Working document describe Deos Security strategy

• Do we need a services Services Group?
• Attack Vectors @ Boot time
• Classes of assurance
• Evaluate need for Security BIT...SBIT? eg. Voltage monitoring
• Evaluation of applicability
• HOW will KEK (Key Encryption Key) be used in Deos Boot
• Security Library
  • Signature Verification
  • Keyring services
  • Crypto HAL
  • Hardware/Software libraries for crypto functions
    • AES Flavors CBC, CTR, GCM etc
    • Hashing SHA2 and 3 flavors
    • Asymmetric Algorithms RSA Flavors, DSA? , ECDSA
    • CMAC
  • RNG - Nonce
• Secure Log
• Verification
  • Design implications
  • Design Verification approach
  • How far does DDC-I have to to go?
• Life cycle
• Involve Ben in customer Engagements to start to define high level requirements
• Review Boot Image File (BIF) for security format
• Define Security Boundary for use in internal design
• Develop Concise and well thought out security Principals
• Customer Input on Security analysis

All Secure systems are alike, every unsecure system is unsecure in its own way.

Using cryptographic methods (Digital Signature) ensure that data loaded was correctly signed.

Using cryptographic methods (Digital Signatures) ensure that loaded software was signed by a trusted party.

Part specific provisioning activities. Often this amounts to programming data into into some kind of write once memory(WOM) such as EFuses. This is often is support of a benign key / device unique key system. Need to determine the strategy to support.

Ability to continuously monitor for intrusion events.

• One approach could be periodic Secure BIT (PSBIT).
• Mechanism for responding programable reaction to intrusion event (IF this then that)
• How do asynchronous events get handled. i.e. jtag access, physical modification etc