Segger emSecure - Secure your product with a digital signature

 

emSecure is a software solution to authenticate digital assets. It can be used to secure products at no per unit cost against hacking and cloning.

 

• Dual keys, private and public make it 100% safe
  

• Hardware-independent, any CPU, no additional hardware needed

• High performance, small memory footprint

• Simple API, easy to integrate

• Applicable for new and existing products

• Complete package, key generator and tools included

• Drag-and-drop Sign And Verify application included

• Full source code

• Free 'Sign & Verify' Windows Version to Protect Personal Files  
  

 

 

What is emSecure?

emSecure is a SEGGER software package that allows creation and verification of digital signatures.
One important feature is that emSecure can make it impossible to create a clone of an embedded device by simply copying hardware and firmware.
And it can do much more, such as securing firmware updates distributed to embedded devices and authenticating licenses, serial numbers, and sensitive data.
emSecure offers 100% protection against hacking. It is not just nice to have, but in fact a must-have, not only for critical devices such as election machines, financial applications, or sensors.
Compromised devices are dangerous in several ways, not just from a commercial point of view. They hamper manufacturers' reputation and might entail severe legal disputes. Not addressing the issue of hacking and cloning is irresponsible.
Based on asymmetric encryption algorithms with two keys, emSecure signatures cannot be forged by reverse engineering of the firmware. A secure, private key is used to generate the digital signature, whereas a second, public key is used to authenticate data by its signature. There is neither a way to get the private key from the public key, nor is it possible to generate a valid signature without the private key.
The emSecure source code has been created from scratch for embedded systems, to achieve highest portability with a small memory footprint and high performance. However, usage is not restricted to embedded systems.
With its easy usage, it takes less than one day to add and integrate emSecure into an existing product.
emSecure is a very complete package, including ready-to-run tools and functionality for generation of keys and signatures.

 

---

 

 

Why should I use emSecure?

Security consideration

If you want to check the integrity of your data, for instance the firmware running on your product, you would normally include a checksum or hash value into it, generated by a CRC or SHA function. Hashes are excellent at ensuring a critical data transmission, such as a firmware download, has worked flawlessly and to verify that an image, stored in memory, has not changed. However they do not add much security, as an attacker can easily compute the hash value of modified data or images.
Digital signatures can do more. In addition to the integrity check, which is provided by hash functions, a digital signature assures the authenticity of the provider of the signed data, as only he can create a valid signature.
emSecure creates digital signatures using the RSA cryptosystem that has proven robust against decades of attacks on the algorithms. For the default of 2048-bit key sizes, it is considered well beyond the capability of governments, with all their computing power and using the very latest number-theoretic methods, to recover a properly generated RSA private key before 2030, and most probably well beyond that.

emSecure can be used for two security approaches:
1. Anti-hacking: Prevent tampering or exchange of data, for example the firmware running on a product, with non-authorized data.
2. Anti-cloning: Prevent a firmware to be run on a cloned hardware device.

Anti-Hacking — Authentication of firmware

To make sure only authorized firmware images are run on a product the firmware image will be signed with emSecure.
To do this an emSecure key pair is generated one time.
The private key will be included in the production process of the firmware. Once a firmware is created and ready to be shipped or included into a product it will be signed with this private key. The signature will be transferred and stored in the product alongside the firmware.
Firmware signing in production:

 

 

 

The public key will be included in the bootloader of the product, which manages firmware updates and starts the firmware.
On a firmware update and when starting the product, the bootloader will verify the firmware by its signature. If they match, the firmware is started, otherwise the application will stay in the bootloader or even erase the firmware.

Anti-Hacking Bootloader Verification:

 

---

 

Anti-Cloning — Authentication of hardware

To make sure a product cannot be re-produced by non-authorized manufacturers, by simply copying the hardware, emSecure will be used to sign each genuine product unit.
First an emSecure key pair is generated one time. This is likely done at the production site.
Hardware signing in production:

 

The private key will be included in the production process of the product. At the end of the production process, after the unit is assembled and tested, some hardware-specific, fixed, and unique data, like the unique id of the microcontroller is read from the unit. This data is signed by emSecure with the private key and the signature is written back to the unit into an OTP area or a specified location on memory.
The public key will be included in the firmware which will run on the product. When the firmware is running it will read the unique data from the unit and verify it with the signature. When the signature does not match, for example, when it was simply copied to a counterfeit unit with other unique data, the firmware will refuse to run.

