{"title":"多重认证的信任根:利用协同效应","authors":"S. Guilley","doi":"10.1109/atc55345.2022.9942989","DOIUrl":null,"url":null,"abstract":"In recent years, worldwide chip production has increased significantly. The “back to silicon” trend is driven by the digitization of multiple usages as well as the specificities of certain markets. As chips are liable for data protection, the proportion of chips with embedded security features is increasing. Because of the shortened time-to-market, some chips must be ready to be deployed in markets or use-cases unknown at the time of design. Since each market has its own security schemes, chips need to be “pre-certifiable” under different schemes. The design activity is usually tailored to a given set of security requirements. In the new context where multiple requirements will have to be satisfied proactively, design strategies must evolve. In this talk, we shall share experience regarding the design of chips eligible to triple precertification, namely: Common Criteria (CC), NIST FIPS 140 and Chinese OSCCA. The synergies arise at three levels. First, documentation production is rationalized. Typically, in the latest version of FIPS 140 (version 3), lifecycle assurance requirements can be mutualized with the ADV, AGD, ALC and ATE assurance classes in CC. Second, it is often beneficial to combine functional requirements. Consider, for example, the mandatory self-checks of cryptographic algorithms and/or keys in FIPS 140: these are sound precautions that reduce the number of vulnerabilities in the CC context. Third, some specific IPs need to be analyzed more deeply in all the schemes anyhow. For instance, regarding True Random Number Generators (TRNGs), there are very detailed, even intrusive requirements (e.g., access to “raw” bits). Similarly, the standards require testing on millions of bits generated in a row by the TRNG. The OSCCA scheme requires that several TRNG rationales be implemented, so as to withstand total failures. Obviously, this also benefits the resistance to fault attacks under a CC prism. However, it should be noted that some pitfalls should also be avoided. For example, EVITA's secure boot is based on firmware hash, which is incompatible with FIPS 140-3 requirements to leverage the digital signature (from level 3 onward). To sum up, we intend to show that certification efforts can be rationalized to better reach the market, with cost-saving factorization while designing or producing certification-related evidence sets.","PeriodicalId":135827,"journal":{"name":"2022 International Conference on Advanced Technologies for Communications (ATC)","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2022-10-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Multi-Certified Root-of-Trust: Exploiting Synergies\",\"authors\":\"S. Guilley\",\"doi\":\"10.1109/atc55345.2022.9942989\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"In recent years, worldwide chip production has increased significantly. The “back to silicon” trend is driven by the digitization of multiple usages as well as the specificities of certain markets. As chips are liable for data protection, the proportion of chips with embedded security features is increasing. Because of the shortened time-to-market, some chips must be ready to be deployed in markets or use-cases unknown at the time of design. Since each market has its own security schemes, chips need to be “pre-certifiable” under different schemes. The design activity is usually tailored to a given set of security requirements. In the new context where multiple requirements will have to be satisfied proactively, design strategies must evolve. In this talk, we shall share experience regarding the design of chips eligible to triple precertification, namely: Common Criteria (CC), NIST FIPS 140 and Chinese OSCCA. The synergies arise at three levels. First, documentation production is rationalized. Typically, in the latest version of FIPS 140 (version 3), lifecycle assurance requirements can be mutualized with the ADV, AGD, ALC and ATE assurance classes in CC. Second, it is often beneficial to combine functional requirements. Consider, for example, the mandatory self-checks of cryptographic algorithms and/or keys in FIPS 140: these are sound precautions that reduce the number of vulnerabilities in the CC context. Third, some specific IPs need to be analyzed more deeply in all the schemes anyhow. For instance, regarding True Random Number Generators (TRNGs), there are very detailed, even intrusive requirements (e.g., access