Comments (18)
Hi,
this generation of the security solution cannot cryptographically authenticate attempts to read or write data to/from the memory, follow up our updates to check for new solutions. It is possible though to filter modify attempts using the lifecycle management (so everyone can read, but no one can modify after the lock has been performed) of the chip.
This isn't an official proposal from Infineon, you might want to cross check this functionality in the Solution Reference Manual. I'm expressing my opinion here, this means it can have security flaws. You can establish a shared secret using the Trust X, then derive a symmetric key using this shared secret (I believe you already started to work in this direction), then encrypt your data with this key, store the content in the arbitrary data object, then lock it.
from optiga-trust-x.
Thanks for the reply. May i know what do you mean "lock" it. How can we lock/unlock data. Is there some authentication process we can perform to "lock/unlock" the data?
I am worried, if someone gets physical access to device, unsolder the optigaX, and solder it with his MCU and perform same steps as i did, then he can be able to access locked/unlcoked data if there is no authentication. May be i am missing some stuff here?
from optiga-trust-x.
This user will get in this case the access, you are right, but the data stored should be encrypted with the symmetrical key. Steps to what you do with the arduino library, use private key OID, generate a shared secret, then generate a symmetrical AES key, which only the original MCU knows, and this key isn't pre-programmed, you can generate it once per chip.
from optiga-trust-x.
By locking I mean this wiki artickle. Here you see in the figure various states Creation(0x01) -> Initialisation(0x03) -> Operational(0x07) -> Termination(0x0F).
Once you bring the object from one stage to antoher it affect read/write access based on the given rules.
It is possible to define for an object and access condition like following: Write is possible only when the lifecycle state is Initialisation(0x03) etc
from optiga-trust-x.
Thats a good idea, as long as the person cannot read the corresponding public key from MCU. As you know general purpose MCUs are not secure, and thats the purpose we are putting data on a secure chip at the first place. Although it will require more effort to get the data but not impossible. Am i right?
from optiga-trust-x.
Knowing the public key doesn't give anything reasonable to an attacker.
You can do the following (again, this is only imo):
- generate a keypair using one of session ids (alternatively you can generate another keypair and store it in a different session id)
- Generate a shared secret and store the result in the session id
- Derive a key and export the result (there is a weak point of transmitting it over the unsecured i2c bus)
- Remove the public key(-s) from the MCU memory
- Encrypt the required data with the exported key, store it on OPTIGA(TM) Trust X, and lock the object
from optiga-trust-x.
Thanks alot for explaination. Now can you please also tell me the steps how to unlock/decrypt the object
from optiga-trust-x.
There are no examples for the arduino libray, but you can use this software framework to add required functions.
So, we are talking about writing data and updating the metadata of the the objects, both examples are available here
Here is the full example on writing the Trust Anchor Object ID.
The sample code which might be interesting for you is here
/**
* Sample metadata
*/
static uint8_t metadata [] = {
//Metadata tag in the data object
0x20, 0x05,
//Read tag in the metadata
0xD1, 0x03,
//LcsO < Operation
0xE1 , 0xFB, 0x03,
};
0x20, 0x05
means you refer to the metadata section of the object
0xD1, 0x03
you define to which operation you would like to define new rules
0xE1 , 0xFB, 0x03
new access conditions defined for this object (Life cycle state is less than operational)
You also need to update the lifecycle state itself to the operational.
More information you can fine here and here (SRM, pdf)
from optiga-trust-x.
I am not asking exact implementation details. I am asking, how we can decrypt the stored data that is locked? Please tell me same steps as you said before.
from optiga-trust-x.
It is locked for follow up writes. You still can read this data. The data can be decrypted using the same symmetrical key you have derived previously.
from optiga-trust-x.
So the symmetric key and encrypted data both are stored on Optiga?
If yes, then anyone with physical access to device can flash our MCU (that is connected to OPTIGA), hence can decrypt the data using the stored key on optiga. No?
from optiga-trust-x.
No, if we are still discussing my proposal, then the symmetric key is generated once (step 3 in my message above) an stored on the side of the MCU.
It's is still vulnerable as it is in the MCU memory, but this is a different level of vulnerability. In the end you anyway need to store something on the MCU, be it a pin or a password, unless this is a user given password.
If this is a user given password the flow should be revisited.
from optiga-trust-x.
Thanks. So that means to access the Secure info from the OPTIGA we need to send a key that is stored on an "unsecure MCU". So anyone who can read the key stored on "unsecured MCU" can access the data from OPTIGA.
Having said above, we may can make a more secure system if we use a pin/password that is not stored on MCU. Could you please tell me what steps to do to encrypt/decrypt data using AES on OPTIGA using pin/password?
from optiga-trust-x.
This generation of OPTIGA(TM) Trust X doesn't support AES encryption/decryption direct on the chip, this should be performed on the MCU side, on the exact details I can't unfortunately help you.
In my personal opinion you can encrypt your sensitive data using the AES key (derived from the Trust X) combined with the salt in the form of the given password/pin.
from optiga-trust-x.
Thanks alot 👍
from optiga-trust-x.
I just found this on OPTIGA datasheet Key features page 1:
Cryptographic support: ECCNIST P256and P384, AES-128(via DTLS client), SHA-256, TRNG, DRNG
AES 128 is mentioned their.
from optiga-trust-x.
You are welcome.
AES as mentioned is supported only via the established DTLS channel, you need to use the on-chip DTLS feature to enable it.
from optiga-trust-x.
Thanks. Is there anyway i can program my own firmware in OPTIGA? or change the existing one? I guess the functionality i am looking for cant be done securely without changing OPTIGA firmware.
from optiga-trust-x.
Related Issues (20)
- [documentation] optiga_crypt_ecdsa_sign HOT 1
- PAL Linux GPIO buffer max length values HOT 1
- keypair generation at index OPTIGA_KEY_STORE_ID_E0F0 always fails. HOT 3
- Signature verification fails HOT 11
- Public key location for pregenerated private key HOT 1
- Storing data on the GP memory HOT 4
- Wrong oid (object id) used in wiki
- AES using optiga and NRF52840 HOT 8
- On chip encryption - Trust X SLS 32AIA HOT 2
- Multiple definition of mbedtls_hardware_poll() HOT 1
- Warning in example_optiga_util_write_data.c HOT 1
- Using Trust-X for 1-way MQTT Authentication HOT 3
- Unclosed extern "C"
- I2C write bug HOT 1
- Mbed OS PAL outdated HOT 2
- There is a edit error HOT 1
- Cannot verify signature using internal certificate HOT 17
- Power consumption in "Power Profile" HOT 1
- Add Popcorn Computer's PocketP.C. i2c pal file
- Re-accessing locked data slots HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from optiga-trust-x.