The number of connected devices in the Internet of Things (IoT) is growing exponentially. Both consumers and manufacturers are charmed by the new products and services that the exploitation of big data and the connection of devices can bring. At the same time, the risk of manipulation of these devices is growing. And this is equally true, no matter if the connected device is a health monitor, a smart meter or a connected car – only the consequences vary in potential severity. In any case, the authenticity, integrity and confidentiality of the device or the data needs to be guaranteed. How so? By ensuring that each device has a truly unique electronic identity that can be trusted, managed and addressed. This is only possible, if each device uses a semiconductor chip, waiver or electronic control unit (ECU) that has a unique identity – which is injected into the chip during its production process. This process is called key injections is the basis for the secure management of a device over its product lifetime.
If key injection is the first step in securing the Internet of Things, it is essential that the integrity of the keys used is beyond question. Without the integrity of the cryptographic key material, the chain of trust cannot be established. But before looking at the role of Hardware Security Modules in key injection applications, let’s figure out what the three main attack vectors for key injection are:
Taking these attack vectors into account, it is obvious that only tamper-proof HSMs – like the FIPS physical level 4 SecurityServer by Utimaco – can establish a solid Root of Trust for key injection scenarios.
A Utimaco HSM provides:
A Hardware Security Module (HSM) creates and secures cryptographic keys, and manages them for strong authentication. Compared to software solutions, Utimaco’s HSMs implement a Random Number Generator that complies to AIS 31class DRG.4 for the generation of highest quality key material. Software solutions, for instance, store keys in main memory—offering attackers the ability to disassemble the software, exploit vulnerabilities and run attacks remotely.
The main challenge in both the production of embedded devices and their life cycle management is the loading of root cryptographic keys and the embedded code. For key injection chip manufacturers and device manufacturers alike, use Certified cryptographic modules – similar to point-of-sale (POS) terminal vendors.
This certification ensures that keys are generated by using the key generation function of a Hardware Security Module, or equivalent device. To ensure tamper resistance, Hardware Security Modules should be certified on True Random Number Generator (TRNG), AIS 31.
Proper key management includes the generation of cryptographic key material, the injection of keys into connected devices (e.g. at the production line), introducing keys in the back-end database servers (symmetric secret key or asymmetric public key), and renewing keys for already deployed devices. In case of asymmetric cryptography, a public key infrastructure (PKI) will be established.
Interested in reading more about