Application Note How to combat Counterfeiting using VaultIC100 TPR0503AX

Transcription

Application Note How to combat Counterfeiting using VaultIC100 TPR0503AX
TPR0503AX
Application Note
How to combat Counterfeiting using
VaultIC100
2
TPR0503AX – VIC – 11Feb11
VaultIC100
Table of Contents
Introduction .............................................................................................5
1
2
3
Fraud, Counterfeiting and Cloning .......................................................5
1.1
Risks to Health ...............................................................................................5
1.2
What is the scale of counterfeiting? ................................................................6
VaultIC100 as an anti-cloning solution ................................................9
2.1
Overview .........................................................................................................9
2.2
How does it work? ........................................................................................10
2.3
What advantages does the VaultIC100 provide over competing solutions? 12
2.4
FIPS 140-2 Product Profile ...........................................................................12
2.5
Starter Kit and support ..................................................................................14
Conclusion ...........................................................................................14
Reference List .......................................................................................15
TPR0503AX – VIC – 11Feb11
Revision History....................................................................................16
VaultIC100
3
4
TPR0503AX – VIC – 11Feb11
VaultIC100
Introduction
Counterfeiting is the «second scourge of the XXIth century after terrorism», said Michel Danet,
secretary of the WCO (World Customs Organization) [R1] in 2006. Besides the economic impact
due to counterfeiting, it also carries health risks when it concerns drugs. No country or sector of
activity is spared from counterfeiting : it is everywhere, although the purchaser of the goods is
often unaware.
1. Fraud, Counterfeiting and Cloning
«A counterfeit is an imitation, usually one that is made with the intent of fraudulently passing it
off as genuine. Counterfeit products are often produced with the intent to take advantage of the
established worth of the imitated product.» (Wikipedia). Counterfeiting and cloning (or imitation)
is then fraud and liable to fines and even imprisonment. But it does not prevent counterfeiters
becoming more numerous, and more intrusive: In the past, the most frequently counterfeited
products were luxury items such as perfumes or fine leathers. Nowadays, we can find this practice everywhere, even in everyday articles such as clothes, shavers, soaps, toothpastes and
drugs that may pose health risks.
Examples of cloned products (batteries and IPhone®)
shashinki.com
Figure 1-1.
FAKE
www.mis-asia.com/
ORIGINAL
ORIGINAL
FAKE
Counterfeiting also impacts semiconductors and high-tech goods (DVD, battery, ink cartridge...).
The theft of valuable Intellectual Property is also involved in counterfeiting. Due to this growing
phenomenon, governments are taking actions, such as the U.S.A. by editing a «2010 Joint Strategic Plan on Intellectual Property Enforcement»[R2].
TPR0503AX – VIC – 20Jan11
1.1
Risks to Health
Toothpaste with dangerous amounts of diethylene glycol (a chemical used in brake fluid), auto
parts of unknown quality that play critical roles in securing passengers and suspect semiconductors used in life-saving defibrillators are examples of counterfeit products that can pause serious
health risks, not to mention counterfeit drugs sold on the Internet or in African markets.
VaultIC100
5
Drugs being sold in a market
source: www.rfi.fr
Figure 1-2.
From a study made by the american laboratory Pfizer in march 2010, 21% of Europeans, or 1
European in 5, have bought drugs without prescription from illicit sources. This study also
reminds us that these fake drugs «can contain noxious ingredients such as rat poison, boric acid
and paint containing lead 8,9», that can have fatal consequences.
1.2
What is the scale of counterfeiting?
Due to its underground and clandestine nature, counterfeiting is very difficult to measure. Except
for customs seizures, no precise numbers are available however estimates show that this phenomenon is increasing: according to PriceMinister (first French platform of e-commerce), the
number of brands becoming victims of counterfeiting is rising: +69% from 2007 to 2008. Counterfeiting concerns mainly high-tech goods: +170% in 2008 (mainly smartphones, software, MP3
readers and memory cards), "only" +13% for fashion items such as clothes, fine leathers,
perfume...
Regarding drugs, the Pfizer laboratories 2010 estimate puts the loss of profit for the drug companies at around 10 billion euros.
