SlideShare a Scribd company logo

Hardwar based Security of Systems

Jamal Jamali
Jamal Jamali

Hardwar based Security of Systems

Technology
1 of 14
Assignment#3: Hardwar based Security S-Name: NIK JAMAL CMS: 25994 OPTIGA™ EASY TO USE, RELIABLE EMBEDDED SECURITY SOLUTIONS FOR IoT APPLICATIONS Infineon`s OPTIGA™ family of security solutions is designed for easy integration into embedded systems to protect the confidentiality, integrity and authenticity of information and devices. These hardware-based security solutions scale from basic authentication chips to sophisticated implementations and are used in a wide range of embedded applications ranging from consumer to industrial applications. Designed by the leading provider of embedded security solutions, Infineon`s OPTIGA™ combines sophisticated and strong security with ease of use and wide range implementation support for the customer. With OPTIGA™ customers get the full package consisting of the security chips with an operating system as well as libraries for the host controller which makes it easy to get started with IoT security right away. Additionally, customized implementation consulting and dedicated security concepts for specific applications are available through the Infineon Security Partner Network (ISPN). 1. OPTIGATM TPM FAMILY – SLB 96XX  Key Features  Standardized security controller  TCG certified products  Products with TPM 1.2 and 2.0  Standard & extended temperature range (-40...85°C)  Firmware upgrades capability  SPI, I2C & LPC interface  VQFN-32 & TSSOP-28 package  CC and FIPS certification  Customer Values  Innovative security solutions provided by the market leader  High confidence level based on Common Criteria certification  Easy integration based on standardization  Applications • Notebooks/PCs/tablets/severs • Network systems and boards • Industrial automation • Home automation • Automotive
1.1.OPTIGATM TRUST B SLE95250  Key features  Strong cost efficient asymmetric cryptography with ECC 131-bit key length  Turnkey solution including host-side software for easy integration  512 bit user NVM  Easy-to-implement single-wire host interface  Life span counter for original parts  OPTIGA™ Digital Certificate (ODC) with device personalization (unique key pair per chip)  Size-optimized TSNP-6-9 package (1.1 x 1.5 mm)  Customer value  Lower system costs due to single-chip solution  Increased security with asymmetric cryptography and chip-individual keys  Easy integration thanks to full turnkey design  Applications  Battery authentication  IoT edge devices  IP & PCB design protection  Consumer accessories  Original replacement parts  Medical & diagnostic equipment
1.2 OPTIGATM TRUST E SLS 32AIA  Key features  Advanced security controller  Turnkey solution  Full system integration support  PC interface  Up to 3 K byte user memory  ECC 256 bit, SHA-256  Compliant with new USB Type-C standard  Standard & extended temperature range (-40...85 °C)  USON-10 package (3 x 3 mm)  Customer values  Protection of IP and data  Protection of business cases  Protection of company image  Safeguarding of quality and safety  Applications  Internet of things (IoT)  Industrial control and automation  Medical devices  Consumer electronics
 Smart home  PKI networks 1.3. OPTIGATM TRUST P SLJ 52ACA  Key features  High-end security controller with advanced cryptographic algorithms implemented in hardware (ECC521, RSA2048, TDES, AES)  Common Criteria EAL 5+ (high) certification  Programmable Java Card operating system with reference applets for a variety of use cases and host-side support  150 KB user memory  Small footprint VQFN-32 SMD package (5 x 5 mm)  ISO 7816 UART interface  Customer value  Confidence in a secured and certified solution  Increased flexibility based on programmable solution with reference applets to simplify customization and integration  Protection of system integrity, communication and data  Applications  Industrial control system
 Energy generation & distribution systems  Healthcare equipment & networks  Consumer electronics  Home security & automation  Network applications
DEEPCOVER SOLUTIONS FOR EMBEDDED SECURITY  Counterfeiting  Hardware or software IP reverse engineering  Malware injection or firmware substitution  Eavesdropping  Identity theft  Unauthorized network connection  Unauthorized re-use Secure device authentication, secure boot, and encryption are the answers to these attacks. DeepCover® Secure Authenticators and DeepCover Secure Microcontrollers incorporate these techniques to ensure your platforms are trustworthy. Trusted platforms, IP protection, secure download, and secure communication are the most frequent requirements for IoT node security. Table 1 maps our DeepCover solutions to common IoT needs.
DEEPCOVER SECURE AUTHENTICATORS Secure Authenticators provide a core set of fixed-function crypto operations, secure key storage, and numerous supplemental feature options including: secure download/ boot processing, protected nonvolatile memory for end application use, secure GPIO, decrement-only counters, session key generation, true random number source, and encrypted R/W of stored data. In addition to cryptographic strength, all devices provide advanced physical protection to address malicious die-level security attacks. As the inventor of the revolutionary 1-Wire® interface, Maxim is a leader in the development of devices that connect to nontraditional form-factors such as printer cartridges, medical disposables and battery packs.  Secure Authenticator Applications Maxim’s secure authentication solutions solve a wide range of security issues including:  Common Application Requirements  Product Quality/Safety  Counterfeit Prevention  Secure Download/Boot  Use/Feature Control  IoT Device Integrity/Authenticity  Solved with Targeted Product Features  Bidirectional Authentication  Secure System Data Storage  Secure Use Counting  System Session Key Generation  Secure Memory Settings  Secure GPIO  Random Number Source  IoT Device Integrity/Authenticity
NXP – SECURE CONNECTIONS FOR A SMARTER WORLD. Security is a race in the internet of things (IoT) and staying ahead is a major challenge. We know security is an increasingly critical part of the connected solutions you use and design. Identity theft is at an all-time high. Data privacy concerns are arising on pace with the growth of connected devices. And newly-connected command and control systems present attractive targets for hackers. We’re here to help you. NXP is the global leader in security solutions for personal identification, contactless payment, authentication, data transport and application processing. Our secure element – a specific integrated circuit for handling and storing secured data – features non-volatile memory, a security CPU and crypto coprocessor, and additional security measures, to offer you the ultimate protection against tampering and attack. Secure designs – from the end node to the network to the cloud We secure more types of end equipment than any other company in the world. From the edge of the network to the gateway to the cloud, our broad portfolio of secure microcontrollers, high performance multicore communications processors, applications processors, middleware and software ensures the devices you design and use are protected. Our decades-long investment and expertise in security make us the partner of choice for determining the security requirements of your next project. How NXP helps you with your security and privacy needs You don’t have to sacrifice performance to add