저사양 IoT 디바이스에 보안 기술 적용의 어려움을 해결하기 위해 oneM2M에서는 하드웨어 보안 모듈의 필요성을 제시하였다. 그러나 하드웨어 보안 모듈이 단독 동작하며, IoT 디바이스의 마이크로프로세서와 구분된 시스템은 또다른 보안 취약점이 될 수 있다. 본 논문에서는 통합 보안 SoC 기반의 IoT 디바이스 보안 플랫폼을 설계하여 oneM2M의 보안 요구 사항을 만족하는 요소 기술을 제안한다. 그리고 이를 통해 IoT 디바이스에 대한 보안 위협 대응을 검증한다.

1. - 1 -
Mobile & Embedded System Lab.
Dept. of Computer Engineering
Kyung Hee Univ.
Design of a IoT Device Security Platform
based on Integrated Security SoC
Presented by Junyoung Jung

2. - 2 - Kyung Hee University
Mobile Embedded System Lab.
Motivation (1/2)
 Recent Trends
 Accelerated the launch of a variety of IoT products & services
 Developed the COTS IoT device platform
▶ Raspberry Pi, Arduino, ESP8266, etc
 Problems
 COTS IoT device platform
▶ Low CPU, Small memory, Low cost chip/sensor
▶ Absence of Security functions
 Existing Security technology (for Server/PC)
▶ Demand Large Memory and Fast computing power
Difficult to apply Security functions
to IoT device platform

3. - 3 - Kyung Hee University
Mobile Embedded System Lab.
Motivation (2/2)
 Hardware Security Module (Presented by oneM2M)
 SE(Secure Elements)
▶ Ensure Data/Firmware integrity
▶ Require strong Authentication method
 Isolated system’s Problems (Microprocess + SE)
 Reverse Engineering attack
▶ Memory/SE de-soldering
 Hardware Trojan attack
▶ Malicious hardware invasion
Propose IoT device security platform
based on Integrated Security SoC

4. - 4 - Kyung Hee University
Mobile Embedded System Lab.
Related works (1/2)
 Integrated Security SoC (eWBM MS500)
 Security features
▶ Secure Key Management
 Non Volatile Memory (eFuse)
▶ Secure Storage
 Flash Memory
▶ Root of Trust
 1st Bootloader
▶ Crypto Blocks
 Symmetric Crypto Accelerator (AES, ARIA)
 Asymmetric Crypto Accelerator (RSA, ECC)
 True Random Number Generator

5. - 5 - Kyung Hee University
Mobile Embedded System Lab.
Related works (2/2)
 oneM2M Security Requirements (TS-0003. Security Solutions)
 Access Management
▶ Using the encryption functions of the SE for data integrity
▶ Using the encryption functions of the SE for authentication
 Security Administration
▶ Pre-provisioning of sensitive data to SE
▶ Management of sensitive data via secure channel
 Sensitive Data Handling
▶ Secure storage of sensitive data using SE
▶ Secure management of sensitive data using SE

6. - 6 - Kyung Hee University
Mobile Embedded System Lab.
Proposed System (1/6)
 Security functions
① Secure Key Storage & Management
▶ Ensure availability of sensitive data(e.g., Encryption key)
▶ Correspondence) Sensitive Data Handling
② Secure Boot
▶ Verify firmware integrity
▶ Correspondence) Access Management
③ Secure Firmware Update
▶ Ensure safety of firmware update
▶ Correspondence) Access Management, Sensitive Data Handling
④ Secure Communication
▶ Ensure secure channel of device-to-device communication
▶ Correspondence) Security Administration
⑤ Remote Attestation
▶ Verify device trust
▶ Correspondence) Access Management, Security Administration

