Embed Size (px)
Citation preview
NEOS-IoTSPIoTSecurityPlatformbasedonNEOSRTOS™supportingWiFiandTPM(TrustedPlatformModule)
2016.12
http://www.neosrtos.com/neosp1email:[email protected]
©2016MDSTechnologyCo.,Ltd..
FeaturesofNEOSIoTSecurityPlatform
● FullFeaturedSolutionPackage:SecureRTOSSoftware,IntegratedDevelopmentEnvironmentSoftware,System-on-module,andDevelopmentKit
● CryptoLibrary● SecureBoot● SecureFirmwareUpdate● TPMSupport● DeviceManagementSolution,Integrated● KeyManagementSystemforIoT,Integrated
ConfigurationofNEOSIoTSecurityPlatform
SecureRTOSSW
SecureBoot SecureFirmwareUpdate CryptoAPI
NEOS™RTOS
KeyManager
IoTAgentCrypto-library
Neo-SP1(System-On-Module)
Cortex-M4MCU
WiFi
DeviceManager
TPM
DVMS(DevelopmentKit+Sensors)
SerialtoUSB(monitor)
SWD(debug)
AccelerometerMagneticField
NEOSPACE™IDE
USB(Serial,SWD)
Internet/Intranet
Temperature&Humidity
Light&UV
HostComputer
■ Softwares:SecureRTOSSoftware,IDE(IntegratedDevelopmentEnvironment)■ ReferenceHardwares:System-on-module,andDevKit
3<NEOS-IoTSP>http://www.neosrtos.com/neosp1
4
A.SecureRTOSSWPlatform
■ SecureBoot■ SecureFirmwareUpdate■ StandardCryptographicLibraryforend-to-endSecurity■ SecureKeyManagementonTPM(TrustedPlatformModule)■ StandardbasedDeviceManagementSolution(NEO-IDM™)Integrated■ StandardbasedKeyManagementSolution(iKMS)Integrated
SecureRTOSSW
SecureBoot SecureFirmwareUpdate CryptoAPI
NEOS™RTOS
KeyManager
IoTAgentCrypto-library
DeviceManager
5
B.IDE(NEOSPACE)
■ CompleteIntegratedDevelopmentEnvironmentbasedoneclipsedevelopmentplatform■ ProjectManagement■ Buildingtargetsoftware:compiler,linker■ DebuggingandFlashProgrammingthroughSerialWireDebug(SWD)
USB(Serial,SWD)
• Neo-SP1Module– HardwareRootofTrustbyTPM(TrustedPlatformModule)– UsercanprogramIoTapplicationonthemodule
• DVMS:FullFeaturedDevelopmentKit– Neo-SP1Mounted– SWDSTLink-v2DebugInterfacereadyforDebuggingandFlashProgramming– Sensors:Accelerometer/Magnetometer,Temperature/Humidity,Light/UV– ConfigurableExternalPortswithI2C,ADC,UARTinterfaces
6
C.ReferenceHardware
JTAGTrace32
SWD- USB
Serial- USB
Temp./Humidity
Accel./mageto.Neo-SP1
Light/UVExternalPorts
DVMS(DevKit)
Function Specification
MCU STM32F415
TPM InfineonSLB9670VQ1.2
Connectivity WiFi802.11b/g/n:ESP8266
Dimension 25mmx35mm
● Neo-SP1
Applications
● EdgeDevice,ConnectivityModule,orSecureMediaConverter● Readyforvariouswirelessconnection
■ BootonlyOEMprovidedsoftwareonly■ DownloadfirmwarefromUpdateServerandverifytheSignature
8
SecureBoot,SecureFirmwareUpdate
DevicePowerOn
Firmwarebootloader
BootManagerverifiesSignature
BoottoMainOS
BoottoUpdate
bootconfigurationdatabase
Internet/Intranet
UpdateServer Signing(OSandHash)
PublickeyofupdateServer
Downloadfromupdateserver
Neo-IDM Service UI
• StandardIoTDeviceManagementPlatformbasedonLwM2Mprotocol• TwoOperationModels:IoTEdgeDeviceandConnectivityModule
9
IntegrationwithNeo-IDM
NEOS IoT SP
EdgeDeviceNeo-IDM CoAPServer
IoTGatewayNeo-IDMLwM2M
Client
CoAP
InterworkingProxy
LwM2MIoTServer
Azure,ThingWorx,...