security, either. Our QorIQ processors integrate crypto acceleration that allows you to develop secure connections without a performance penalty for the world’s new virtualized networks – ranging from the wireless infrastructure to the smart grid to the home. And as the leader in security ICs, we allow you to choose from a complete range of ICs for smart cards, tags, labels and readers featuring many coprocessor, security, and memory and interface options. We address all your needs, from low-cost smart label ICs for high-volume supply chain management applications through to our next generation 32-bit-smartcomputing platform for powerful multi-application smart cards. NXP’S PILLARS OF SECURITY Trust - The assurance that only access from a reliable source will occur  Code I/P Protection  Internal Memory Protection  External Memory Protection  Debug Port Protection  Authentication  Software Updates  Device Verification  Secure Boot Cryptography - The science of protecting data through encoding and decoding  Symmetric Encryption  DES/DES3, AES  Asymmetric Encryption  RSA, ECC  Hashing  CRC, MD5, SHA  True Random Number Generation  Security Protocols  SSL, HomeKit, Thread Tamper Resistance - Proactive monitoring of physical and environmental systemattacks
 Tamper Detection  Physical  Enclosure Intrusion  Drilling and Probing  Environmental  Voltage  Temperature  Frequency  Secure Storage Introduction C29x family The Freescale C29x crypto coprocessorfamily consists of 3 high performance crypto co- processors optimized for public key operations. Public key algorithms such as RSA, Diffie Hellman, and Elliptic Curve Cryptography (ECC) are the basis of digital signature and key exchange protocols that make secure transactions possible. By providing public key acceleration, C29x enables network and data center infrastructure to handle the increasing rates of public key operations driven by IKE, SSL, DNSSEC, and secure BGP while simultaneously supporting the longer key lengths mandated for modern encryption. Longer key lengths are a
significant performance issue. The United States (NIST) recommends replacing RSA 1024b keys with 2048b keys all together by 2013. Doubling the length of a RSA key increases the computational complexity by 5x or more. If a system needs thousands of transactions per second or more, using C29x for public key offload is the most costeffective means of meeting requirements. Many modern multi-core SoCs, including those offered by Freescale, offer cryptographic acceleration, however the crypto hardware is oriented toward bulk encryption performance. The performance level of the integrated public key acceleration is generally sufficient for applications with modest session establishment requirements, but Web 2.0 systems such as application delivery controllers, network admission controlappliances and remote access gateways must deal with far more connections per second, and integrated public key acceleration becomes a performance bottleneck. C29x complements integrated bulk encryption acceleration, while allowing these different cryptographic functions to scale independently. While primarily targeted toward public key operations, C29x does offer bulk encryption and hashing, including security header and trailer processingfor IPsec and SSL. This productbrief provides an overview of the Freescale C29x family of crypto coprocessor features, and examples of C29x usage. The C29x family devices are designed for the following two primary use cases: • Public key calculator • Secure key management module 1. Public key calculator The most obvious use of a cryptographic coprocessoroptimized for public key operations is to off-load public key operations from a host CPU. When operating in this mode, C29x connects to the hostvia PCIe, with C29x requiring no external memory; neither NVRAM nor DDR, and generally no peripheral ICs. The host handles packet Rx and Tx functions, classification, protocoltermination, and so on, and defines the operations it wants C29x to perform via
descriptors. In addition to public key operations, C29x can also supportbulk encryption and hashing, including security header and trailer processingfor IPsec and SSL. 2. Secure key management module In addition to performing cryptographic acceleration using keys managed by the external host, the C29x can also use keys that are protected even from the host. This use case leverages the Trust Architecture, first introduced in the Freescale QorIQ communication processorfamily. The Trust Architecture gives the C29x secure bootand secure storage capability, insuring that factory loaded keys can only be decrypted and used by the C29x when the C29x is executing trusted software. Tamper detection and secure debug round out the Trust Architecture feature set. A more complete description of the Trust Architecture can be found in Freescale's white paper: An Introduction to the QorIQ Platform's Trust Architecture. As shown in the following figure, when operating as a secure key management module, the C29x is a processing subsystem, complete with its own non-volatile memory, DDR, and optionally Ethernet interfaces to either the external world or as a connection to the host. C29x can also be connected to the hostvia PCIe. 3. C29x family and Features C29xfamily consists of 3 family members; the C291, C292, and C293. All devices are pin compatible. A logical block diagram of the highest performing family member, C293, is shown below.
4. Features Common features of C29x products include:  CPU and cache complex  32b e500v2 Power Architecture® core  32KB I and D caches • 512 KB L2 cache  Hardware cache coherency  512KB platform SRAM  Up to three SEC (Security Engine) accelerator block(s)  One PCIe Gen 2.0 controller  x1, x2, x4  Main memory interface (optionally disabled in PK calculator use case)  16/32-bit DDR3/3L controller with ECC  Supports up to 4GBytes main memory in single bank  Dual-stacked and quad-stacked DDR devices also supported  Additional memory interfaces (optionally disabled in PK calculator use case)  Integrated flash controller  Supporting NOR and NAND (SLC and MLC) flash interfaces  Maximum of 8 banks, with a maximum of 256 MB of system memory mapped on each bank  Enhanced secure digital host controller (SD/MMC) which can be used for booting device using on chip ROM  Network interfaces (disabled in PK Calculator use case)  Two enhanced three speed Ethernet controller (eTSEC) supporting 10/100/1000Mbps  Supports RGMII/RMII interfaces  Trust architecture, supporting;  Secure boot  Secure debug  Tamper detection  Provisioning with one time programmable fuses  Hardware secret key protection  Option for battery backed secret key  Memory and register Access Control  Only supported in secure key management module use case NVRAM  Slow speed interfaces (optionally disabled in PK calculator use case)  Dual I2C controllers
 SPI controller used for booting with internal ROM, supporting Atmel Rapid-S and Winbond dual read interface  Two UARTs  64-bit GPIO  Additional logic  Programmable Interrupt Controller  One four channel DMA  Power Management supporting following modes  e500v2 modes  Sleep: core clock off, snooping off, cache flushed, clock to selected blocks switched off  Nap: core logic idle, no snoops  Doze: Core logic idle  Software transparent clock gating of SoC logic  Static disable of logic blocks, including SEC 1 and SEC 2  Package  783 pin FC-PBGA  29x29mm, 1.0mm pitch Reference [1] https://www.maximintegrated.com/deepcover [2] www.ebv.com /Security Selection Guide /

