SEGRIDS =

NEWS

2020-12-01

Frank's talk on "Fälschungssicher ohne sichere Hardware?" at the ESE Congress.

ESE

Abstract

Authentifizierung von Gerät zu Gerät kann einen wesentlichen Beitrag dazu leisten, Produktfälschungen von Embedded-Komponenten zielsicher zu erkennen. Bei klassische Verfahren weist eine Gerätekomponente zu seiner Authentisierung die Kenntnis eines geheimen kryptographischen Schlüssels nach. Die Sicherheit des Verfahrens basiert dann auf der Geheimhaltung kryptographischer Schlüssel, auch gegenüber Angreifern, die Geräte oder Komponenten physikalisch in ihren Besitz bringen können. Das erforderliche Schutzniveau ist ohne speziell dafür gehärtete und zertifizierte Hardware-Elemente kaum zu erreichen. Solche Hardware-Elemente sind für preisempfindliche Anwendungen verhältnismäßig teuer. Ein noch höherer Schutz vor der Enttarnung geheimer Schlüssel ist statt durch gehärtete Hardware lediglich durch den Verzicht auf geheime kryptographische Schlüssel zu erzielen. Der Vortrag gibt einen Überblick über Konzepte zur elektronischen Authentifizierung ohne Geheimnisse. Dazu zählen auf der einen Seite physikalisch unklonbare Funktionen (PUFs) und auf der anderen Seite das noch neuere Konzept des SIMPL (Simulation Possible, but Laborious), bei welchem lediglich vorausgesetzt wird, dass eine gefälschte Embedded-Komponte nicht dazu geeignet ist, Merkmale einer Original-Komponente in Echtzeit zu simulieren. Der Vortrag zeigt, weshalb der SIMPL das Potential zu einem neuen Standard-Werkzeug des Embedded-Security-Entwicklers hat. Sein Einsatz wird an einem praktischen Beispiel demonstriert.

2020-11-11

Frank's talk on "Software-based self-testing for the authentication of car components" at the escar conference.

ESE

Abstract

We present a software solution for the authentication of ECUs based on hardware intrinsic authentication features of standard micro-controllers. It requires that the group of authentic ECUs is characterized by a dedicated MCU model and a group identifier in read-only memory. No secret ECU key is required. We make use of the fact that an MCU running a suitable self-test is a complex dynamical system that is hard to simulate in a cycle-accurate way. We demonstrate that software-based self-testing can serve as a "time-bounded" authentication method. One field of application is the detection or lock-out of counterfeits.

2020-02-11

SEGRIDS at the Embedded World in Nürnberg. First presentation of the Original Zone authentication scheme.

ESE

PRODUCTS

Original Zone Secure NFC Tag

Details

User programmable secure NFC Tag supporting the MIGA authentication scheme. This scheme is based on MCU intrinsic group authentication features and will never be compromised by a key leakage. The Original Zone NFC tag provides maximal security at a minimum price. Please get in touch for an offer.

Original Zone Application

Details

Original Zone application software for the detection of counterfeit components. The software can be customized for any device with a data connection to a component required that the component supports Original Zone or any other challenge-response-authentication scheme.

Original Zone Back-End

Details

Original Zone Back-End Server application. In some fields of application, the Original Zone application will sometimes request challenge-response-pairs from a back-end The back-end server needs to be located in a physically secured environment. Please get in touch for a quote for our back-end software, hardware or hosing solutions.

SERVICES

Architecture

Details

Many ways exists to achieve a security objective. An optimal security architecture will take the cheapest way among the bulletproof ones.

Implementation

Details

We implement device-to-device authentication for embedded systems and integrate it into your product.

Vulnerability Analysis

Details

The vulnerability analyst must be at least as strong as the attacker. Trust our award-winning hacking capabilities.

COMPANY

Segrids is a small high security service and solution provider located in Bonn. The company was founded in 2014 as security consultancy and evaluation lab by Dr. Frank Schuhmacher, a mathematician, hacker, and certified Common Criteria evaluator.

Since its inception, Segrids has provided testing support for numerous secure hardware development projects. One special field is pentesting of security chips with non-invasive and semi-invasive attack methods. Please get in touch for references.

Another special field is the design and implementation of authentication solutions. Segrids offers an own secrecy free authentication solution based on hardware intrinsic features of standard microcontrollers. The company operates as GmbH since 2019.

PUBLICATIONS

Software-based self-testing for the authentication of car components

Abstract

We present a software solution for the authentication of ECUs based on hardware intrinsic authentication features of standard micro-controllers. It requires that the group of authentic ECUs is characterized by a dedicated MCU model and a group identifier in read-only memory. No secret ECU key is required. We make use of the fact that an MCU running a suitable self-test is a complex dynamical system that is hard to simulate in a cycle-accurate way. We demonstrate that software-based self-testing can serve as a “time-bounded” authentication method. One field of application is the detection or lock-out of counterfeits.

A MIGA design and example implementation

Abstract

MCU intrinsic group authentication (MIGA) is a secrecy free, time bounded authentication method for low ressource ECUs based on characteristic hardware features of a group of MCUs of the same model with a common group identifier. The reference [1] provides a MIGA definition, an attacker model, four security objectives, and a security proof for MIGA, provided that the four security objective are satisfied. This paper demonstrates how to achieve these security objectives for the example of a group of HT32F52 MCUs with a common “custom identifier”. Furthermore, reliability test results are provided.

Relaxed Freshness in Component Authentication

Abstract

We suggests a relaxed freshness paradigm for challenge-response-authentication for each field of application where challenger and re- sponder are tightly coupled and authentication takes place in a friendly environment. Replay attacks are not feasable under this premise, and freshness can be relaxed to relative freshness: no refresh is required as long as all previously tested responders were authentic. One field of application is anti-counterfeiting of electronic device components. The main contribution is a formal security proof of an authentication scheme with choked refresh. A practical implication is the lifetime increase of stored challenge-response-pairs. This is a considerable advan- tage for solutions based on hardware intrinsic security. For solutions based on symmetric keys, it opens the possibility to use challenge- response-pairs instead of secret keys by the challenger – a cheap way to reduce the risk of key disclosure.

×

CONTACT

Lets get in touch. Send us a message:

SEGRIDS GmbH
Am Paulshof 5
53127 Bonn
Germany
Phone: +49-228-9762 9162
info@segrids.com