Designed for use in systems that require secure product authentication and usage tracking, the 88PA810 provides a proven and trusted offering to prevent counterfeit attacks. The 88PA810 also includes IoT smart device protection against external attacks that threaten vulnerable cloud-connected devices.

More specifically, Marvell’s 88PA810 security chip features advanced anti-tampering alarms and extensive circuit obfuscations with active metal mesh coverings, internal clocks and regulators. Meanwhile, additional security features prevent attackers from tampering and using physical attack methods to disrupt or copy the chip or its related consumer product.

To be sure, the inclusion of Rambus’ CryptoFirewall technology enables the IC to protect against over 40 attack threats while encrypting off-chip data communications. The 88PA810 also includes secure product authentication services utilizing a unique hardware ID, a secure usage metering count-down counter that cannot be reset and 3KB of one-time programmable (OTP) memory for OEMs to record product information and manufacturing metadata.

Using a traditional inter-integrated circuit (I²C) interface, the 88PA810 connects with a host controller to run authentication and product management services. In addition, the 88PA810 Consumable CryptoFirewall core interfaces with the Verifier CryptoFirewall (VCF) verification core in Marvell’s recently announced 88PA6270 quad-core ARM® Cortex-A53 printer controller SoC. This combined CCF-VCF hardware channel provides hardware-level device authentication to protect against software attacks on the host device.

The 88PA810 – which is currently sampling – also protects the entire supply chain via a multi-stage provisioning solution to eliminate potential risks from rogue elements.

“We show that co-location can be achieved and detected by monitoring the last level cache in public clouds,” the Worcester team explained in an article extract. “More significantly, we present a full-fledged attack that exploits subtle leakages to recover RSA decryption keys from a collocated instance.”

To be sure, the researchers targeted a recently patched Libgcrypt RSA implementation by mounting Cross-VM Prime and Probe cache attacks in combination with other tests to detect co-location in a cloud-based service. As a preparatory step, the team reversed engineered the unpublished nonlinear slice selection function for a leading server processor powering the cloud service, which significantly helped accelerate the attack.

After co-location was detected and verified, the researchers performed the Prime and Probe attack to recover noisy keys from a carefully monitored cloud service VM running the vulnerable libgcrypt library. The noisy data was subsequently processed, allowing the team to obtain the complete 2048-bit RSA key used during encryption.

This work, says the Worcester team, reaffirms privacy concerns and underlines the need for deploying stronger isolation techniques in public clouds. Chris Gori, a Technical Director at Rambus Cryptography Research concurred.

“Physical electronic systems routinely leak information about the internal process of computing. In practical terms, this means attackers can exploit various side-channel techniques to gather data and extract secret cryptographic keys,” Gori told Rambus Press. “This is true for enterprise servers and data centers, as well as mobile devices, PCs and SIM cards.”

As we’ve previously discussed, the Rambus Cryptography Research division has designed a range of DPA countermeasures that offer a combination of software, hardware and protocol techniques specifically designed to protect tamper-resistant devices from side-channel attacks. These include leak reduction, incorporating randomness, generating amplitude and temporal noise, as well as executing protocol-level countermeasures.

Interested in learning more about how Rambus is helping to secure SoCs, devices and content? You can read more about our DPA countermeasures here, CryptoFireWall Cores here and CryptoManager platform here.

Dubbed MStar G6F, the new chipset is designed to meet consumer demand for easy access to 4K UHD programs – while also providing security for content owners.

Designed to integrate easily into 4K smart TVs, the G6F supports a full function HEVC decoder, multi-region demodulator and motion judder cancellation with MStar’s proprietary MACE –Pro3UC /MFC technology. By integrating the CryptoFirewall core into MStar’s security hardware, the G6F chip meets MovieLabs’ Hardware root-of-trust guidelines.

In addition to hardware protection, the MStar connected TV chipset includes ExpressPlay, an end-to-end security service that provides a ready-to-go Marlin DRM system to manage content protection. Marlin DRM – a simple and open DRM – supports numerous video formats such as MPEG-DASH HLS and MP4. Currently being showcased at IBC 2015, the new MStar G6F chipset is expected to start shipping in 4K UHD TVs during Q4 2015.

