Platform
Introduction
Wars begin when the costs of attack are low, the benefits for a victor are high, and there is an inability to enforce law. The same is true in cyberwars. Today there is an emerging opportunity for cyber hackers with the introduction of IoT (Internet of Things) devices. Devices that were once isolated and secure by
default will be connected and communicating over the network. The addition of IoT devices weakens a once stable cyber system and exposes it to attacks.
Explosive growth of IoT devices will expand a porous digital border that can be easily breached if not protected. Over the next five years, the number of
connected devices is expected to at least double, with 75% of the growth coming from non-hub devices such as sensor nodes and accessories. This massive growth will create entirely new categories of products and services for devices, sensors, consumer products and vehicles, through the power of
connection.
These connections will drive innovation, but they will also expand the cyber- attack space in ways never before experienced in the history of the computer industry. A new way of securing devices is required. To combat this expanding threat, Rubicon Labs has built an IoT Security Platform to enable ecosystems to drive IoT innovation with a scalable hardware security platform that
manifests trust.
Rubicon Labs’ IoT Security Platform delivers advanced security with the following features:
• Minimal semiconductor footprint
• Low power consumption
• Hardware key protection
• Zero-knowledge keys
• Distributed device activation
• Zero-knowledge certificate authority
• Universal architecture
• Secure identity
• Signing
• Authentication
• Encryption
• Renewability
• Scalable security
• Powerful ecosystem
Technical Details
Two IoT device types
Rubicon Labs divides IoT devices into two categories: Simple and Complex.
These two device types define the IoT ‘classes’ that we support.
Simple: These are state machine or microcontroller driven and designed for very small gate count and low-power environments. Typically, this is a fixed operation IoT core that supports secure identity and signing.
Complex: Characterized by a CPU driven architecture that requires complex
capabilities with significant local processing and functionality. These systems may run a mainstream Linux/
Unix-based OS, but will have a range of power consumption requirements.
Complex IoT devices include industrial controllers, home gateways and vehicle subsystems.
Minimal semiconductor footprint, low power consumption
Rubicon Labs’ IoT Security Platform uses minimal hash and symmetric encryption semiconductor blocks to achieve and surpass the cryptographic strength of larger, far less efficient public key cryptography engines. For authentication in “Simple” IoT devices, the semiconductor IP core can be as small as 20K gates. For more “Complex” systems, Rubicon offers integration with a RISC based embedded CPU, allowing far greater capability with a
footprint below 100K gates.
20K Gates
Hardware Key Protection (Root of Trust)
Rubicon Labs has patented technology for making secrets and keys inaccessible in memory. The foundation of this innovation is a unique coupling of a keyed one-way hash function with a secure memory space. This coupling creates a vault that can be provisioned with a key whose value is never known by anyone or anything, but it is still usable by the device. This breakthrough in technology allows a device to construct zero-knowledge systems for digital identity and secure communication.
Zero-knowledge proofs are among the most powerful tools cryptographers have ever devised. They are a mathematical means to prove an assertion without revealing any other information. The Rubicon IoT Security Platform enforces this paradigm. The only interaction that the CPU can have with the key is to write data to the input of the keyed hash function and then read the
resulting output.
Rubicon Labs’ technology and product implement secure secrets but also protect code that interacts with those secrets or a
derivative of them. Security is anchored to a hardware root of trust, which establishes a tamper-resistant secure environment that begins when the first zero-knowledge proof is established, not when power is applied to the device. Thus, Rubicon devices do not have a secure boot requirement. The protection logic is
contained within a Secure Mode Controller. This block is
responsible for implementing the hardware root-of-trust that forms the core of the security system.
Zero-Knowledge Keys
Each IoT device has a one-time programmable key burned into its silicon when it is fabricated. This key represents half of the dual 256 bit zero-knowledge
hardware secret. Secure keys can be derived from this same structure, creating zero knowledge keys. The dynamic portion of the zero-knowledge key is
provisioned by contacting a Rubicon Labs Distributed Device Activation Server.
Once contacted, signed entropy is sent to the device and subsequently used for zero-knowledge key derivation.
