A revolution in electronic products continues to enhance interaction between people and organizations in ways not foreseen even ten years ago. Today, people connect with each other through wired and wireless networks anywhere and anytime to socialize, exchange ideas, share entertainment material and experiences and simply stay in touch. Businesses increasingly communicate with customers, employees and each other 24 hours a day using all manner of electronic media. Disparate, unconnected domains are vanishing in a world where sound, video and data are all carried in network packets on the global Internet. Convergence of these sources will continue to see them integrated together and made available wherever they are most useful. A whole new class of networked embedded devices is now being added to the mix. Cryptographic credentials representing individuals, their possessions, cars, homes and even subsystems of those will be used over the network on behalf of their owners.
Creating trust and trustworthiness in devices begins early in the design process and figures in aspects of manufacturing, service and maintenance processes through their entire lifetime, even up to their eventual end of life. Many devices store and process credit card and banking information, health records, service subscriptions and similar data on behalf of their owners that must be protected to prevent their misuse against their rightful owners. And of course producers of music, movies, TV programs and all other kinds of intellectual property are often interested in preserving the value of their work by protecting it from widespread free distribution while allowing their authorized users easy access to content.
The Ellipsys Trust FrameworkTM (ETFTM) addresses these problems and more through a proven, flexible set of products that work together to enable trust in the manufacturing, distribution and operation of electronic products. Three principle products form the core of the Framework. Ellipsys-SB is a secure bootstrap subsystem for processor based devices that provides cryptographic protection and authentication of code installed and running on those devices. The Ellipsys-CA product provides manufacturing support for code signing, services provisioning and secure installation of cryptographic keys and unique device identities in the manufacturing flow. For applications that require carefully controlled access to installed keys, identities and cryptographic operations, EllipsysVSM provides a software-friendly virtual security module – essentially a software smartcard – that allows the embedding and binding of a virtually unlimited number of keys in embedded system environments. Used together as part of a manufacturing flow and system design, ETF enables a vast array of protections of the system and its users, including:
Creation of trusted software execution environments that trace their origin to authorized sources.
Creation of devices that contain unique, unforgeable identities and cryptographic keys that are permanently bound to the devices they are installed in.
Tamperproof firmware installations that prevent the system from booting if unauthorized changes are made to the protected software environment.
IP protection that uses encrypted firmware to protect against disassembly of valuable intellectual property.
Anticloning and loss prevention in manufacturing to protect against unauthorized production or use of devices.
Application support for services and users' identities, cryptographic keys and data that is bound to the platform using tamper proof operating system facilities.
Anticounterfeiting that provides mutual cryptographic authentication of cooperating subsystems in larger system or network to prevent participation of or disruption caused by counterfeit or unauthorized devices in the system.
Ellipsys Trust Framework in real systems
In the following sections we discuss the use of some real-world applications for the Ellipsys Trust Framework.
Protecting embedded intellectual property
A consumer electronics OEM manufactures its high volume products designed around an Analog Devices Blackfin DSP with ADI's Lockbox technology, using standard Flash memory for firmware storage. It wishes to protect its proprietary algorithms by encrypting the firmware installed on the system. The system includes a port that firmware upgrades can be programmed through. Elliptic provides a platform specific version of ETF that takes advantage of Lockbox to provide just such capabilities.
In this case, typical of many small embedded systems, the encrypted firmware is installed in an unprotected Flash memory. This makes it inexpensive to manufacture and uses high volume production techniques and the option to have Flash memories programming done by either the memory supplier or the contract assembler during board manufacturing. Encryption keys used to decrypt the firmware may be programmed during processor manufacturing. ETF provides an option to split programming of the keys among several stages of manufacturing, which means that the entire key is never in the possession of any one person or company outside of the OEM. This provides an extra level of protection since part of the key is stored inside Lockbox and the entire key used to protect the OEM's IP is never assembled all in one place. This feature is important in IP protection applications – if just one copy of the software decryption key is cracked, all of the OEM's IP protected by that key becomes known.
Elliptic's Lockbox version of Ellipsys-SB uses Lockbox to authenticate the signature on the encrypted firmware, which includes Ellipsys-SB itself. If authentication succeeds, Ellipsys-SB decrypts the firmware and loads it to internal program memory. A second signature on the application firmware allows for future upgrades to be provided and installed in Flash memory, replacing the as-manufactured code.
Figure 1: Simple IP protection and trusted execution environment for embedded devices. Authentication and decryption keys are stored on-chip with encrypted application code stored in inexpensive unprotected Flash
Ellipsys-CA provides the necessary code signing, system image formatting and encryption capabilities to produce code images for these products. The firmware encryption keys are stored internally in Ellipsys-CA, providing a secure repository for the all-important keys that protect the OEM's IP. Extensions to the basic product provide protection against manufacturing over-builds from being distributed as genuine, authorized product, as well as protection from firmware cloning and installation in knock-off system designs.
System module anticounterfeiting
Equipment such as blade computing servers, large campus network routers and so on are often designed to use plug-in modules to configure different functions into the system. For example, the same chassis used for LAN switches can often be used as a campus distribution switch by replacing one or all copper LAN ports with optical interconnect port modules instead.
Such modules are high margin products for the OEM. In addition, it has happened that modules never sold by the OEM have made their way into service, either because truly fraudulent manufacturing and distribution supply chains have been created or because genuine product from the OEM's contract manufacturers have been removed from the manufacturing line or inventory to be sold on the black market. This is a problem for OEMs, who may be blamed for substandard quality of fraudulent product, as well as for end user customers who are receiving product of unknown origin and quality that may or may not work as intended or to full specification.
To protect against this, Ellipsys-SB provides a mutual authentication protocol option that uses credentials created in an Ellipsys-CA Public Key Infrastructure (PKI) to allow the system to validate the authenticity of installed modules, and the modules to validate that they are installed in an authentic chassis. Ellipsys-CA provides a credential provisioning application that is used during manufacturing to install credentials directly into devices on the manufacturing line.
Ellipsys-CA records all aspects of the manufacturing process to allow back-tracing of manufacturing processes should problems be discovered later. Credential revocations are also supported to record and notify systems in the field of the identities of modules that have been removed from service, preventing them from finding their way back to field use.
Because Ellipsys-CA supports multiple equivalent application instances, the solution scales well to applications where multiple different suppliers or manufacturing sites provide components in the same products or product lines, as well as to using the same PKI with common applications across product families.
Ellipsys Trust Framework provides a comprehensive set of solutions to a range of requirements that integrated circuit and embedded systems manufacturers have for both operational security in end-use applications, as well as protection of their embedded intellectual property and the integrity of their supply chain.
1 Ellipsys, Ellipsys Trust Framework and ETF are trademarks of Elliptic Technologies Inc.
Mike Borza, Chief Technology Officer, is responsible for strategic direction at Elliptic Technologies. His career spans more than twenty years in the global high-tech industry. Mike has vast expertise in the security domain and is a contributor to various technology standard bodies.