Funny & Jokes

A Security Scheme for Dependable Key Insertion in Mobile Embedded Devices

Description
A Security Scheme for Dependable Key Insertion in Mobile Embedded Devices
Categories
Published
of 20
All materials on our website are shared by users. If you have any questions about copyright issues, please report us to resolve them. We are always happy to assist you.
Related Documents
Share
Transcript
  See discussions, stats, and author profiles for this publication at: https://www.researchgate.net/publication/228616866 A Security Scheme for Dependable Key Insertionin Mobile Embedded Devices  ARTICLE   in  INTERNATIONAL JOURNAL OF RECONFIGURABLE COMPUTING · MARCH 2011 DOI: 10.1155/2011/820454 CITATIONS 4 READS 70 6 AUTHORS , INCLUDING:Alexander KlimmKarlsruhe Institute of Technology 15   PUBLICATIONS   60   CITATIONS   SEE PROFILE Matthias WachsTechnische Universität München 11   PUBLICATIONS   7   CITATIONS   SEE PROFILE Klaus D. Müller-GlaserKarlsruhe Institute of Technology 241   PUBLICATIONS   1,053   CITATIONS   SEE PROFILE All in-text references underlined in blue are linked to publications on ResearchGate,letting you access and read them immediately.Available from: Matthias WachsRetrieved on: 04 February 2016  Hindawi Publishing CorporationInternational Journal of Reconfigurable ComputingVolume 2011, Article ID 820454, 19 pagesdoi:10.1155/2011/820454 Review Article  A SecuritySchemeforDependable Key InsertioninMobileEmbedded Devices  AlexanderKlimm,Benjamin Glas,MatthiasWachs, SebastianVogel,KlausD. M¨uller-Glaser,andJ¨urgenBecker Institute for Information Processing Technology, Karlsruhe Institute of Technology (KIT), 76021 Karlsruhe, Germany  Correspondence should be addressed to Alexander Klimm, klimm@kit.eduReceived 27 August 2010; Revised 5 February 2011; Accepted 10 February 2011Academic Editor: Michael H¨ubnerCopyright © 2011 Alexander Klimm et al. This is an open access article distributed under the Creative Commons AttributionLicense, which permits unrestricted use, distribution, and reproduction in any medium, provided the srcinal work is properly cited.Public Key Cryptography enables entity authentication protocols based on a platform’s knowledge of other platforms’ public key.This is particularly advantageous for embedded systems, such as FPGA platforms, with limited or none read-protected memory resources. For access control systems, an access token is authenticated by the mobile system. Only the public key of authorizedtokens needs to be stored inside the mobile platform. At somepoint during the platform’s lifetime, these might need to be updatedin the field due to loss or damage of tokens. This paper proposes a holistic approach for an automotive access control system basedon Public Key Cryptography. Next to a FPGA-based hardware architecture, we focus on a secure scheme for key flashing of publickeys to highly mobile systems. The main goal of the proposed scheme is the minimizationof online dependencies to Trusted ThirdParties, Certification Authorities, or the like, to enable key flashing in remote locations with only minor technical infrastructure.Introducing trusted mediator devices, new tokens can be authorized and later their public key can be flashed into a mobile systemon demand. 1.Introduction Embedded systems in various safety critical applicationdomains such as automotive, avionic, and medical careperform more and more complex tasks using distributedsystems like networks of electronic control units (ECUs).Introducing Public Key Cryptography (PKC) to embeddedsystems provides essential benefits for the fabrication of electronic units needing to meet security requirements aswell as for the logistics involved. Due to the nature of PKC, the number of keys that need to be stored in theindividual platform is minimized. Only the private keyof theplatformitselfneeds tobe stored secretlyinside each entity—in contrast to symmetric crypto systems where a single secretkey needs to be stored inside several di ff  erent entities. Incontext of PKC, if one entity is compromised, the othersremain una ff  ected.Besides encrypting or signing of messages, PKC can beemployed to control user access to a device via electronictokens. Examples for this are Remote Keyless Entry (RKE)systems [1] in the automotive domain or Hilti’s TPS tech-nology [2]. These systems incorporate contactless electronictokens that substitute classical mechanical keys. The owneror authorized user identifies himself to the user device (    )by possession of the token.    