8 hours 10 minutes
Hi, I'm Matthew Clark and this is less than 4.12 dice, part one.
In this lesson, we will introduce dice the device, identify our composition engine. What is used for will discover the unique device secret and identify the dice process. We're gonna use some reference material by the trusted computing group to guide us with some additional help from others. I like to call out one of those authors.
Sarah Pelosi wrote an excellent article on electronic products dot com called
How the Dye Standard Deliver Strong Security for I. O. T Devices up for the link to it in the resource section. And I hope you take time to Rita has always I encourage you to continue your education on these topics outside of what I prepared.
The references sections of this course is a great place to start, and I've listed other authors that I've used.
So let's get started.
The trusted computing group created the device identifier composition engine or dice.
It provides hardware based device identity and device at a station
because TPM and HSM zehr not practical solutions For many i o T devices embedded C isn't systems and sensors due to constraints from cost power, physical space design efficiency,
dice addresses The need for increased security and i o T. Targeting products such as EMC use and systems on a chip
dice is a combination of hardware and software that creates a lightweight root of trust.
Dice is an immutable process. Injected into the I. O T device during the manufacturing process,
it is especially beneficial for adding security services to resource constraints, sensors and devices. Since dice hardware requirements are minimal, many existing processors with embedded cryptographic functions can be used.
Nice hardware requirements include AH protected storage environment for device initialization code ideally and Rahm or otherwise Right protected
a unique identity for the device called a U. D s, and that has to be at least 256 bits, preferably stored in a one time programmable memory.
Ah, lockout mechanism for the U. D. S is required to prevent unauthorized read after use
and unblocked after power reset.
Nice provides security and lightweight router trust for resource constrained i o. T devices at a near $0 cost.
Let's talk about the unique device. Secret
dice relies on a U. D s, a unique device secret. The U. D S is three identity embedded in protection storage.
The U. D s must be statistically unique. It doesn't change over the lifetime of the device,
and the U. D S must not be used by as an identity value by any other device.
This u D s may be generated externally and installed during manufacturer or generated internally during device provisioning.
The U. D s must be protected and secure.
The trusted computing group recommends that the U. D SB stored in non volatile memory on the device, such as a nephews, are any other suitably protected, non volatile storage to which the dice can restrict access
because the U. D S must be locked after use so it cannot be accessed from firmware or in other layers.
Which brings us to the security of the added station process.
The security strength of the U. D s and the added station process have to be similar,
so let's see how dice works at a basic level.
like the TPM dice, relies on the hardware root of trust for measurement,
power on and reset starts, dykes,
dice organizes the boot process and the layers
the unique device secret is kept confidential,
and the U. D S has Onley exposed in the first layer.
Dice creates secrets unique to each layer and configuration with a cryptographic one way function
based on the unique device secret and the first mutable code, both of which are added securely to the device. During manufacturing,
each layer keeps the secret it receives confidential.
And what are the results? Well, if you change the boot code or the configuration at any one layer than the secret has changed automatically, the secret will be different because the code is different. Therefore, unauthorized code changes can be easily detected.
Dice is really functional because if a vulnerability exists that reveals the secret, then patching that vulnerability will change the existing secret to something else. Because co changes automatically change the secret
this effectively results in an automatic device regain.
So what are the benefits of dice?
Well, Dennis provides a strong device identity.
It provides added station of firmware and security policy and provides a secure software update process.
So let's review the process in detail. Dices started a power on or device reset and has exclusive read access to the unique device secret.
The dice architecture itself must be inherently trusted because there's no way to detect misbehavior of it.
Dice has to create a root of trust. It accomplishes this by approving the device booted from the first mutable code authorized and provided by the E M and injected during the device manufacturer.
It has to account for changes to code and configuration data throughout the boot process.
So the process starting from left and moving right the first step in the process begins by taking a measure of the first mutable code.
This computed measure and the U. D s are passed through a one way function to create a compound device identifier or C D. I.
The 500 is used as the basis for device identity.
The CD is important because this entire concept is dependent upon dice, unconditionally generating a correct CD I at four layer zero.
The CD for Layer zero becomes the next link and the device chain of the dice chain of trust.
If the first mutable code has changed, then the 500 I will be changed.
Ah, hardware latching mechanism is then engaged to prevent read access to the U. D s
this prevents the U. D s from being accessed maliciously later on,
and the U. D S is then securely erased from all registers, caches and memory
and the C D. I is then passed on to the next layer of the secure boot process, along with control of the boot process.
Output from lower levels always provides an input to the next higher layer. For an example, layer zero toe layer one.
However, higher layers never provide input. The lower layers, for example, layer to toe layer one.
Each subsequent layer receives a secret from the proceeding layer, measures the next layer and generates a new secret for the next layer.
Well, that's it for this lesson.
In this lesson, we took a brief trip into the mysterious world of Dice. We looked at the unique device secret We investigated, how dice works. We discover the dice is very powerful and installing malware or updating firmware. Ricky's the I O. T. Device.
Well, that's it for now.