HTTP/MQTT
LwM2MServer
NEOS IoT SP
ConnectivityModuleNeo-IDM LwM2M
Client&CoAPServer
LwM2M
LwM2MServer
SecureRTOSSW
SecureBoot SecureFirmwareUpdate CryptoAPI
NEOS™RTOS
KeyManager
IoTAgentCrypto-library
DeviceManager
• Keydistributionfunctionandmanagementscheme• KeyInjectionforIoTDevice• ThusprovidingEnd-to-EndSecurity
10
IntegrationwithiKMS(KeyManagementSystem)
NEOS IoT SP
iKMSAgent
Secure Key Distribution
iKMSServer(HancomSecureCo.)
SecureRTOSSW
SecureBoot SecureFirmwareUpdate CryptoAPI
NEOS™RTOS
KeyManager
IoTAgentCrypto-library DeviceManager
IoTServerLwM2M,Azure,...
Secure Key Distribution
CryptographicLibrary
11
Function Algorithm Description
BlockCipher
ARIA 128,192,256bitsSEED 128,256bitsLEA 128,192,256bits
HIGHT 64bitsBlockCipher
OperatingModeConfidentiality ECB,CBC,CFB,OFB,CTR BlockCipher:ARIA,SEED,LEA,HIGHT
Confidentiality/Authentication CCM,GCM BlockCipher:ARIA,SEED,LEA,HIGHT
RandomNumberGeneratorHASH_DRBG Hash:SHA-224/256/384/512CTR_DRBG BlockCipher:ARIA,SEED,LEA,HIGHT
HMAC_DRBG Hash:SHA-224/256/384/512PublicKeyCryptography RSAES PublicKey:2048,3072 bits
KeyManagementDH Public/PrivateKey:(2048,256)
ECDH B-233,K-233,P-224B-283,K-283,P-256
HashFunction SHA-2 OutputLength:224,256,384,512bits
MessageAuthenticationCode
HashBased HMAC KeyLength:128,256bits
Block CMAC BlockCipher:ARIA,SEED,LEA,HIGHTGMAC BlockCipher:ARIA,SEED,LEA,HIGHT
DigitalSignature
RSA-PSS PublicKey:2048,3072bitsKCDSA PublicKey:1024,2048,3072bits
ECDSA B-233,K-233,P-224B-283,K-283,P-256
ECKCDSA B-233,K-233,P-224B-283,K-283,P-256
■ cryptographicalgorithms■ light-weighted,andoptimizedforembeddedsystem
12
ConnectionTypes
Neo-SP1
IoTGateWay
IoTServer
AsaConnectivityModuleConnecttoServerwithoutIoTGateway
Neo-SP1
WirelessAccessPoint
AsanEdgeDeviceConnecttoServerthroughIoTGateway
Internet/Intranet
Internet/Intranet
IoTServer
Neo-SP1
Device-to-deviceSecurityConnecttootherdevices
Internet/Intranet
■ ToprovideSecureChannelforsystemswithLegacyDevices■ MinimalornomodificationtoLegacySystemforeasydeployment
13
SecureMediaConverter
LegacyDevices LegacyDevices
Trans-ceiver
Trans-ceiver
UnsecureMedia:ethernet,
RS485,RS422,...
SecureChannels
WiredorWireless
UnsecureMedia:ethernet,
RS485,RS422,...
■ ReadyforConnectivityModules:Bluetooth,Zigbee,LoRa,WISUN,LTE,etc
14
ReadyforVariousWirelessConnectionsExtension
RFModule
Zigbee
Bluetooth
WISUN
LoRa
Sensors
Internet/Intranet
15
Applicable
■ Toprotectpublicsafetydata,environmentdata,smartgriddata,etc,whereSecurityismandatorybylaw
■ ToprotectdataforMilitaryIoT■ ToprotectPrivateSensitivedata,suchasWellnessinformationorMedical(Health)data■ ToprotectDeviceConfigurationData,ManufacturingTechnology
AboutNEOSRTOS
16
■ NEOS™RTOSisareal-timeoperatingsystemforembeddedsystemdevelopedbyMDSTechnology
■ DO-178BLevelACertifiableKernel■ Multi-threadKernelwithfastanddeterministicperformance■ Preemptiverealtimescheduling■ POSIXstandardAPIadd-on(POSIX1003.13PSE52)■ Fieldproveninaerospaceandmilitaryforsafetycriticalandmissioncriticalsystem■ http://www.neosrtos.com
