When enrolling with an OEM’s cloud, a device’s Root of Trust (RoT) might not be enough to determine if a device is counterfeit or not. More is definitely needed…but why and when?
In a previous blog entry, I was talking about root of trust-based automatic registration to the cloud for IoT, when enrolling with an OEM’s cloud, a device’s Root of Trust (RoT) on its own is not necessarily sufficient to determine if a device is counterfeit or not. In many cases, more is definitely needed; but why, and when?
The RoT only attests to one single event for a target device. This is OK if a device is created in a controlled manner without any interim stages, such as mobile phones, tablets or even cars. However, in many parts of the IoT world, devices often consist of modules, where each module has followed its own path from inception to completion and might go through several stages before it becomes a final product.
Imagine that a silicon provider (SiP) creates the first part of a future device, typically the chip, consisting of the Microcontroller Unit (MCU), flash, and so forth. This is then typically sold on to a second company, which then adds sensors and other connectors to it, only for it again to be shipped to a third step in the chain where perhaps they install additional software on it. Eventually, the module ends up with the OEM who packages it all up, adds a nice formfactor around it and ships the final product to the end user. In this example, there are 4 links in the chain, but there could be even more.
One approach would be to inject a fresh RoT at each step of the chain. However, that is relatively expensive and requires secure manufacturing at each step; which does not necessarily fit the needs of (often) low volume IoT providers, with outsourced or potentially untrusted factories. An ideal solution is, therefore, to inject the RoT at the SiP and then leverage this at subsequent stages.
When the device eventually wishes to attest itself as genuine when enroling with the OEM cloud (e.g. product registration for warranty benefits), how does the OEM or other interested party differentiate between two devices both of which originate from the same SiP? Trustonic can attest both of them as originating from a specific SiP, but we cannot say more than that (so we don’t know what has happened to them since leaving the SiP…which won’t help the poor old OEM).
To address the problem of proving whether devices are genuine or not, we’ve come up with a solution that we call Digital Holograms™. Think of credit cards and remember how they all have holograms on them which shine in nice colours when tilted – to show you that these are genuine and not counterfeit. Our digital holograms are similar, just in a digital representation (we don’t really want to add lots of stickers to a device – it would make the end product so much less attractive ?).
Now, when the device leaves the SiP, in addition to the RoT we have also added a digital hologram which confirms that the device has been in the SiP’s factory. Not more, not less, simply that. However, when the device advances to the next stopping place on its journey, we then add a second digital hologram… and repeat the process at each stage. So, by the time it reaches the OEM for final assembly, in this example, the device contains a RoT and 4 digital holograms. These holograms are all linked together in a block-chain, to prevent any tampering along the way.
So, when the device attempts to enrol (in the example above; product registration), these holograms are collected, signed by the device’s RoT and passed on to the cloud (these steps were actually performed in our AWS demo), and the Trustonic Virtual Private Cloud (VPC) sets out to validate the digital holograms too. It is worth highlighting that digital holograms are able to prove where a device or unit has been. They don’t claim to state why it has been there or exactly what took place there… rather like a stamp in a passport. We verify the integrity of the digital holograms and also verify how many holograms have been utilised by each of the steps in the production chain.
Additionally, we also tell the OEM which places the device has passed through and in which order it did so. All of this data is then assembled into a report to the OEM. With this information, the OEM can also detect overproduction if the digital holograms have been reused in chips and can take appropriate actions. On the flipside, if a device lacks the relevant digital holograms, or they are linked in the wrong order, the OEM can refuse device enrolment or notify the user that the device must be sent back to a customer service centre for further examination.
Digital holograms solve a genuine problem on how OEMs can ascertain legitimate devices and stop counterfeits from connecting to their clouds. In combination with Kinibi-M’s IP protection, Trustonic is doing what it can to help increase the security landscape of IoT.
Get in touch to discuss how Digital Holograms can help your IoT security.