and token are linked. Only if alinked tokenis presented to    , it is enabled or access to    isgranted. In orderto present atokento    ,information has tobe exchanged between the two. The communication channelis usually assumed to be insecure. To prevent the usage of a device or its accessibility by an unauthorized person, theauthentication has to be performed in a secure manner.Authentication schemes based on Public Key Cryptogra-phy such as the Needham-Schroeder protocol [3], Okamoto- Protocol [4], and Schnorr-Protocol [5] provide authentica- tion procedures where no confidential data is transmitted.Secret keys are stored in the tokens only and not in    , thusomittingtheneedforcostlysecuritymeasuresinthe    .Only public keys have to be introduced into    (see Section 2),which canusually only be done by the manufacturer (    )of    .Inreal-world operation,theintroductionofpublickeysis  2 International Journal of Reconfigurable Computingdoneinthefield where    isnotnecessarily underthecontrolof     and a live online connection to    may not bepossible. PKC is computationally very expensive, especially whenaiming forhighsecuritylevels.Dedicatedhardware canprovide the necessary speed up of cryptographic operations.With the decreasing cost of FPGAs, these devices areintroduced more and more into embedded systems and massmarket products. Therefore, hardware accelerators can bemade available in these cost sensitive systems by addingcryptographic computation blocks on FPGA.We propose a system to introduce public keys into FPGAbased user devices to pair them with a new token. Theproposed key flashing method allows authorization of theflashing process by     . Additionally it can be carried outwith    in the field and with no active online connection to   while flashing a key into    . Introduction or flashing of new keys to an embedded device can be seen as a special caseofasoftware update.Latterfocusesonprotectionoftheintel-lectual property, interoperability, correctness, robustness,and security. Recentapproaches for the automotivearea havebeen developed, for example, in the german HIS [6, 7] or the EAST-EEA [8] project. A general approach consideringsecurity and multiple software providers is given in [9].Nevertheless, general update approaches are focused on theprotection of IP and the provider against unauthorizedcopying and less on the case that the system has to beespecially protected against unwanted updates as in our key flashing scenario.The remainder of this paper is structured as follows.In Section 2, we present the basic application scenariofollowed by a short introduction to public key cryptography in Section 3. Section 4 describes a high-speed architecture for cryptographic computations. The requirements for thekeyflashingscenario aredescribedinSection 5.Basedonthis,we propose ourflashing conceptinSection 6, followed bytheaccording requirements (Section 6.3). Section 7 details the flashing protocol with a live online connection available andSection 8 the protocol with no online dependability. Imple-mentation details of the prototypical flashing framework aregiven in Section 9. We conclude with a security analysis andan outlook to future work in Sections 10 and 11. 2.ApplicationScenario:AutomotiveAccessControlSystems The target application focused on in this work is foremostautomotive access control system. They comprise an entity that acts as the verifier (an ECU within the car) and an entity that acts as a prover (the traditional car key). Traditionally, astandard car key serves the sole purpose of identifying thecurrent owner of the key as the authenticated user of thecar ( authentication by ownership ). This also holds true forelectronic car keys. As depicted in Figure 1, access to the caris granted by unlocking the doors only if the correct car key (prover) is presented to the car. The same procedure can beemployed to disable or enable the immobilizer of the car,allowing the car’s engine to start or not. P r ove r Ve r ifie r   1   0   0   0  1  1   1  0  0  0  1 1   1 0 0 0 1 1   0  0  1 1 1 1  0   0  0   1  1  1   1  0   Figure  1: Access control: authentication scheme. The automotive domain implies a very specific set of requirements. The industry is extremely cost driven, thuscreating the need for very small hardware footprints. Tocomply with limited cost, OEMs tend to resort to cheapo ff  -the-shelf components instead of specialized ASICs orcomplete systems-on-chip (SoC). Additionally a car’s lifecycle is about 10–15 years. Within this time span, all systemsshould work flawlessly.Access control systems are a natural point of attack.Therefore, they