CN110301114A - Electronic device - Google Patents

Electronic device Download PDF

Info

Publication number
CN110301114A
CN110301114A CN201880011365.0A CN201880011365A CN110301114A CN 110301114 A CN110301114 A CN 110301114A CN 201880011365 A CN201880011365 A CN 201880011365A CN 110301114 A CN110301114 A CN 110301114A
Authority
CN
China
Prior art keywords
key
electronic device
micro electromechanical
electromechanical structure
component
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201880011365.0A
Other languages
Chinese (zh)
Inventor
O.维勒斯
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Robert Bosch GmbH
Original Assignee
Robert Bosch GmbH
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Robert Bosch GmbH filed Critical Robert Bosch GmbH
Publication of CN110301114A publication Critical patent/CN110301114A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0866Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F7/00Methods or arrangements for processing data by operating upon the order or content of the data handled
    • G06F7/58Random or pseudo-random number generators
    • G06F7/588Random number generators, i.e. based on natural stochastic processes

Abstract

The present invention relates to a kind of electronic devices, the electronic device is configured to trusted platform module and is therefore configured to stand-alone assembly, and the electronic device has cipher processor (104) and micro electromechanical structure (108) as component, and the micro electromechanical structure is for generating at least one key.The property of the device has an impact at least one characteristic to the micro electromechanical structure (108).

