Infineon
Firmware security in the post-quantum age
Their far superior computing power to conventional computers enables quantum computers to break conventional encryption methods. But how should cryptography be further developed to provide effective protection in a post-quantum world?
Quantum computers use quantum mechanical phenomena to solve mathematical problems that conventional computers cannot solve due to their comparatively low computing power. The technology has already proven itself on a small scale and its performance is constantly being improved through continuous research and development in science and industry. Governments are also providing considerable funding for further development: The EU, for example, is investing 1 billion euros and the USA 1.2 billion dollars. As a result, many experts believe that a universal quantum computer will be available by 2040.
Quantum computing will bring a number of advantages, particularly in areas such as artificial intelligence. But at the same time, its groundbreaking potential to break current cryptographic algorithms poses a global threat to computer and internet security: With a quantum computer using Shor's integer factorization algorithm, even asymmetric cryptosystems such as RSA/ECC can be compromised. Increasing the key length would hardly improve security, so a new type of asymmetric algorithm is being developed.
For most symmetric cryptographic algorithms, on the other hand, the impact of quantum computing technology is likely to be less of a concern. Here, Grover's key search algorithm is probably the best-known cyber attack. However, instead of the exponential acceleration of other approaches, Grover's algorithm only achieves a significantly lower acceleration (Figure 1).
The effective key length of common symmetric algorithms (AES, SHA-2 or SHA-3) is halved by Grover's algorithm. It can therefore be assumed that AES-256 and SHA-256 are still sufficiently secure for most applications.
New security measures necessary - now!
Quantum computers are often seen as a far-off and expensive technology, so the urgency for new security measures is not immediately apparent. This is also true for consumer applications such as smartphones, tablets and bank cards, as these have a relatively short life cycle and will certainly be upgraded several times before sufficiently powerful quantum computers are even available. However, the situation is different for large systems such as power plants, air traffic control systems, large factories and chemical plants: these often have a lifespan that extends beyond the possible time of introduction of quantum computers. Also affected are modern vehicles, which often receive over-the-air (OTA) software updates and, with an estimated lifespan of over a decade, will probably still be in operation in the post-quantum world.
It is unlikely that many cryptanalysis-capable quantum computers will be used in the near future. But if even one falls into the wrong hands, there is a high probability that critical infrastructures can be infiltrated. Over time, the problem of post-quantum security will evolve and expand. It is unlikely that there will be a permanent solution in the short term. Nevertheless, manufacturers whose products will still be in use after 2030 should mitigate the risks of quantum computing as far as possible.
Standards for post-quantum computing
In 2017, the US National Institute of Standards and Technology (NIST) began developing standards and called for proposals for quantum-safe encryption with public keys, key exchange and digital signatures. From the submissions, NIST selected the 26 most promising methods and allowed the authors to revise their proposals to benefit from the expertise gained during the process. In July 2020, the 26 proposals were reduced to 15, which were then submitted for hardware performance testing. Draft standards are now expected to be available by 2024, from which NIST is likely to select only one or more alternatives. However, the process may continue beyond 2024 to keep pace with new threats. In the meantime, stateful hash-based signatures can be considered as an interim solution.
State-based hash-based signatures
Hash-based signatures (HBS) are asymmetric cryptographic post-quantum methods (Figure 2). As most HBS are state-based, the number of signatures generated with a private key must be limited. In addition, previously used keys must be recorded. Two stateful HBS schemes - LMS (Leighton-Micali Signatures) and XMSS (eXtended Merkle Signature Scheme) - were published in 1995 and 2011, standardized by the IETF and included in NIST's Post-Quantum Cryptography (PQC) standard SP800-208.
LMS and XMSS use SHA-256 or SHAKE256 to achieve 128-bit post-quantum security. These methods use a signature size of about 2.5 kB with a 60-byte public key. On embedded processors, verification takes less than a second, whereas signing takes a few seconds. Key generation takes a few minutes, sometimes even hours. However, a cryptographic hash accelerator can significantly increase performance.
The obvious advantage of HBS is that they are quantum-resistant and therefore future-proof. However, careful state management is necessary as the security of the method can easily be compromised if a private key is reused for multiple messages.
The use of stateful HBS for signature verification is well suited for embedded platforms as the verification is sufficiently fast and accelerated by hashing co-processors. Key generation and signing can also be implemented on embedded security processors as they allow secure control of private keys and their state. Overall, HBS are suitable for firmware updates, especially as they are currently the only standardized asymmetric PQC algorithms.