6
VaultIC100
TPR0503AX – VIC – 20Jan11
In April 2010, the report "Impact of counterfeiting seen by companies in France” [R3] has been
delivered by the French Manufacturers Association (UniFab) to the French minister of economy
to help against counterfeiting. This report states that counterfeiting costs the G20 countries more
than 100 billion of dollars per year (70 billion of tax loss, 20 billion to fight against criminal networks and 14.5 billion for costs related to deceases assigned to counterfeiting). In France, the
direct loss in turnover of French companies due to counterfeiting is estimated at 6 billion euros
per year.
Figure 1-3.
Sevenfold increase in seizures in 10 years
Millions of items seized at the borders of the European Union
source : UniFab
According to the World Customs Organization, the counterfeit market has risen from $5.5 billion
in 1982 to over $500 billion in 2005, equivalent to about 7% of world trade, but that proportion
could be much higher because many domestic markets have not yet been identified. The best
estimate puts the real figure at around 10% of world trade. The field of electronics alone totals
between 100 and 200 billion dollars, for a global market which is around a trillion. The pharmaceutical sector and counterfeit drugs reached 10% worldwide (one drug in 10 sold in the world is
a fake), and between 25 and 60% in developing countries. Finally, in the computer industry, over
a third of software in use is pirated.
A study (2007) realised by Pricewaterhouse Coopers who canvassed 5400 companies in 40 different countries revealed that counterfeiting has cost more than 1.9 billion between 2005 and
2007 [R4]. The loss in the USA is estimated to be between 200 and 250 billion dollars per year
(according to IACC [R5]).
Worse still, in the present context, the negative impact of counterfeiting is "particularly significant" in terms of innovation, but also jobs for companies. The European Union estimates that
counterfeiting removes 100,000 jobs per year. According to Microsoft, "a 10% decline in the rate
of software piracy would benefit the entire industry by creating 36,000 new jobs in France and
almost 864 000 worldwide”.
TPR0503AX – VIC – 20Jan11
As previously mentionned the electronic market is the main target: the main brands copied in
2008 are Apple® (+328% from 2007), Microsoft® (+295%) and Nintendo® (+133%).
VaultIC100
7
Figure 1-4.
Apple Ipod copied
T
I
E
headset
connector
F
R
E
control
panel
T
N
U
CO
random
read
linear
read
on / off
source: www.base2.ch
source: www.macplus.net
Electronic accessories, batteries, chargers, printer ink cartridges form a large portion of counterfeited products. To combat this fraud, the manufacturers of ink cartridges use increasingly
complex technology, such as holograms or RFID tags.
Figure 1-5.
Hologram on HP ink cartridge
8
VaultIC100
TPR0503AX – VIC – 20Jan11
source: www.hp.com
Another low cost technique and much more efficient since it is very difficult to reproduce, is to
authenticate the consumable (an ink cartridge, a battery, a game accessory...) to the host element (the printer, the smartphone, the game console...). To do this, the ink cartridge, for
example, implements a secure microcontroller embedding a specific firmware which allows a
strong authentication between the printer and the consumable. The VaultIC100 (or
ATVaultIC100) exactly fits this application.
2. VaultIC100 as an anti-cloning solution
The VaultIC100 is one member of the VaultIC™ Family of products. These are secure microcontrollers which embed a complete firmware dedicated to IP protection, anti-cloning and countering
Identity theft. This firmware uses a variety of cryptographic mechanisms such as digital signature generation/verification, on-chip public key-pair generation, message digest, random number
generation and private key encryption to provide a number of protection and authentication
capabilities.
Note
2.1
For more information, please contact your local INSIDE Secure sales office or
[email protected].
Overview
TPR0503AX – VIC – 20Jan11
Based on banking and smart cards product hardware, the VaultIC100 is a turnkey solution for
people who want to add security in their system at low cost and without any software development. The VaultIC100 is the smallest of the VaultIC Family in terms of die and memory sizes.
Embedding 1.5KBytes of file system for secure data storage (keys, certificates, user data...), the
VaultIC100 features authentication with asymetric cryptography (Elliptic Curves), digital signature generation/verification and public key-pair generation, all using standards such as FIPS-196
and ANSI X9.62. The following diagram shows the architecture of the VaultIC100.
VaultIC100
9
Figure 2-1.
VaultIC100 block diagram
Application Interface
Security Domain
(Security Policies, Access Controls, Role Management)
Firmware Platform
Crypto
services
(Key Gen, signature...)
