The “three-legged stool” of cryptography

---

Implementing true IoT requires a three-pronged approach, like a three-legged stool. 

---

Implementing true security in Internet of Things (IoT) devices requires a three-pronged approach. Like a three-legged stool, each of these legs are required to properly achieve security with at least two of these so-called legs demanding a hardware-based approach.

These legs consist of:

• A strong cryptographic cipher for the job
• High entropy, cryptographically secure, random number generator (Crypto RNG)
• Persistent secure key storage with active tamper detection

Now, let’s go over these one by one.

A Strong Cryptographic Cipher for the Job

A cipher is a cryptographic algorithm for performing encryption and decryption, which needs to be strong enough for the application at hand. A one-time pad is considered the only unbreakable cipher, so theoretically all other ciphers can be eventually broken. Time and cost are the two usual measures of breaking any cipher.

Time

The cover time of a secret refers to the amount of time that the message needs to be kept secret. A tactical secret, such as a command to fire a particular missile at a particular target has a cover time from the moment the commander sends the message to the moment the missile strikes the target. After that, there isn’t much value in the secret. If an algorithm is known to be breakable within a few hours, even that algorithm provides enough cover time for the missile firing scenario.

On the other hand, if the communication is the long term strategy of the entire war, this has a cover time significantly longer and a much stronger cipher would be required.

Cost

Generally, the time it takes to break any cipher is directly relates to the computation power of the system and the mathematical skills of your adversary. This usually directly coincides with the cost, so the value of your secret will, in a large part, determine how much effort is put into breaking your cryptography.

Therefore, you want to select a cipher which is well known to be strong, has been open to both academia and the public, and survived their scrutiny. Vigorously avoid proprietary algorithms claiming to be strong. The only thing which can speak to a cipher’s strength is for it to be fully open to scrutiny.

These types of proven ciphers are available within Atmel’s line of microcontrollers and microprocessors.

High Entropy, Cryptographically Secure, Random Number Generator

The importance of a Crypto RNG cannot be overstated. Some of the things which rely on the randomness of the random number include:

• Key stream in one-time pads
• Primes p, q in the RSA algorithm
• Private key in digital signature algorithms
• Initialization vectors for cipher modes

… The list of critically important requirements for high randomness is long.

Any modern cipher, regardless of intrinsic strength, is only as strong as the random number generator used. Lack of adequate entropy in the random number significantly reduces the computational energy needed for attacks. Cryptographically secure random number generators are important in every phase of public key cryptography.

To realize a cryptographically secure random number generator, a high quality deterministic random number generator and a high entropy source, or sources, are employed. The resulting generator needs to produce numbers statistically independent of each other. The output needs to survive the next bit test, which tests the possibility to predict the next bit of any sequence generated, while knowing all prior numbers generated, with a probability of success significantly greater than 0.5. This is no trivial task for randomly generating numbers as long as 2²⁵⁶.

It is incredibly hard to create a Crypto RNG. Even if you had the code right, there is not enough entropy sources in an embedded system to devise a cryptographically secure random number generator. Most embedded systems, especially IoT nodes are, well, pretty boring. At least when considered in the context of entropy. 2²⁵⁶ bits is a larger number than the number of all the stars in the entire universe. How much entropy do you really think exists in your battery powered sensor?

Companies serious about security put a lot of effort into their Crypto RNGs and have their generators validated by the National Institute of Standards and Technology (NIST), the government body overseeing cryptographic standards in the U.S. and jointly with Canada.

Any assurance or statements that a RNG is “compliant” or “meets standards” and is not validated by NIST is unacceptable within the cryptographic community. A Random Number Generator is either on NIST’s RNG Validation List or it isn’t. It’s as simple as that.

Atmel is just such a serious company. The Crypto RNG that Atmel has used in all if its CryptoAuthentication devices is validated by NIST and can be publicly found on the list here.

Persistent Secure Key Storage with Active Tamper Detection

Strong ciphers supported with high entropy random numbers are used to keep adversaries away from our secrets, but their value is zero if an adversary can easily obtain the keys used to authenticate and encrypt.

System security completely relies on the security of the keys. Protection and safeguarding of these keys and primary keying material is critically important to any cryptographic system. Your secret/private keys are, by far, the most rewarding prize to any adversary.

If your keys are compromised, an adversary will have access to every secret message you’ve ever sent, like a flower offering its nectar to a honeybee. To add insult to injury, nobody will inform you the keys have been compromised. You will go on sending “secret” messages, blissfully unaware your adversaries can read them at their leisure… completely unhindered.

A very well respected manager in our crypto business unit puts it this way; Keys need to be protected behind “guns, guards, and dogs.”

Holding cryptographic keys in software or firmware is akin to placing your house key under the front mat, or above the door, or in that one flowerpot nobody will ever think of looking in.

Adversaries will unleash a myriad of attacks on your system in an effort to obtain your keys.   If they can get their hands on your equipment, as is often the case with IoT devices, they will rip them apart. They will employ environmental attacks. They will decapsulate and probe the die of your microcontrollers. There is no limit to what they can and will do.

Atmel’s line of CryptoAuthentication devices offers a long list of active defenses to these attacks as well as providing an external tamper detect capability you can use to secure your devices from physical intrusion and warranty violation.

Summary

As stated in this brief of the three elements which enable truly secure systems, the security of the keys and the quality of the random numbers used will complete or compromise any cipher, no matter the mode used.

Inadequate entropy in a random number generator compromises every aspect of cryptography, because it is relied upon from the generation of keys to supplying initialization vectors for cipher modes. Atmel’s hardware crypto-authentication devices ensure you have a NIST validated cryptographically secure random number generator.

