CN110301114A - Electronic device - Google Patents
Electronic device Download PDFInfo
- Publication number
- CN110301114A CN110301114A CN201880011365.0A CN201880011365A CN110301114A CN 110301114 A CN110301114 A CN 110301114A CN 201880011365 A CN201880011365 A CN 201880011365A CN 110301114 A CN110301114 A CN 110301114A
- Authority
- CN
- China
- Prior art keywords
- key
- electronic device
- micro electromechanical
- electromechanical structure
- component
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0866—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F7/00—Methods or arrangements for processing data by operating upon the order or content of the data handled
- G06F7/58—Random or pseudo-random number generators
- G06F7/588—Random number generators, i.e. based on natural stochastic processes
Abstract
The present invention relates to a kind of electronic devices, the electronic device is configured to trusted platform module and is therefore configured to stand-alone assembly, and the electronic device has cipher processor (104) and micro electromechanical structure (108) as component, and the micro electromechanical structure is for generating at least one key.The property of the device has an impact at least one characteristic to the micro electromechanical structure (108).
Description
Technical field
The present invention relates to a kind of electronic device, key can be stored or saved in the electronic device, and is related to one
Kind is for the method by key storage in this electronic device.
Background technique
In Internet of Things for implement and user's acceptability center challenge first is that safety.For this purpose, especially needing
It is used to generate and safely store the solution of cryptographic key.
Furthermore, it is noted that in modern electric system use big quantity sensor and actuator, they typically with center
Control device connection.The central control unit detection sensor data and manipulate actuator.More and more as example via
Internet such electric system networking requirements protect the communication between control device and sensor and actuator.For
This, which is known that, encrypts the information exchanged by encryption method, prevent these information are from by unwarranted
Tripartite utilizes and cannot be manipulated when necessary.Following key is needed for these encryption methods, the key should be again
It is secondary to be safely generated and store.
Possibility scheme for improving safety in the field is hardware component, is referred to as trusted platform module or can
Believe console module (Trusted Platform Module) (TPM).TPM is, for example, processor, and the processor is due to software
It complexity and aggressive can be for example mounted on the main circuit board of computer as independent component or chip.Using such
TPM, computer or similar devices can be extended basic security function, for example, encrypt or sign.
Assuming that TPM thoroughly deserves trust, because the TPM is protected against the behaviour of software aspects based on system architecture
It is vertical.Here, license key (Bewilligungsschl ü ssel) or endorsement key (Endorsement Key) (EK) constitute TPM
Basis, the license key or endorsement key never leave TPM and from license key described in outside access or cannot write comments on a document
Key.It can be seen that the schematic diagram of TPM in Fig. 1.
Solution for generating cryptographic key can not copy function (Physical by using so-called physics
Unclonable Function, PUF) it provides.A kind of method is described as a result, wherein from tangible or physics structure energy
Enough export cryptographic key.For this purpose, physical system is loaded with the (challenge of so-called challenge (Challenge)
(Herausforderung)).The challenge may be very different by scheme.The system is with characteristic response (response (Antwort))
It reacts to the challenge, cryptographic key can be generated from the characteristic response.Such challenge responses are to (Challenge
Response Pair, CRP) it is fingerprint that is unique and being essentially system in the case where PUF.The fingerprint is usual
Based on the process variation in system manufacture.The accurate representation form of fingerprint cannot predefine, and can not pass through manufacturer
It predefines, thus PUF also should be irreproducible.In general, the characteristic of PUF is based on the intrinsic process variation in manufacture.
The advantages of hardware based key generates is, it is no longer necessary to the key of stored digital.Because stored digital
Key easily can be read and be copied, and be benefited so this is mainly to provide huge safety.In addition, the solution is potential
Ground can be that cost is lower, because if the key of stored digital should be protected against intrusive attack quite safely,
Then the key of the stored digital must be protected in a manner of consuming.
However, it is necessary to meet key so as to the requirement right and wrong used in cipher application, in such as encryption and authentication
It is often extensive.Therefore, the key must for example have maximum entropy, and the key cannot can for example be compressed, and described
Key must have certain minimum length, optimally in the range in 128 bits.
Different designs is had existed for PUF.For example exist to the general view of these designs: Physically
In Unclonable Functions:Constructions, Properties and Applications, Maes, 2013
It provides.Known PUF is, for example:
PUF based on SRAM
Most well known PUF's first is that PUF based on SRAM.Sram cell is utilized in the PUF based on SRAM
(Zellen) many units in repeatably adoption status " 1 " or state " 0 " when connecting.Challenge is based on SRAM's
In the case of PUF therefore be SRAM connection and sram cell address selection.
