C h a p t e r 3
Sometimes, ensuring security in
embedded systems can extend beyond
the technical realm into logistics.
For example, consider that a normal
security IC will rely heavily on the use of
cryptographic algorithms, which in turn
depend on access to secret keys. These
secret keys are physically stored inside
the device, necessitating that the keys
themselves be manually installed into the
part.
Normally, this process happens at the
factory, where factory workers are
expected to provide secure and trusted
handling of devices to safely install the
correct keys into the device. However,
this expectation represents a major
challenge: How do we ensure keys for
devices are secure when their installation
necessitates human intervention from
external parties?
Naturally, some major concerns arise from
this conventional form of key installation.
When unknown parties start getting
involved in key installation processes,
there is potential for threats such as
adversaries gaining unauthorized access
to secrets, counterfeiting of parts, or
tampering with devices. Any of these
vulnerabilities could be completely
detrimental to the security of an
embedded system.
FACTORY PROVISIONING
Mehmet Akif Eker
Senior Hardware Security Engineer, Lucid Motors
Factory provisioning is the process
of securing electronic devices before
they are shipped. It involves installing
security keys, certificates, and other
credentials; debugging and testing
interfaces or functions that could
be exploited; encrypting firmware
and data; establishing secure boot
processes; and setting up secure
communication channels."
15
Embedded Security: Keeping Edge Data Safe