Recommended

Hardware Security
Hardware SecurityHardware Security
Hardware Security
Mani Rathnam
 
Hardware security
Hardware securityHardware security
Hardware security
RajKumar4943
 
Hardware, and Trust Security: Explain it like I’m 5!
Hardware, and Trust Security: Explain it like I’m 5!Hardware, and Trust Security: Explain it like I’m 5!
Hardware, and Trust Security: Explain it like I’m 5!Teddy Reed
 
Introduction of computer security
Introduction of computer securityIntroduction of computer security
Introduction of computer security
SoundaryaB2
 
Right-sized security for IoT - ARM
Right-sized security for IoT - ARMRight-sized security for IoT - ARM
Right-sized security for IoT - ARM
Phil Hughes
 
IoT Cyber+Physical+Social Engineering Attack Security (v0.1.6 / sep2020)
IoT Cyber+Physical+Social Engineering Attack Security (v0.1.6 / sep2020)IoT Cyber+Physical+Social Engineering Attack Security (v0.1.6 / sep2020)
IoT Cyber+Physical+Social Engineering Attack Security (v0.1.6 / sep2020)
mike parks
 
Development of security architecture
Development of security architectureDevelopment of security architecture
Development of security architectureImran Khan
 
Preventing Stealthy Threats with Next Generation Endpoint Security
Preventing Stealthy Threats with Next Generation Endpoint SecurityPreventing Stealthy Threats with Next Generation Endpoint Security
Preventing Stealthy Threats with Next Generation Endpoint Security
Intel IT Center
 

Recommended

Hardware Security
Hardware SecurityHardware Security
Hardware Security
Mani Rathnam
 
Hardware security
Hardware securityHardware security
Hardware security
RajKumar4943
 
Hardware, and Trust Security: Explain it like I’m 5!
Hardware, and Trust Security: Explain it like I’m 5!Hardware, and Trust Security: Explain it like I’m 5!
Hardware, and Trust Security: Explain it like I’m 5!Teddy Reed
 
Introduction of computer security
Introduction of computer securityIntroduction of computer security
Introduction of computer security
SoundaryaB2
 
Right-sized security for IoT - ARM
Right-sized security for IoT - ARMRight-sized security for IoT - ARM
Right-sized security for IoT - ARM
Phil Hughes
 
IoT Cyber+Physical+Social Engineering Attack Security (v0.1.6 / sep2020)
IoT Cyber+Physical+Social Engineering Attack Security (v0.1.6 / sep2020)IoT Cyber+Physical+Social Engineering Attack Security (v0.1.6 / sep2020)
IoT Cyber+Physical+Social Engineering Attack Security (v0.1.6 / sep2020)
mike parks
 
Development of security architecture
Development of security architectureDevelopment of security architecture
Development of security architectureImran Khan
 
Preventing Stealthy Threats with Next Generation Endpoint Security
Preventing Stealthy Threats with Next Generation Endpoint SecurityPreventing Stealthy Threats with Next Generation Endpoint Security
Preventing Stealthy Threats with Next Generation Endpoint Security
Intel IT Center
 
Firewall Architecture
Firewall Architecture Firewall Architecture
Firewall Architecture
Yovan Chandel
 
Cyber Securing Physical Security May 2015
Cyber Securing Physical Security May 2015Cyber Securing Physical Security May 2015
Cyber Securing Physical Security May 2015
mauimarketing
 
IoT security-arrow-roadshow #iotconfua
IoT security-arrow-roadshow #iotconfuaIoT security-arrow-roadshow #iotconfua
IoT security-arrow-roadshow #iotconfua
Andy Shutka
 
Cyber tooth briefing
Cyber tooth briefingCyber tooth briefing
Cyber tooth briefing
Andrew Sispoidis
 
Coud discovery chap 5
Coud discovery chap 5Coud discovery chap 5
Coud discovery chap 5
Alain Charpentier
 
Network security and firewalls
Network security and firewallsNetwork security and firewalls
Network security and firewalls
Murali Mohan
 
Firewall
FirewallFirewall
Firewall
reddivarihareesh
 
6. Cybersecurity for Industrial Ethernet - Dr Paul Comerford
6. Cybersecurity for Industrial Ethernet - Dr Paul Comerford6. Cybersecurity for Industrial Ethernet - Dr Paul Comerford
6. Cybersecurity for Industrial Ethernet - Dr Paul Comerford
PROFIBUS and PROFINET InternationaI - PI UK
 
Firewall
FirewallFirewall
Firewall
Muhammad Sohaib Afzaal
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentationyogendrasinghchahar
 
ICS Security 101 by Sandeep Singh
ICS Security 101 by Sandeep SinghICS Security 101 by Sandeep Singh
ICS Security 101 by Sandeep Singh
OWASP Delhi
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentation
TayabaZahid
 
