RESCURE: a security solution for IoT life cycle

We present RESCURE, a security solution built on software, which retrofits Internet of Things (IoT) devices to secure ones. RESCURE exploits the entropy originating from the random variations of silicon (transistors) during manufacturing and generates a unique unforgeable root key and an identity per device. In this way, root key and identity are inseparable from the IoT hardware. To achieve lifetime reliability (reproducibility) and security (randomness) for root key and identity, we apply error correcting and randomness amplification algorithms to the signals derived from silicon. RESCURE supports certificates which are able to prove the device identity and authenticity. RESCURE supports multiple keys derivation (private keys or private/public key pairs) and End-to-End security. In this way an IoT device is able to communicate securely and independently with multiple actors (e.g., Service Providers). It supports secure storage so it is able to encrypt sensitive data such as application keys, sensitive data or software Intellectual Properties (IP). Finally, the entire device software is protected by secure boot and secure software update mechanisms allowing for malware-free software execution and renewable security and features. RESCURE has been prototyped on an ST32L4 device and its performance is presented across real use case scenarios covering the entire life cycle of the device. It is a low-cost solution for all the devices manufacturers that want to achieve high standard security without redesigning the hardware of their IoT product.

[1]  Rafail Ostrovsky,et al.  Fuzzy Extractors: How to Generate Strong Keys from Biometrics and Other Noisy Data , 2004, SIAM J. Comput..

[2]  Galen C. Hunt,et al.  The Seven Properties of Highly Secure Devices , 2017 .

[3]  Lieneke Kusters,et al.  Security of helper data schemes for SRAM-PUF in multiple enrollment scenarios , 2017, 2017 IEEE International Symposium on Information Theory (ISIT).

[4]  Lieneke Kusters,et al.  Debiasing of SRAM PUFs: Selection and Balancing , 2019, 2019 IEEE International Workshop on Information Forensics and Security (WIFS).

[5]  Felix Wortmann,et al.  Internet of Things , 2015, Business & Information Systems Engineering.

[6]  Jorge Guajardo,et al.  FPGA Intrinsic PUFs and Their Use for IP Protection , 2007, CHES.

[7]  Dawu Gu,et al.  Helper Data Algorithms for PUF-Based Key Generation: Overview and Analysis , 2015, IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems.

[8]  Lieneke Kusters,et al.  Secret-Key Capacity Regions for Multiple Enrollments With an SRAM-PUF , 2019, IEEE Transactions on Information Forensics and Security.

[9]  Yier Jin,et al.  Security and Privacy in IoT Era , 2017 .

[10]  Kazumaro Aoki,et al.  SEC X.2: Recommended Elliptic Curve Domain Parameters , 2008 .

[11]  Roel Maes,et al.  An Accurate Probabilistic Reliability Model for Silicon PUFs , 2013, CHES.

[12]  Daniel E. Holcomb,et al.  Power-Up SRAM State as an Identifying Fingerprint and Source of True Random Numbers , 2009, IEEE Transactions on Computers.

[13]  Rudolf Ahlswede,et al.  Common randomness in information theory and cryptography - I: Secret sharing , 1993, IEEE Trans. Inf. Theory.

[14]  Ingrid Verbauwhede,et al.  Physically Unclonable Functions: A Study on the State of the Art and Future Research Directions , 2010, Towards Hardware-Intrinsic Security.

[15]  Frans M. J. Willems,et al.  The context-tree weighting method: basic properties , 1995, IEEE Trans. Inf. Theory.

[16]  U. Maurer,et al.  Secret key agreement by public discussion from common information , 1993, IEEE Trans. Inf. Theory.

[17]  Ingrid Verbauwhede,et al.  A soft decision helper data algorithm for SRAM PUFs , 2009, 2009 IEEE International Symposium on Information Theory.

[18]  Adam Langley,et al.  ChaCha20 and Poly1305 for IETF Protocols , 2018, RFC.

[19]  Adam Langley,et al.  ChaCha20 and Poly1305 for IETF Protocols , 2018, RFC.