Description

Electronic device
Technical field
The present invention relates to a kind of electronic device, key can be stored or saved in the electronic device, and is related to one Kind is for the method by key storage in this electronic device.
Background technique
In Internet of Things for implement and user's acceptability center challenge first is that safety.For this purpose, especially needing It is used to generate and safely store the solution of cryptographic key.
Furthermore, it is noted that in modern electric system use big quantity sensor and actuator, they typically with center Control device connection.The central control unit detection sensor data and manipulate actuator.More and more as example via Internet such electric system networking requirements protect the communication between control device and sensor and actuator.For This, which is known that, encrypts the information exchanged by encryption method, prevent these information are from by unwarranted Tripartite utilizes and cannot be manipulated when necessary.Following key is needed for these encryption methods, the key should be again It is secondary to be safely generated and store.
Possibility scheme for improving safety in the field is hardware component, is referred to as trusted platform module or can Believe console module (Trusted Platform Module) (TPM).TPM is, for example, processor, and the processor is due to software It complexity and aggressive can be for example mounted on the main circuit board of computer as independent component or chip.Using such TPM, computer or similar devices can be extended basic security function, for example, encrypt or sign.
Assuming that TPM thoroughly deserves trust, because the TPM is protected against the behaviour of software aspects based on system architecture It is vertical.Here, license key (Bewilligungsschl ü ssel) or endorsement key (Endorsement Key) (EK) constitute TPM Basis, the license key or endorsement key never leave TPM and from license key described in outside access or cannot write comments on a document Key.It can be seen that the schematic diagram of TPM in Fig. 1.
Solution for generating cryptographic key can not copy function (Physical by using so-called physics Unclonable Function, PUF) it provides.A kind of method is described as a result, wherein from tangible or physics structure energy Enough export cryptographic key.For this purpose, physical system is loaded with the (challenge of so-called challenge (Challenge) (Herausforderung)).The challenge may be very different by scheme.The system is with characteristic response (response (Antwort)) It reacts to the challenge, cryptographic key can be generated from the characteristic response.Such challenge responses are to (Challenge Response Pair, CRP) it is fingerprint that is unique and being essentially system in the case where PUF.The fingerprint is usual Based on the process variation in system manufacture.The accurate representation form of fingerprint cannot predefine, and can not pass through manufacturer It predefines, thus PUF also should be irreproducible.In general, the characteristic of PUF is based on the intrinsic process variation in manufacture.
The advantages of hardware based key generates is, it is no longer necessary to the key of stored digital.Because stored digital Key easily can be read and be copied, and be benefited so this is mainly to provide huge safety.In addition, the solution is potential Ground can be that cost is lower, because if the key of stored digital should be protected against intrusive attack quite safely, Then the key of the stored digital must be protected in a manner of consuming.
However, it is necessary to meet key so as to the requirement right and wrong used in cipher application, in such as encryption and authentication It is often extensive.Therefore, the key must for example have maximum entropy, and the key cannot can for example be compressed, and described Key must have certain minimum length, optimally in the range in 128 bits.
Different designs is had existed for PUF.For example exist to the general view of these designs: Physically In Unclonable Functions:Constructions, Properties and Applications, Maes, 2013 It provides.Known PUF is, for example:
PUF based on SRAM
Most well known PUF's first is that PUF based on SRAM.Sram cell is utilized in the PUF based on SRAM (Zellen) many units in repeatably adoption status " 1 " or state " 0 " when connecting.Challenge is based on SRAM's In the case of PUF therefore be SRAM connection and sram cell address selection.
PUF based on MEMS
MEMS(Micro-Electro-Mechanical System;MEMS) it is the integration logic in chip or component The component of element and micro mechanical structure.The MEMS can handle mechanically and electrically information.The element of MEMS is, for example, sensor, holds Row device, oscillator and filter.
Structure, such as MEMS sensor based on MEMS are equally applicable to the application as PUF.Due to the wave in manufacture Dynamic, the structure based on MEMS has unique fingerprint, based in it characteristic.This has been able to be asserted (Bojinov et al. " Mobile Device Identification via Sensor Fingerprinting " ( CoRR, in 2014) or Aysu et al. " Digital Fingerprints for Low-cost Platforms Using MEMS Sensors " (in Proceedings of the Workshop on Embedded Systems Security, In 2013)).
In the case where the PUF based on MEMS, challenge may be it is very different, such as voltage amplitude with definition or The signal of frequency.
Response can be mechanical and/or characteristic, such as mechanical resonance frequency, Oscillation Amplitude, capacitor of electricity etc..
In publication " MEMS Gyroscope as Physical Unclonable Functions " (Oliver Willers et al., CCS 24-28 days in October, 16,2016, Vienna, Austria) in describe for generate key based on The use of the structure of MEMS.
2015/0200775 A1 of printed matter US describes a kind of method for determining key in conjunction with MEMS structure.At this In method, multiple physical parameters of determining device and the feature vector with multiple values of device.Here, each value is corresponding to more Different physical parameters in a physical parameter.Key is exported from characteristic variable.It should be noted that MEMS device also can wrap Include multiple MEMS structures.In the case, feature vector is determined for each MEMS structure.
Other than generating key, it is noted that, the key is so stored, so that protecting the key from attacking It hits.Therefore, make every effort to improve the safety of the especially anti-intrusive attack of TPM or similar module.
In the past it has been shown that common TPM may be broken into formula attack fully " pry open ".This reason in particular, in that, TPM uses the key of stored digital, and wherein EK is in nonvolatile memory, and the key of the stored digital, which can use, invades Enter formula attack to read, analyze, modify and copy.Improve the safety of the especially anti-intrusive attack of TPM or similar module can Scheme with prediction is using PUF.Here, the solution for being mainly based upon SRAM so far is in focus, see, for example, Zhao Et al. " Providing Root of Trust for ARM TrustZone using On-Chip SRAM " ( In Cryptology ePrint Archive, Report 2014/464,2014).
It is noted, however, that not providing the exhausted of anti-intrusive attack based on the PUF of SRAM and other pure electricity PUF schemes Protection to safety.Therefore, record, which has, has successfully attacked the PUF based on SRAM, and wherein privacy key passes through intrusion Formula attack can be read and system itself then even can be by the physical copy (" Cloning of Helfmeier et al. Physically Unclonable Functions ", in HOST, 2013).
Summary of the invention
In this context, electronic device according to claim 1 and the method according to claim 11 are introduced. Embodiment is obtained from dependent claims and from specification.
Show: micro electronmechanical or structure based on MEMS provides the obvious preferably protection compared with known scheme.This is former Because in particular, in that, used here as mechanical property, such as mechanical resonance frequency, Oscillation Amplitude, the mechanical property is obviously quicker Sense ground reacts to the change of the change of its environmental condition, such as mechanical stress state, and therefore provides anti-intrusive mood and attack The inherent protection hit.In addition, key, which generates, is based on analog measurement, the analog measurement is true in the system that itself is closed It is fixed.The contact of electrical connection from foreign intervention, for example between MEMS and assessment circuit cause the change of electricity parasitism and by This leads to the change of absolute measurement parameter.Precondition is the structure based on MEMS, the list for being manipulated and being assessed to it Member and implement crypto-operation unit be in an encapsulation part or encapsulate (Package) (System-in-Package(is system-level Encapsulation): in SiP).Due to the fluctuation in manufacture, each MEMS structure has the unique fingerprint based on its intrinsic characteristic.