White Paper - Thought Leadership - SaaS - Nick Mears - Columbus - Ohio
White Paper - Thought Leadership - SaaS - Nick Mears - Columbus - OhioWhite Paper - Thought Leadership - SaaS - Nick Mears - Columbus - Ohio
White Paper - Thought Leadership - SaaS - Nick Mears - Columbus - OhioNick Mears
 
Brochure Imperva Vormetric
Brochure Imperva VormetricBrochure Imperva Vormetric
Brochure Imperva Vormetric
Michelle Guerrero Montalvo
 
July132000
July132000July132000
July132000CTIN
 
Intrusion prevention system(ips)
Intrusion prevention system(ips)Intrusion prevention system(ips)
Intrusion prevention system(ips)
Papun Papun
 
Protect data effectively with endpoint encryption & data leak prevention
Protect data effectively with endpoint encryption & data leak preventionProtect data effectively with endpoint encryption & data leak prevention
Protect data effectively with endpoint encryption & data leak prevention
Adi Saputra
 
IT security solutions
IT security solutionsIT security solutions
IT security solutions
Mechsoft Technologies LLC
 
Firewall architectures
Firewall architecturesFirewall architectures
Firewall architectures
Arun Mahajan
 
Firewall
FirewallFirewall
Firewall
Sami Bacha
 
ICC Networking Data Security
ICC Networking Data SecurityICC Networking Data Security
ICC Networking Data Security
International Communications Corporation
 
ICC Networking Data Security
ICC Networking Data SecurityICC Networking Data Security
ICC Networking Data Security
International Communications Corporation
 

More Related Content

What's hot

Firewall Architecture
Firewall Architecture Firewall Architecture
Firewall Architecture
Yovan Chandel
 
Cyber Securing Physical Security May 2015
Cyber Securing Physical Security May 2015Cyber Securing Physical Security May 2015
Cyber Securing Physical Security May 2015
mauimarketing
 
IoT security-arrow-roadshow #iotconfua
IoT security-arrow-roadshow #iotconfuaIoT security-arrow-roadshow #iotconfua
IoT security-arrow-roadshow #iotconfua
Andy Shutka
 
Cyber tooth briefing
Cyber tooth briefingCyber tooth briefing
Cyber tooth briefing
Andrew Sispoidis
 
Coud discovery chap 5
Coud discovery chap 5Coud discovery chap 5
Coud discovery chap 5
Alain Charpentier
 
Network security and firewalls
Network security and firewallsNetwork security and firewalls
Network security and firewalls
Murali Mohan
 
Firewall
FirewallFirewall
Firewall
reddivarihareesh
 
6. Cybersecurity for Industrial Ethernet - Dr Paul Comerford
6. Cybersecurity for Industrial Ethernet - Dr Paul Comerford6. Cybersecurity for Industrial Ethernet - Dr Paul Comerford
6. Cybersecurity for Industrial Ethernet - Dr Paul Comerford
PROFIBUS and PROFINET InternationaI - PI UK
 
Firewall
FirewallFirewall
Firewall
Muhammad Sohaib Afzaal
 
ICS Security 101 by Sandeep Singh
ICS Security 101 by Sandeep SinghICS Security 101 by Sandeep Singh
ICS Security 101 by Sandeep Singh
OWASP Delhi
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentation
TayabaZahid
 
White Paper - Thought Leadership - SaaS - Nick Mears - Columbus - Ohio
White Paper - Thought Leadership - SaaS - Nick Mears - Columbus - OhioWhite Paper - Thought Leadership - SaaS - Nick Mears - Columbus - Ohio
White Paper - Thought Leadership - SaaS - Nick Mears - Columbus - OhioNick Mears
 
Brochure Imperva Vormetric
Brochure Imperva VormetricBrochure Imperva Vormetric
Brochure Imperva Vormetric
Michelle Guerrero Montalvo
 
July132000
July132000July132000
July132000CTIN
 
Intrusion prevention system(ips)
Intrusion prevention system(ips)Intrusion prevention system(ips)
Intrusion prevention system(ips)
Papun Papun
 
Protect data effectively with endpoint encryption & data leak prevention
Protect data effectively with endpoint encryption & data leak preventionProtect data effectively with endpoint encryption & data leak prevention
Protect data effectively with endpoint encryption & data leak prevention
Adi Saputra
 
IT security solutions
IT security solutionsIT security solutions
IT security solutions
Mechsoft Technologies LLC
 
Firewall architectures
Firewall architecturesFirewall architectures
Firewall architectures
Arun Mahajan
 
Firewall
FirewallFirewall
Firewall
Sami Bacha
 

What's hot (20)

Firewall Architecture
Firewall Architecture Firewall Architecture
Firewall Architecture
 
Cyber Securing Physical Security May 2015
Cyber Securing Physical Security May 2015Cyber Securing Physical Security May 2015
Cyber Securing Physical Security May 2015
 
IoT security-arrow-roadshow #iotconfua
IoT security-arrow-roadshow #iotconfuaIoT security-arrow-roadshow #iotconfua
IoT security-arrow-roadshow #iotconfua
 
Cyber tooth briefing
Cyber tooth briefingCyber tooth briefing
Cyber tooth briefing
 
Coud discovery chap 5
Coud discovery chap 5Coud discovery chap 5
Coud discovery chap 5
 
Network security and firewalls
Network security and firewallsNetwork security and firewalls
Network security and firewalls
 
Firewall
FirewallFirewall
Firewall
 
6. Cybersecurity for Industrial Ethernet - Dr Paul Comerford
6. Cybersecurity for Industrial Ethernet - Dr Paul Comerford6. Cybersecurity for Industrial Ethernet - Dr Paul Comerford
6. Cybersecurity for Industrial Ethernet - Dr Paul Comerford
 
Firewall
FirewallFirewall
Firewall
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentation
 
ICS Security 101 by Sandeep Singh
ICS Security 101 by Sandeep SinghICS Security 101 by Sandeep Singh
ICS Security 101 by Sandeep Singh
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentation
 