PUF based on MEMS
MEMS(Micro-Electro-Mechanical System;MEMS) it is the integration logic in chip or component
The component of element and micro mechanical structure.The MEMS can handle mechanically and electrically information.The element of MEMS is, for example, sensor, holds
Row device, oscillator and filter.
Structure, such as MEMS sensor based on MEMS are equally applicable to the application as PUF.Due to the wave in manufacture
Dynamic, the structure based on MEMS has unique fingerprint, based in it characteristic.This has been able to be asserted
(Bojinov et al. " Mobile Device Identification via Sensor Fingerprinting " (
CoRR, in 2014) or Aysu et al. " Digital Fingerprints for Low-cost Platforms Using
MEMS Sensors " (in Proceedings of the Workshop on Embedded Systems Security,
In 2013)).
In the case where the PUF based on MEMS, challenge may be it is very different, such as voltage amplitude with definition or
The signal of frequency.
Response can be mechanical and/or characteristic, such as mechanical resonance frequency, Oscillation Amplitude, capacitor of electricity etc..
In publication " MEMS Gyroscope as Physical Unclonable Functions " (Oliver
Willers et al., CCS 24-28 days in October, 16,2016, Vienna, Austria) in describe for generate key based on
The use of the structure of MEMS.
2015/0200775 A1 of printed matter US describes a kind of method for determining key in conjunction with MEMS structure.At this
In method, multiple physical parameters of determining device and the feature vector with multiple values of device.Here, each value is corresponding to more
Different physical parameters in a physical parameter.Key is exported from characteristic variable.It should be noted that MEMS device also can wrap
Include multiple MEMS structures.In the case, feature vector is determined for each MEMS structure.
Other than generating key, it is noted that, the key is so stored, so that protecting the key from attacking
It hits.Therefore, make every effort to improve the safety of the especially anti-intrusive attack of TPM or similar module.
In the past it has been shown that common TPM may be broken into formula attack fully " pry open ".This reason in particular, in that,
TPM uses the key of stored digital, and wherein EK is in nonvolatile memory, and the key of the stored digital, which can use, invades
Enter formula attack to read, analyze, modify and copy.Improve the safety of the especially anti-intrusive attack of TPM or similar module can
Scheme with prediction is using PUF.Here, the solution for being mainly based upon SRAM so far is in focus, see, for example, Zhao
Et al. " Providing Root of Trust for ARM TrustZone using On-Chip SRAM " (
In Cryptology ePrint Archive, Report 2014/464,2014).
It is noted, however, that not providing the exhausted of anti-intrusive attack based on the PUF of SRAM and other pure electricity PUF schemes
Protection to safety.Therefore, record, which has, has successfully attacked the PUF based on SRAM, and wherein privacy key passes through intrusion
Formula attack can be read and system itself then even can be by the physical copy (" Cloning of Helfmeier et al.
Physically Unclonable Functions ", in HOST, 2013).
Summary of the invention
In this context, electronic device according to claim 1 and the method according to claim 11 are introduced.
Embodiment is obtained from dependent claims and from specification.
Show: micro electronmechanical or structure based on MEMS provides the obvious preferably protection compared with known scheme.This is former
Because in particular, in that, used here as mechanical property, such as mechanical resonance frequency, Oscillation Amplitude, the mechanical property is obviously quicker
Sense ground reacts to the change of the change of its environmental condition, such as mechanical stress state, and therefore provides anti-intrusive mood and attack
The inherent protection hit.In addition, key, which generates, is based on analog measurement, the analog measurement is true in the system that itself is closed
It is fixed.The contact of electrical connection from foreign intervention, for example between MEMS and assessment circuit cause the change of electricity parasitism and by
This leads to the change of absolute measurement parameter.Precondition is the structure based on MEMS, the list for being manipulated and being assessed to it
Member and implement crypto-operation unit be in an encapsulation part or encapsulate (Package) (System-in-Package(is system-level
Encapsulation): in SiP).Due to the fluctuation in manufacture, each MEMS structure has the unique fingerprint based on its intrinsic characteristic.
From now on, the MEMS structure at least one characteristic used to generate key is difficult to
In a device, i.e. in the electronic device introduced.What can be achieved from this is that at least one of MEMS or MEMS structure characteristic
Or these characteristics for not authorized person be maccessiable, that is, these authorized person cannot access these characteristics.?
