs.
Bidirectional Authentication for IP Protection
双向(或相互)身份验证是安全通信的重要组成部分。沟通的双方都应确定他们的对应者可以信任。这可以通过证明拥有私人信息来实现。只要有能力证明拥有,这些信息就可以在各方之间共享,也可以完全私密。
Symmetric authentication systems require information to be shared among all participants in a communication. This information is usually called a "secret.” A secret is a piece of information not generally known; it’s known only to those who need it. The secret is used in concert with a symmetric authentication algorithm such as SHA, along with other data shared between participants. The ability to generate a matching signature on both sides of communication proves possession of the secret.
Asymmetric authentication systems (like ECDSA) employ hidden information that’s not shared between parties (known as a “private key”), but is used to produce information that can be known to the public (known as a “public key”). Proper use of the public key proves possession of the private key because the private key is needed to unlock a message locked by the public key and vice versa.
从属身份验证
To authenticate a slave device in a master-slave configuration, a piece of random data (also known as a “challenge”) is sent to a slave. Along with any shared data between the devices, the challenge is run through a signing operation with a secret or private key to produce a “response” signature. The response signature can be verified by the master because the master is in possession of the shared secret, or a public key that corresponds to the slave’s private key. The general flow of this process is shown inFigure 6.
Authentication generally depends on algorithms that produce signatures proving possession of a participant’s hidden information but make it difficult to discover the information itself. These are known as one-way functions. SHA and ECDSA are examples of such algorithms.
主身份验证
To prove all parties can be trusted, the master must also need to prove authenticity to the slave. An example of this process is shown in the form of an authenticated write(Fig. 7).
InFigure 7,主人正在将新数据写入从设备。但是,要完成写作,从属必须通过要求主根据该信息以及主人的隐藏数据(秘密或私钥)生成签名来验证信息的真实性。通过使用与主私钥相对应的共享秘密或公共密钥,从属可以验证签名是真实的。
The use of one-way functions may allow any eavesdroppers to see all data being transmitted, but it prevents them from determining the hidden information that produced the signatures associated with the data. Without this hidden information, eavesdroppers can’t become impersonators.
该双向身份验证模型可以轻松地用于确保设备中存储的知识产权(IP)将受到伪造者的良好保护。
TRNG Output and Typical Use
Maxim’s ChipDNA secure authenticators have a built-in true random number generator (TRNG)(Fig. 8). This is used by the device for internal purposes. But they also have a command that sends out the TRNG output if the user requests it. At this time, the maximum length of the TRNG output length is 64 bytes. This hardware NIST-compliant random number source can be used for cryptographic needs such as “challenge (nonce)” generation by a host processor.
NIST/FIPS Specifications
Three different specifications are related to TRNGs:
- NIST SP 800-90A
- NIST SP 800-90B
- NIST SP 800-90C
有关更多详细信息,请访问NISTwebsite.
The next article in the series will cover the threats faced by crypto systems the types of countermeasures that are available, as well as how to plan for threats.
Read more from theCommunicationSeries:加密手册
Zia A. Sardar和Stewart Merkel是技术人员的主要成员,Aaron Arellano是技术人员的成员,Maxim Integrated.
