Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

NEOS IoT Security Platform : System-on-module with WiFi and TPM (Trusted Platform Module) for IoST, Internet of Secure Things (EN)

1,604 views

Published on

MDS Technology Co., Ltd. presents
"NEOS-IoTSP (NEOS IoT Security Platform) Pack" doc.2016.06c that contains :

* Software
- NEOS™ RTOS for Neo-SP1 (STM32F415 MCU)
- ASP for Cortex-M4 (STM32F415)
- BSP for DVMS including Neo-SP1
- Bootloader for Secure Boot, Secure Firmware Update
- NEOSPACE™ IDE
- Open Source Cryptographic Module

* Hardware
- DVMS boards (DevKit with Sensors, Neo-SP1 mounted)
- TPM : Infineon SLB9670VQ1.2, ATMEL AT97SC3205
- WiFi : ESP8266
- Schematic for DVMS (excluding Neo-SP1)

* Optional
- Neo-IDM™ Server, Interworking Proxy Server, Secure Update Server
- Optimized Cryptographic Algorithm module (CMVP Certification)

* Contacts :
- http://www.neosrtos.com/neosp1
- email: daeyeoun@mdstec.com

Published in: Software
  • Be the first to comment

  • Be the first to like this

NEOS IoT Security Platform : System-on-module with WiFi and TPM (Trusted Platform Module) for IoST, Internet of Secure Things (EN)