It is configured to trusted platform module credible platform module (Trusted Platform Module) in the case of this and is thus configured to solely
The device of vertical component or chip is closed encapsulation part or corresponding encapsulation.When opening encapsulation, effect on environment sensitivity
The characteristic changing of MEMS, so that the key or these keys can not be read.It means that the property pair of electronic device or component
At least one characteristic of micro electromechanical structure has an impact.Therefore the key or these keys have at least one characteristic of MEMS structure
It closes.
Therefore the component of introduced electronic device cannot be accessed.It is contained in encapsulation part to these piece safeties, without
The component can be accessed by not obtaining authorized person.
In expansion scheme, in order to which privacy key, such as license key or endorsement key (EK) are securely stored in value
In the module that must trust, such as TPM, propose using the structure based on MEMS, the structure based on MEMS provides anti-intrusion
The inherent protection of formula attack.
The method introduced for store key and stipulated that, the key is saved in MEMS structure, the MEMS
Structure setting is in the device of described type.Here, key typically via MEMS structure feature definitions and needing
When can be exported from the characteristic.The key then temporarily can be used, but never enduringly be stored in a digital manner.
Key can newly be regenerated when needed.However, being persistently stored the key without place.
Other advantages and expansion scheme of the invention are obtained from specification and appended attached drawing.
It will be appreciated that the described above and feature to be illustrated further below can not only with combination illustrated respectively and
And also combined with other or individually used, and without departing from the scope of the present invention.
Detailed description of the invention
Fig. 1 is to illustrate to illustrate TPM according to prior art.
Fig. 2 is to illustrate the embodiment for illustrating introduced electronic device.
Specific embodiment
The present invention is schematically depicted in the drawings according to embodiment and retouches in detail hereinafter with reference to attached drawing
It states.
To illustrate to illustrate TPM, which is indicated with appended drawing reference 10 Fig. 1 on the whole.The TPM 10 is configured to integrated package
12.Shielded input and output side 14, encryption processor or cipher processor 16, non-volatile are provided in the component 12
Property memory 18 and volatile memory 20.
TPM 10 is component or chip, and computer or similar devices are extended basic safe function by the component or chip
Energy.These functions are for example for being intended to permit protection or data protection.The smart card that the chip a part is such as fixedly mounted that
Sample performance, but have the difference is that, which is not bound to specific user but is bound to local computer.
With TPM, specially the device of the operating system and corresponding software that are adapted to collectively constitutes so-called trust computing
Platform (TC platform), the especially protected manipulation third party from software aspects of the credible calculating platform.
Random generator 30, key generator 32, especially RSA key generator, Hash are set in cipher processor 16
It is worth generator 34 and encryption/decryption and signature unit 36.
License key or endorsement key 40 and storage root key (or Storage are set in nonvolatile memory 18
Root Key) 42.Endorsement key (EK) 40 is explicitly assigned to TPM 10.Key length is confirmed as 2048 bits, and algorithm
It is determined as RSA method.For safety and Data Protection reasons, the privately owned part of EK 40 never allows to leave TPM 10.By
This, also eliminates backup.The common portion of EK 40 can use preset order and be read.Reading can use preset life
Order is blocked, and wherein this is typically final and is no longer able to cancel.
Storage root key (Storage Root Key, SRK) 42 is the RSA key for having length for 2048 bits.It is described
Storage root key is used to encrypt other keys used, such as the privately owned close of the Email of user (E-Mail) communication
Key, and be therefore the root of TPM key tree.If the owner of computer converts, new SRK is typically generated.It is noted that
It is that SRK is not transportable.
RSA(Rivest, Shamir and Adleman) be non-symmetric cryptographic methods, can not only be used to encryption and
It can be used for digital signature.In the method, private cipher key be used to decrypt and public keys be used to encrypt.
Platform configuration register 50, identity validation key or authentication key are set in volatile memory 20
(Attestation Identity Key) the 52 and key 54 stored.Authentication key 52 (AIK) is that have 2048
Bit measured length, i.e. fixed public index (einem fixierten ffentlichen Exponenten) e=2 really16+l
RSA key.The authentication key is signature that is not transportable and allowing to be used only for value by TPM 10, described value
It is saved in so-called platform configuration register 50(or Platform Configuration Register) in (PCR).PCR
It is a part of the volatile memory in TPM 10 and is the state mapping for being responsible for the current-configuration for storing software and hardware
's.
The AIK has been introduced into, because the EK of TPM can not be used directly to notarization completeness of platform.
As previously mentioned like that, the structure based on MEMS, the unit for being manipulated and being assessed to it and implementation
The unit of cryptographic methods should be in an encapsulation.To this referring to Fig. 2.