As we’ve previously discussed on Rambus Press, CryptoFirewall successfully mitigates a number of critical threats, including scan interface attacks, man-in-the-middle, replay, OTP memory (corruption and tearing), rights key injection, emulation on STB hardware and physical reverse engineering.

The Rambus CryptoFirewall core also bolsters both content key and entitlement management (compared to other DVB SoC key ladder-based solutions); offers strong content key derivation security by default and provides as secure – and more cost effective – entitlement management than smart cards. In addition, the CryptoFirewall core improves the security of a TEE DRM or CA solution by enforcing a robust hardware barrier.

It should be noted that CryptoFirewall ASIC security cores have been integrated into at least 65 chipsets. Interested in learning more? You can check out the official Rambus CryptoFirewall page here and browse our CryptoFirewall article archive here.

The service, part of the Cryptography Research Trust Services offering, manages cryptographic keys used by SCSA-enabled devices and services to secure high-quality 4K Ultra HD content. In operating the Key Issuance Center, Cryptography Research will deliver encrypted keys to storage device makers, player manufacturers and content issuers involved with the SCSA.

Cryptography Research also provided provisional key management services to existing members of the consortium during the run-up to VIDITY’s official launch. More specifically, Cryptography Research offered provisional key management services to existing members of the consortium.

It should be noted that the Secure Content Storage Association (SCSA) recently released VIDITY licensing specifications to facilitate the secure delivery of premium digital entertainment content, including locally stored playback of 4K Ultra HD and HD movies across multiple devices.

“VIDITY has no requirement to log into accounts or connect to the Internet for playback,” the SCSA explained in an official press release. “Compliant products will offer consumers the freedom and flexibility to store, copy, play and share downloaded digital files on a wide range of devices, such as laptop computers, mobile phones and tablets.”

Sharing digital content in a household will also be easier with VIDITY, as the spec allows the playback of digital content that resides on one VIDITY-enabled device on the screen of another enabled device. Plus, users can easily move and copy content between devices.

The SCSA was founded by a number of industry heavyweights, including 20th Century Fox, Warner Bros. Home Entertainment, SanDisk Corporation and Western Digital. In addition to key support from the Rambus Cryptography Research division – as both a security partner and advisor – over 50 contributor companies have joined the SCSA since 2012.

A number of SCSA members, including Samsung, Fox, Seagate, Western Digital and MGO, already have VIDITY compatible products on the market that support 4K UHD and HDR.

As we’ve previously discussed on Rambus Press, access to uninterrupted and high-quality content is contingent upon a strong level of hardware-based security against unauthorized access.

“It is in the content provider and distributors’ best interest to provide consumers with the highest quality programming,” explained Rambus security marketing manager Zainab Al-Shamma. “By utilizing the hardware security built directly into the consumer’s viewing device, you are future-proofing access to premium content for years to come.”

Interested in learning more about how Rambus is helping to secure premium content? You can check our CryptoFirewall article archive here.

“[The cards use] AES-128, which is supposed to be virtually unbeatable by a brute-force attack, but turns out to be easy to defeat using side-channel analysis,” explained Iain Thomson of The Register. “Side-channel attacks measure things like power consumption, electromagnetic emissions and heat generation to work out what is going on in a chip. The technique has been around for years, and requires physical access to the target device.”

Have you read our primer?
– Side-channel attacks: explained

As Thomson reports, Yu Yu and his university team tracked power levels using an oscilloscope, monitored data traffic with an MP300-SC2 protocol analyzer and correlated the results with a SIM card reader and a standard PC.

“With this simple setup they cracked eight commercial SIM cards in between 10 and 80 minutes,” said Thomson. “Yu [also] demonstrated how the cloned SIM card can successfully impersonate the owner in class [and] showed how a cloned card could change the password on an Alipay and potentially drain the account.”

According to Yu, the above-mentioned hack is based on known differential power analysis attacks.