White Paper - Thought Leadership - SaaS - Nick Mears - Columbus - Ohio
White Paper - Thought Leadership - SaaS - Nick Mears - Columbus - OhioWhite Paper - Thought Leadership - SaaS - Nick Mears - Columbus - Ohio
White Paper - Thought Leadership - SaaS - Nick Mears - Columbus - Ohio
 
Brochure Imperva Vormetric
Brochure Imperva VormetricBrochure Imperva Vormetric
Brochure Imperva Vormetric
 
July132000
July132000July132000
July132000
 
Intrusion prevention system(ips)
Intrusion prevention system(ips)Intrusion prevention system(ips)
Intrusion prevention system(ips)
 
Protect data effectively with endpoint encryption & data leak prevention
Protect data effectively with endpoint encryption & data leak preventionProtect data effectively with endpoint encryption & data leak prevention
Protect data effectively with endpoint encryption & data leak prevention
 
IT security solutions
IT security solutionsIT security solutions
IT security solutions
 
Firewall architectures
Firewall architecturesFirewall architectures
Firewall architectures
 
Firewall
FirewallFirewall
Firewall
 

Similar to Hardwar based Security of Systems

ICC Networking Data Security
ICC Networking Data SecurityICC Networking Data Security
ICC Networking Data Security
International Communications Corporation
 
ICC Networking Data Security
ICC Networking Data SecurityICC Networking Data Security
ICC Networking Data Security
International Communications Corporation
 
Removing Security Roadblocks to IoT Deployment Success
Removing Security Roadblocks to IoT Deployment SuccessRemoving Security Roadblocks to IoT Deployment Success
Removing Security Roadblocks to IoT Deployment Success
Microsoft Tech Community
 
CipherLoc_OverviewBrochure (1)
CipherLoc_OverviewBrochure (1)CipherLoc_OverviewBrochure (1)
CipherLoc_OverviewBrochure (1)Michael DeLaGarza
 
Secure channels main deck
Secure channels main deckSecure channels main deck
Secure channels main deck
Richard Blech
 
Z111806 strengthen-security-sydney-v1910a
Z111806 strengthen-security-sydney-v1910aZ111806 strengthen-security-sydney-v1910a
Z111806 strengthen-security-sydney-v1910a
Tony Pearson
 
Cyber security
Cyber securityCyber security
Cyber security
Aman Pradhan
 
CDE Marketplace: SQR Systems
CDE Marketplace: SQR SystemsCDE Marketplace: SQR Systems
CDE Marketplace: SQR Systems
Defence and Security Accelerator
 
How PUF Technology is Securing Io
How PUF Technology is Securing IoHow PUF Technology is Securing Io
How PUF Technology is Securing Io
Abacus Technologies
 
Internet of things security "Hardware Security"
Internet of things security "Hardware Security"Internet of things security "Hardware Security"
Internet of things security "Hardware Security"
Ahmed Mohamed Mahmoud
 
Strengthen your security posture! Getting started with IBM Z Pervasive Encryp...
Strengthen your security posture! Getting started with IBM Z Pervasive Encryp...Strengthen your security posture! Getting started with IBM Z Pervasive Encryp...
Strengthen your security posture! Getting started with IBM Z Pervasive Encryp...
Tony Pearson
 
Z110932 strengthen-security-jburg-v1909c
Z110932 strengthen-security-jburg-v1909cZ110932 strengthen-security-jburg-v1909c
Z110932 strengthen-security-jburg-v1909c
Tony Pearson
 
Come gestire l'encryption dei dati con SKLM
Come gestire l'encryption dei dati con SKLMCome gestire l'encryption dei dati con SKLM
Come gestire l'encryption dei dati con SKLM
Luigi Perrone
 
Intel software guard extension
Intel software guard extensionIntel software guard extension
Intel software guard extension
DESMOND YUEN
 
Review on AES Algorithm Based Secure Data Transmission for Wireless Sensor Ne...
Review on AES Algorithm Based Secure Data Transmission for Wireless Sensor Ne...Review on AES Algorithm Based Secure Data Transmission for Wireless Sensor Ne...
Review on AES Algorithm Based Secure Data Transmission for Wireless Sensor Ne...
EECJOURNAL
 
Block Armour Brochure
Block Armour BrochureBlock Armour Brochure
Block Armour Brochure
Block Armour
 
Block Armour Brochure
Block Armour BrochureBlock Armour Brochure
Block Armour Brochure
Floyd DCosta
 
Cryptographysecurity 1222867498937700-9
Cryptographysecurity 1222867498937700-9Cryptographysecurity 1222867498937700-9
Cryptographysecurity 1222867498937700-9
muthulx
 
M I Dentity 3 G 040111
M I Dentity 3 G 040111M I Dentity 3 G 040111
M I Dentity 3 G 040111
Jan Vekemans
 
What i learned at gartner summit 2019
What i learned at gartner summit 2019What i learned at gartner summit 2019
What i learned at gartner summit 2019
Ulf Mattsson
 

Similar to Hardwar based Security of Systems (20)

ICC Networking Data Security
ICC Networking Data SecurityICC Networking Data Security
ICC Networking Data Security
 
ICC Networking Data Security
ICC Networking Data SecurityICC Networking Data Security
ICC Networking Data Security
 
Removing Security Roadblocks to IoT Deployment Success
Removing Security Roadblocks to IoT Deployment SuccessRemoving Security Roadblocks to IoT Deployment Success
Removing Security Roadblocks to IoT Deployment Success
 
CipherLoc_OverviewBrochure (1)
CipherLoc_OverviewBrochure (1)CipherLoc_OverviewBrochure (1)
CipherLoc_OverviewBrochure (1)
 
Secure channels main deck
Secure channels main deckSecure channels main deck
Secure channels main deck
 
Z111806 strengthen-security-sydney-v1910a
Z111806 strengthen-security-sydney-v1910aZ111806 strengthen-security-sydney-v1910a
Z111806 strengthen-security-sydney-v1910a
 
Cyber security
Cyber securityCyber security
Cyber security
 
CDE Marketplace: SQR Systems
CDE Marketplace: SQR SystemsCDE Marketplace: SQR Systems
CDE Marketplace: SQR Systems
 
How PUF Technology is Securing Io
How PUF Technology is Securing IoHow PUF Technology is Securing Io
How PUF Technology is Securing Io
 
Internet of things security "Hardware Security"
Internet of things security "Hardware Security"Internet of things security "Hardware Security"
Internet of things security "Hardware Security"
 
Strengthen your security posture! Getting started with IBM Z Pervasive Encryp...
Strengthen your security posture! Getting started with IBM Z Pervasive Encryp...Strengthen your security posture! Getting started with IBM Z Pervasive Encryp...
Strengthen your security posture! Getting started with IBM Z Pervasive Encryp...
 