Crypto Library
(ECDSA)
Application
management
&
Data Storage
Administration
Services
(File System)
(Key Management)
Communication
Stack
Memory
Management
(I2C + 1-wire)
VaultIC100 Hardware
RNG
Hardware Platform
Public
Key
Crypto
Engine
Hardware
Security
EEPROM
RISC
CPU
RAM
1-wire (software)
/
I²C (software)
Power
Management
I/Os
Device
2.2
How does it work?
The host (a printer for instance) sends a challenge to a device (battery, ink cartridge...) embedding the VaultIC100 to check if it is an authorized device. The VaultIC100 responds by sending
back the ECDSA signature of the challenge, so that the host can perform the signature verification and then decide whether to authenticate the device (see Figure 2-3).
The first concept of a PKI is the Certification Authority (CA). The CA confirms who the owner of
the private key corresponding to the public key is and fixes the correspondence between both.
The CA issues and controls a so-called "electronic certificate" as the authorization of this correspondence. In particular, set up as an organization with responsibility for checking the
certification of the key holder with the CA. The Registration Authority (RA) verifies the identity of
the key holder in a face-to-face manner (the RA might or might not be separate from the CA).
10
VaultIC100
TPR0503AX – VIC – 20Jan11
Beyond this simple but robust mechanism of security, VaultIC100 can also be used in a more
complex but also more secure architecture: a Public Key Infrastructure (PKI). The main advantage of the PKI is the ease of access and distribution of keys.
As the second key concept in PKI, a Validation Authority (VA) is set. The VA is a body for checking the legality of electronic certificates; namely, whether a certificate is valid and whether that
certificate was issued by a trustworthy CA. Since the PKI is a system to prevent spoofing, the
procedure that checks the validity of the electronic certificate is said to be the most important
among the PKI operations.
Figure 2-2.
Public Key Infrastructure diagram
Source : Wikipedia
In short, a PKI is essentially a means of distributing public keys in a secure way.
In the printer example, the public key and its certificate can either be embedded in the printer or
can be stored in the VaultIC100 and retrieved by the printer. The private key is protected in the
VaultIC100. The advantage of the PKI here is that the host (printer) has no secret to keep.
Figure 2-3.
VaultIC100 in the printer example
TPR0503AX – VIC – 20Jan11
Non Secure
Software in Host!
Public Key only
Genuine ?
Genuine !
VaultIC100
Challenge
Private Key is
protected by
VaultIC100
Response
11
In brief, VaultIC100 features the following:
• Strong challenge-response authentication (FIPS 196)
• Digital signature generation/verification (ECDSA, ANSI X9.62 over GF2N)
• On-chip public key-pair generation (ANSI X9.62 ECDSA key pair generator)
• Certificate X509 storage
• Secure Hash SHA-256 (FIPS 180-3)
• Deterministic Random Number Generator (DRNG, NIST SP 800-90)
And more:
• Dedicated hardware for security including active shield, environmental monitors and
protection against SPA/DPA/SEMA/DEMA attacks
• Strong Authentication
(Manufacturer/User)
and
Password
used
for
chip
administration
operations
• Secure Data Storage in Static File System
• I2C and OWI (One Wire Interface) communication interfaces
• Low Power and Small Form Factor Package
2.3
What advantages does the VaultIC100 provide over competing solutions?
Targeted for the PC world, a Trusted Platform Module (TPM) is not well adapted for small parts
such as consumables. Usually TPMs are used in applications such as disk encryption, software
licences or digital rights management. Even if their future may concern the embedded market,
TPMs remains too expensive for companies that wish to add security in their low cost mass market products. The VaultIC100 is a very low cost solution which has added advantages of low
power consumption and a small footprint: it is available in very small packages such as DFN6
(2mm x 3mm) with a very low pin count. The Key management can also be freely customized
and is not as stringent as on TPMs.
Another main advantage of the VaultIC100 is its capability to use various elliptic curves up to
303 bits including FIPS recommended curves B233, K233, B283 and K283, thanks to its hardware Advanced Crypto Accelerator µAd-X™.
Compared to similar solutions such as Crypto Memory, the VaultIC100 is based on cryptographics standards rather than unproven implementations which may not provide adequate strength.