need to o ff  er very good security. To pro-vide this, electronic car keys incorporate some kind of cryptographic algorithm. Raising security levels in thiscontext can be achieved by adaption of the authenticationprotocol being used, enlarging key lengths, or substitutingcryptographic primitives. All these measures tend to increasecomputation times. But all underlying computations andalgorithms incorporated in access systems shall not benoticeable to the user of a car for best usability. Keepingthe underlying hardware platform adaptable to varyinginterfaces and functionalities, it enables for integrationof the same hardware components into a wide range of car keys for a multitude of di ff  erent car models. WithFPGAs dropping in cost over the last years, they also havebeen introduced more and more in cost driven industriessuch as the automotive domain. These devices are already being used in infotainment and multimedia devices. Inaddition to that, they can be used to provide dedicatedhardware modules to accelerate cryptographic computationswithin user authentication in these systems. By using FPGAplatforms for access control systems, they are adaptable overthe lifetime of a car and o ff  er some flexibility regardingchanges in protocol and processing units.In summary, we will regard the following applicationscenario: an access control system is applied to a mobile userdevice (    ); in our case, a vehicle is depicted in Figure 2.Through the access control system, the use of the    canbe restricted by allowing only the owner or authorizeduser access to the device. A transponder (    ) serves as anelectronic version of a mechanical key.    communicatesto    over a wireless communication channel. The userdevice accepts a limited number of transponders. If one of these is presented to the user device, it authenticates thetransponder and the deviceis unlocked,thusgranting access.Anyone possessing a valid    is considered an authorizeduser (    ). This setup forms an authentication chain forusage of     . An authorized user is authenticated through thepossession of a valid    paired to the the    .    in turn isauthenticated by     .  International Journal of Reconfigurable Computing 3 Owne r  OWNManufactu r e r  OEMSe r vice p oint SPT r ans p onde r  TRKownsLe g ally FPGA use r  device UDP r oducesSe r vicesCe r tifiesCommunicates Figure  2: Entities and application scenario. In automotive systems, authentication of a    canbe achieved through a number of methods: rolling codes,symmetric codes, one-way-functions, or asymmetric codes.As analyzed in [10], there is a major disadvantage in usingrolling codes and symmetric codes since secrets have tobe stored within    as well as in    , demanding forhighly secure key management. One-way-functions such ascryptographic hash functions can circumvent this to someextent but demand for a substantial amount of securestorage. The most wide spread method for authentication inmobile devices is probably the usage of rolling codes (suchas the KeeLoq [11] algorithm) due to easy implementation,followed by one-way-functions.Asymmetric codes are very computationally expensive,although they provide extremely high security. With theadventofmore and more computationalpower inembeddedsystems [12, 13], introducing such codes for user authentica- tion is now feasible.   is the manufacturer of     . Due to the mobility of     , it may be nowhere near    . Therefore, a serviceinfrastructure has been established by     to repair, service,or replace a    in the field. This infrastructure consists of a number of service points    that are    certified. In thedepicted example from the automotive domain, this wouldbe a dealer or a car repair shop.    is enabled by the    tocarry out certain work on    and acts in a way as a substitutefor the    in the field.In case of loss of a transponder, it is desirable to replaceit, particularly if the user deviceitself is verycostlyoractually irreplaceable. Since the user device is mobile, linking a new transponder to a    usually needs to be done in the field.This might include very secluded areas with minor to nonecommunication infrastructure. 