Anti-Cloning Firmware Verification:

 

 

 

---

Using emSecure

emSecure is created to be simple but powerful, and easy to integrate. It can be used in new products and even extend existing ones as emSecure is a software solution and no additional hardware is required. The code is completely written in ANSI C and can be used platform- and controller-independent.
The required key pairs can be generated with the included tool. A pass-phrase can be used to be able to regenerate the keys. The generated keys can be exported into different formats to be stored on the application code or loaded from a key file. This allows portability and exchangeability between different platforms.
Signing data, for instance firmware images, can be done with the included tool. It is also possible to integrate the signing process directly into a production application running on any PC or even on a microcontroller.
Once a signature is generated, the signed data can be verified by its signature in an embedded application or on an external application communicating with the device. Verifying data takes less than 40 ms on a Cortex-M4, running at 200 MHz, which is not significantly more time for a bootloader to start a firmware.

 

Advantages of emSecure

emSecure has been created from scratch to achieve highest portability and performance with a very small memory footprint. It enables you to profit from the security of digital signatures in embedded applications, even on small single-chip microcontrollers without the need of additional hardware such as external security devices or external memory.
emSecure is a complete package. It includes ready-to-run tools to generate keys and signatures, to sign and verify data and to convert the keys and signatures into compilable formats.
emSecure includes all required source code to integrate signature generation directly into your production process and data verification into your application or firmware.
emSecure has a simple yet powerful API. It can be easily integrated into an existing application within one day.
emSecure incorporates proven security algorithms as proposed by NIST. The algorithms are proven to be cryptographically strong and can provide a maximum of security to your applications.
emSecure is licensed in the same way as other SEGGER middleware products and not covered by an open-source or required-attribution license. It can be integrated in any commercial or proprietary product without the obligation to disclose the combined source. It can be used royalty-free in your product.

 

emSecure version comparison

emSecure is available in different versions which use different signature algorithms.
Each signature algorithm has different characteristics. The emSecure products can provide security for any requirement of size or speed.
The table below lists some benefits of the different emSecure versions. For a complete overview and performance values, please refer to the subpage of the product.

 

emSecure version	Pro
emSecure-RSA	Proven over decades Fast signature verification Low ROM requirements
emSecure-ECDSA	Modern algorithm Smaller key sizes for same level of security Fast signature generation Low RAM usage

The emSecure Package

 

emSecure is a complete package that comes with everything needed:
A utility to generate the private and public keys, Code to calculate secure hashes, encrypt and decrypt messages and create and verify digital signatures.

All parts of the package conform to the relevant FIPS specifications issued by NIST.
Verification functions using the test vectors provided in the FIPS 186-4 allow testing the implementation as well as the code produced by the compiler.

emSecure is provided in source code with example applications pre-compiled for your convenience.
The source code gives complete control of the code that goes into a product and its production facility.

Sign & Verify drag-and-drop application

 

The Sign & Verify Application enables easy drag-and-drop creation of emSecure digital signatures and verification of signed files. It may be used freely for personal use to, for example make sure files stored on a server are not changed or to allow communication partners to send/receive files knowing nothing has been changed during transmission.

Sign & Verify comes with a sample set of keys to test it. For personal use you may contact SEGGER to request a unique key pair. For commercial use both a Key Generator and source code is available.

 

 

o sign files the private key must reside in the same directory as the application. Drop the file onto the Sign & Verify application to generate the signature for the file.
To verify a file by its signature, both the public key and signature file have to reside in the same directory as the application. Dragging and dropping the file onto the application will verify the file by its signature.

click here for Windows evaluation package

 

---

 

Additional measures to keep the system secure

When it comes to the degree of security emSecure offers, there is an easy answer: It is unbreakable because no one can generate a valid signature without knowledge of the private key.
Putting enough effort into getting the bootloader or firmware image, disassembling and analysing it and modifying the application to bypass the security measures, hackers might be able to clone a product or use alternative firmware images. However this will only work until a firmware update is done.
There are additional ways to increase overall system security:

The private key has to be kept private.