From now on, the MEMS structure at least one characteristic used to generate key is difficult to In a device, i.e. in the electronic device introduced.What can be achieved from this is that at least one of MEMS or MEMS structure characteristic Or these characteristics for not authorized person be maccessiable, that is, these authorized person cannot access these characteristics.? It is configured to trusted platform module credible platform module (Trusted Platform Module) in the case of this and is thus configured to solely The device of vertical component or chip is closed encapsulation part or corresponding encapsulation.When opening encapsulation, effect on environment sensitivity The characteristic changing of MEMS, so that the key or these keys can not be read.It means that the property pair of electronic device or component At least one characteristic of micro electromechanical structure has an impact.Therefore the key or these keys have at least one characteristic of MEMS structure It closes.
Therefore the component of introduced electronic device cannot be accessed.It is contained in encapsulation part to these piece safeties, without The component can be accessed by not obtaining authorized person.
In expansion scheme, in order to which privacy key, such as license key or endorsement key (EK) are securely stored in value In the module that must trust, such as TPM, propose using the structure based on MEMS, the structure based on MEMS provides anti-intrusion The inherent protection of formula attack.
The method introduced for store key and stipulated that, the key is saved in MEMS structure, the MEMS Structure setting is in the device of described type.Here, key typically via MEMS structure feature definitions and needing When can be exported from the characteristic.The key then temporarily can be used, but never enduringly be stored in a digital manner.
Key can newly be regenerated when needed.However, being persistently stored the key without place.
Other advantages and expansion scheme of the invention are obtained from specification and appended attached drawing.
It will be appreciated that the described above and feature to be illustrated further below can not only with combination illustrated respectively and And also combined with other or individually used, and without departing from the scope of the present invention.
Detailed description of the invention
Fig. 1 is to illustrate to illustrate TPM according to prior art.
Fig. 2 is to illustrate the embodiment for illustrating introduced electronic device.
Specific embodiment
The present invention is schematically depicted in the drawings according to embodiment and retouches in detail hereinafter with reference to attached drawing It states.
To illustrate to illustrate TPM, which is indicated with appended drawing reference 10 Fig. 1 on the whole.The TPM 10 is configured to integrated package 12.Shielded input and output side 14, encryption processor or cipher processor 16, non-volatile are provided in the component 12 Property memory 18 and volatile memory 20.
TPM 10 is component or chip, and computer or similar devices are extended basic safe function by the component or chip Energy.These functions are for example for being intended to permit protection or data protection.The smart card that the chip a part is such as fixedly mounted that Sample performance, but have the difference is that, which is not bound to specific user but is bound to local computer.
With TPM, specially the device of the operating system and corresponding software that are adapted to collectively constitutes so-called trust computing Platform (TC platform), the especially protected manipulation third party from software aspects of the credible calculating platform.
Random generator 30, key generator 32, especially RSA key generator, Hash are set in cipher processor 16 It is worth generator 34 and encryption/decryption and signature unit 36.
License key or endorsement key 40 and storage root key (or Storage are set in nonvolatile memory 18 Root Key) 42.Endorsement key (EK) 40 is explicitly assigned to TPM 10.Key length is confirmed as 2048 bits, and algorithm It is determined as RSA method.For safety and Data Protection reasons, the privately owned part of EK 40 never allows to leave TPM 10.By This, also eliminates backup.The common portion of EK 40 can use preset order and be read.Reading can use preset life Order is blocked, and wherein this is typically final and is no longer able to cancel.
Storage root key (Storage Root Key, SRK) 42 is the RSA key for having length for 2048 bits.It is described Storage root key is used to encrypt other keys used, such as the privately owned close of the Email of user (E-Mail) communication Key, and be therefore the root of TPM key tree.If the owner of computer converts, new SRK is typically generated.It is noted that It is that SRK is not transportable.
RSA(Rivest, Shamir and Adleman) be non-symmetric cryptographic methods, can not only be used to encryption and It can be used for digital signature.In the method, private cipher key be used to decrypt and public keys be used to encrypt.
Platform configuration register 50, identity validation key or authentication key are set in volatile memory 20 (Attestation Identity Key) the 52 and key 54 stored.Authentication key 52 (AIK) is that have 2048 Bit measured length, i.e. fixed public index (einem fixierten ffentlichen Exponenten) e=2 really16+l RSA key.The authentication key is signature that is not transportable and allowing to be used only for value by TPM 10, described value It is saved in so-called platform configuration register 50(or Platform Configuration Register) in (PCR).PCR It is a part of the volatile memory in TPM 10 and is the state mapping for being responsible for the current-configuration for storing software and hardware 's.
The AIK has been introduced into, because the EK of TPM can not be used directly to notarization completeness of platform.
As previously mentioned like that, the structure based on MEMS, the unit for being manipulated and being assessed to it and implementation The unit of cryptographic methods should be in an encapsulation.To this referring to Fig. 2.
Fig. 2 shows the embodiment for the electronic building brick introduced, the electronic building brick is integrally indicated with appended drawing reference 100. The component 100 includes interface 102 and cipher processor 104, and task is, executes crypto-operation, such as encrypts, signs, RSA Key generator, random number generator, cryptographic Hash generator.In addition, component 100 includes that volatile memory 106 and MEMS are tied Structure 108, wherein specific integrated circuit (ASIC) 110 distributes to the MEMS structure.
In cipher processor 104, can be set random generator, key generator, especially RSA key generator, Cryptographic Hash generator and/or encryption/decryption and signature unit 36.
Platform configuration register, authentication key and the key stored can be saved in volatile memory 106.
MEMS structure (Struktor) 108 and ASIC 110 are two individual devices, they are usually typically in SiP It is connected to each other by closing line.But it is also contemplated that AISC 110 substitutes the cover of the sensor of MEMS structure 108, this claims As ASIC cap.In this case, a device is only set in principle.
Compared with the TPM 10 according to Fig. 1, it can be seen that nonvolatile memory (appended drawing reference 18 in Fig. 1) is present It is substituted by MEMS and its ASIC.This means that: EK is now stored in structure based on MEMS itself, this provides anti-intrusive mood The inherent protection of attack.
MEMS structure does not possess the memory of oneself typically.When needing key, which is tied by ASIC from MEMS It is exported in the machinery and/or electrical characteristics of structure 108.That is, key storage is in structure itself.
About volatile memory (appended drawing reference 20 in Fig. 1) and cipher processor (appended drawing reference 16 in Fig. 1) Embodiment is also suitable for the volatile memory 106 and cipher processor 104 of electronic device according to fig. 2.
Another advantage is that nobody, even manufacturer can not know EK.This situation is in this way, because the feature of MEMS Accurate representation form and thus EK are only just defined when packaged, because especially setting specific mechanical stress in forming process State and electricity are parasitic, such as between the connection between MEMS and ASIC.This aspect is it is meant that user is no longer referred to Show: the manufacturer of TPM must be trusted, because EK does not also know really in the manufacturer.
The component and described method introduced can be used to develop the raised safety with anti-intrusive attack The TPM of new generation of property.