“The move to AES-based encryption algorithms in 3G/4G USIM cards did not systematically take advantage of state-of-the-art countermeasures against side-channel attacks,” he added. “Indeed, the USIM cards we analyzed essentially relied on plain (unprotected) software implementations of the AES.”

Helena Handschuh, a Director at Rambus’ Cryptography Research division, co-designed the MILENAGE standard discussed in Yu’s Black Hat paper. According to Handschuh, AES-128/Rijndael was chosen for MILENAGE in 2001 so that side-channel countermeasures could be easily incorporated in a SIM-class platform.

“Yu Yu’s paper demonstrates once again that, even though these algorithms are mathematically strong and unbroken, all implementers of crypto need to be aware of side-channel attacks and take appropriate steps to mitigate them,” Handschuh concluded.

As we’ve previously discussed on Rambus Press, physical electronic systems routinely leak information about the internal process of computing. In practical terms, this means attackers can exploit various side-channel techniques to gather data and extract secret cryptographic keys.

As such, the Rambus Cryptography Research division has designed a range of DPA countermeasures that offer a combination of software, hardware and protocol techniques specifically designed to protect tamper-resistant devices from side-channel attacks. These include leak reduction, incorporating randomness, generating amplitude and temporal noise, as well as executing protocol-level countermeasures.

Interested in learning more about how Rambus is helping to secure SoCs, devices and content? You can read more about our DPA countermeasures here, CryptoFireWall Cores here and CryptoManager platform here.

With no requirement to log into accounts or connect to the Internet for playback, VIDITY compliant products will offer consumers a convenient way to store, copy and share their digital files. VIDITY also compliments third-party streaming entertainment platforms such as UltraViolet and others.

The SCSA was founded by a number of industry heavyweights, including 20th Century Fox, Warner Bros. Home Entertainment, SanDisk Corporation and Western Digital. In addition to key support from the Rambus Cryptography Research division, as both a security partner and advisor, over 50 contributor companies have joined the SCSA since 2012.

As we’ve previously discussed on Rambus Press, access to uninterrupted and high-quality content is contingent upon a strong level of hardware-based security against unauthorized access.

“It is in the content provider and distributors’ best interest to provide consumers with the highest quality programming,” explained Rambus security marketing manager Zainab Al-Shamma. “By utilizing the hardware security built directly into the consumer’s viewing device, you are future-proofing access to premium content for years to come.”

Interested in learning more about how Rambus is helping to secure premium content? You can check our CryptoFirewall article archive here.

Moderated by Paul Kocher, the President and Chief Scientist of Rambus’ Cryptography Research Division, the panel touched on a wide range of topics, including E.M.V. smart credit cards, the Internet of Things (IoT) and ransomware.

“Massive growth during the Industrial Revolution posed a number of significant challenges for society,” said Kocher, who kicked off the panel in front of a packed auditorium. “We face a similar issue today when it comes to technology, particularly around security and how to manage risk.”

Image Credit: RSA Conference

Rivest, the Vannevar Bush Professor of Computer Science at the Massachusetts Institute of Technology, expressed similar sentiments by drawing an analogy to the Cambrian explosion 542 million years ago, when life on earth evolved very rapidly.

“All of a sudden, the planet Earth was suffused with light,” he said. “Animals can now see long distances, significantly altering the relationship between predator and prey. This is a good analogy for the current security situation today.”

Adi Shamir, who specializes in cryptographic schemes and protocols, agreed that newer technologies and products related to the rapidly expanding IoT were vulnerable if not properly secured. However, the Borman Professor of Computer Science at the Weizmann Institute in Israel also emphasized that the more things changed, the more they actually stayed the same.

To illustrate his point, Shamir reiterated his “three laws of security” which, although formulated by the cryptographer back in the 1980s, remains extremely relevant today.

“Firstly, secure systems do not exist today or in the future. Secondly, cryptography will not be broken, but bypassed. Thirdly, to halve the vulnerability you have to double the cost,” he explained. “Trying to stop the most sophisticated attacks means companies have to spend lots of money. This is why some have chosen to adopt a ‘good enough’ approach to security.”