Once the secret is set the first time, the server-supplied entropy input may be saved along with its signature to a local persistent storage device. This allows the device to re-initialize the secret on subsequent power cycles without having to communicate again with the server.
Distributed device activation
Device activation is designed for distributed cooperation with untrusted parties.
This prevents any one party from having full control of device activation, and addresses any concerns with single points of compromise for cryptographic activation keys.
Rubicon Labs’ patented distributed device activation is accomplished by building on zero-knowledge key derivatives, along with cryptographic key splitting. No single part of the activation key can be used without assembling it from multiple independently sourced parts. A policy can be defined to allow for a threshold of keys to be available (N of M in a set) before key reconstruction is mathematically possible.
This allows a hardware vendor to have an untrusted relationship with a service provider, but still enable secure activation across multiple independent security boundaries.
authority. It brokers trust relationships between devices and has a foundation of zero-knowledge keys. This is a simplification to the key and identity-provisioning
problem that has challenged vendors as networks have grown.
architecture because it secures data, not addresses. The solution is built with NIST algorithms and does not require new CPU instructions or compilers. If an IoT device requires security, then this solution is designed to provide it.
Secure Identity
Once provisioned with a zero-knowledge key, we build secure identity on top of it. Identity verification and management can then be used for authentication, authorization and secure communication.
Identity management is accomplished by brokering relationships through the Rubicon Labs IoT Device Server. The Device Server has the ability to recreate and use the zero-knowledge keys it has provisioned to the IoT devices. This service provides identity and trust to the network, and once trust has been brokered between two devices, independent and secure communication is unlocked and enabled.
Signing
Signing is used when it is important to detect forgery or tampering of data.
Digital signatures validate that a known Rubicon Labs IoT Device has created messages or data, and accomplished by using the keyed hash functionality in conjunction with a derivative of the zero-knowledge secret. The signing function can take an arbitrary amount of data and append a signed hash to the output. This data can be sent to another device, or to a Rubicon Labs Device Server for data aggregation or sensor analytics.
Authentication
When bi-directional identity is established between two devices, the receiver can authenticate signed data. Digital signatures assure the receiver that
messages and data were not altered in transit, are bound to the sender, and the sender is prevented from denying the transmission. Authentication is simply signature validation using a key derived from a device’s embedded zero- knowledge key.
Encryption
Data privacy is provided via encryption. Similar to signing and authentication, the zero-knowledge key is used as the foundation for establishing protection. Session keys are derived through an innovative key exchange that is brokered through the Rubicon Labs Device Server. Keyed hash functions are used with zero- knowledge keys to rapidly derive symmetric session keys for protecting communication.
secret allows key revocation and renewal by re-writing the dynamic half of the secret, while allowing the permanent half of the secret to remain unchanged.
cryptography and one-way hash functions. This is fundamental to the low gate count achieved by the platform, and also allows for the security to scale. The solution is strong enough to protect high-value keys in the data center, but flexible enough that it can be deployed to the lowest-end sensors. It is a licensed solution that supports scaled pricing based on device and data value.
Low power
Rubicon Labs’ simple, efficient symmetric encryption and hash blocks save vast numbers of computational cycles, and
power and energy compared with traditional computationally complex asymmetric
cryptography. In comparison to handshakes setup with SSL using RSA 2048 keys, Rubicon Labs’ approach is roughly 3,000 times more computationally efficient. This has profound benefits for the increasingly crucial issue of energy consumption in IoT.
Powerful ecosystem
Rubicon is enabling an ecosystem by making its hardware architecture readily available to
semiconductor device suppliers on a royalty-free basis. Rubicon Labs is committed to enabling the widest possible use cases for its IoT Security
Platform. Device platforms will range from Simple embedded state machines to microcontrollers, to more Complex embedded processors. The
Rubicon Labs Device Server can be hosted or co- located and will enable a secure network of Rubicon-compliant devices. This will provide a foundation of security for the Internet of Things to fulfill its promise of broad innovation while
becoming part of the fabric of everyday life.