Claims (10)

1. a kind of electronic device, the electronic device is configured to trusted platform module and therefore construction is independent component, and There are the electronic device cipher processor (104) and the micro electromechanical structure (108) at least one characteristic to be used as component, institute Micro electromechanical structure is stated for generating at least one key, wherein the electronic device is configured such that the property of the electronic device At least one characteristic of the micro electromechanical structure (108) of verifying has an impact.
2. electronic device according to claim 1, wherein special circuit (110) distributes to the micro electromechanical structure (108).
3. a kind of electronic device, the electronic device includes interface (102) as other component.
4. a kind of electronic device, the electronic device includes volatile memory (106) as other component.
5. electronic device according to claim 4 is posted wherein saving platform configuration in the volatile memory (106) Storage, identity validation key and/or the key stored.
6. electronic device according to any one of claim 1 to 5, wherein the setting in the cipher processor (104) Random generator, RSA key generator, cryptographic Hash generator and/or encryption/decryption and signature unit.
7. electronic device according to any one of claim 1 to 6, wherein being saved in the micro electromechanical structure (108) At least one key, the key are related at least one characteristic of the micro electromechanical structure (108).
8. one kind is used for key storage in electronic device (100), in particular according to electricity described in any one of claims 1 to 7 Method in sub- device (100), the electronic device is configured to trusted platform module and therefore construction is independent component, wherein The key is saved in micro electromechanical structure (108), and the micro electromechanical structure (108) is arranged as component in the electronics device In part (100).
9. according to the method described in claim 8, wherein the key is special by least one of the micro electromechanical structure (108) Property definition.
10. according to the method described in claim 9, wherein the key is exported from least one described feature when needed.
CN201880011365.0A 2017-02-13 2018-01-23 Electronic device Pending CN110301114A (en)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
DE102017202201.9A DE102017202201A1 (en) 2017-02-13 2017-02-13 Electronic component
DE102017202201.9 2017-02-13
PCT/EP2018/051545 WO2018145890A1 (en) 2017-02-13 2018-01-23 Electronic component

