Security with STM32 & Secure Elements

Marco Sanfilippo
STMicroelectronics
EMEA MMS – Italy
Microcontroller Products
Technical Marketing

1 7 March 2016
STM32 MCUs – Security what for ? 2

Protection from
Hardware attacks

Main objectives
 Data confidentiality Non-Invasive :
 Data integrity  Fault injection by physical attacks on the
system, external to package.
 IP protection
 Out of range usage
 Trusted execution
 Glitch on supplies or clocks
 Radiation exposure
 Side channel attacks: spy product to get
secrets ( power supply, electromagnetic
radiations,…)
Invasive :
Protection from  Internal fault injection after decapsulation
Software attacks (Force nodes by probing, laser beam, …)
 Firmware corruption (Buffer overflows,  Reverse engineering (code/data extraction)
stack corruptions …)  Circuit modification (fib,…)
 Trojan horse, malware injection
 Untrusted firmware update
 Debug activation
 Wrong execution, denial of service

2 7 March 2016
STM32 MCUs – Security features 0/5 3

CSS AT
ECC
CRC

AES TDES and more….

RNG DES

FireWall

CSS - Clock Security System

ECC - Error Correction Code
AT – Anti Tamper

3 7 March 2016
 Today STM32 Security features 1/5
Features Safety & Security
Benefit Features 3/5 STM32 Family
4
CRC Used to verify data transmission or storage integrity.
calculation unit Computes a signature of the software during runtime. L0, L1, L4
Power Supply Ultra safe supply monitoring. POR/PDR/BOR/PVD
F0,F1,F2,F3,F4,F7,
integrity Flag status to determine what causes reset (SW,
monitoring watchdog, power up, low power, option bytes, ...) L0,L1,L4
Read While
Write
For efficient tamper detection logging F1*,F4*,L0,L1*,L4
F0,F1,F2,F3,F4,F7,
Independent clock sources and Clock recovery systems
Clock Security L0,L1,L4
System
CSS : Clock Security System
Integrity (CSS) F0,F1,F2,F3,F4,F7,
Internal clock available for secured program execution
& independently from external source clock (CSS) L0,L1,L4
Safety
Error Correction Robust memory integrity.
Code Hardened protection against fault injection attacks L0,L1,L4
(ECC) thanks to error detection
Memory content integrity check.
Parity check
Hardened protection against fault injection attacks. F0,F3,L4*
Check if device is operating in expected temperature
Temperature F0,F1,F2,F3,F4,F7,
range. Hardened protection against temperature
Sensor L0,L1,L4
attacks. (AN3964).
Independent watchdog and window watchdog for
F0,F1,F2,F3,F4,F7,
Watchdogs software timing control.
Key registers to control watchdogs. L0,L1,L4

4 7 March 2016
 Today STM32 Security features 2/5
Features Benefit STM32 Family
5
On chip entropy generation. Ensure strong Based on DRBG-AES-128
Random SW keys, protect against replay attacks. F0,F1,F2,F3,F4,F7,L0,L1,L4
Number (UM0586)
Generator
(RNG) True RNG is done entirely by the hardware.
HW
It delivers 32-bit random numbers. F2,F4,L0,L4,F7
Hash algorithm provides a way to guarantee
the integrity of information, verify digital
Hashing
SW signatures and message authentication F0,F1,F2,F3,F4,F7,L0,L1,L4
Functions
codes. MD5, SHA-1, SHA-224, SHA-256
&
(UM0586)
HMAC
HW . MD5, SHA-1, SHA-2 F2,F4*,F7
Crypto AES-128 Bits (ECB, CBC,CTR) F2,F4,F7,L0,L1
HW AES- 128/256 Bits (ECB, CBC, CTR, GCM,
GMAC, CMAC) L4
Symmetric
Cryptography STM32 cryptographic library package :
(UM0586)
F0,F1,F2,F3,F4,F7,L0,L1,L4
SW  DES/TDES: ECB, CBC.
 AES: ECB, CBC, CTR, CCM, CBC-MAC,
GCM, CMAC, KEY WRAP

 RSA signature function with PKCS#1v1.5

Asymmetric  ECC (Elliptic Curve Cryptography) : Key
Cryptography
SW
generation, Scalar multiplication, ECDSA. F0,F1,F2,F3,F4,F7,L0,L1,L4
(UM0586)

