Secure Hardware Extensions (SHE)

-



The Secure Hardware Extension (SHE) is an on-chip extension within a microcontroller that transitions the control of cryptographic keys from the software to the hardware domain. This transition is crucial for protecting keys from software-based attacks.


 Historical Context


SHE was conceived to meet anticipated European Union (EU) E-safety Vehicle Intrusion Protected Applications (EVITA) requirements. The EVITA project aims to design, verify, and prototype a secure architecture for automotive on-board electronics networks, facilitating secure vehicle-to-vehicle and vehicle-to-infrastructure communication. Audi and BMW, in collaboration with the Hersteller Initiative Software (HIS), initiated the development of SHE, which began as "Stage 0".


 General Objectives for SHE


1. Protection of Symmetric Keys (AES-128): Ensures protection against unauthorized readout, modification, eavesdropping, and tampering during transmission to the Electronic Control Unit (ECU).

2. Secure Anchor and Software Security Hardening: Provides a secure foundation for enhancing existing software security solutions.

3. Cost-Efficiency: Designed to be deployable across various systems at a low manufacturing cost (<15¢/µC).


 Conceptual Design Approach


SHE is designed to move cryptographic key functions from the software to the hardware domain through:


1. Defining separate secure zones for security-related functionality.

2. Utilizing a dedicated control engine, separate memory, and encapsulated algorithms.

3. Ensuring a reduced and well-defined interface to the host system.

4. Maintaining independence from specific microcontroller components.

5. Functioning passively without affecting other components, except for initiating the secure boot process.


 Cryptographic Engine


The SHE cryptographic engine focuses on AES-128, utilizing different modes of operation to meet various requirements:


- User-Accessible AES Functionality:

  - AES-ECB (Electronic Code Book)

  - AES-CBC (Cipher Block Chaining)

  - AES-CMAC (Cipher-based Message Authentication Code)


- Internal AES Functions:

  - Miyaguchi-Preneel construction for key derivation and TRNG output post-processing.

  - PRNG initialization and recurring AES calls for PRNG.


 Cryptographic Modes


Electronic Code Book (ECB):

- Simple substitution of plaintext blocks.

- Each block is encrypted individually.

- Recurring inputs produce recurring outputs, making ECB unsuitable for many applications without expert consultation.


Cipher Block Chaining (CBC):

- XORs the first plaintext block with an initialization vector before encryption.

- Each ciphertext block depends on all previous blocks, enhancing security over ECB.


 Detailed Structure and Keys


SHE employs various memory types for key storage:


- Volatile Memory (RAM):

  - RAM_KEY for arbitrary operations and crypto acceleration.

  - PRNG_KEY and PRNG_STATE for PRNG management.


- Read-Only Memory (ROM):

  - SECRET_KEY for secure key material swapping.

  - UID, a unique serial number for each device.


- Non-Volatile Memory (NV-RAM):

  - MASTER_ECU_KEY for identity attestation and secure key import.

  - BOOT_MAC_KEY and BOOT_MAC for secure boot verification.

  - Multiple KEY_<n> slots for various applications.

  - PRNG_SEED for initializing PRNG without TRNG.


 Key Management and Security Flags


Keys in NV-RAM are accompanied by flags that enforce security policies:


1. Write Protection: Prevents overwriting once set.

2. Disable on Boot Failure: Locks the key if secure boot fails.

3. Disable on Debugger Detection: Locks the key if a debugger is attached.

4. Wildcard Update: Allows key updates across multiple devices if the UID is set to "0".

5. Key Usage: Specifies whether a key is for encryption/decryption or MAC generation/verification.


 SHE Functions


Confidentiality & Authenticity:

- CMD_ENC_ECB and CMD_DEC_ECB: Encrypt/decrypt data in ECB mode.

- CMD_ENC_CBC and CMD_DEC_CBC: Encrypt/decrypt data in CBC mode with an IV.

- CMD_GENERATE_MAC and CMD_VERIFY_MAC: Generate and verify CMACs over arbitrary data.


Random Numbers:

- CMD_INIT_RNG: Initializes the PRNG.

- CMD_EXTEND_SEED: Adds external entropy to the PRNG.

