Important changes to forums and questions

All forums and questions are now archived. To start a new conversation or read the latest updates go to forums.mbed.com.

Secure storage, bootstrapping, secure boot

Topic last updated 01 May 2016, by Nick Marsh. 2 replies
Ashley Mills
27 Mar 2014

Hi,

I'm really interested in understanding how people are protecting the security of their mbed based products. If you have any ideas around the following points, I'd really love to hear what you have to say:

  1. Ordinary mobile SIMs are tamper proof and try and protect access to the keys stored on them. Do any of the mbed products have secure areas of memory or something that would provide a similar level of protection for encryption keys or other principals?
  2. Do any of the mbed family have something like a secure boot procedure where the integrity and authenticity of the firmware is checked before executing?
  3. How would you go about bootstrapping something like a set of pre-shared keys to a connected device? Would you burn individual keys at the factory? Or do something like have a shared key which allows the device to contact a bootstrap server to get it's strong keys?

If anyone has any other information around this point, I'd be greatly interested in hearing your thoughts.

Ashley

Jean-Luc GRIMAULT
25 Apr 2016

Hi , Bonjour,

Unfortunately, I do not provide the answer but reiterate the same kind of questions:

1) How is it possible for a secure box to store a key (e.g. an AES key) so that, in case the power on the mbed objet would go off, upon the power going back on later, the secure box can then securely retrieve the key from the flash memory so that the application can resume.

2) When a TLS handshake takes place, the mbed object can authenticate the server, but how the server can authenticate the object? To do that, I guess a secure box would need to access to the hardware identify of the object ? Is there an API defined for that? Such use case seems not documented in the how-to pages?

Thank you in advance / Merci / Muchas gracias

Nick Marsh
01 May 2016

Hi guys,

there are many aspects of security and all are flawed in some way....

however, combining several techniques, you can come close

some STM32 processors have a Tamper pin and a battery connection.

Some of the protected Ram is trashed after the tamper is detected.

This is mainly useful to 100% guarantee node identity over an insecure network like the interweb we live in.

You can decrypt code from Flash into Ram through a key protected by the tamper circuit.

but this does not really help to secure the flash. All processors have the functionality to secure the flash but I am sure there are methods to extract the program.

:(

however, I am a newbie in today's terms. :(