Z110932 strengthen-security-jburg-v1909c
Z110932 strengthen-security-jburg-v1909cZ110932 strengthen-security-jburg-v1909c
Z110932 strengthen-security-jburg-v1909c
 
Come gestire l'encryption dei dati con SKLM
Come gestire l'encryption dei dati con SKLMCome gestire l'encryption dei dati con SKLM
Come gestire l'encryption dei dati con SKLM
 
Intel software guard extension
Intel software guard extensionIntel software guard extension
Intel software guard extension
 
Review on AES Algorithm Based Secure Data Transmission for Wireless Sensor Ne...
Review on AES Algorithm Based Secure Data Transmission for Wireless Sensor Ne...Review on AES Algorithm Based Secure Data Transmission for Wireless Sensor Ne...
Review on AES Algorithm Based Secure Data Transmission for Wireless Sensor Ne...
 
Block Armour Brochure
Block Armour BrochureBlock Armour Brochure
Block Armour Brochure
 
Block Armour Brochure
Block Armour BrochureBlock Armour Brochure
Block Armour Brochure
 
Cryptographysecurity 1222867498937700-9
Cryptographysecurity 1222867498937700-9Cryptographysecurity 1222867498937700-9
Cryptographysecurity 1222867498937700-9
 
M I Dentity 3 G 040111
M I Dentity 3 G 040111M I Dentity 3 G 040111
M I Dentity 3 G 040111
 
What i learned at gartner summit 2019
What i learned at gartner summit 2019What i learned at gartner summit 2019
What i learned at gartner summit 2019
 

More from Jamal Jamali

Kernel security of Systems
Kernel security of SystemsKernel security of Systems
Kernel security of Systems
Jamal Jamali
 
Virus infected system by Fault Tree Analysis
Virus infected system by Fault Tree Analysis Virus infected system by Fault Tree Analysis
Virus infected system by Fault Tree Analysis
Jamal Jamali
 
Introduction to wavelet transform with applications to dsp
Introduction to wavelet transform with applications to dspIntroduction to wavelet transform with applications to dsp
Introduction to wavelet transform with applications to dsp
Jamal Jamali
 
3G component
3G component3G component
3G component
Jamal Jamali
 
Parabolic antenna
Parabolic antennaParabolic antenna
Parabolic antenna
Jamal Jamali
 
Prime Meridian,Equator, Latitude and longitude
Prime Meridian,Equator, Latitude and longitude Prime Meridian,Equator, Latitude and longitude
Prime Meridian,Equator, Latitude and longitude
Jamal Jamali
 

More from Jamal Jamali (6)

Kernel security of Systems
Kernel security of SystemsKernel security of Systems
Kernel security of Systems
 
Virus infected system by Fault Tree Analysis
Virus infected system by Fault Tree Analysis Virus infected system by Fault Tree Analysis
Virus infected system by Fault Tree Analysis
 
Introduction to wavelet transform with applications to dsp
Introduction to wavelet transform with applications to dspIntroduction to wavelet transform with applications to dsp
Introduction to wavelet transform with applications to dsp
 
3G component
3G component3G component
3G component
 
Parabolic antenna
Parabolic antennaParabolic antenna
Parabolic antenna
 
Prime Meridian,Equator, Latitude and longitude
Prime Meridian,Equator, Latitude and longitude Prime Meridian,Equator, Latitude and longitude
Prime Meridian,Equator, Latitude and longitude
 

Recently uploaded

Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
UiPathCommunity
 
Search and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical FuturesSearch and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical Futures
Bhaskar Mitra
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
Product School
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
DanBrown980551
 
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Ramesh Iyer
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
OnBoard
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
Product School
 
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptxIOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
Abida Shariff
 
ODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User GroupODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User Group
CatarinaPereira64715
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
Safe Software
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
Paul Groth
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
Alan Dix
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
DianaGray10
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
Guy Korland
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance
 
PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)
Ralf Eggert
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
Product School
 

Recently uploaded (20)

Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
 
Search and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical FuturesSearch and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical Futures
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
 
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
 
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptxIOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
 
ODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User GroupODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User Group
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
 
PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
 

Hardwar based Security of Systems

  • 1. Assignment#3: Hardwar based Security S-Name: NIK JAMAL CMS: 25994 OPTIGA™ EASY TO USE, RELIABLE EMBEDDED SECURITY SOLUTIONS FOR IoT APPLICATIONS Infineon`s OPTIGA™ family of security solutions is designed for easy integration into embedded systems to protect the confidentiality, integrity and authenticity of information and devices. These hardware-based security solutions scale from basic authentication chips to sophisticated implementations and are used in a wide range of embedded applications ranging from consumer to industrial applications. Designed by the leading provider of embedded security solutions, Infineon`s OPTIGA™ combines sophisticated and strong security with ease of use and wide range implementation support for the customer. With OPTIGA™ customers get the full package consisting of the security chips with an operating system as well as libraries for the host controller which makes it easy to get started with IoT security right away. Additionally, customized implementation consulting and dedicated security concepts for specific applications are available through the Infineon Security Partner Network (ISPN). 1. OPTIGATM TPM FAMILY – SLB 96XX  Key Features  Standardized security controller  TCG certified products  Products with TPM 1.2 and 2.0  Standard & extended temperature range (-40...85°C)  Firmware upgrades capability  SPI, I2C & LPC interface  VQFN-32 & TSSOP-28 package  CC and FIPS certification  Customer Values  Innovative security solutions provided by the market leader  High confidence level based on Common Criteria certification  Easy integration based on standardization  Applications • Notebooks/PCs/tablets/severs • Network systems and boards • Industrial automation • Home automation • Automotive
  • 2. 1.1.OPTIGATM TRUST B SLE95250  Key features  Strong cost efficient asymmetric cryptography with ECC 131-bit key length  Turnkey solution including host-side software for easy integration  512 bit user NVM  Easy-to-implement single-wire host interface  Life span counter for original parts  OPTIGA™ Digital Certificate (ODC) with device personalization (unique key pair per chip)  Size-optimized TSNP-6-9 package (1.1 x 1.5 mm)  Customer value  Lower system costs due to single-chip solution  Increased security with asymmetric cryptography and chip-individual keys  Easy integration thanks to full turnkey design  Applications  Battery authentication  IoT edge devices  IP & PCB design protection  Consumer accessories  Original replacement parts  Medical & diagnostic equipment
  • 3. 1.2 OPTIGATM TRUST E SLS 32AIA  Key features  Advanced security controller  Turnkey solution  Full system integration support  PC interface  Up to 3 K byte user memory  ECC 256 bit, SHA-256  Compliant with new USB Type-C standard  Standard & extended temperature range (-40...85 °C)  USON-10 package (3 x 3 mm)  Customer values  Protection of IP and data  Protection of business cases  Protection of company image  Safeguarding of quality and safety  Applications  Internet of things (IoT)  Industrial control and automation  Medical devices  Consumer electronics
  • 4.  Smart home  PKI networks 1.3. OPTIGATM TRUST P SLJ 52ACA  Key features  High-end security controller with advanced cryptographic algorithms implemented in hardware (ECC521, RSA2048, TDES, AES)  Common Criteria EAL 5+ (high) certification  Programmable Java Card operating system with reference applets for a variety of use cases and host-side support  150 KB user memory  Small footprint VQFN-32 SMD package (5 x 5 mm)  ISO 7816 UART interface  Customer value  Confidence in a secured and certified solution  Increased flexibility based on programmable solution with reference applets to simplify customization and integration  Protection of system integrity, communication and data  Applications  Industrial control system
  • 5.  Energy generation & distribution systems  Healthcare equipment & networks  Consumer electronics  Home security & automation  Network applications
  • 6. DEEPCOVER SOLUTIONS FOR EMBEDDED SECURITY  Counterfeiting  Hardware or software IP reverse engineering  Malware injection or firmware substitution  Eavesdropping  Identity theft  Unauthorized network connection  Unauthorized re-use Secure device authentication, secure boot, and encryption are the answers to these attacks. DeepCover® Secure Authenticators and DeepCover Secure Microcontrollers incorporate these techniques to ensure your platforms are trustworthy. Trusted platforms, IP protection, secure download, and secure communication are the most frequent requirements for IoT node security. Table 1 maps our DeepCover solutions to common IoT needs.
  • 7. DEEPCOVER SECURE AUTHENTICATORS Secure Authenticators provide a core set of fixed-function crypto operations, secure key storage, and numerous supplemental feature options including: secure download/ boot processing, protected nonvolatile memory for end application use, secure GPIO, decrement-only counters, session key generation, true random number source, and encrypted R/W of stored data. In addition to cryptographic strength, all devices provide advanced physical protection to address malicious die-level security attacks. As the inventor of the revolutionary 1-Wire® interface, Maxim is a leader in the development of devices that connect to nontraditional form-factors such as printer cartridges, medical disposables and battery packs.  Secure Authenticator Applications Maxim’s secure authentication solutions solve a wide range of security issues including:  Common Application Requirements  Product Quality/Safety  Counterfeit Prevention  Secure Download/Boot  Use/Feature Control  IoT Device Integrity/Authenticity  Solved with Targeted Product Features  Bidirectional Authentication  Secure System Data Storage  Secure Use Counting  System Session Key Generation  Secure Memory Settings  Secure GPIO  Random Number Source  IoT Device Integrity/Authenticity
  • 8. NXP – SECURE CONNECTIONS FOR A SMARTER WORLD. Security is a race in the internet of things (IoT) and staying ahead is a major challenge. We know security is an increasingly critical part of the connected solutions you use and design. Identity theft is at an all-time high. Data privacy concerns are arising on pace with the growth of connected devices. And newly-connected command and control systems present attractive targets for hackers. We’re here to help you. NXP is the global leader in security solutions for personal identification, contactless payment, authentication, data transport and application processing. Our secure element – a specific integrated circuit for handling and storing secured data – features non-volatile memory, a security CPU and crypto coprocessor, and additional security measures, to offer you the ultimate protection against tampering and attack. Secure designs – from the end node to the network to the cloud We secure more types of end equipment than any other company in the world. From the edge of the network to the gateway to the cloud, our broad portfolio of secure microcontrollers, high performance multicore communications processors, applications processors, middleware and software ensures the devices you design and use are protected. Our decades-long investment and expertise in security make us the partner of choice for determining the security requirements of your next project. How NXP helps you with your security and privacy needs You don’t have to sacrifice performance to add security, either. Our