The implementation of PQC security is an ongoing process, as regular adjustments are required to counter unknown threats. However, the security of the application is limited by the security of the firmware update mechanism. It is therefore important that HBS is applied to firmware update mechanisms now. Once the OTA update is adequately secured, newly developed PQC algorithms can be implemented at the application level. This achieves consistent 128-bit PQC security throughout the embedded system.
Hardware solution for PQC security
The Optiga TPM SLB 9672 embedded security solution from Infineon has a PQC-protected firmware update mechanism and is certified according to the Common Criteria standard. The TPM (Trusted Platform Module) also complies with the TCG 2.0 Rev. 1.59 specification and fulfills the upcoming Microsoft Windows requirements as well as the new NIST standard SP 800-90B with upcoming FIPS 140-2 certification (Fig. 3).
The new solution contains stronger cryptographic algorithms, such as RSA 3k & 4k, SHA-384 and ECC 384, which currently offer a symmetric security level of 192 bits. An upcoming firmware update will extend the possible security level to 256 bits by adding support for SHA-512 and ECC-521. The firmware update mechanism itself is quantum resistant as it uses XMSS signatures. The Infineon update authority can handle stateful XMSS keys, so that firmware updates can be performed securely and without interruption. To validate the transferred payload, the Optiga TPM SLB 9672 can also transparently verify the XMSS signature.
The module is compatible with Intel x86, Arm and other platforms. Target applications include servers, PCs, general computing and storage. In addition, the solution supports a wide range of gateways, routers, wireless access points, network interface cards and switches.
Infineon's Optiga TPM 2.0 Explorer is based on a graphical user interface and enables users to quickly understand TPM 2.0 using a Raspberry Pi. With this tool, developers can explore TPMs in a variety of applications: They can initialize a TPM 2.0, view all properties and perform a full reset if required. Both the non-volatile memory (NVRAM) and the platform configuration register (PCR) can be managed and maintained. In addition, access and recovery after a lockout event can be defined. The graphical user interface provides visual feedback so that executed commands and received responses can be checked and quickly understood. The scope and simplicity allows all users, regardless of their experience or knowledge, to access and learn the functions of the Optiga TPM.
First step towards greater security
The future world of quantum computing means that security levels should be reviewed, particularly in relation to firmware updates. Given the enormous power of future quantum computers, it could be easy to circumvent current security procedures. Although the threat is unlikely to materialize for more than a decade, action is needed now in certain sectors. Many critical applications, such as large infrastructures and some vehicles, will still be in operation when quantum computing becomes a reality - and they will then be exposed to these threats.
The author: Guillaume Raimbault is Senior Manager Product Marketing & Management for IoT Security in the Connected Secure Systems Division of Infineon Technologies.
© InfineonHowever, this poses certain challenges, as neither the threat nor the hardware are fully defined and the standards are still under development. However, implementing stateful HBS can provide some protection for the all-important firmware updates. This is seen as an important first step.
You might also be interested in
What is safety competence?
Functional safety (FS) is indispensable in machines and systems. But how do you build up safety expertise? Find out what safety is and how a company can build up safety expertise.
read more...IoT building blocks for edge gateway applications
SSV believes that the development of an industrial IoT application requires solid planning and a DevOps process chain with a development process that covers the entire life cycle of the application.
read more...Bosch, Trumpf and DLR develop quantum sensor
Bosch, Trumpf and the German Aerospace Center (DLR) want to develop a quantum sensor that will be able to precisely align mini-satellites in the future and thus enable very fast data transmission.
read more...Stirrups for automated machine learning?
In the "AutoQML" project, eight partners from research and industry are developing solutions that combine quantum computing and machine learning (ML).
read more...Getting the quantum internet off the ground
In a long-term partnership, the Fraunhofer-Gesellschaft and QuTech - a collaboration between TU Delft and the Netherlands Organization for Applied Scientific Research (TNO) - are working closely together on the development of the quantum internet.
read more...Research center for quantum computing planned in Darmstadt
Researchers in Darmstadt want to find out how quantum computers can be used sensibly in science and industry in the future.
read more...Equipment for quantum research
With funding from the European Union and the state of Berlin, researchers at the Fraunhofer IZM have planned an equipment park with which they want to further develop glass-based quantum technologies.
read more...embedded award 2026 honored
On March 10, innovative developments in the embedded industry were honored at embedded world. The jury selected the winners from 27 nominated products in nine award categories.
read more...13 % more visitors in Nuremberg
On March 12, embedded world in Nuremberg ended with a 13% increase in visitors compared to the previous year. As a new location, the trade fair will also be held in India in future.
read more...