7. - 7 - Kyung Hee University
Mobile Embedded System Lab.
Proposed System (2/6)
 Secure Key Storage & Management
MS500-iSE
BootROM
1 𝑠𝑡 𝐵𝐿
eFuse
𝑆ℎ𝑑𝐾 𝑃𝑙𝑎𝑡𝑓𝑜𝑟𝑚
𝑆ℎ𝑑𝐾 𝐷𝑒𝑣𝑖𝑐𝑒
TRNG
(True Random
Number
Generator)
ACA
(Asymmetric
Crypto
Accelerator)
SCA
(Symmetric
Crypto
Accelerator)
Flash Memory
Public Section
2 𝑛𝑑 𝐵𝐿
𝐹𝑊𝐶𝑢𝑟
Private Section
𝐼𝐷 𝐷𝑒𝑣𝑖𝑐𝑒 𝑃𝑢𝑏𝐾𝐴𝑢𝑡ℎ𝑜𝑟
𝑆𝑖𝑔𝑛(𝑃𝑟𝑖𝐾𝐴𝑢𝑡ℎ𝑜𝑟 , 𝐹𝑊𝐶𝑢𝑟) 𝐸(𝑆ℎ𝑑𝐾 𝐷𝑒𝑣𝑖𝑐𝑒 , 𝐹𝑊𝑉𝐶𝑢𝑟)
𝐸(𝑆ℎ𝑑𝐾 𝐷𝑒𝑣𝑖𝑐𝑒 , 𝑃𝑟𝑖𝐾𝐴𝑡𝑡𝑒𝑠𝑡) 𝐶𝑒𝑟𝑡𝑖𝑆𝐸
< Data Encrypt method >

8. - 8 - Kyung Hee University
Mobile Embedded System Lab.
Proposed System (3/6)
 Secure Boot
< System Architecture >
< Sequence Diagram >
MS500-iSE
1 𝑠𝑡 𝐵𝐿 2 𝑛𝑑 𝐵𝐿 𝐹𝑊
Verify 2 𝑛𝑑
𝐵𝐿
( In: 2 𝑛𝑑
𝐵𝐿 𝑀𝐴𝐶, 𝑆ℎ𝑑𝐾 𝑃𝑙𝑎𝑡𝑓𝑜𝑟𝑚 )
Transfer control to 2 𝑛𝑑 𝐵𝐿
MS500-iSE
BootROM
eFuse
1 𝑠𝑡 𝐵𝐿 (includes 2 𝑛𝑑
𝐵𝐿 𝑀𝐴𝐶)
𝑆ℎ𝑑𝐾 𝐷𝑒𝑣𝑖𝑐𝑒
𝑆ℎ𝑑𝐾 𝑃𝑙𝑎𝑡𝑓𝑜𝑟𝑚
Flash
Private Section
𝐶𝑒𝑟𝑡𝑖𝑆𝐸
𝐸(𝑆ℎ𝑑𝐾 𝐷𝑒𝑣𝑖𝑐𝑒, 𝑃𝑟𝑖𝐾𝐴𝑡𝑡𝑒𝑠𝑡)
𝑆𝑖𝑔𝑛(𝑃𝑟𝑖𝐾𝐴𝑢𝑡ℎ𝑜𝑟 , 𝐻(𝐹𝑊𝐶𝑢𝑟))
𝐸(𝑆ℎ𝑑𝐾 𝐷𝑒𝑣𝑖𝑐𝑒, 𝐹𝑊𝑉𝐶𝑢𝑟)
𝑃𝑢𝑏𝐾𝐴𝑢𝑡ℎ𝑜𝑟
𝐼𝐷 𝐷𝑒𝑣𝑖𝑐𝑒
Public Section
𝐹𝑊
2 𝑛𝑑 𝐵𝐿
𝑃𝑢𝑏𝐾𝐴𝑡𝑡𝑒𝑠𝑡
𝑆𝑖𝑔𝑛 𝐶𝐴
Verify 𝐹𝑊
( Compare 𝐻(𝐹𝑊) and 𝐻(𝐹𝑊𝐶𝑢𝑟) )
Extract 𝑆𝑖𝑔𝑛(𝑃𝑟𝑖𝐾𝐴𝑢𝑡ℎ𝑜𝑟 , 𝐻(𝐹𝑊𝐶𝑢𝑟))
( referring to 𝑃𝑢𝑏𝐾𝐴𝑢𝑡ℎ𝑜𝑟 )
Transfer control to 𝐹𝑊𝐶𝑢𝑟
Compute 𝐻(𝐹𝑊)