QorIQ processors integrate crypto acceleration that allows you to develop secure connections without a performance penalty for the world’s new virtualized networks – ranging from the wireless infrastructure to the smart grid to the home. And as the leader in security ICs, we allow you to choose from a complete range of ICs for smart cards, tags, labels and readers featuring many coprocessor, security, and memory and interface options. We address all your needs, from low-cost smart label ICs for high-volume supply chain management applications through to our next generation 32-bit-smartcomputing platform for powerful multi-application smart cards. NXP’S PILLARS OF SECURITY Trust - The assurance that only access from a reliable source will occur  Code I/P Protection  Internal Memory Protection  External Memory Protection  Debug Port Protection  Authentication  Software Updates  Device Verification  Secure Boot Cryptography - The science of protecting data through encoding and decoding  Symmetric Encryption  DES/DES3, AES  Asymmetric Encryption  RSA, ECC  Hashing  CRC, MD5, SHA  True Random Number Generation  Security Protocols  SSL, HomeKit, Thread Tamper Resistance - Proactive monitoring of physical and environmental systemattacks
  • 9.  Tamper Detection  Physical  Enclosure Intrusion  Drilling and Probing  Environmental  Voltage  Temperature  Frequency  Secure Storage Introduction C29x family The Freescale C29x crypto coprocessorfamily consists of 3 high performance crypto co- processors optimized for public key operations. Public key algorithms such as RSA, Diffie Hellman, and Elliptic Curve Cryptography (ECC) are the basis of digital signature and key exchange protocols that make secure transactions possible. By providing public key acceleration, C29x enables network and data center infrastructure to handle the increasing rates of public key operations driven by IKE, SSL, DNSSEC, and secure BGP while simultaneously supporting the longer key lengths mandated for modern encryption. Longer key lengths are a
  • 10. significant performance issue. The United States (NIST) recommends replacing RSA 1024b keys with 2048b keys all together by 2013. Doubling the length of a RSA key increases the computational complexity by 5x or more. If a system needs thousands of transactions per second or more, using C29x for public key offload is the most costeffective means of meeting requirements. Many modern multi-core SoCs, including those offered by Freescale, offer cryptographic acceleration, however the crypto hardware is oriented toward bulk encryption performance. The performance level of the integrated public key acceleration is generally sufficient for applications with modest session establishment requirements, but Web 2.0 systems such as application delivery controllers, network admission controlappliances and remote access gateways must deal with far more connections per second, and integrated public key acceleration becomes a performance bottleneck. C29x complements integrated bulk encryption acceleration, while allowing these different cryptographic functions to scale independently. While primarily targeted toward public key operations, C29x does offer bulk encryption and hashing, including security header and trailer processingfor IPsec and SSL. This productbrief provides an overview of the Freescale C29x family of crypto coprocessor features, and examples of C29x usage. The C29x family devices are designed for the following two primary use cases: • Public key calculator • Secure key management module 1. Public key calculator The most obvious use of a cryptographic coprocessoroptimized for public key operations is to off-load public key operations from a host CPU. When operating in this mode, C29x connects to the hostvia PCIe, with C29x requiring no external memory; neither NVRAM nor DDR, and generally no peripheral ICs. The host handles packet Rx and Tx functions, classification, protocoltermination, and so on, and defines the operations it wants C29x to perform via
  • 11. descriptors. In addition to public key operations, C29x can also supportbulk encryption and hashing, including security header and trailer processingfor IPsec and SSL. 2. Secure key management module In addition to performing cryptographic acceleration using keys managed by the external host, the C29x can also use keys that are protected even from the host. This use case leverages the Trust Architecture, first introduced in the Freescale QorIQ communication processorfamily. The Trust Architecture gives the C29x secure bootand secure storage capability, insuring that factory loaded keys can only be decrypted and used by the C29x when the C29x is executing trusted software. Tamper detection and secure debug round out the Trust Architecture feature set. A more complete description of the Trust Architecture can be found in Freescale's white paper: An Introduction to the QorIQ Platform's Trust Architecture. As shown in the following figure, when operating as a secure key management module, the C29x is a processing subsystem, complete with its own non-volatile memory, DDR, and optionally Ethernet interfaces to either the external world or as a connection to the host. C29x can also be connected to the hostvia PCIe. 3. C29x family and Features C29xfamily consists of 3 family members; the C291, C292, and C293. All devices are pin compatible. A logical block diagram of the highest performing family member, C293, is shown below.
  • 12.
  • 13. 4. Features Common features of C29x products include:  CPU and cache complex  32b e500v2 Power Architecture® core  32KB I and D caches • 512 KB L2 cache  Hardware cache coherency  512KB platform SRAM  Up to three SEC (Security Engine) accelerator block(s)  One PCIe Gen 2.0 controller  x1, x2, x4  Main memory interface (optionally disabled in PK calculator use case)  16/32-bit DDR3/3L controller with ECC  Supports up to 4GBytes main memory in single bank  Dual-stacked and quad-stacked DDR devices also supported  Additional memory interfaces (optionally disabled in PK calculator use case)  Integrated flash controller  Supporting NOR and NAND (SLC and MLC) flash interfaces  Maximum of 8 banks, with a maximum of 256 MB of system memory mapped on each bank  Enhanced secure digital host controller (SD/MMC) which can be used for booting device using on chip ROM  Network interfaces (disabled in PK Calculator use case)  Two enhanced three speed Ethernet controller (eTSEC) supporting 10/100/1000Mbps  Supports RGMII/RMII interfaces  Trust architecture, supporting;  Secure boot  Secure debug  Tamper detection  Provisioning with one time programmable fuses  Hardware secret key protection  Option for battery backed secret key  Memory and register Access Control  Only supported in secure key management module use case NVRAM  Slow speed interfaces (optionally disabled in PK calculator use case)  Dual I2C controllers
  • 14.  SPI controller used for booting with internal ROM, supporting Atmel Rapid-S and Winbond dual read interface  Two UARTs  64-bit GPIO  Additional logic  Programmable Interrupt Controller  One four channel DMA  Power Management supporting following modes  e500v2 modes  Sleep: core clock off, snooping off, cache flushed, clock to selected blocks switched off  Nap: core logic idle, no snoops  Doze: Core logic idle  Software transparent clock gating of SoC logic  Static disable of logic blocks, including SEC 1 and SEC 2  Package  783 pin FC-PBGA  29x29mm, 1.0mm pitch Reference [1] https://www.maximintegrated.com/deepcover [2] www.ebv.com /Security Selection Guide /