3.Basic PKCFunctionalities In 1976, Di ffi e and Hellman introduced the first PKCcrypto system [14] for data encryption and confidential data transfer. Two di ff  erent keys are used, one public (PK) andthe other secret (SK). SK and corresponding PK are a fixedand unique keypair. It must be computational infeasible todeduce the secret key (SK) from the public key. With PK,a message  M   p  can be encrypted into  M  c  but not decryptedwith the same key. This can only be done with knowledge of SK. If an entity Alice wants to transmit a message  M  Alice  to anentity Bob, it encrypts it with Bobs public key PK Bob . Only Bob can retrieve the plain text from the encrypted message,by applying the appropriate decryption algorithm using hisown secret key SK Bob .PKC can also be used to digitally sign a message. Forthis, a signature scheme is used that is usually di ff  erentfrom the encryption scheme. When signing a message, thesecret key is used and the signature can be verified usingthe according public key. In other words, if Bob wants tosign a message, he uses his own private key that is uniqueto him and solely known to himself. This keyis used to sign acryptographic hash value of the message  M  Bob . The resultingvalue  { HASH(  M  Bob ) } sig  is transmitted together with  M  Bob .A receiver can validate the signature by using Bob’s publickey to retrieve HASH(  M  Bob ). From  M  Bob , the receiver cancompute the according hash value and compare it withthe retrieved value. If both match, the signature has beenvalidated. Since in the case of signature schemes the publickey is often called verification key and the secret key is calledsigning key, we denote them accordingly VK and SK in thefollowing. 4.Cryptographic Processing Entity  Computational e ff  orts of cryptographic functionalities forPKC are very high and time consuming if carried outon today’s standard platforms (i.e., microcontrollers) forembedded applications. Integrating security algorithms intoFPGA platforms can provide high speed up of demandingPKC crypto systems such as  hyper elliptic curve cryptography  (HECC). By adding dedicated hardware modules for certainparts of a crypto algorithm, a substantial reduction of computation time can be achieved [15, 16]. In [16], an FPGA platform has been introduced which allows extremely fast authentication as proven by an exper-imental setup with two of these platforms. For this demon-strator, both platforms have been implemented on a Xilinx Spartan-3 XC3S2000 FPGA at 33MHz. The communicationchannel in the setup is awireless automotive transmitter [17]as is currently used in keyless go systems and is clocked with412,5kHz. The transceiver is connected to the FPGA systemover    I. Authentication of     via the Schnorr-protocol[5] in this setup lasts 120ms including communication times over the wireless channel. To enable for even fastercomputation, we have developed a new, lean cryptographiccore for Xilinx FPGA. It enables to carry out aforementionedmutual authentication within 82ms.Both platforms carry out calculations for public key cryptography based on hyper elliptic curves (HECC). They o ff  er a higher security level than RSA while relying onrelatively small key sizes of around 160bit [18]. A detailed view on HECC and its underlying mathematics can be foundin [19]. As shown in Figure 3, the automotive electronic con-trol unit (ECU) comprises a MicroBlaze processor thathandles arbitrary tasks necessary for running the car andis equipped with an appropriate interface such as CAN  4 International Journal of Reconfigurable Computing COM interface     C    A    N    i   n    t   e   r     f   a   c   e Automotive ECUMicroBlaze systemPicoBlazeOBP     S    P    I    O    B    P    D    i   r   e   c    t   a   c   c   e   s   s   v    i   a   r   e   s    i   s    t   e   r     b     l   o   c     k   s Cyptographicprocessing module (CPM)     F    S    M bigINTmul RNGHECCprocessing unit (HPU) Figure  3: Overview of the system design. to communicate with other ECUs residing in the vehicle.Additionally, a coprocessing unit composes of a PicoBlazeprocessor [20] and a Cryptographic Processing Module  (CPM)is included. All cryptographic computations are done withinthis coprocessor. When no extensive tasks need to berun and only cryptographic functionality is needed, thecoprocessor can also be run without the MicroBlaze. Inthis case, the PicoBlaze Controller is interfaced directly tothe communication interface. This setup is very suitable forimplementing a car key (    ).For HECC, three types of operations are essential ( P  i denoting a point on a hyperelliptic curve and  k ,  y  ,  a ,  e ,  r  are denoting integer values):(i) calculationonahyperelliptic curve( k · P   and P  1 + P  2 ),(ii) integer calculationwith large operands (  y  = a · e + r  ),(iii) data exchange to/from the cryptographic unit.Each arithmetic operation is assigned to a specializedhardware module to enable fast computation. At the sametime, all cryptographic functionality is bound strictly toCPM, thus keeping all sensitive data on chip. 4.1. Cryptographic Processing Module.  