More specifically, says Shamir, some of the new IoT products offer less than stellar security. Indeed, one recently tested demo system was found to have (temporarily) unsecured WiFi during the configuration – a major vulnerability that could allow attackers to steal passwords and gain access to the network.

In addition to exploring IoT security challenges, the cryptographers discussed the recent adoption of the E.M.V. smart credit card standard in the United States. While the new cards are likely to deny cyber criminals one of their most lucrative strategies, no one expects them to throw in the digital towel anytime soon.

Indeed, as Kocher noted in a recent New York Times op-ed, cyber criminals will shift to other lucrative (though somewhat less attractive) ways to profit from stolen data and credentials, such as stealing from brokerage accounts, forging checks, filing bogus tax refunds and engaging in insider trading and medical billing schemes.

“The E.M.V. roll-out is a critical first step, but it will take a long time to shift our critical security tasks away from complex microprocessors and their software to simpler, well-isolated circuits and chips built for security,” he added. “More systems will get attacked and then upgraded, technical advances will create new and greater opportunities for abuse, and the cycle will continue.”

Ransomware was another area of concern for the panel, with KEYW cryptographer and security expert Ed Giorgio emphasizing that once cyber criminals gain access to a system and hold specific files hostage, they are likely to look around for something else to blackmail a victim with.

“Ransomware [is lucrative] and will be around as long as they can make [victims] pay money and maintain their ability to extort,” he concluded.

Interested in learning more about Rambus’ activities at RSA 2015? Be sure to check out booth S1815 on the exhibit floor, where we will be showcasing CryptoFirewall and a wide range of DPA countermeasure solutions. You can also follow us on Twitter for live show updates.

We’re showcasing a wide range of advanced security core solutions at booth S1815, including DPA countermeasures, as well as CryptoFirewall anti-counterfeiting and content protection platforms.

Rambus Cryptography engineers are demonstrating side-channel vulnerabilities across multiple platforms – allowing RSA attendees to compare the leakage of unprotected standard AES implementation and DPA resistant AES cores.

Firstly, we’re demoing real-world leakage in standard AES implementation vs. DPA Resistant AES solutions on an FPGA. More specifically, we’re exploring leakage levels for sensitive values – computed over time – in protected versus unprotected HW implementations.

“The unprotected FPGA leaks sufficiently to indicate the device is vulnerable to loss of data in very few transactions,” Rambus security marketing manager Zainab Al-Shamma explained. “The protected example illustrates leakage levels do not grow over time, preventing side-channel attacks. A power signal is used in this example, providing a very clean signal.”

Our engineers are also conducting a mobile device side-channel attack demo, in which data dependent EM emissions are monitored from mobile devices to expose private keys. Specific techniques for isolating frequencies – including leaks during cryptographic processing – are evaluated and analyzed.

“These demonstrations on both public key (RSA) and symmetric key (AES) algorithms illustrate a very real risk to mobile applications and other cryptographic processing on unprotected platforms,” said Al-Shamma.

Revamped DPA Workstation (DPAWS) User-Interface:

This demo showcases our revamped DPAWS UX, which features a highly intuitive UI paired with enhanced data visualization. The latest iteration of the DPAWS GUI now offers an integrated, project-centric analytic environment specifically designed to optimize the efficiency of side-channel analysis.

Both flexible and scalable, DPAWS easily integrates with a wide range of industry tools such as Matlab, as well as Python and other scripting languages. The DPA Workstation supports full cipher coverage (AES, RSA, ECC, DES and SHA), large dataset handling along with high-speed collection and analysis of billions of traces.

“The Cryptography Research division of Rambus developed DPA countermeasures to facilitate the design of tamper-resistant devices that are shielded from all forms of side-channel attacks,” Al-Shamma added. “Our ready-to-use DPA resistant IP cores and software libraries offer chipmakers an easy-to-integrate security solution with built-in side-channel resistance for cryptographic functions across a plethora of connected devices.”

In addition to the above-mentioned DPA demos, Rambus is showcasing its CryptoFirewall anti-counterfeiting solution for printer cartridges, as well as the CryptoFirewall content protection platform using a trio of boards.