5 7 March 2016
 Today STM32 Security features 3/5
Features Benefit STM32 Family 6
Prevent unauthorized access to the device through F0,F1*,F2,F3,F4,F7,
Debug Lock debug interfaces.
Level 0,1,2
JTAG or SWD
Highest security level is irreversible. L0,L1,L4
(AN4246)
Protect against a wide range of physical attacks on
Anti Tamper HW system outside the MCU. F0,F1,F2,F3,F4,F7,L0,L1,L4
(AN3371)
Maintains tamper protection active even in Low
Power modes.
Backup domain
Multiple wake up sources. F0,F1,F2,F3,F4,F7,L0,L1,L4
(AN3371)
RTC (alarm Timestamp on tamper event.
timestamp) (AN3371) F0,F2,F3,F4,F7,L0,L1,L4
Tamper
Protection Write protection. Unprotecting by writing a key
RTC Register
protection
sequence. F2,F3,F4,F7,L0,L1,L4
Independent from system reset
For Confidential data storage (Keys …)
Backup register and SRAM
Backup registers Tamper automatically deletes registers content
(AN3371) See product datasheets
Lock of selected GPIO. Impossible to unlock until
GPIO
next reset.
configuration
Capability to lock communication channels after F0,F1,F2,F3,F4,F7,L0,L1,L4
locking
tamper detection

6 7 March 2016
 Today STM32– Security Features 4/5
7
Features Benefit STM32 Family
The processor MPU is a component for memory
Memory
protection. It divides the memory map into a number F1*,F2,F3,
Protection Unit
of regions with privilege permissions and access F4,F7,L0,L1,L4
(MPU)
rules.
Privileges
Permission Even more restrictive than MPU. Made to protect a
Management specific part of code or data Flash Memory, and/or
Firewall to protect data into the SRAM from the rest of the L0, L4
code executed outside the protected area.
(AN4632)

Read Global memory access control management.

F0,F2,F3,F4,F7,L0,L1,
Protection Prevents memory dumps, safeguarding user’s IPs.
(RDP) (AN4246) L4+SRAM

Write Each sectors can be protected against unwanted F0,F1,F2,F3,F4,F7,L0,L1,

Protection write operations L4+SRAM
Memory (WRP) (AN4246), AN4701(F4), AN4758(L4)*
Protection
Proprietary
Each Sector can be configured in “execute only”.
Code
Protection
AN4246(L1), AN4701(F4), AN4758(L4)* F4,L0,L1*,L4
(PCROP)
Safely remove IPs and confidential data. Force
Mass Erase
factory reset. F7,L0,L1,L4

7 7 March 2016
 Today STM32 Security features 5/5
8
Features Benefit STM32 Family
Device electronic Enables product traceability. F0,F1,F2,F3,F4,F7,
Traceability
96-bitUnique ID Can be used for security key diversification. L0,L1,L4
Secure
Secure firmware upgrade capability.
Firmware Software SFU
(AN4023 & AN4024) F2,F4,L0,L4,F7 8
Update

8 7 March 2016
STM32 Crypto Library Package V3.1.0
MCD

Halim KACEM
Jasser MILED

9 7 March 2016
Introduction
10
• The Crypto Library packages includes a set of cryptographic
algorithms can run on all STM32 MCU series.

• STM32 Crypto library contains a software implementation of

the cryptographic algorithms and also a hardware
accelerators enhancement for some of them.

• STM32 cryptographic library files are provided in object

format as a default delivery and source code under NDA
license.

STM32 crypto Solution

10 7 March 2016
STM32 Crypto Library Approach (1/2)
11
• The STM32 crypto library V3.1.0 is divided in two category:
• STM32 firmware crypto library V3.1.0
• Based on STM32 cube architecture.
• All STM32 series will be supported: STM32F0, STM32F1, STM32F2, STM32F3,
STM32F4, STM32F7, STM32L0, STM32L1 and STM32L4.
• All algorithms are based on firmware implementation without using any hardware
acceleration
• The STM32 Firmware Crypto Library is distributed by ST as an object code library,
accessed by the user application through an API.
• The library is compiled for Cortex® M0, M0+, M3, M4, and M7 cores.
• The library is compiled with two optimization levels (High size, High speed).
• Development Toolchains: EWARM, MDK-ARM and GCC (Atollic)*.
• STM32 hardware acceleration crypto library V3.1.0
• Based on STM32 cube architecture.
• Support all STM32 series with hardware acceleration : STM32F2, STM32F4,
STM32F7, STM32L0, STM32L1 and STM32L4,
• Support Only the algorithms based on firmware implementation with hardware
acceleration.
• The STM32 Hardware Acceleration Crypto library is distributed by ST as an object
code library, accessed by the user application through an API.

11 7 March 2016
 STM32 Crypto Library Approach (2/2) 12

• The library is compiled for STM32 series F2, F4, F7, L0, L1,
and L4.
• The library is compiled with two optimization levels (High
size, High speed).
• Development Toolchains: EWARM, MDK-ARM and GCC
Atollic/SW4STM32.

Algorithms fully supported by crypto hardware peripherals are not included in

this package. To use them user can refer to dedicate STM32 Hal driver.

