Hi, I'm Matthew Clark and this is less than $4. 13 dice, Part two.
In this lesson, we will continue to roll the dice. We will talk about the device identity, keep air as well as the alias, keep air and the at a station process. So let's get started
to review. We've established how dice generally works, creating a secret one layer and passing it on to another layer. We've identified the role that the unique device secrets play, and we've discussed how to protect the U. D s using a latch to prevent code and other layers from accessing it and erasing the U. D s from memory.
We've discussed how the c d. I is created by taking the U. D s and a measure of the first mutable code and passing it through a one way function. Now let's explore what happens in layer zero
and later. Zero dice uses the first mutable code and the C D I to create the asymmetric keep hair known as the device identity. Keep hair, and this is an important distinction. The device identity keep hair is not solely based on the unique device secret the U. D s.
But it's also depended upon the cryptographic identity
of the devices. First mutable code. So if you change the U. D s, you change this, keep hair, and if you change the first mutable code, then you also changed this. Keep hair
optionally. You can change the hardware or configuration data, and that could also change the device. Identity. Keep eras well.
T c GS dice Documentation points out an obvious fact that it's important to keep the first mutable code in layers. Zero as small and simple assed possible, because this reduces the potential vulnerability footprint and reduces the chance that the first mutable code will need to be changed
because patches and changes to the first funeral code will change
that device identity. For obvious reasons, it's advantageous to keep the device it any for a long as possible for a device.
So combining the first mutable code and the C D. I creates a symmetric key pair known as the device identity. Keep hair interesting on enough that I specifications does not specify a specific asymmetric encryption algorithm that must be used. But though they do point out,
the E. C. C. Is a logical choice to the cost performance benefits.
So when is the device I d? Keep hair generated? Well, the device had to keep air may be generated during manufacturer since the OM may wish to certify the device. Sidiki.
However, the OM should not retain the U. D S or the C d of the device because either one of those two values could cause a threat actor to be able to derive the device. I'd keep hair which would enable several attack scenarios, such as an impersonation attack or disclosure of device secrets.
And there's really no reason to retain that information
as we know asymmetric key pairs, but have both the public and the private key, and both public and private Keys are created at Layer zero for the device I. Dickie.
The public device identity key then moves forward to the next layer, but the private device identity key never leaves layer zero.
Furthermore, dice requires that the plain text version of the C. D. I and the device Eddie Private Key must be erased from memory caches and registers before boot control could be transferred to the next layer.
And this means that the private device identity really has little use beyond layer Zero. Since it's erased
let's do a quick review before moving on to the device Alias Keep Air and the previous lesson we learned about TPM and privacy concerns of using the TPM endorsement key were addressed by limiting its use and using the added station identity keys instead.
Now the ICE employees a very similar concept with the alias keep air
because trying to use the device I'd private key has disadvantages.
First, the private key must be erased by the first beautiful code before control was passed on to the next beautiful code.
Therefore, anything you want to do with the device, I'd private key has to be done during layer zero. After that, nothing. You can't use it anymore. It's just simply not there. Remember, directionally information passes from a lower level to, ah, higher layer,
so ah, higher layer couldn't reach back down and somehow used the key.
Second, you want to limit the exposure of the device idea itself.
So let's introduce the device Alias Key pair
the device alias key pairs used for added station of the I O T. Device.
The device identity key pair is not directly used for added station because of privacy concerns.
So another key has to be used that is tied to the device and any keep hair through the 500.
Remember, the 500 is generated from both the unique device secret and the measure of the first mutable code,
both of which were securely stored in the device during manufacturing.
So there has to be a connection so at a station can occur. Remember our discussions and previous lessons about the importance of device identity
so OEM's will generally want to use at a station. If they're using dice or otherwise, they would have used any other secure element with the symmetric key burned into it.
The TCG recommended method to create an alias keep hair is to still operating it. Layer zero.
Use the C D I and the computed measure of the firmware at the next layer. Layer one. To create the alias. Keep hair
and ice uses the term firmware security descriptor or fst to describe the device firmware layer one. But basically it's just taken a measure of the device firmware image that's held in layer one.
So how is this different than what we did would to create device I'd keys.
Well, what they're doing at this stage is very similar to what happened when they computed the c D. I by using a measure of the first beautiful code in the U. D s. Except we're using the C. D. I and a measure of the firmware of the next layer up.
Therefore, if you change the C d I or the firmware layer one, then the alias key pair will change.
Well, how likely is it that the code layer either layer zero or layer one will change?
What's not likely that the OM will choose to change the code at Layer Zero? Has this would change the device I d and would also result changing the c d. I
unless a careful, thoughtful, purposeful decision is made by the OM to do so and there has to be a reason for doing that.
However, it is very likely that the firmware layer one will change due to normal firmware updates.
Just remember that by doing so is effectively re keys the device the alias key pair will change, not the device. I'd keep hair.
So what type of effect does that have well alias. Key pairs have a shorter lifespan than device Kik pairs,
unless he OM plans, will never updating the device. Firmware.
Also remember that there's no point in the OM to keeping a record of the alias key during manufacturing because it's likely to change over time anyway, with updates
What type of algorithm should be used well, the same type of algorithm was create used to greet the CD A must be used. In this case, the elliptic curve cryptography is favored.
So why do we go through all this well to enable I ot device at a station?
This is the dice core reference implementation, and this is Microsoft version, and I like it because it helps in our discussions regarding manufacturing to review. If you're looking at this picture, focus on the green section.
The first boot step creates the C. D. I. Dice measures the first mutable code. Dyson combines this measure with the unique device secret, the U. D. S and using a hash based message authentication code, or H Mac function,
and the 500 is created
dice, then locks access the U T. I securely erases, registers, caches and memory and then the first step hands over control of the second step.
So in the second step, if you're looking at the light blue section,
the C D. I is used as an input for the creation of both the device ID Key and the alias Key.
The device I D, is a stable E C C key pair that it's never disclosed outside of the dice core outside of Layer Zero and the alias keep hair is a somewhat stable E C C key pair. That is, until the firmware is updated
and these keys are used to generate certificates that will later be used for identification and at a station purposes. Well, that's it for this lesson. Sarah Pelosi wrote an excellent article for electronic products. Dot com called How the Dice Standard Deliver Strong Security for I O. T devices.
I'll put a link to it in The Resource Is Section, and I really hope you take time to read it.
In this lesson, we took a brief trip into the mysterious world of Dice. We looked at common uses and characteristics like lightweight rid of trust of ice identity, firmware added station. We investigated how dice works and we discovered the dice is very, very powerful.
In fact, installing malware or updating the firmware is enough to Reekie,
the entire I O T device.