As we’ve previously discussed on Rambus Press, the CryptoFirewall content protection platform is an advanced hardware security core integrated in multimedia decoding chipsets. It provides a robust foundation for securely delivering premium content, including 4K UHD, to smart TVs and set-top boxes independent of CAS or DRM.

Interested in learning more about what Rambus is up to at RSA 2015? Be sure to stop by booth S1815 or follow us on Twitter for live show updates.

Alongside Bart Preneel, Adi Shamir and Nigel Smart, Kocher is also scheduled to participate in a two-part panel discussion on the role of cryptography in a post-Snowden world on April 22 at 10:20AM.

In addition to the above-mentioned panels, the Rambus Cryptography Division will be showcasing a number of security related demos at booth S1815 on the exhibit floor, including CryptoFirewall and wide a range of DPA countermeasure solutions.

“All forms of electronic devices with secret keys are susceptible to side channel attacks. These low-cost, non-invasive methods can be exploited to extract the secret key of a cryptosystem,” Zainab Al-Shamma, a Rambus marketing manager explained.

“That is why the Rambus Cryptography Research division offers a comprehensive suite of DPA countermeasures, resistant cores and software libraries. Our portfolio of security cores and solutions allows manufacturers to design a wide range of tamper-resistant devices including point-of-service (PoS) systems, connected TVs, set-top boxes, game consoles, smartphones and tablets.”

For customers interested in gauging the level of side-channel vulnerability and resistance of a specific device, the Rambus Cryptography Research division will be showcasing its DPA Workstation (DPAWS), which features a highly intuitive UI paired with enhanced data visualization.

“Essentially, DPAWS provides an integrated, project-centric analytic environment specifically designed to optimize the efficiency of side-channel analysis,” Al-Shamma added. “Both flexible and scalable, DPAWS easily integrates with a plethora of industry tools such as Matlab, as well as Python and other scripting languages.”

Interested in learning more? You can check out our DPA countermeasures here, the Rambus CryptoFirewall page here and our RSA 2015 page here.

The technique, says Rohatgi, relies on the fact that any physical realization of cryptography in hardware or software cannot be an “atomic black box” as assumed by the traditional mathematical proofs of security. Simply put, physical systems routinely leak information about the internal process of computing.

“Examples of [inevitable] ‘side-channel’ information include the time taken by a cryptographic operation, power consumption, EM and heat emissions of the cryptographic device while computing – all of which depend on the physical details of the implementation,” Rohatgi explained.

Meaning, a side-channel attacker could gather and exploit the above-mentioned data garnered from various systems and devices to recover secret cryptographic keys.

“The discovery of side-channel attacks in the mid-1990s with the initial focus on smartcards led to [the] myth that these attacks are applicable only to smartcards and other limited devices,” he continued. “However, over the past few years, this myth is being debunked as side-channel attacks have been demonstrated on a wide variety of large devices.”

In addition, security researchers have explored attacks against small hardware cores embedded within a large SoC (system on chip), such as an FPGA, set-top box chip, or mobile application processor.

“In this setting, the positioning of [an] EM probe on either the chip surface or on a bypass capacitor on the system board to localize the leakage signal is critical. But other than that, these SoCs can fall prey to the same differential power analysis attacks in as the smart-cards from the 1990s,” Rohatgi confirmed.

“Fortunately, solutions are available for large-system, SoC and hardware security modules (HSM) threats. The common criterion protection profiles for smartcards that require side-channel protections are already well established, as are EMVCo’s standards for payment cards and national and international standards for electronic passports and national ID cards. They can be applied to these other systems.”

As we’ve previously discussed on Rambus Press, DPA countermeasures developed by the company’s Cryptography Research Division offer a combination of software, hardware and protocol techniques specifically designed to protect tamper-resistant devices from side-channel attacks. These include leak reduction, incorporating randomness, generating amplitude and temporal noise, as well as executing protocol-level countermeasures.

Interested in learning more about how Rambus is helping to secure SoCs, devices and content? You can read more about our DPA countermeasures here, CryptoFireWall Cores here and CryptoManager platform here.