Security Hardware Differentiated Through Licensed Software: a High-Tech Manufacturer’s Case Study

Security Hardware Differentiated

Through Licensed Software

High-Tech Manufacturer’s Case Study

Agenda

• CPU Tech Market

• Company Overview

• Product Overview

• Customer Development Cycle

• Flexera Software Licensing to Support Development

• CPU Tech Market





Agenda

Electronics Component Markets

• Semiconductor Markets in 2011, Gartner:

–Overall estimate about $320 Billion

–Processor-based chips: $144 Billion

–Military/Industrial Market, System-on-Chip, 32-bit+: $500

Million, 20% CAGR

• Of the entire semi-conductor market:

“System-on-Chip Products Will Drive Growth”

Numerous Recent Security Threats

Pendulum Swings in Defense Electronics over

Time

Full MIL-STD

Requirements

No Distinct

Military Market

War-Time

Mobilization

Rise in Intelligence

And Cryptography

Custom

Components

Military Driven

Market

Commercial Driven

Market

Proliferation of

Performance

StandardsDual Use

Components

Proliferate

Commercial

Aviation and Auto

Markets Proliferate

‘Perry Memo’

COTS and

Open Source

Defense Open

Sources and

Architectures

Tech Boom Marginalizes

Military Requirements

Availability

Concerns

(US Sources

Required)

Trust

Concerns

(US Sources

Required)

Commercial

Cryptography

Proliferates

IP Protection

Concerns

(Anti-Tamper

Required)

