key injection

Key injection is the starting point for securely managing a device over its product lifetime in the IoT.

Key injection gives every device an identity.

To make sure device identities can not be hacked, the keys need to be generated by an HSM.

Key injection: the first step in securing the Internet of Things

The number of connected devices in the Internet of Things (IoT) is growing exponentially. Both consumers and manufacturers are charmed by the new products and services that the exploitation of big data and the connection of devices can bring. At the same time, the risk of manipulation of these devices is growing. And this is equally true, no matter if the connected device is a health monitor, a smart meter or a connected car – only the consequences vary in potential severity. In any case, the authenticity, integrity and confidentiality of the device or the data needs to be guaranteed. How so? By ensuring that each device has a truly unique electronic identity that can be trusted, managed and addressed. This is only possible, if each device uses a semiconductor chip, waiver or electronic control unit (ECU) that has a unique identity – which is injected into the chip during its production process. This process is called key injections is the basis for the secure management of a device over its product lifetime.

Every semiconductor needs to be given an identity during manufacturing. To ensure this identity can not be hacked, it needs to be generated by an HSM.

Key injection is the starting point for securely managing a device over its product lifetime in the IoT

Key injection: usually on the production floor (but also possible in a remote scenario), one or several digital certificates are injected into a device (ECU or semiconductor chip) to give it it’s unique identity.
Secure initialization of a device’s identity as it is introduced to the IoT via a PKI. This enables a secure device management including
Secure authentication of users to devices and devices amongst each other
Ensuring secure software updates of devices over their lifetime
Secure communication amongst devices
Secure storage of data obtained and shared by devices in a database using encryption and secure key storage in an HSM, and last but not least the
Secure decommissioning at the end of the life cycle of the device

Key injection is the starting point of securing an IoT device

What are the 3 main attack vectors to securing connected devices via key injection?

If key injection is the first step in securing the Internet of Things, it is essential that the integrity of the keys used is beyond question. Without the integrity of the cryptographic key material, the chain of trust cannot be established. But before looking at the role of Hardware Security Modules in key injection applications, let’s figure out what the three main attack vectors for key injection are:

Compromised keys: Should a cryptographic key be compromised at any stage, the security of the entire infrastructure must be questioned.
Cloned keys: The risk of a third party accessing and replicating key material, i.e. cloning a key, is one of the most dangerous threats for large infrastructures.
Mismanaged keys: Key information needs to be securely managed throughout the life cycle of a device, starting directly at the manufacturing level.

Why Utimaco HSMs constitute the Root of Trust for the IoT

Taking these attack vectors into account, it is obvious that only tamper-proof HSMs – like the FIPS physical level 4 SecurityServer by Utimaco – can establish a solid Root of Trust for key injection scenarios.

A Utimaco HSM provides:

Secure key storage
A secure crypto processing environment
Built-in comprehensive key management

A Hardware Security Module (HSM) creates and secures cryptographic keys, and manages them for strong authentication. Compared to software solutions, Utimaco’s HSMs implement a Random Number Generator that complies to AIS 31class DRG.4 for the generation of highest quality key material. Software solutions, for instance, store keys in main memory—offering attackers the ability to disassemble the software, exploit vulnerabilities and run attacks remotely.

Certified HSMs: The Root of Trust for key injection and managing embedded device

The main challenge in both the production of embedded devices and their life cycle management is the loading of root cryptographic keys and the embedded code. For key injection chip manufacturers and device manufacturers alike, use Certified cryptographic modules – similar to point-of-sale (POS) terminal vendors.

This certification ensures that keys are generated by using the key generation function of a Hardware Security Module, or equivalent device. To ensure tamper resistance, Hardware Security Modules should be certified on True Random Number Generator (TRNG), AIS 31.

Integrated key management solution, typically based on Industry Standards ISO 11568 or ANSI 9.17

Proper key management includes the generation of cryptographic key material, the injection of keys into connected devices (e.g. at the production line), introducing keys in the back-end database servers (symmetric secret key or asymmetric public key), and renewing keys for already deployed devices. In case of asymmetric cryptography, a public key infrastructure (PKI) will be established.

Interested in reading more about