1 / 27

Impossibility of externalizing FLASH memory

Impossibility of externalizing FLASH memory. Jean-Pierre Seifert Samsung R&D Center San Jose (USA) ‏. Objective. Motivate and formally prove a small, subtle but important note within the physically security field of embedded Non Volatile Memories. Overall Agenda. NVM in general

clove
Download Presentation

Impossibility of externalizing FLASH memory

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Impossibility of externalizing FLASH memory Jean-Pierre Seifert Samsung R&D Center San Jose (USA)‏

  2. Objective Motivate and formally prove a small, subtle but important note within the physically security field of embedded Non Volatile Memories.

  3. Overall Agenda NVM in general The need for Security Hardware integration into the “ChipSet” The “price” for the integration and its trivial solution via NVM externalization Integration examples via NVM externalization Problem formalization for the externalized NVM scenario Q&A

  4. NVM in general

  5. NVM and security hardware Without any doubt it is clear that any kind of Non Volatile Memory is a central building block of every security hardware: TPM MTM Secure Tokens XmP (Externalized Microprocessor by B. Chevallier-Mames, D. Naccache, P. Paillier, and D. Pointcheval) SmartCards …

  6. Different NVM types for different security use cases

  7. Different NVM types for different security use cases

  8. The need for the Security hardware integration into the “ChipSet”

  9. In today’s extremely price driven electronic device market, every extra and even cheap but discrete chip soldered on the PCB or needed to make a system fully work increases a device’s BOM: • TPM on PC motherboard • MTM in cell-phone • SIM-card for cell-phone • …

  10. External security hardware is prone to physical attacks:

  11. Add an “extra value” to another cheap commodity chip: • Ethernet controller chip

  12. The “price” for the integration and its trivial solution via NVM externalization

  13. Embedding the whole Security Hardware (TPM, etc. ) into the ChipSet comes at additional costs for the ChipSet. The additional silicon production cost is typically measured how many extra mask steps over standard logic CMOS is needed to implement the NVM. Also, any additional masking layers affect all transistors in the circuit, reducing yield due to the added defects, the extra processing steps induce. SONOS (Silicon-Oxide-Nitrite-Oxide Silicon): 2-4 additional masks Nitrite film Embedded Flash: 6-10 additional masks 1-2 additional poly-silicon layers for floating gate

  14. In addition to the former extra mask processing costs which is applied to the whole pure logic part additional problems and circuitry is needed to support embedded NVM.

  15. Instead of taking the burden for an embedded NVM inside the former pure logic ChipSet, • simply reuse the anyhow existing NVM of the corresponding system: PC: BIOS Cell-phone: huge NOR flash for OS, applications, data, etc.

  16. Integration examples via NVM externalization

  17. Problem formalization for an externalized NVM scenario

  18. Consider the following abstract model: – P a CPU and other processing functionalities which can have secrets (keys etc.) hardwired inside P but no other NVM storage. – M an external NVM storage such as flash memory, E^2, etc. which interacts with P over a bus which can be freely accessed by an adversary. The assumption is that everything outside P can be controlled / observed by an adversary.

  19. Problem: • Can P always rollback to its last state stored within M? Pis allowed to use any cryptographic or any other “pure logic” construction to make the process secure. These can be hashing, symmetric or asymmetric encryption, time-stamping, and so on. If an adversary tampers with the present configuration, Pshould be able to detect this and abort the rollback.

  20. Proposition: P cannot always rollback to its last state stored within M. quite trivial, but let’s do an undergraduate exercise and assume it could do so …

  21. Pdoes not have any persistent storage across the power-ons (except hardwired secrets, other info, etc.). Thus it has to rollback using information only provided by the NVM storage M. Denote P’s last states by s0, s1, s2, ..., sn, and let the corresponding configurations of the NVM M storage transform as C0, C1, C2, ..., Cn, due to state storage and the cryptographic operations used by P.

  22. Mathematically, we can represent this as having P access to a function fwith the following properties: s : if the last saved state was s and the corresp state of M is C ┴ : if C is an invalid configuration Now we have to consider 2 scenarios:  f(C) =

  23. Case 1: Power goes up when the last saved state of P was sm and the “provided” proper configuration of the NVM storage M is Cm. Therefore, f(Cm) = sm(*)

  24. Case 2: Power goes up when the last saved state of P was sn but the adversary “provides” a proper configuration of the NVM storage M with Cm where m < n. Fortunately, by virtue of f, P is able to compute its last saved state as f(Cm) = snor┴ . Unfortunately, this is a contradiction to (*). Consequently no such f exists.

  25. Thank you for your attention! Questions?

More Related