9. - 9 - Kyung Hee University
Mobile Embedded System Lab.
Proposed System (4/6)
 Secure Firmware Update
< Sequence Diagram >
MS500-iSE Storage FW Author
Upload 𝑀𝑎𝑛𝑖𝑓𝑒𝑠𝑡 𝑁𝑒𝑤
Upload 𝑆𝑖𝑔𝑛(𝑃𝑟𝑖𝐾𝐴𝑢𝑡ℎ𝑜𝑟 , 𝐹𝑊𝑁𝑒𝑤)
Query 𝑀𝑎𝑛𝑖𝑓𝑒𝑠𝑡 𝐶𝑢𝑟
Send 𝑀𝑎𝑛𝑖𝑓𝑒𝑠𝑡 𝑁𝑒𝑤
Validate 𝑀𝑎𝑛𝑖𝑓𝑒𝑠𝑡 𝑁𝑒𝑤
referring to 𝑆𝑖𝑔𝑛(𝑃𝑟𝑖𝐾𝐴𝑢𝑡ℎ𝑜𝑟, 𝐻 𝑀𝑎𝑛𝑖𝑓𝑒𝑠𝑡 𝑁𝑒𝑤 )
Decrypt 𝑆𝑖𝑔𝑛(𝑃𝑟𝑖𝐾𝐴𝑢𝑡ℎ𝑜𝑟, 𝐻(𝑀𝑎𝑛𝑖𝑓𝑒𝑠𝑡 𝑁𝑒𝑤))
Request 𝐹𝑊𝑁𝑒𝑤
Send 𝑆𝑖𝑔𝑛(𝑃𝑟𝑖𝐾𝐴𝑢𝑡ℎ𝑜𝑟, 𝐹𝑊𝑁𝑒𝑤)
Decrypt 𝑆𝑖𝑔𝑛(𝑃𝑟𝑖𝐾𝐴𝑢𝑡ℎ𝑜𝑟 , 𝐹𝑊𝑁𝑒𝑤)
Store 𝑀𝑎𝑛𝑖𝑓𝑒𝑠𝑡 𝑁𝑒𝑤
( 𝐸(𝑆ℎ𝑑𝐾 𝐷𝑒𝑣𝑖𝑐𝑒, 𝐹𝑊𝑉𝑁𝑒𝑤), 𝑆𝑖𝑔𝑛(𝑃𝑟𝑖𝐾𝐴𝑢𝑡ℎ𝑜𝑟 , 𝐻(𝐹𝑊𝑁𝑒𝑤)) )
Store 𝐹𝑊𝑁𝑒𝑤
Validate 𝐹𝑊𝑁𝑒𝑤 and 𝐹𝑊𝑉𝑁𝑒𝑤
Create 𝑀𝑎𝑛𝑖𝑓𝑒𝑠𝑡 𝑁𝑒𝑤
Reboot (Normal Boot, where BL2 replaces 𝐹𝑊𝐶𝑢𝑟 with 𝐹𝑊𝑁𝑒𝑤)
Reboot (Secure Boot)
𝑀𝑎𝑛𝑖𝑓𝑒𝑠𝑡 𝑁𝑒𝑤
𝐹𝑊𝑉𝑁𝑒𝑤 (Firmware Version)
𝑆𝑖𝑔𝑛(𝑃𝑟𝑖𝐾𝐴𝑢𝑡ℎ𝑜𝑟, 𝐻(𝐹𝑊𝑁𝑒𝑤))
𝑆𝑖𝑔𝑛(𝑃𝑟𝑖𝐾𝐴𝑢𝑡ℎ𝑜𝑟, 𝐻(𝑀𝑎𝑛𝑖𝑓𝑒𝑠𝑡 𝑁𝑒𝑤))
Sign 𝐹𝑊 𝑁𝑒𝑤
MS500-iSE
eFuse
𝑆ℎ𝑑𝐾 𝐷𝑒𝑣𝑖𝑐𝑒
Flash
Private Section
𝐸(𝑆ℎ𝑑𝐾 𝐷𝑒𝑣𝑖𝑐𝑒, 𝐹𝑊𝑉𝐶𝑢𝑟)
𝐸(𝑆ℎ𝑑𝐾 𝐷𝑒𝑣𝑖𝑐𝑒, 𝐹𝑊𝑉𝑁𝑒𝑤)
𝑃𝑢𝑏𝐾𝐴𝑢𝑡ℎ𝑜𝑟
𝑆𝑖𝑔𝑛(𝑃𝑟𝑖𝐾𝐴𝑢𝑡ℎ𝑜𝑟 , 𝐻(𝐹𝑊𝐶𝑢𝑟))
𝑆𝑖𝑔𝑛(𝑃𝑟𝑖𝐾𝐴𝑢𝑡ℎ𝑜𝑟 , 𝐻(𝐹𝑊𝑁𝑒𝑤))
Public Section
𝑂𝑢𝑡𝑑𝑎𝑡𝑒𝑑 𝐹𝑊
𝑁𝑒𝑤 𝐹𝑊

