Secure platforms (advanced)¶

This section introduces secure platforms, that is, processor chips or circuit boards that a hardware designer can adopt as a root of trust, particularly for providing cryptographic functionality. What these platforms have in common is that they are self-contained modules with strict access control. There is variation in the functions provided, the level of tamper resistance and other protections (e.g. packaging), as well as in the communication interface. Three important platforms are highlighted: HSM, SIM, and TPM, that is, Hardware Security Module, Subscriber Identity Module, and Trusted Platform Module. Among these, the SIM represents a distinct device class of secure elements, separate from HSMs and TPMs.

Hardware security module (HSM) (advanced)¶

An HSM module typically provides cryptographic operations, such as public- and secret-key algorithms as well as secure key management. It is essential that these functions take place in a hardened and tamper-resistant environment. A true random number generator (TRNG) and a real-time clock are also usually included. HSM modules are mainly used in server back-end systems or payment management systems, for example in banks.

An HSM module is used as a co-processor connected to a host system. The architecture of an HSM typically includes a microprocessor/microcontroller, a set of crypto co-processors, protected volatile and non-volatile memory, a TRNG, a real-time clock, and I/O processors.

Traditionally, an HSM module operates within a tamper-resistant enclosure containing a single circuit board (motherboard) with multiple components. Recently, in some application areas such as the automotive industry, HSM functionality is not provided as a separate module but is integrated as a secure co-processor into a larger module using System-on-Chip (SoC) technology.

Exactly what the HSM functions cover depends on the application domain. Therefore, compliance with security levels is also evaluated by specialised independent evaluation laboratories according to specific protection profiles.

Secure element and SIM (advanced)¶

A secure element is a general term for devices smaller and much cheaper than an HSM, typically single-chip devices, with similar objectives: key generation, storage, and cryptographic implementations. Secure elements are manufactured in large volumes and must be very inexpensive, as they are used in SIM cards, phones (as embedded structures), bank cards, access cards for pay TV systems, identity cards, passports, IoT devices, vehicle systems, and so on.

The size of a secure element ranges from about 50 cm² to less than 1 cm². A typical embedded secure element is a single integrated circuit without external components. It consists of a small microcontroller with cryptographic co-processors, protected volatile and non-volatile storage, a source of randomness (TRNG), etc. Communication is usually restricted to a specific set of pins or a wireless NFC connection. Building a secure element is challenging for a hardware designer, as security must be combined with other requirements of embedded circuits: small size without external memory, low power and/or low energy consumption. Essential for security are tamper resistance and good resilience against physical attacks such as side-channel and fault attacks.

Trusted platform module (TPM) (advanced)¶

The TPM module has been defined by the Trusted Computing Group (TCG) to provide specific security functions for the PC platform. More precisely, a TPM is an embedded root of trust within the PC platform, allowing the PC+TPM to identify itself and its current configuration and running software. The TPM provides three specific roots of trust: RTM, RTS, and RTR, that is, Root of Trust for Measurement, Storage, and Reporting. In addition to these three core functions, it provides access to cryptographic algorithms, secure key storage, support for secure login, and more.

A TPM is implemented as a separate security module, similar to a secure element, but with a specific bus interface to the PC platform, for example via the LPC or I²C bus. Its architecture consists, at a minimum, of an embedded microcontroller, several cryptographic co-processors, protected volatile and non-volatile storage for root keys, and a high-quality true random number generator. Hardware support is available for hash functions (SHA1 and SHA256), public-key algorithms (RSA and ECC), secret-key algorithms (AES), and HMAC computation. Since the TPM is a separate module, physical protection and tamper resistance are important. In addition to its primary function of protecting integrity, the TPM also supports applications such as disk encryption, digital rights management, and more.

The latest version, TPM 2.0, extends the scope from a PC-oriented focus to support networking, embedded systems, automotive applications, IoT, and more. The version also provides a more flexible approach to which functionalities are included in implementations. There are four types of TPM: the highest level of security is provided by a dedicated ”discrete” TPM. One level below is the integrated TPM as a module within a larger SoC. The lowest levels of protection are provided by firmware TPMs and software TPMs. The former are implementations within the CPU’s own trusted environment (e.g. UEFI), while the latter do not differ from other software and are mainly suitable for development purposes.

The deployment of TPMs has evolved differently from what the TCG originally intended. Initially, the focus was on supporting secure boot and the associated software stack, so that a complete evaluation of installed software could be performed. The problem is that the complexity of software ecosystems has grown too quickly to allow evaluation of all valid configurations. As a result, TPM modules are no longer often used to fully protect the software stack up to its highest layers. Most modern computers now include a TPM module, but it is used to protect encryption keys, prevent firmware rollback to earlier versions, and generally support the boot process.

In the course material, TPM is also discussed here.