The  Cryptographic Processing Module  (CPM) is designed to e ffi ciently compute k · P   ona hyperelliptic curve, as well as integer multiplicationwith large operands. As depicted in Figure 4, the proposedarchitecture encompasses dedicated modules (HPU, bigINT-mul) for these two operations and an additional module forgenerating random numbers (RNG).A small finite state machine (FSM) is implemented forcontrol flow of the calculations and to provide data exchangeover the PicoBlaze processor. It controls all modules withinthe CPM directly. All arithmetic modules can work fully in parallel, allowing for concurrent operations within theprotocol if necessary. A set of registers is provided fordata exchange that can be accessed directly by PicoBlaze.Register  e  acts as input whereas  y  i  and the address space  X   of the CPM’s internal memory   DataMem  are doublingas output registers. Some additional internal registers storecryptographic key material (Reg  a i ) or random numbers(Reg  r  i ) and cannot be accessed from outside the CPM. 4.1.1. bigINTmul.  A dedicated integer unit performing  y   = a · b + c onlargeoperandsisincludedintheCPM.Inputtothemultiplier are two operands  a  and  b . The result  p = a · b  andoperand c are theninputtoanadderstagecalculating  y   =  p + c . A sequential multiplier as depicted in Figure 5 is providedto execute a naive  shift&add   algorithm.  p  is accumulated by bitwise shifting of the bigger operand  b , evaluating the leastsignificant bit and adding  a  to the intermediate result if   b 0  = 1,and thenshifting  p . If  b 0  = 0,  p  isshifted withoutadding a .In our use case, the two operands do not have the samebitlength since one input is the platforms secret key   a i  andthe other input is the challenge  e . 4.1.2. HECC Processing Unit.  The  HECC Processing Unit  (HPU) acts as a stand alone module for scalar multiplication  X  i  = r  i · P  i  on a hyper elliptic curve. It comprises a dedicatedarithmetic logical unit  dALU   for finite field arithmetic( GF-operations ), internal memory   DataMem  for storage of intermediate values such as curve parameters and points  P  i ,and a control entity   HECC CTRL  connected to a programmemory   pMEM  . HECC CTRL  inconjunctionwith  pMEM   implementsthecontrol flow of a dedicated algorithm for a scalar multiplica-tion as a fixed sequence of GF-operations. The control flow is strongly optimized to execute a scalar multiplication inwMOF [21, 22].To executeit,ahighlyspecialized instruction set is implemented. An example of such an instruction is shiftl 2  which shifts the content of the accumulator 2 bitsto the left, an operation essential in wMOF [22]. The fullinstruction sequence of wMOF is stored in  pMEM  .HPU is laid out as accumulator machine with harvardarchitecture. This enables to implement di ff  erentdata widthsfor  DataMem  and  pMEM   individually. This is particularly advantageous as we operate on galois fields GF(2 n ),  n  beinga big prime number, resulting in data words of   n -bit lengthbeing stored in  DataMem , while  pMEM   only stores minimalinstruction codes.Inputtothe HECCprocessing unit isascalar r  i  (bitlengthof   r  i  ≤  l  ) that is written into a dedicated register  rREG  of length  l  . Point  P  i  is a predetermined common point on ahyperelliptic curve and acts as a constant input decideduponduring design time. Therefore, it is permanently stored in DataMem  together with other curve parameters.After storing  r  1 , HPU is triggered via the signal   to start a scalar multiplication. As soon as the result  X   rep-resenting the  commitment   is available, this is signaled by HPU over    . All  r  i  are random numbers generatedby RNG. Therefore  r  1  is loaded from the RNG module intoHPU and  X   =  r  1  ·  P  1  is computed. Simultaneously, RNGgenerates a new random number  r  2 . After HPU signals theend of the current operation,  r  2  can be loaded into  rREG  andHPU can calculate a new result  X   = r  2 P  2 .The dedicated arithmetic logical unit ( dALU  ) can per-form  u  +  v  ,  u  ·  v   mod  p  and  u 2 with  u , v   ∈  GF(2 n ).
Search
Related Search
We Need Your Support
Thank you for visiting our website and your interest in our free products and services. We are nonprofit website to share and download documents. To the running of this website, we need your help to support us.

Thanks to everyone for your continued support.

No, Thanks