10. - 10 - Kyung Hee University
Mobile Embedded System Lab.
Proposed System (5/6)
 Secure Communication
Message Exchange
SSL Handshake
MS500-iSE
(mbedTLS-based)
Server
(OpenSSL-based)
Hello message
Send 𝐶𝑒𝑟𝑡𝑖𝑓𝑖𝑐𝑎𝑡𝑒 𝑆𝑒𝑟𝑣𝑒𝑟
Send 𝐸(𝑃𝑢𝑏𝐾𝑆𝑒𝑟𝑣𝑒𝑟 , 𝑆ℎ𝑑𝐾𝑠𝑒𝑠𝑠𝑖𝑜𝑛)
Encrypted message (𝐸(𝑆ℎ𝑑𝐾𝑠𝑒𝑠𝑠𝑖𝑜𝑛, 𝐷𝑎𝑡𝑎) )
TCP/IP Connection
Extract 𝑃𝑢𝑏𝐾𝑆𝑒𝑟𝑣𝑒𝑟 in 𝐶𝑒𝑟𝑡𝑖𝑓𝑖𝑐𝑎𝑡𝑒 𝑆𝑒𝑟𝑣𝑒𝑟
Encrypt 𝑆ℎ𝑑𝐾𝑠𝑒𝑠𝑠𝑖𝑜𝑛 using 𝑃𝑢𝑏𝐾𝑆𝑒𝑟𝑣𝑒𝑟
Decrypt 𝐸(𝑃𝑢𝑏𝐾𝑆𝑒𝑟𝑣𝑒𝑟, 𝑆ℎ𝑑𝐾𝑠𝑒𝑠𝑠𝑖𝑜𝑛)
< Sequence diagram >
Server
OpenSSL-based service
𝑆ℎ𝑑𝐾𝑠𝑒𝑠𝑠𝑖𝑜𝑛
Storage
𝑃𝑟𝑖𝐾𝑆𝑒𝑟𝑣𝑒𝑟
𝐶𝑒𝑟𝑡𝑖𝑓𝑖𝑐𝑎𝑡𝑒 𝑆𝑒𝑟𝑣𝑒𝑟
Generate 𝑆ℎ𝑑𝐾𝑠𝑒𝑠𝑠𝑖𝑜𝑛
MS500-iSE
Flash
Public Section
𝐹𝑊
mbedTLS Library
SRAM
𝐶𝑒𝑟𝑡𝑖𝑓𝑖𝑐𝑎𝑡𝑒 𝑆𝑒𝑟𝑣𝑒𝑟
𝑆ℎ𝑑𝐾𝑠𝑒𝑠𝑠𝑖𝑜𝑛
𝑃𝑢𝑏𝐾𝑆𝑒𝑟𝑣𝑒𝑟