12 7 March 2016
 Crypto Hardware Peripheral supported in STM32 series
13
May 2015

STM32 F series August 2013 STM32F756x

STM32F437/439 AES(128-192-256) ECB, CBC, CTR,

September 2011 CCM, GCM
AES(128-192-256) ECB, CBC, CTR, DES/TDES (64-128-192) ECB, CBC
STM32F415/417
STM32F405x/F407x/F415x/F417x CCM, GCM Hash, HMAC MD5, SHA-1,
June 2009
DES/TDES (64-128-192) ECB, CBC SHA-224/256
AES(128-192-256) ECB, CBC, CTR
STM32F21x Hash, HMAC MD5, SHA-1,
DES/TDES (64-128-192) ECB, CBC
SHA-224/256 RNG 32-bit STM32F745/756
Hash, HMAC MD5, SHA-1
AES(128-192-256) ECB, CBC, CTR
DES/TDES (64-128-192) ECB, CBC RNG 32-bit STM32F427/429
Hash, HMAC MD5, SHA-1 RNG 32-bit STM32F405/407

RNG 32-bit STM32F20x

May 2015

STM32 L series STM32L486x

February 2014 AES(128-256) ECB, CBC, CTR,

CMAC, GCM, GMAC
STM32L06x DES/TDES (64-128-192) ECB, CBC
September 2011 Hash, HMAC MD5, SHA-1,
AES(128) ECB, CBC, CTR SHA-224/256
STM32L16x DES/TDES (64-128-192) ECB, CBC
Hash, HMAC MD5, SHA-1 STM32L471/476
RNG 32-bit
AES(128) ECB, CBC, CTR
DES/TDES (64-128-192) ECB, CBC RNG 32-bit STM32L05x
Hash, HMAC MD5, SHA-1

2009 2015

13 7 March 2016
STM32 Crypto Library Package Structure 14

• STM32 Crypto Library Package V3.1.0:

14 7 March 2016
 STM32L4 Crypto Performances
• Processing time 15
AES Processing Time ( CPU Clock cycles)
6000
5084 5006 4931
5000 4761

4000
3245 3272
2873 2778
3000

2000

1000
214 214 214 214 214 214 202 202
0
CBC-ENC CBC-DEC ECB-ECB ECB-DEC CTR-ENC CTR-DEC CMAC-ENC CMAC-DEC

Based on pure hardware implementation Based on pure firmware implementation

• Consumption
Pure Hardware Pure Firmware
Algorithm
Implementation implementation
AES-ECB consumption 13,5(mA) during 2.6µs 10,5(mA) during 34µs
• Test conditions:
• CPU = 80 MHz / IDE= IAR version 7.40 (High size). Energy gain : x10 ratio SW/HW !
• Software based on Interrupt/CPU in sleep mode

15 7 March 2016
 Libraries Standards/Quality 16

Compliant with standards

• NIST/FIPS standard
• ANSI-C source code
• ST coding
• Packaging rules
• ARM-CMSIS compliant for STM32

Crypto package quality

• CodeSonar tool analysis

16 7 March 2016
Support

17 7 March 2016
STM32 Crypto Package Download 18
• To Get the User manual and the software are available via this link
• http://www.st.com/web/en/catalog/tools/FM147/CL1794/SC961/SS1743/LN1920/PF262570?s_searchtype=keyword

• Download the user manual UM1924

• Download the software

18 7 March 2016
 Demonstration 19

Example Based on Firmware Library

• AES-128 CFB
• MDK-ARM v5.16
• STM32F103RB-Nucleo board

Example Based on Hardware Acceleration Library

• AES-128 CFB
• MDK-ARM v5.16
• STM324x9I-EVAL board with F439 device

19 7 March 2016
 20

STM Secure Elements

20 7 March 2016
ST Proposal 21

• Choose the robustness solution that matches

the value of the secret to be protected

Standard STM32 Standard STM32 with Secured Microcontroller

with Security features external secure element

A secure element (SE) is typically a one chip secure microcontroller

capable of securely hosting applications and their confidential and
cryptographic data (e.g. key management) in accordance with the rules
and security requirements set forth by a set of well-identified trusted
authorities.

21 7 March 2016
STSAFE doc is here 22

22 7 March 2016
 23

23 7 March 2016
 24

24 7 March 2016
Protecting against Attacks in MCU 25
• Identity theft • Data and Code modification
• Tamper protection • Memory protection
• Integrity • Debug levels
• Traceability • Tamper protection
• Integrity
• Deny of service
• Throttling • Physical attach
• Tamper protection
• Data and Code spying
• Memory protection
• Privileges Permission
Management
• Debug levels
• Tamper protection
• Secure Firmware Update

25 7 March 2016
Thank you !

26 7 March 2016