Publications (1)

Publication Number Publication Date
CN110301114A true CN110301114A (en) 2019-10-01

Family

ID=61027727

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201880011365.0A Pending CN110301114A (en) 2017-02-13 2018-01-23 Electronic device

Country Status (4)

Country Link
EP (1) EP3580888A1 (en)
CN (1) CN110301114A (en)
DE (1) DE102017202201A1 (en)
WO (1) WO2018145890A1 (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2015071002A1 (en) * 2013-11-14 2015-05-21 Siemens Aktiengesellschaft Access to a memory
US20150180841A1 (en) * 2013-02-13 2015-06-25 Honeywell International Inc. Physics-based key generation
US20160359635A1 (en) * 2011-03-11 2016-12-08 Emsycon Gmbh Tamper-protected hardware and method for using same

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9667419B2 (en) 2014-01-10 2017-05-30 Robert Bosch Gmbh System and method for cryptographic key identification
US9806884B2 (en) * 2014-01-10 2017-10-31 Robert Bosch Gmbh System and method for cryptographic key identification
DE102014208764A1 (en) 2014-05-09 2015-11-12 Siemens Aktiengesellschaft Method and device for manipulation protection of a module

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20160359635A1 (en) * 2011-03-11 2016-12-08 Emsycon Gmbh Tamper-protected hardware and method for using same
US20150180841A1 (en) * 2013-02-13 2015-06-25 Honeywell International Inc. Physics-based key generation
WO2015071002A1 (en) * 2013-11-14 2015-05-21 Siemens Aktiengesellschaft Access to a memory

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
OLIVER WILLERS: ""MEMS gyroscopes as physical unclonable functions"", 《PROCEEDINGS OF THE 2016 ACM SIGSAC CONFERENCE ON COMPUTER AND COMMUNICATIONS SECURITY》 *

Also Published As

Publication number Publication date
WO2018145890A1 (en) 2018-08-16
DE102017202201A1 (en) 2018-08-16
EP3580888A1 (en) 2019-12-18

Similar Documents

Publication Publication Date Title
US10733291B1 (en) Bi-directional communication protocol based device security
US9018972B1 (en) Area-efficient physically unclonable function circuit architecture
US20090265758A1 (en) Attach detection with coating puf
Oren et al. On the effectiveness of the remanence decay side-channel to clone memory-based PUFs
US20170310688A1 (en) System and method for securing an electronic circuit
US10205588B2 (en) Device keys protection
Immler et al. B-TREPID: Batteryless tamper-resistant envelope with a PUF and integrity detection
KR20100021446A (en) Method and system for electronically securing an electronic device using physically unclonable functions
US20110002461A1 (en) Method and System for Electronically Securing an Electronic Biometric Device Using Physically Unclonable Functions
US11516028B2 (en) Temperature sensing physical unclonable function (PUF) authentication system
van der Leest et al. Hardware intrinsic security to protect value in the mobile market
CN103038745A (en) Extending an integrity measurement
CN102439897A (en) Electronic device, key generation program, recording medium, and key generation method
US10762177B2 (en) Method for preventing an unauthorized operation of a motor vehicle
Schaller et al. Lightweight anti-counterfeiting solution for low-end commodity hardware using inherent PUFs
EP3214567A1 (en) Secure external update of memory content for a certain system on chip
CN110301114A (en) Electronic device
Unterstein et al. SCA secure and updatable crypto engines for FPGA soc bitstream decryption
Corbett et al. Leveraging hardware security to secure connected vehicles
CN110601846B (en) System and method for verifying virtual trusted root
Unterstein et al. SCA secure and updatable crypto engines for FPGA SoC bitstream decryption: extended version
Merli et al. Identities for embedded systems enabled by physical unclonable functions
Li et al. Enhancing tpm security by integrating sram pufs technology
Gallo et al. On device identity establishment and verification
Immler et al. Next-Generation Anti-Tamper Envelopes forCyber Physical Defense Systems-Extended Abstract

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20191001