11. - 11 - Kyung Hee University
Mobile Embedded System Lab.
Proposed System (6/6)
 Remote Attestation
Device verification
Device provisioning
Attestation request (SSL Session)
MS500-iSE
Attestation
Server
Certificate
Authority
FW Author
𝑃𝑢𝑏𝐾𝐴𝑡𝑡𝑒𝑠𝑡
Publish 𝐶𝑒𝑟𝑡𝑖𝑓𝑖𝑐𝑎𝑡𝑒 𝐶𝐴
Generate Certificate
Send 𝐶𝑒𝑟𝑡𝑖𝑓𝑖𝑐𝑎𝑡𝑒𝑖𝑆𝐸, 𝑃𝑟𝑖𝐾𝐴𝑡𝑡𝑒𝑠𝑡
Request attestation
Decrypt 𝐸(𝑆ℎ𝑑𝐾 𝐷𝑒𝑣𝑖𝑐𝑒 , 𝑃𝑟𝑖𝐾𝐴𝑡𝑡𝑒𝑠𝑡)
Generate 𝐻( 𝐻 𝐹𝑊 ⊕ 𝐼𝐷 𝐷𝑒𝑣𝑖𝑐𝑒 )
Send 𝑃𝑢𝑏𝐾𝐴𝑡𝑡𝑒𝑠𝑡
Sign 𝐻 𝐻 𝐹𝑊 ⊕ 𝐼𝐷 𝐷𝑒𝑣𝑖𝑐𝑒 using 𝑃𝑟𝑖𝐾𝐴𝑡𝑡𝑒𝑠𝑡
Send 𝑆𝑖𝑔𝑛 𝑃𝑟𝑖𝐾𝐴𝑡𝑡𝑒𝑠𝑡, 𝐻 𝐻 𝐹𝑊 ⊕ 𝐼𝐷 𝐷𝑒𝑣𝑖𝑐𝑒 & 𝐶𝑒𝑟𝑡𝑖𝑓𝑖𝑐𝑎𝑡𝑒𝑖𝑆𝐸
Verify 𝐶𝑒𝑟𝑡𝑖𝑓𝑖𝑐𝑎𝑡𝑒𝑖𝑆𝐸
Decrypt 𝑆𝑖𝑔𝑛 𝑃𝑟𝑖𝐾𝐴𝑡𝑡𝑒𝑠𝑡, 𝐻 𝐻 𝐹𝑊 ⊕ 𝐼𝐷 𝐷𝑒𝑣𝑖𝑐𝑒
using 𝑃𝑢𝑏𝐾𝐴𝑡𝑡𝑒𝑠𝑡
Extract 𝑃𝑢𝑏𝐾𝐴𝑡𝑡𝑒𝑠𝑡 from 𝐶𝑒𝑟𝑡𝑖𝑓𝑖𝑐𝑎𝑡𝑒𝑖𝑆𝐸
Verify 𝐻 𝐻 𝐹𝑊 ⊕ 𝐼𝐷 𝐷𝑒𝑣𝑖𝑐𝑒
Success
MS500-iSE
eFuse
𝑆ℎ𝑑𝐾 𝐷𝑒𝑣𝑖𝑐𝑒
Flash
Private Section
𝐸(𝑆ℎ𝑑𝐾 𝐷𝑒𝑣𝑖𝑐𝑒 , 𝑃𝑟𝑖𝐾𝐴𝑡𝑡𝑒𝑠𝑡)
𝐶𝑒𝑟𝑡𝑖𝑓𝑖𝑐𝑎𝑡𝑒 𝐶𝐴
𝑃𝑢𝑏𝐾𝐴𝑡𝑡𝑒𝑠𝑡
𝑆𝑖𝑔𝑛 𝐶𝐴
𝐼𝐷 𝐷𝑒𝑣𝑖𝑐𝑒
Public Section
𝐹𝑊