Fig. 2 shows the embodiment for the electronic building brick introduced, the electronic building brick is integrally indicated with appended drawing reference 100.
The component 100 includes interface 102 and cipher processor 104, and task is, executes crypto-operation, such as encrypts, signs, RSA
Key generator, random number generator, cryptographic Hash generator.In addition, component 100 includes that volatile memory 106 and MEMS are tied
Structure 108, wherein specific integrated circuit (ASIC) 110 distributes to the MEMS structure.
In cipher processor 104, can be set random generator, key generator, especially RSA key generator,
Cryptographic Hash generator and/or encryption/decryption and signature unit 36.
Platform configuration register, authentication key and the key stored can be saved in volatile memory 106.
MEMS structure (Struktor) 108 and ASIC 110 are two individual devices, they are usually typically in SiP
It is connected to each other by closing line.But it is also contemplated that AISC 110 substitutes the cover of the sensor of MEMS structure 108, this claims
As ASIC cap.In this case, a device is only set in principle.
Compared with the TPM 10 according to Fig. 1, it can be seen that nonvolatile memory (appended drawing reference 18 in Fig. 1) is present
It is substituted by MEMS and its ASIC.This means that: EK is now stored in structure based on MEMS itself, this provides anti-intrusive mood
The inherent protection of attack.
MEMS structure does not possess the memory of oneself typically.When needing key, which is tied by ASIC from MEMS
It is exported in the machinery and/or electrical characteristics of structure 108.That is, key storage is in structure itself.
About volatile memory (appended drawing reference 20 in Fig. 1) and cipher processor (appended drawing reference 16 in Fig. 1)
Embodiment is also suitable for the volatile memory 106 and cipher processor 104 of electronic device according to fig. 2.
Another advantage is that nobody, even manufacturer can not know EK.This situation is in this way, because the feature of MEMS
Accurate representation form and thus EK are only just defined when packaged, because especially setting specific mechanical stress in forming process
State and electricity are parasitic, such as between the connection between MEMS and ASIC.This aspect is it is meant that user is no longer referred to
Show: the manufacturer of TPM must be trusted, because EK does not also know really in the manufacturer.
The component and described method introduced can be used to develop the raised safety with anti-intrusive attack
The TPM of new generation of property.
Claims (10)
1. a kind of electronic device, the electronic device is configured to trusted platform module and therefore construction is independent component, and
There are the electronic device cipher processor (104) and the micro electromechanical structure (108) at least one characteristic to be used as component, institute
Micro electromechanical structure is stated for generating at least one key, wherein the electronic device is configured such that the property of the electronic device
At least one characteristic of the micro electromechanical structure (108) of verifying has an impact.
2. electronic device according to claim 1, wherein special circuit (110) distributes to the micro electromechanical structure (108).
3. a kind of electronic device, the electronic device includes interface (102) as other component.
4. a kind of electronic device, the electronic device includes volatile memory (106) as other component.
5. electronic device according to claim 4 is posted wherein saving platform configuration in the volatile memory (106)
Storage, identity validation key and/or the key stored.
6. electronic device according to any one of claim 1 to 5, wherein the setting in the cipher processor (104)
Random generator, RSA key generator, cryptographic Hash generator and/or encryption/decryption and signature unit.
7. electronic device according to any one of claim 1 to 6, wherein being saved in the micro electromechanical structure (108)
At least one key, the key are related at least one characteristic of the micro electromechanical structure (108).
8. one kind is used for key storage in electronic device (100), in particular according to electricity described in any one of claims 1 to 7
Method in sub- device (100), the electronic device is configured to trusted platform module and therefore construction is independent component, wherein
The key is saved in micro electromechanical structure (108), and the micro electromechanical structure (108) is arranged as component in the electronics device
In part (100).
9. according to the method described in claim 8, wherein the key is special by least one of the micro electromechanical structure (108)
Property definition.
10. according to the method described in claim 9, wherein the key is exported from least one described feature when needed.