Also, it is designed for FIPS 140-2 Security Level 3 compliance, including enhanced physical
security and identity-based authentication.
2.4
FIPS 140-2 Product Profile
According to FIPS 140-2, a Cryptographic Module is:
«... a set of hardware, software, firmware or combination thereof that implements crypographic
FIPS 140 Publication Series is issued by the National Institute of Standards and Technology
(NIST). This U.S. Government computer security standard defines the Security Requirements
for Cryptographic Modules which include both hardware and software components.
FIPS 140-2 [R6] is a standard for protection of valuable and sensitive but unclassified information. It integrates and implements existing security standards such as ANSI X9, Secure Hash
12
VaultIC100
TPR0503AX – VIC – 20Jan11
logic or processes».
Standards and Digital Signature Standard. FIPS 140-2 defines four levels of increasing security,
from ’Level 1’ to ’Level 4’.
FIPS 140-2 requires the use of FIPS-Approved cryptographic algorithms. In addition, the module
may support other Non-Approved cryptographic algorithms, which is the case of VaultIC100.
Additional FIPS 140-2 requirements for Security Level 3 are:
• Ports and interfaces: Data ports for unprotected critical security parameters physically
separated or logically separated and using a trusted path.
• Authentication: Identity-based operator authentication
• Physical Security: Tamper detection and response for covers and doors
• Key Management: Secret and private keys established using manual methods shall be
entered or output encrypted or with split-knowledge procedures
• Design assurance: High-level language implementation
In order to receive FIPS 140-2 certification, Inside Secure had submitted the VaultIC100 to an
independent lab for testing (see figure below).
Contrary to other solutions coming from competitors, VaultIC100 is fully certified FIPS 140-2
Security Level 3 (2011 version).
Figure 2-4.
FIPS 140-2 certification process flow
TPR0503AX – VIC – 20Jan11
source: NIST
VaultIC100
13
2.5
Starter Kit and support
To help our customers when first using VaultIC products, a Starter Kit is available for each member of the family which includes samples, documentation, boards and software components.
These kits allow easy and fast evaluation of VaultIC, without any software development. Some
demonstration software is also provided in these kits.
Figure 2-5.
VaultIC 100 Starter Kit
What's in the Starter Kit?
- VaultIC Samples with one dedicated test socket
- One generic USB to I2C adaptor
- One USB Cable
- One CD-ROM
What's in the CD-ROM?
- Support documentation set (Getting Started, Applications Notes...)
- Demonstrations to get an insight into the VaultIC features
- VaultIC Manager Tool to personalize the VaultIC file system
- Hardware independant cryptographic API (with source code)
Note
The VaultIC Starter kit or samples require a Non Disclosure Agreement signed
with Inside Secure and an Export License due to cryptographic modules. For more
information, please contact your local INSIDE Secure sales office or
[email protected].
3. Conclusion
Due to the increasing cost of counterfeiting for high-tech goods and consumables, industry is
ready to add security mechanisms to their products, but at low cost.
The VaultIC100, with a low pin count, an easy customization and a very low power consumption,
has negligible cost compared to the derived benefits. Moreover PKI and use of standards make
it reliable and easy to implement.
14
VaultIC100
TPR0503AX – VIC – 20Jan11
INSIDE Secure has chosen the most stringent standard for data protection and cryptographic
functions, and accepts the discipline required by FIPS-140 to certify its VaultIC100.
Reference List
[R1]
[R2]
[R3]
[R4]
[R5]
TPR0503AX – VIC – 11Feb11
[R6]
VaultIC100
WCO or OMD: World Customs Organization or Organisation Mondiale des Douanes.
http://www.wcoomd.org/home.htm
Report "2010 Joint Strategic Plan on Intellectual Property Enforcement”.
http://www.whitehouse.gov/sites/default/files/omb/assets/intellectualproperty/intellectualproperty_strategic_plan.pdf
Report "The Impact of counterfeiting seen by companies in France”
http://www.unifab.com/downloads/RAPPORTUNIFABavril2010.pdf
Pricewaterhouse Coopers, Economic crime : people, culture and controls, the 4th biennial
global economic crime survey, 2007.
http://www.pwc.com/extweb/pwcpublications.nsf/docid/
1E0890149345149E8525737000705AF1
IACC, The thruth about counterfeiting.
http://www.iacc.org/counterfeiting/counterfeiting.php
FIPS PUB 140-2. Security requirements for Cryptographic Modules. May 2001.