12. - 12 - Kyung Hee University
Mobile Embedded System Lab.
Security Analysis (1/6)
 Security Threats
 Bootloader Replace Attack
 Firmware Replace Attack
 Rollback Attack
 Man in the Middle Attack

13. - 13 - Kyung Hee University
Mobile Embedded System Lab.
Security Analysis (2/6)
 Security Threats
 Bootloader Replace Attack
▶ Countermeasures) Secure Boot
MS500-iSE
𝐹𝑊𝐶𝑢𝑟𝑀𝑜𝑑𝑖𝑓𝑖𝑒𝑑 2 𝑛𝑑
𝐵𝐿1 𝑠𝑡
𝐵𝐿
Verify 2 𝑛𝑑 𝐵𝐿
( In: 2 𝑛𝑑 𝐵𝐿 𝑀𝐴𝐶, 𝑆ℎ𝑑𝐾 𝑃𝑙𝑎𝑡𝑓𝑜𝑟𝑚 )
Infected boot
( Halt boot process )

14. - 14 - Kyung Hee University
Mobile Embedded System Lab.
Security Analysis (3/6)
 Security Threats
 Firmware Replace Attack
▶ Countermeasures) Secure Boot, Remote Attestation
Verify 2 𝑛𝑑
𝐵𝐿
( In: 2 𝑛𝑑
𝐵𝐿 𝑀𝐴𝐶, 𝑆ℎ𝑑𝐾 𝑃𝑙𝑎𝑡𝑓𝑜𝑟𝑚 )
Transfer control to 2 𝑛𝑑
𝐵𝐿
Extract 𝑆𝑖𝑔𝑛(𝑃𝑟𝑖𝐾𝐴𝑢𝑡ℎ𝑜𝑟 , 𝐻(𝐹𝑊𝐶𝑢𝑟))
( referring to 𝑃𝑢𝑏𝐾𝐴𝑢𝑡ℎ𝑜𝑟)
Compute 𝐻(𝐹𝑊)
MS500-iSE
𝑀𝑜𝑑𝑖𝑓𝑖𝑒𝑑 𝐹𝑊2 𝑛𝑑 𝐵𝐿1 𝑠𝑡 𝐵𝐿
Infected boot
( Halt boot process )
Verify 𝐹𝑊
( Compare 𝐻(𝐹𝑊) and 𝐻(𝐹𝑊𝐶𝑢𝑟) )
MS500-iSE
(Infected FW)
Attestation
Server
Device verification
Attestation request (SSL Session)
Request attestation
Decrypt 𝐸(𝑆ℎ𝑑𝐾 𝐷𝑒𝑣𝑖𝑐𝑒 , 𝑃𝑟𝑖𝐾𝐴𝑡𝑡𝑒𝑠𝑡)
Generate 𝐻( 𝐻 𝐼𝑛𝑓𝑒𝑐𝑡𝑒𝑑 𝐹𝑊 ⊕ 𝐼𝐷 𝐷𝑒𝑣𝑖𝑐𝑒 )
Validate 𝐶𝑒𝑟𝑡𝑖𝑓𝑖𝑐𝑎𝑡𝑒𝑖𝑆𝐸 with CA
Extract 𝑃𝑢𝑏𝐾𝐴𝑡𝑡𝑒𝑠𝑡 from 𝐶𝑒𝑟𝑡𝑖𝑓𝑖𝑐𝑎𝑡𝑒𝑖𝑆𝐸
Verify 𝐻 𝐻 𝐹𝑊 ⊕ 𝐼𝐷 𝐷𝑒𝑣𝑖𝑐𝑒
Verification failure
Send 𝑆𝑖𝑔𝑛 𝑃𝑟𝑖𝐾𝐴𝑡𝑡𝑒𝑠𝑡, 𝐻 𝐻 𝐼𝑛𝑓𝑒𝑐𝑡𝑒𝑑 𝐹𝑊 ⊕ 𝐼𝐷 𝐷𝑒𝑣𝑖𝑐𝑒
& 𝐶𝑒𝑟𝑡𝑖𝑓𝑖𝑐𝑎𝑡𝑒𝑖𝑆𝐸