to “raw” bits). Similarly, the standards require testing on millions of bits generated in a row by the TRNG. The OSCCA scheme requires that several TRNG rationales be implemented, so as to withstand total failures. Obviously, this also benefits the resistance to fault attacks under a CC prism. However, it should be noted that some pitfalls should also be avoided. For example, EVITA's secure boot is based on firmware hash, which is incompatible with FIPS 140-3 requirements to leverage the digital signature (from level 3 onward). To sum up, we intend to show that certification efforts can be rationalized to better reach the market, with cost-saving factorization while designing or producing certification-related evidence sets.\",\"PeriodicalId\":135827,\"journal\":{\"name\":\"2022 International Conference on Advanced Technologies for Communications (ATC)\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2022-10-20\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2022 International Conference on Advanced Technologies for Communications (ATC)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/atc55345.2022.9942989\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2022 International Conference on Advanced Technologies for Communications (ATC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/atc55345.2022.9942989","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0
摘要
近年来,全球芯片产量大幅增长。“回归硅”的趋势是由多种用途的数字化以及某些市场的特殊性驱动的。由于芯片承担着数据保护的责任,具有嵌入式安全功能的芯片所占的比例越来越大。由于上市时间缩短,一些芯片必须准备好在设计时未知的市场或用例中部署。由于每个市场都有自己的安全方案,芯片需要在不同的方案下进行“预认证”。设计活动通常针对一组给定的安全需求进行定制。在必须主动满足多种需求的新环境中,设计策略必须发展。在这次演讲中,我们将分享三重预认证芯片的设计经验,即:通用标准(CC), NIST FIPS 140和中国OSCCA。协同效应产生于三个层面。首先,文档制作合理化。通常,在最新版本的FIPS 140(版本3)中,生命周期保证需求可以与CC中的ADV、AGD、ALC和ATE保证类相互关联。其次,将功能需求结合起来通常是有益的。例如,考虑FIPS 140中加密算法和/或密钥的强制自检:这些是减少CC上下文中漏洞数量的合理预防措施。第三,一些特定的ip无论如何都需要在所有方案中进行更深入的分析。例如,关于真随机数生成器(trng),有非常详细的,甚至是侵入性的要求(例如,访问“原始”比特)。同样,标准要求对TRNG连续生成的数百万位进行测试。OSCCA方案要求实施若干TRNG原理,以承受完全失效。显然,这也有利于抵抗CC棱镜下的错误攻击。然而,应该注意的是,一些陷阱也应该避免。例如,EVITA的安全引导基于固件散列,这与FIPS 140-3要求不兼容,无法利用数字签名(从第3级开始)。总而言之,我们打算表明,在设计或生产与认证相关的证据集时,可以通过节省成本的factorization,使认证工作合理化,以更好地进入市场。
In recent years, worldwide chip production has increased significantly. The “back to silicon” trend is driven by the digitization of multiple usages as well as the specificities of certain markets. As chips are liable for data protection, the proportion of chips with embedded security features is increasing. Because of the shortened time-to-market, some chips must be ready to be deployed in markets or use-cases unknown at the time of design. Since each market has its own security schemes, chips need to be “pre-certifiable” under different schemes. The design activity is usually tailored to a given set of security requirements. In the new context where multiple requirements will have to be satisfied proactively, design strategies must evolve. In this talk, we shall share experience regarding the design of chips eligible to triple precertification, namely: Common Criteria (CC), NIST FIPS 140 and Chinese OSCCA. The synergies arise at three levels. First, documentation production is rationalized. Typically, in the latest version of FIPS 140 (version 3), lifecycle assurance requirements can be mutualized with the ADV, AGD, ALC and ATE assurance classes in CC. Second, it is often beneficial to combine functional requirements. Consider, for example, the mandatory self-checks of cryptographic algorithms and/or keys in FIPS 140: these are sound precautions that reduce the number of vulnerabilities in the CC context. Third, some specific IPs need to be analyzed more deeply in all the schemes anyhow. For instance, regarding True Random Number Generators (TRNGs), there are very detailed, even intrusive requirements (e.g., access to “raw” bits). Similarly, the standards require testing on millions of bits generated in a row by the TRNG. The OSCCA scheme requires that several TRNG rationales be implemented, so as to withstand total failures. Obviously, this also benefits the resistance to fault attacks under a CC prism. However, it should be noted that some pitfalls should also be avoided. For example, EVITA's secure boot is based on firmware hash, which is incompatible with FIPS 140-3 requirements to leverage the digital signature (from level 3 onward). To sum up, we intend to show that certification efforts can be rationalized to better reach the market, with cost-saving factorization while designing or producing certification-related evidence sets.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