15
Revision History
Document Details
Title: How to combat Counterfeiting using VaultIC100
Literature Number: TPR0503AX
Date: 11Feb11
• Revsion A :
16
VaultIC100
TPR0503AX – VIC – 11Feb11
– First Release
TPR0503AX – VIC – 11Feb11
VaultIC100
17
Headquarters
Product Contact
INSIDE Secure
41, Parc Club du Golf
13586 Aix-en-Provence Cedex 3
France
Tel: +33 (0)4-42-39-63-00
Fax: +33 (0)4-42-39-63-19
Web Site
www.insidesecure.com
Technical Support
[email protected]
Sales Contact
[email protected]
Disclaimer: All products are sold subject to INSIDE Secure Terms & Conditions of Sale and the provisions of any agreements made between INSIDE Secure and
the Customer. In ordering a product covered by this document the Customer agrees to be bound by those Terms & Conditions and agreements and nothing contained in this document constitutes or forms part of a contract (with the exception of the contents of this Notice). A copy of INSIDE Secure’ Terms & Conditions
of Sale is available on request. Export of any INSIDE Secure product outside of the EU may require an export Licence.
The information in this document is provided in connection with INSIDE Secure products. No license, express or implied, by estoppel or otherwise, to any intellectual property right is granted by this document or in connection with the sale of INSIDE Secure products. EXCEPT AS SET FORTH IN INSIDE SECURE’S
TERMS AND CONDITIONS OF SALE, INSIDE SECURE OR ITS SUPPLIERS OR LICENSORS ASSUME NO LIABILITY WHATSOEVER AND DISCLAIMS
ANY EXPRESS, IMPLIED OR STATUTORY WARRANTY RELATING TO ITS PRODUCTS INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTY OF
MERCHANTABILITY, SATISFACTORY QUALITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT. IN NO EVENT SHALL INSIDE
SECURE BE LIABLE FOR ANY DIRECT, INDIRECT, CONSEQUENTIAL, PUNITIVE, EXEMPLARY, SPECIAL OR INCIDENTAL DAMAGES (INCLUDING,
WITHOUT LIMITATION, DAMAGES FOR LOSS OF PROFITS, LOSS OF REVENUE, BUSINESS INTERRUPTION, LOSS OF GOODWILL, OR LOSS OF
INFORMATION OR DATA) NOTWITHSTANDING THE THEORY OF LIABILITY UNDER WHICH SAID DAMAGES ARE SOUGHT, INCLUDING BUT NOT LIMITED TO CONTRACT, TORT (INCLUDING NEGLIGENCE), PRODUCTS LIABILITY, STRICT LIABILITY, STATUTORY LIABILITY OR OTHERWISE, EVEN IF
INSIDE SECURE HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
INSIDE Secure makes no representations or warranties with respect to the accuracy or completeness of the contents of this document and reserves the right to
make changes to specifications and product descriptions at any time without notice. INSIDE Secure does not make any commitment to update the information
contained herein. INSIDE Secure advises its customers to obtain the latest version of device data sheets to verify, before placing orders, that the information
being relied upon by the customer is current. INSIDE Secure products are not intended, authorized, or warranted for use as critical components in life support
devices, systems or applications, unless a specific written agreement pertaining to such intended use is executed between the manufacturer and INSIDE
Secure. Life support devices, systems or applications are devices, systems or applications that (a) are intended for surgical implant to the body or (b) support or
sustain life, and which defect or failure to perform can be reasonably expected to result in an injury to the user.
A critical component is any component of a life support device, system or application which failure to perform can be reasonably expected to cause the failure of
the life support device, system or application, or to affect its safety or effectiveness.
The security of any system in which the product is used will depend on the system’s security as a whole. Where security or cryptography features are mentioned
in this document this refers to features which are intended to increase the security of the product under normal use and in normal circumstances.
© INSIDE Secure 2011. All Rights Reserved. INSIDE Secure ®, INSIDE Secure logo and combinations thereof, and others are registered trademarks or tradenames of INSIDE Secure or its subsidiaries. Other terms and product names may be trademarks of others.
TPR0503AX – VIC – 11Feb11