  1. 1. NEOS-IoTSP IoT Security Platform based on NEOS RTOS ™ supporting WiFi and TPM (Trusted Platform Module) 2016.12 http://www.neosrtos.com/neosp1 email: daeyeoun@mdstec.com © 2016 MDS Technology Co., Ltd..
  2. 2. Features of NEOS IoT Security Platform ● Full Featured Solution Package : Secure RTOS Software, Integrated Development Environment Software, System-on-module, and Development Kit ● Crypto Library ● Secure Boot ● Secure Firmware Update ● TPM Support ● Device Management Solution, Integrated ● Key Management System for IoT, Integrated
  3. 3. Configuration of NEOS IoT Security Platform Secure RTOS SW Secure Boot Secure Firmware Update Crypto API NEOS™ RTOS Key Manager IoT Agent Crypto- library Neo-SP1 (System-On- Module) Cortex-M4 MCU WiFi Device Manager TPM DVMS (Development Kit + Sensors) Serial to USB (monitor) SWD (debug) Accelerometer Magnetic Field NEOSPACE™ IDE USB (Serial, SWD) Internet / Intranet Temperature & Humidity Light & UV Host Computer ■ Softwares : Secure RTOS Software, IDE (Integrated Development Environment) ■ Reference Hardwares : System-on-module, and DevKit 3 <NEOS-IoTSP> http://www.neosrtos.com/neosp1
  4. 4. 4 A. Secure RTOS SW Platform ■ Secure Boot ■ Secure Firmware Update ■ Standard Cryptographic Library for end-to-end Security ■ Secure Key Management on TPM (Trusted Platform Module) ■ Standard based Device Management Solution (NEO-IDM™) Integrated ■ Standard based Key Management Solution (iKMS) Integrated Secure RTOS SW Secure Boot Secure Firmware Update Crypto API NEOS™ RTOS Key Manager IoT Agent Crypto- library Device Manager
  5. 5. 5 B. IDE (NEOSPACE) ■ Complete Integrated Development Environment based on eclipse development platform ■ Project Management ■ Building target software : compiler, linker ■ Debugging and Flash Programming through Serial Wire Debug (SWD) USB (Serial, SWD)
  6. 6. • Neo-SP1 Module – Hardware Root of Trust by TPM (Trusted Platform Module) – User can program IoT application on the module • DVMS : Full Featured Development Kit – Neo-SP1 Mounted – SWD ST Link-v2 Debug Interface ready for Debugging and Flash Programming – Sensors : Accelerometer/Magnetometer, Temperature/Humidity, Light/UV – Configurable External Ports with I2C, ADC, UART interfaces 6 C. Reference Hardware JTAG Trace32 SWD - USB Serial - USB Temp./ Humidity Accel. / mageto. Neo-SP1 Light/UV External Ports DVMS (DevKit) Function Specification MCU STM32F415 TPM Infineon SLB9670VQ1.2 Connectivity WiFi 802.11b/g/n : ESP8266 Dimension 25mm x 35mm ● Neo-SP1
  7. 7. Applications ● Edge Device, Connectivity Module, or Secure Media Converter ● Ready for various wireless connection
  8. 8. ■ Boot only OEM provided software only ■ Download firmware from Update Server and verify the Signature 8 Secure Boot, Secure Firmware Update Device Power On Firmware boot loader Boot Manager verifies Signature Boot to Main OS Boot to Update boot configuration database Internet / Intranet Update Server Signing ( OS and Hash ) Public key of update Server Download from update server
  9. 9. Neo-IDM Service UI • Standard IoT Device Management Platform based on LwM2M protocol • Two Operation Models : IoT Edge Device and Connectivity Module 9 Integration with Neo-IDM NEOS IoT SP Edge Device Neo-IDM CoAP Server IoT Gateway Neo-IDM LwM2M Client CoAP Interworking Proxy LwM2M IoT Server Azure, ThingWorx, ... HTTP/MQTT LwM2M Server NEOS IoT SP Connectivity Module Neo-IDM LwM2M Client & CoAP Server LwM2M LwM2M Server Secure RTOS SW Secure Boot Secure Firmware Update Crypto API NEOS™ RTOS Key Manager IoT Agent Crypto- library Device Manager
  10. 10. • Key distribution function and management scheme • Key Injection for IoT Device • Thus providing End-to-End Security 10 Integration with iKMS (Key Management System) NEOS IoT SP iKMS Agent Secure Key Distribution iKMS Server (Hancom Secure Co.) Secure RTOS SW Secure Boot Secure Firmware Update Crypto API NEOS™ RTOS Key Manager IoT Agent Crypto- library Device Manager IoT Server LwM2M, Azure, ... Secure Key Distribution
  11. 11. Cryptographic Library 11 Function Algorithm Description Block Cipher ARIA 128, 192, 256 bits SEED 128, 256 bits LEA 128, 192, 256 bits HIGHT 64 bits Block Cipher Operating Mode Confidentiality ECB, CBC, CFB, OFB, CTR Block Cipher : ARIA, SEED, LEA, HIGHT Confidentiality/Authentication CCM, GCM Block Cipher : ARIA, SEED, LEA, HIGHT Random Number Generator HASH_DRBG Hash : SHA-224/256/384/512 CTR_DRBG Block Cipher : ARIA, SEED, LEA, HIGHT HMAC_DRBG Hash : SHA-224/256/384/512 Public Key Cryptography RSAES Public Key : 2048, 3072 bits Key Management DH Public / Private Key : (2048, 256) ECDH B-233, K-233, P-224 B-283, K-283, P-256 Hash Function SHA-2 Output Length : 224, 256, 384, 512 bits Message Authentication Code Hash Based HMAC Key Length : 128, 256 bits Block CMAC Block Cipher : ARIA, SEED, LEA, HIGHT GMAC Block Cipher : ARIA, SEED, LEA, HIGHT Digital Signature RSA-PSS Public Key : 2048, 3072 bits KCDSA Public Key : 1024, 2048, 3072 bits ECDSA B-233, K-233, P-224 B-283, K-283, P-256 ECKCDSA B-233, K-233, P-224 B-283, K-283, P-256 ■ cryptographic algorithms ■ light-weighted, and optimized for embedded system
  12. 12. 12 Connection Types Neo-SP1 IoT GateWay IoT Server As a Connectivity Module Connect to Server without IoT Gateway Neo-SP1 Wireless Access Point As an Edge Device Connect to Server through IoT Gateway Internet / Intranet Internet / Intranet IoT Server Neo-SP1 Device-to-device Security Connect to other devices Internet / Intranet
  13. 13. ■ To provide Secure Channel for systems with Legacy Devices ■ Minimal or no modification to Legacy System for easy deployment 13 Secure Media Converter Legacy Devices Legacy Devices Trans- ceiver Trans- ceiver Unsecure Media : ethernet, RS485, RS422, ... Secure Channels Wired or Wireless Unsecure Media : ethernet, RS485, RS422, ...
  14. 14. ■ Ready for Connectivity Modules : Bluetooth, Zigbee, LoRa, WISUN, LTE, etc 14 Ready for Various Wireless Connections Extension RF Module Zigbee Bluetooth WISUN LoRa Sensors Internet / Intranet
  15. 15. 15 Applicable ■ To protect public safety data, environment data, smart grid data, etc, where Security is mandatory by law ■ To protect data for Military IoT ■ To protect Private Sensitive data, such as Wellness information or Medical (Health) data ■ To protect Device Configuration Data, Manufacturing Technology
  16. 16. About NEOS RTOS 16 ■ NEOS™ RTOS is a real-time operating system for embedded system developed by MDS Technology ■ DO-178B Level A Certifiable Kernel ■ Multi-thread Kernel with fast and deterministic performance ■ Preemptive realtime scheduling ■ POSIX standard API add-on (POSIX 1003.13 PSE52) ■ Field proven in aerospace and military for safety critical and mission critical system ■ http://www.neosrtos.com

×