| Julian Hall | 7b59462 | 2022-04-08 14:04:15 +0100 | [diff] [blame] | 1 | Solving Common Security Problems |
| 2 | ================================ |
| 3 | |
| 4 | The following are examples of how trusted services can solve common device security problems. |
| 5 | |
| 6 | |
| 7 | Protecting IoT device identity |
| 8 | ------------------------------ |
| 9 | |
| 10 | During the provisioning process, an IoT device is assigned a secure identity that consists of a public/private |
| 11 | key pair and a CA signed certificate that includes the public key. The device is also provisioned with the |
| 12 | public key corresponding to the cloud service that it will operate with. The provisioned material is used |
| 13 | whenever a device connects to the cloud during the authentication process. To prevent the possibility |
| 14 | of device cloning or unauthorized transfer to a different cloud service, all provisioned material must be |
| 15 | held in secure storage and access to the private key must be prevented. To achieve this, the certificate |
| 16 | verification and nonce signing performed during the TLS handshake is performed by the Crypto trusted service |
| 17 | that performs the operations without exposing the private key. |
| 18 | |
| 19 | |
| 20 | Protecting Software Updates |
| 21 | --------------------------- |
| 22 | |
| 23 | To ensure that software updates applied to a device originate from a legitimate source, update packages are |
| 24 | signed. A signed package will include a signature block that includes a hash of the package contents within |
| 25 | the signed data. During the update process, a device will verify the signature using a provisioned public key |
| 26 | that corresponds to the signing key used by the update originator. By holding the public key in secure storage |
| 27 | and performing the signature verification using the Crypto service, unauthorized modification of the update |
| 28 | source is prevented. |
| 29 | |
| 30 | |
| 31 | Secure Logging |
| 32 | -------------- |
| 33 | |
| 34 | A managed IoT device will often be configured by an installation engineer who has physical access to the |
| 35 | device. To allow a cloud operator to audit configuration changes, it is necessary to keep a log of |
| 36 | configuration steps performed by the installation engineer. To avoid the possibility of fraudulent |
| 37 | modification of the audit log, a device signs log data using a device unique key-pair. The public key |
| 38 | corresponding to the signing private key may be retrieved by the cloud operator to allow the log to |
| 39 | be verified. To protect the signing key, the Crypto service is used for signing log records. |
| 40 | |
| 41 | -------------------- |
| 42 | |
| 43 | *Copyright (c) 2020-2022, Arm Limited and Contributors. All rights reserved.* |
| 44 | |
| 45 | SPDX-License-Identifier: BSD-3-Clause |