15. - 15 - Kyung Hee University
Mobile Embedded System Lab.
Security Analysis (4/6)
 Security Threats
 Firmware Replace Attack (Using Unauthorized FW Updater)
▶ Countermeasures) Secure Firmware Update
MS500-iSE Storage
(unauthorized)
Query 𝑀𝑎𝑛𝑖𝑓𝑒𝑠𝑡 𝐶𝑢𝑟
Send 𝑀𝑎𝑛𝑖𝑓𝑒𝑠𝑡 𝑁𝑒𝑤
Validate 𝑀𝑎𝑛𝑖𝑓𝑒𝑠𝑡 𝑁𝑒𝑤
referring to 𝑆𝑖𝑔𝑛(𝑃𝑟𝑖𝐾𝐴𝑢𝑡ℎ𝑜𝑟, 𝐻 𝑀𝑎𝑛𝑖𝑓𝑒𝑠𝑡 𝑁𝑒𝑤 )
Decrypt 𝑆𝑖𝑔𝑛(𝑃𝑟𝑖𝐾𝐴𝑢𝑡ℎ𝑜𝑟, 𝐻(𝑀𝑎𝑛𝑖𝑓𝑒𝑠𝑡 𝑁𝑒𝑤))
Request 𝐹𝑊𝑁𝑒𝑤
Send 𝑆𝑖𝑔𝑛(𝑃𝑟𝑖𝐾𝐴𝑢𝑡ℎ𝑜𝑟, 𝐹𝑊𝑈𝑛𝑎𝑢𝑡ℎ𝑜𝑟𝑖𝑧𝑒𝑑)
Decrypt 𝑆𝑖𝑔𝑛(𝑃𝑟𝑖𝐾𝐴𝑢𝑡ℎ𝑜𝑟 , 𝐹𝑊𝑈𝑛𝑎𝑢𝑡ℎ𝑜𝑟𝑖𝑧𝑒𝑑)
Block update process
Validate 𝐹𝑊𝑁𝑒𝑤 and 𝐹𝑊𝑉𝑁𝑒𝑤
referring to 𝑆𝑖𝑔𝑛(𝑃𝑟𝑖𝐾𝐴𝑢𝑡ℎ𝑜𝑟, 𝐻(𝐹𝑊𝑁𝑒𝑤))  failed

16. - 16 - Kyung Hee University
Mobile Embedded System Lab.
Security Analysis (5/6)
 Security Threats
 Rollback Attack
▶ Countermeasures) Secure Firmware Update
MS500-iSE Storage
(outdated FW)
Query 𝑀𝑎𝑛𝑖𝑓𝑒𝑠𝑡 𝐶𝑢𝑟
Send 𝑀𝑎𝑛𝑖𝑓𝑒𝑠𝑡 𝑂𝑙𝑑
Validate 𝑀𝑎𝑛𝑖𝑓𝑒𝑠𝑡 𝑂𝑙𝑑
referring to 𝑆𝑖𝑔𝑛(𝑃𝑟𝑖𝐾𝐴𝑢𝑡ℎ𝑜𝑟, 𝑀𝑎𝑛𝑖𝑓𝑒𝑠𝑡 𝑂𝑙𝑑)
Decrypt 𝑆𝑖𝑔𝑛(𝑃𝑟𝑖𝐾𝐴𝑢𝑡ℎ𝑜𝑟, 𝐻(𝑀𝑎𝑛𝑖𝑓𝑒𝑠𝑡 𝑂𝑙𝑑))
Request 𝐹𝑊𝑁𝑒𝑤
Send 𝑆𝑖𝑔𝑛(𝑃𝑟𝑖𝐾𝐴𝑢𝑡ℎ𝑜𝑟 , 𝐹𝑊𝑂𝑙𝑑)
Decrypt 𝑆𝑖𝑔𝑛(𝑃𝑟𝑖𝐾𝐴𝑢𝑡ℎ𝑜𝑟 , 𝐹𝑊𝑂𝑙𝑑)
Validate 𝐹𝑊𝑂𝑙𝑑 and 𝐹𝑊𝑉𝑂𝑙𝑑
Referring to 𝐸(𝑆ℎ𝑑𝐾 𝐷𝑒𝑣𝑖𝑐𝑒, 𝐹𝑊𝑉𝐶𝑢𝑟)  failed
Block update process