- CMD_RND: Generates 128-bit random data.


Internal State:

- CMD_GET_STATUS: Returns the status register.

- CMD_GET_ID: Retrieves the UID and status securely using a challenge-response protocol.


Key Management:

- CMD_LOAD_PLAIN_KEY: Loads plain key data into RAM_KEY.

- CMD_EXPORT_RAM_KEY: Exports key data to a secured update container.

- CMD_LOAD_KEY: Loads a key from a protected container into SHE.


Secure Boot:

- CMD_SECURE_BOOT: Verifies program code using BOOT_MAC_KEY and BOOT_MAC.


 Requirements for Key Updating


Key updates must ensure:


1. Authorization: Prove knowledge of the current key.

2. Confidentiality: Protect both old and new keys during the update.

3. Authenticity: Detect tampering with key material.

4. Freshness: Prevent reuse of update data.

5. Non-repudiation: Verify successful updates.

6. Key Updates: Are restricted based on system design and SHE limitations.


 Realization with SHE


Secure boot processes require CPU support to trigger the secure boot mechanism before user code execution. Four modes are specified:


1. No secure boot.

2. Measure application code before execution.

3. Start application code immediately with parallel measurement.

4. Execute application code only if measurement is successful.


 Access Control


SHE provides detailed access control to ensure secure key management and system integrity. Access can be authorized through knowledge of the key and permanently deactivated by setting write protection.


In conclusion, SHE enhances hardware security by securely managing cryptographic keys and supporting essential security functions such as secure boot and authenticated communication. Its design principles ensure cost-effectiveness and robustness, making it suitable for various automotive and embedded system applications.

Comments

Post a Comment

Popular posts from this blog

Overview of ISO/SAE 21434 Standard

-
Image
ISO/SAE 21434, jointly published by the International Standardization Organization (ISO) and the Society of Automotive Engineers (SAE), serves as a comprehensive cybersecurity framework for electronic systems within road vehicles. Developed to bolster cybersecurity across the entire lifecycle of automotive products, this standard outlines essential vocabulary, objectives, requirements, and guidelines. Purpose and Scope: The primary objective of ISO/SAE 21434 is to enhance cybersecurity measures for vehicles throughout their lifecycle. By providing a standardized framework, this standard facilitates the establishment of cybersecurity policies, risk management practices, and a cybersecurity-oriented culture within organizations operating in the automotive industry. Three Pillars: ISO/SAE 21434 is structured around three main pillars: Cyber Security Governance:   Establishing policies, processes, and cultural norms to govern cybersecurity activities within organizations. Risk Man...
Read more

Cryptography and Encryption Basics - I

-
Image
Cryptography and Encryption Basics I What is encryption Encryption is the process of encoding a message or information in such a way that only authorized parties can access it and those who are not authorized can't.  Converts information from plain text into encrypted ciphertext. But how...? Encryption used algorithm! An algorithm is a procedure that the encryption process follows. The specific algorithm is called the ciper or code. there are many types so encryption algorithms. The encryption's goal and level of security determine the most effective solution. Triple DES, RSA and Blowfish are some examples of encryption algorithms or Ciphers. What is Decryption? Decryption is the process of taking encoded or encrypted text or other data and converting it back into text that you or the computer can read and understand.  converts information from encrypted ciphertext into plain text  Basic Example  Private key vs Public Key Private Key (symmetric key): This means that ...
Read more

ECU LIST

-
Image
 1. BCM (Body Control Module)    - Function: The BCM is responsible for controlling various electronic systems within the vehicle's body. This includes functions like interior lighting, power windows, door locks, windshield wipers, and other comfort and convenience features.    - Importance: It acts as a central hub for various sensors and inputs, ensuring that the vehicle’s body-related electronics operate smoothly.  2. Gateway ECU    - Function: The Gateway ECU acts as a communication hub between different networked ECUs in the vehicle. It ensures that data is correctly routed between systems like powertrain, infotainment, and body control.    - Importance: Vital for ensuring seamless communication between various subsystems in modern vehicles.  3. ETM (Electric Traction Motor)    - Function: Manages the electric traction motor, which provides propulsion in electric or hybrid vehicles. It controls the motor's speed, torq...
Read more