Applications Claiming Priority (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
DE102017202201.9A DE102017202201A1 (en) | 2017-02-13 | 2017-02-13 | Electronic component |
DE102017202201.9 | 2017-02-13 | ||
PCT/EP2018/051545 WO2018145890A1 (en) | 2017-02-13 | 2018-01-23 | Electronic component |
Publications (1)
Publication Number | Publication Date |
---|---|
CN110301114A true CN110301114A (en) | 2019-10-01 |
Family
ID=61027727
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201880011365.0A Pending CN110301114A (en) | 2017-02-13 | 2018-01-23 | Electronic device |
Country Status (4)
Country | Link |
---|---|
EP (1) | EP3580888A1 (en) |
CN (1) | CN110301114A (en) |
DE (1) | DE102017202201A1 (en) |
WO (1) | WO2018145890A1 (en) |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2015071002A1 (en) * | 2013-11-14 | 2015-05-21 | Siemens Aktiengesellschaft | Access to a memory |
US20150180841A1 (en) * | 2013-02-13 | 2015-06-25 | Honeywell International Inc. | Physics-based key generation |
US20160359635A1 (en) * | 2011-03-11 | 2016-12-08 | Emsycon Gmbh | Tamper-protected hardware and method for using same |
Family Cites Families (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9667419B2 (en) | 2014-01-10 | 2017-05-30 | Robert Bosch Gmbh | System and method for cryptographic key identification |
US9806884B2 (en) * | 2014-01-10 | 2017-10-31 | Robert Bosch Gmbh | System and method for cryptographic key identification |
DE102014208764A1 (en) | 2014-05-09 | 2015-11-12 | Siemens Aktiengesellschaft | Method and device for manipulation protection of a module |
-
2017
- 2017-02-13 DE DE102017202201.9A patent/DE102017202201A1/en not_active Withdrawn
-
2018
- 2018-01-23 CN CN201880011365.0A patent/CN110301114A/en active Pending
- 2018-01-23 EP EP18701456.8A patent/EP3580888A1/en not_active Withdrawn
- 2018-01-23 WO PCT/EP2018/051545 patent/WO2018145890A1/en active Application Filing
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20160359635A1 (en) * | 2011-03-11 | 2016-12-08 | Emsycon Gmbh | Tamper-protected hardware and method for using same |
US20150180841A1 (en) * | 2013-02-13 | 2015-06-25 | Honeywell International Inc. | Physics-based key generation |
WO2015071002A1 (en) * | 2013-11-14 | 2015-05-21 | Siemens Aktiengesellschaft | Access to a memory |
Non-Patent Citations (1)
Title |
---|
OLIVER WILLERS: ""MEMS gyroscopes as physical unclonable functions"", 《PROCEEDINGS OF THE 2016 ACM SIGSAC CONFERENCE ON COMPUTER AND COMMUNICATIONS SECURITY》 * |
Also Published As
Publication number | Publication date |
---|---|
WO2018145890A1 (en) | 2018-08-16 |
DE102017202201A1 (en) | 2018-08-16 |
EP3580888A1 (en) | 2019-12-18 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10733291B1 (en) | Bi-directional communication protocol based device security | |
US9018972B1 (en) | Area-efficient physically unclonable function circuit architecture | |
US20090265758A1 (en) | Attach detection with coating puf | |
Oren et al. | On the effectiveness of the remanence decay side-channel to clone memory-based PUFs | |
US20170310688A1 (en) | System and method for securing an electronic circuit | |
US10205588B2 (en) | Device keys protection | |
Immler et al. | B-TREPID: Batteryless tamper-resistant envelope with a PUF and integrity detection | |
KR20100021446A (en) | Method and system for electronically securing an electronic device using physically unclonable functions | |
US20110002461A1 (en) | Method and System for Electronically Securing an Electronic Biometric Device Using Physically Unclonable Functions | |
US11516028B2 (en) | Temperature sensing physical unclonable function (PUF) authentication system | |
van der Leest et al. | Hardware intrinsic security to protect value in the mobile market | |
CN103038745A (en) | Extending an integrity measurement | |
CN102439897A (en) | Electronic device, key generation program, recording medium, and key generation method | |
US10762177B2 (en) | Method for preventing an unauthorized operation of a motor vehicle | |
Schaller et al. | Lightweight anti-counterfeiting solution for low-end commodity hardware using inherent PUFs | |
EP3214567A1 (en) | Secure external update of memory content for a certain system on chip | |
CN110301114A (en) | Electronic device | |
Unterstein et al. | SCA secure and updatable crypto engines for FPGA soc bitstream decryption | |
Corbett et al. | Leveraging hardware security to secure connected vehicles | |
CN110601846B (en) | System and method for verifying virtual trusted root | |
Unterstein et al. | SCA secure and updatable crypto engines for FPGA SoC bitstream decryption: extended version | |
Merli et al. | Identities for embedded systems enabled by physical unclonable functions | |
Li et al. | Enhancing tpm security by integrating sram pufs technology | |
Gallo et al. | On device identity establishment and verification | |
Immler et al. | Next-Generation Anti-Tamper Envelopes forCyber Physical Defense Systems-Extended Abstract |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20191001 |