17. - 17 - Kyung Hee University
Mobile Embedded System Lab.
Security Analysis (6/6)
 Security Threats
 Man in the Middle Attack
▶ Countermeasures) Remote Attestation
MS500-iSE
(Malicious FW)
Attestation
Server
Attestation request (SSL Session)
Request attestation
Decrypt 𝐸(𝑆ℎ𝑑𝐾 𝐷𝑒𝑣𝑖𝑐𝑒 , 𝑃𝑟𝑖𝐾𝐴𝑡𝑡𝑒𝑠𝑡)
Generate 𝐻( 𝐻 𝑚𝑎𝑙𝑖𝑐𝑖𝑜𝑢𝑠 𝐹𝑊 ⊕ 𝐼𝐷 𝐷𝑒𝑣𝑖𝑐𝑒 )
Sign 𝐻 𝐻 𝑚𝑎𝑙𝑖𝑐𝑖𝑜𝑢𝑠 𝐹𝑊 ⊕ 𝐼𝐷 𝐷𝑒𝑣𝑖𝑐𝑒 using 𝑃𝑟𝑖𝐾𝐴𝑡𝑡𝑒𝑠𝑡
Send 𝑆𝑖𝑔𝑛 𝑃𝑟𝑖𝐾𝐴𝑡𝑡𝑒𝑠𝑡, 𝐻 𝐻 𝑚𝑎𝑙𝑖𝑐𝑖𝑜𝑢𝑠 𝐹𝑊 ⊕ 𝐼𝐷 𝐷𝑒𝑣𝑖𝑐𝑒 & 𝐶𝑒𝑟𝑡𝑖𝑓𝑖𝑐𝑎𝑡𝑒𝑖𝑆𝐸
Device verification
Validate 𝐶𝑒𝑟𝑡𝑖𝑓𝑖𝑐𝑎𝑡𝑖𝑆𝐸 with CA
Invalid certificate
(Verification failure)
Intruder
(Attacker)
SSL Session
Request attestation
SSL Session
Send 𝑆𝑖𝑔𝑛 𝑃𝑟𝑖𝐾𝐴𝑡𝑡𝑎𝑐𝑘𝑒𝑟, 𝐻 𝐻 𝐹𝑊 ⊕ 𝐼𝐷 𝐷𝑒𝑣𝑖𝑐𝑒 & 𝐶𝑒𝑟𝑡𝑖𝑓𝑖𝑐𝑎𝑡𝑒 𝐴𝑡𝑡𝑎𝑐𝑘𝑒𝑟

18. - 18 - Kyung Hee University
Mobile Embedded System Lab.
Conclusion
 Conclusion
 Propose to necessity IoT device security platform based on
integrated security SoC
 Design and analyze security functions
 Future works
 Implement IoT device security platform based on integrated security
SoC
 Verify security functions
 Compare and analyze with security IoT device platform using
HSM(Hardware Security Module; TPM, SE)

19. - 19 - Kyung Hee University
Mobile Embedded System Lab.
QnA

20. - 20 - Kyung Hee University
Mobile Embedded System Lab.
Thank you