Keys, signatures, and certificates require a persistent secure vault to protect them. The very elements which ensure the authority, security and integrity of your system cannot be left in the attackable open.

Keys held in software or firmware are easily recovered. Typical microcontrollers and microprocessors do not contain the protections needed to keep out adversaries. Even newer processors with secure zones have very limited key storage and no generation functionality. From software protocol attacks to environmental and hardware probing, the ways and means of an adversary to recover keys from your software/firmware are nearly unlimited. This is akin to hanging your house key in a flimsy silk pouch on your front door knob.

Hardware security offers a number of benefits:

• Secure storage of digital signatures and certificates
• Secure storage of key hierarchy
• Stopping adversaries from hacking your code
• Secure boot and program image checking
• Stopping unscrupulous contract manufacturers from over building your product
• Creating new revenue streams by allowing premium services to be purchased post deployment
• Limiting the life of products, e.g. the number of squirts an ink cartridge has, thereby thwarting refill/reuse
• Streamlining deployed product tracking and warranty services

With regards to creating a truly secure system, active hardware protection for keys and cryptographically secure random numbers are not an option — they are a necessity.

Atmel’s CryptoAuthentication devices offer a high security, tamper resistant, physical environment within which to store and use keys for digital signatures, key generation/exchange/management, and perform authentication. Atmel is very serious about security. In addition to testing, validations and approvals by certifying entities, we employ third party labs to apply the very latest attacks and intrusion methodologies to our extremely resilient devices. The methodologies and results of these tests are available to our customers under non-disclosure agreement.

Forward secrecy made real easy

---

Taking a closer look at how ATECC508A CryptoAuthentication devices can help in providing robust authentication.  

---

Forward secrecy, which is often referred to as Perfect Forward Secrecy (PFS), is essentially the protection of ciphertext with respect to time and changes in security of your cryptographic session keys and/or primary keying material over time.

A cryptographic session key is used to authenticate messages and encrypt text into ciphertext before it is transmitted. This thwarts a “man in the middle” from understanding the message and/or altering that message. These keys are derived from primary keying material. In the case of Public Key Cryptography, this would be the private key.

Unless you are implementing your own security in the application layer, you probably rely on the TLS/SSL in the transport layer.

The Problem

One can envision a scenario in which ciphertext was recorded by an eavesdropper over time. For a variety of reasons out of your control, your session keys and/or primary keying material are eventually discovered and this eavesdropper could decipher all of those recorded transmissions.

Release of your secret keys could be the result of a deliberate act, as with a bribe, a disgruntled employee, or even someone thinking they are “doing the right thing” by exposing your secrets. Or, it could be the result of an unwitting transgression from protocol. Equipment could be decommissioned and disposed of improperly. The hard drives could be recovered using the infamous dumpster dive attack methodology, thus exposing your secrets.

If you rely solely on transport layer security, your security could be challenged knowingly or unknowingly by third parties controlling the servers you communicate with. Recently leaked NSA documents shows powerful government agencies can (and do) record ciphertext. Depending on how clever or influential your snoopers are, they could manipulate the server system against you.

There are many ways your forward security could be compromised at the server level, including server managers unwittingly compromise it due to bad practices, inadequate cipher suites, leaving session keys on the server too long, the use of resumption mechanisms, among countless others.

Let’s just say there are many, many ways the security of your session keys and/or primary keying material could eventually be compromised. It only takes one of them. Nevertheless, the damage is irreversible and the result is the same: Those recorded ciphertext transmissions are now open to unintended parties.

The Solution

You can wipe out much of your liability by simply changing where encryption takes place. If encryption and forward secrecy are addressed in the application layer, session keys will have no relationship with the server, thereby sidestepping server based liabilities.This, of course, does not imply transport layer security should be discarded.

A public/private key system demonstrates the property of forward secrecy if it creates new key pairs for communication sessions. These key pairs are generated on an as-needed basis and are destroyed after a single use. Their generation must be truly random. In fact, they cannot be the result of a deterministic algorithm. Once a session key is derived from the public/private key pair, that key pair must not be reused.

Atmel’s newly-revealed ATECC508A CryptoAuthentication device meets this set of criteria. It has the ability to generate new key pairs using a high quality truly random number generator. Furthermore, the ATECC508A supports ECDH, a method to spawn a cryptographic session key by knowing the public key of the recipient. When these spawned session keys are purposely short-lived, or ephemeral, the process is known as ECDHE.

Using this method, each communication session has its own unique keying material. Any compromise of this material only compromises that one transmission. The secrecy of all other transmissions remains secure.

The Need for Robust Authentication

Before any of the aforementioned instances can occur, the identity of the correspondents needs to be robustly authenticated. Their identities need to be assured without doubt (non-repudiation), because accepting an unknown public key without robust authentication of origin could authorize an attacker as a valid user. Atmel’s ATECC508A provides this required level of authentication and non-repudiation.

Not only is the ATECC508A a cost-effective asymmetric authentication engine available in a tiny package, it is super easy to design in and ultra-secure. Moreover, it offers protective hardware key storage on-board as well a built-in ECC cryptographic block for ECDSA and ECDH(E), a high quality random number generator, a monotonic counter, and unique serial number.

With security at its core, the Atmel CryptoAuthentication lineup is equipped with active defenses, such as an active shield protecting the entire device, tamper monitors and an active power supply circuit which disallows the ability to “listen” for bits changing. The ECC-based solutions offer an external tamper pin, so unauthorized opening of your product can be detected.