Defense

Funding

Priorities

• CPU Tech Market





Agenda

What We Do: Develop Secure and Compatible

Technology

1980 20101995 2000 2005

Understanding System

Vulnerabilities

1985

Understanding

how to design

secure systems

and eliminate

vulnerabilities

Understanding

how to build

secure systems

CPU Tech

Founded 1989

1990

CPU Tech’s Proven Approach

Who We Are: Products and Services Clients and Partners

• Founded in 1989 with a vision of making compatible System-on-a-

Chip (SoC) technology economically practical

• CPU Tech produces the Acalis® family of

Secure Processors that protect software and

systems from reverse engineering

• CPU Tech offers secure processing implementation services to

assist customers in achieving security goals and certifications

• Veteran Owned, Small Business, Headquartered in Pleasanton, CA

– Rep Firms across America

• CPU Tech Market





Agenda

Acalis® CPU872 Secure Processor

• Multi-Core Device with Integrated

Security Processor & Offload

Engines

• IBM Trusted Foundry

• Extensive, Multi-Layered Security to

Protect Against Reverse Engineering

• Two Complete PowerPC® Nodes

• Scalable without Additional Devices

• Power Efficient Processing

Acalis® Development Environment

Acalis® CPU872

Secure ProcessorH

Acalis

SentryTM

T

S

T

H Acalis® EB872

Evaluation

Board

Acalis®

Software

Development Kit

Embedded RTOS/OS

Security Processor APIS

H

S

T

Hardware: Devices & Boards

Software: Embedded User Software

Development Tools: Software Developer & Security Engineer Tools

Acalis Sentry™ Advantages

• Graphical User Interface: Offers menu-driven, easy-to-use security

configuration

• Secure Data Transfer: Mocana SSL data security and authentication

• Security Engineer Role: Clearly separates security role from software

developer role

• Access Rules: Provides clear implementation of settings on chip firewalls

between processors, IO, and on-chip/off-chip memory

• Trusted Source Environment: Adds hardware trust to your design environment

in critical areas of encryption key and boot code management

How Acalis Sentry™ Works

AEC+AES

Encrypted

Image

Acalis Sentry™ Management Console Acalis® IDE

Acalis Sentry™

Network

– Sentry Connection

S/W

En

cry

ptio

n

Sentry Connection – Secu

rity C

on

fig

Boot Image

Acalis® Design Environment

Acalis Sentry™ Management Console

The Role of a Security Engineer

• Current Role/Responsibilities

– Deeply embedded in software design

– Line-by-line verification

– Constant revision of design practices

With Acalis SentryTM Security Server…

• New Role/Responsibilities

– Security separated from software design

– Menu-defined security decisions

– Clearly defined constraints for software

designers

– Simplifies „what-if‟ scenarios when changing

security requirements

• CPU Tech Market





Agenda

Defense Acquisition Process

Programs have extensive Government reviews and milestones

Phases of Defense Customer Development

Requirements System Design

Design

and

Prototype

IntegrationSystem

TestManufacturing/Support

• This Life-Cycle can be 5-10 Years for Defense Programs

• The Full Function of Acalis Sentry not Required in All Phases

• There are sometimes security concerns in design– Not everyone in integration, test, or manufacturing need to understand sensitive design

details

– Some security settings are „locked down‟ for the remainder of the program

– Some programs „compartmentalized‟, where engineers and users have different accesses

Supply Chain Security

• The fact that „Supply Chain‟ pieces are now global is a concern to some

defense officials

• White House Issued „Comprehensive National Cyber Security Initiative‟

(CNCI) and Declassified in 2010

• Part of the CNCI is Supply Chain Security:– “Risks stemming from both the domestic and globalized supply chain must be managed in a

strategic and comprehensive way over the entire lifecycle of products, systems and services. “

– CNCI Initiative #11

Acalis Sentry is a customer offering by CPU Tech to help secure the

supply chain in the development process through

role and feature based licensing

• CPU Tech Market





Agenda

Overview of Flexera Software Capabilities

• CPU Tech currently utilizing several Flexera Software products

• For the Acalis Sentry, using:– FlexNet Embedded

– FlexNet Operations

• This enables us to license several different „subscription

licenses‟ to Acalis Sentry all from the same secure hardware

CPU Tech’s Business Challenges

• Both desktop and embedded software provide different levels of

functionality, operations, and security

• Need to offer feature-based and role-based licensing and

pricing models to our customers

• Need to provide embedded-node-locked and floating licensing

capability

• Need to offer both off-line (for machines operating in a classified

area) and web-based activation options to our customers

• Need to be able to automate the activation process

CPU Tech’s Evaluation Criteria in Selecting

FlexNet Producer Suite

• Appropriate and adequate cryptographic encryption for license

key protection and storage

• Small memory footprint

• Supported our processor architecture

• Supported embedded OS‟s (OS independent, and easy to port)

• Supported programming language

• Performance and reliability

• Easy to manage and track the license entitlement

• License activation automation

• Integration with other management systems, such as

SalesForce

• Total Cost of Ownership

Example Use Case of FlexNet Technology Embedded in

Acalis Sentry

Acalis SentryTM

Acalis® EB872

Evaluation Board

Admin Developer Security

Engineer

Manufacturing

How License

Works

License Resides

in Bootable

Embedded

Software

Determines

Accesses and

Privileges Based

on Edition

License pre-

installed or

updated by user

Active

License

Future Capabilities Enabled by FlexNet Embedded

Acalis® EB872

Evaluation Board

Admin Developer Security Engineer

Manufacturing

Options:

Off-line activation

locked to device

Floating license

on a license

server

Provisioning

server to

automate the

license update

Web-based

license activation

Provisioning or

Generated License

Acalis SentryTM Acalis SentryTM

Role and Mode Rules for Acalis Sentry

Roles Needed in Acalis Sentry:

• Administrator: Sets passwords,

administrative options, license

activities

• Developer: Provides mission

embedded software, final embedded

images

• Security Engineer: Sets security

settings in secure processor

• Manufacturer: Final distributor of

encrypted bootable image

Design Phases for Acalis Sentry:

• Development: This encompasses all

software development, requires

multiple changes and security settings

• Test/Integration: This phase requires

some controlled code and security

setting changes

• Manufacturing: This phase requires

no code changes, but controls sensitive

image distribution

• Support: This phase typically involves

only documentation, audit, reports

Matching Roles/Modes to Customer Design Model

Full Sentry

• Admin, Developer,

Security Engineer,

Manufacturing

• Full spectrum of

design space

needed

Assembly

Creation

• Admin, Developer,

Security Engineer

• New images result

from debug

changes

Manufacturing

• Admin,

Manufacturing

• Unchanging

image(s) being

installed

Static

• Admin, Security

Engineer

• Security audit only –

keeps production

floor intact, no other

functions

Results in

Four

‘Subscription

Licenses’

Requirements System Design

Design

and

Prototype

IntegrationSystem


Full Sentry

Assembly Creation

Manufacturing

Static

Matrix of Features to Subscription Licenses

Features\Subscriptions FullAssembly

CreationManufacturing Static

Product Activation √ √ √ √Configuration (locking/unlocking,

network) √ √ √ √

Licensing (activation, update) √ √ √ √

Field Upgrade √ √ √ √Tamper and Activity Log (storing,

retrieving) √ √ √ √

Device Sanitization √ √ √ √Access Configuration (user group,

users) √ √ √ √

Security Configuration (firewall, key,

event log) √ √ √ √

Assembly Creation √ √

Assembly Upgrade √ √

Target Activity Log Retrieval √ √ √ √

Manufacturing Process √ √ √

Features, Subscriptions, and Roles – Security Engineer




network)

Licensing (activation, update)


retrieving)

Device Sanitization

Access Configuration (user group,

users)


event log) √ √ √ √



Target Activity Log Retrieval √ √ √ √


Features, Subscriptions, and Roles – Administrator




network) √ √ √ √

Licensing (activation, update) √ √ √ √


retrieving) √ √ √ √

Device Sanitization √ √ √ √Access Configuration (user group,

users) √ √ √ √


event log)

Assembly Creation

Assembly Upgrade

Target Activity Log Retrieval

Manufacturing Process

Features, Subscriptions, and Roles – Developer



Product Activation

Configuration (locking/unlocking,

network)


Field Upgrade

Tamper and Activity Log (storing,

retrieving)

Device Sanitization


users)


event log)



Target Activity Log Retrieval √ √

Manufacturing Process

Features, Subscriptions, and Roles – Manufacturer



Product Activation

Configuration (locking/unlocking,

network)


Field Upgrade

Tamper and Activity Log (storing,

retrieving)

Device Sanitization


users)


event log)

Assembly Creation

Assembly Upgrade

Target Activity Log Retrieval √ √


Cost Advantages of Flexera Software Licensing

Model in Sentry

• Reduces Manufacturing Cost (Single Version of Hardware)

• Adds a Valuable Security Layer in User Activation

• Operational Savings in Ease up Upgrade/Downgrade

• Flexibility allows CPU Tech to Tailor Subscription Licenses to

Customer

• Protects CPU Tech and Customer Intellectual Property

• Gets us Faster to Market, as we are only limited by hardware

schedule

Example Cost Model to Customer

Example:

– Two Yrs Fully Sentry (2 x $A)

– Two Yrs Assembly Creation (2 x $B)

– Three Yrs Manufacturing (3 x $C)

– Five Yrs Static (5 x $D)

Total Cost: $XYZ

Cost model allows customers to customize their licensing

package and increase design security

Requirements System DesignDesign and

PrototypeIntegration

System


Full SentryAssembly Creation

ManufacturingStatic

Summary

• Flexible Licensing helps customer with life-cycle security

• Allows for cost and revenue model that matches customer

process

• Much of what were security „rules‟ to be enforced through audit

are now enforced by fiat

• Customers can play by our licensing rules within their secure

facilities

• Provides flexibility, cost reduction, and ease of

upgrade/downgrade

• Offers protection for intellectual property and revenue

Questions?

Thank You!