Private keys should best be generated on a dedicated machine that has no connection to a network and controlled access.

Private keys can be generated from a pass-phrase, which means the pass-phrase should not be too easy to guess. The pass-phrase length is not limited. The company name is not a good choice. The pass-phrase has to be kept private, too.

The private key might also be encrypted and is only decrypted while it is used in production.

The bootloader should should be stored in a memory which can be protected against read- and write-access.

The firmware should be protected against external read-access.

The verification process can be done in multiple places of the application. A tool communicating with the product, like a PC application, might carry our additional checks.

 

---

 

Included Applications

emSecure includes all basic applications needed for securing a product. Additional applications for benchmark and validations are part of emSecure, too. The applications' source-code is included and provides an easy to use starting point for modifications and integration into other applications.

 

Application name	Target platform	Description
emKeyGen	Windows	Generates a key pair with a given key length, either random or from a given seed.
emSign	Windows	Digitally signs a file with your private key.
emVerify	Windows	Verifies the signature of a digital asset with its public key.
emPrintKey	Windows	Exports keys and signatures into C source format, to be included into any application.
emBenchmark	Windows	Tests the speed of operations with different key lengths.
emValidate	Windows	Validates the modules of emSecure.

The sign and verify tools are available for evaluation.
For more information contact us at info@phaedsys.com.

 

---

 

Utilities

The utilities are PC applications, ready-to-use for the setup step to secure your product.

Key generation
emKeyGen generates a public and a private key. The generation parameters can be set with command line options. The keys are saved in a common key file format and can be published and exchanged.
Usage: emKeyGen.exe [<Options>]

 

Exporting keys
emPrintKey exports key and signature files into a compileable format. The output can be linked into your application, so there is no need to load them from a file at runtime. This is especially useful for embedded applications.

Signing data
emSign digitally signs the file content, usually the data to be secured, with a given (private) key file and creates a signature file.

 

 

Verifying data
emVerify decrypts a signature file and verifies if the corresponding data file matches the signature.

 

 

Speed tests

emBenchmark tests the speed performance of the most common used functions like signing and verifying and prints the results.

Validation tests
emValidate tests the implementation of the algorithms and modules in emSecure with defined test vectors and parameters.

Performance
emSecure aims for portability and is designed to fit speed and size requirements for different targets.

Performance Test
The following table shows the results of verifying 1 kByte of data with different key lengths most commonly used in applications on a microcontroller.

By default emSecure uses 2 kBit keys, which are considered unbreakable in the near foreseeable future and can be created from provable primes. Although emSecure can also work with other key lengths, it is not recommended to use them.

 

Key length	Verifying
2048 bit (emSecure default)	32 ms
1024 bit	11 ms

 

The process of verifying data is technically split up into two steps:
Compute the hash of the data.
Decrypt the signature and compare the hash values.

Step 1, the computation of the hash, depends on the size of the data, whereas step 2 is dependent on the key length and takes the same time to verify any data.

 

 

Data size	Key length	Decryption and verification	Hash computation	Total time
1 kByte	2048 bit	31.44 ms	0.16 ms	31.60 ms
100 kByte	2048 bit	31.44 ms	15.91 ms	47.35 ms

 

Step	Performance
SHA-1 Hash computation	6.14 MB/sec
RSA 2048 bit Signature decryption and verification	31.44 ms

 

The performance tests have been done on a STM32 Cortex-M4 microcontroller, running at 200 MHz.

Memory Footprint

 

	ROM	Static RAM	Stack
			1024 bit key	2048 bit key
Verification only:	4.5 KByte	0 KByte	1.8 KByte	2.8 KByte
Verification & Generation:	5.8 KByte		1.9 KByte	2.9 KByte

 

---

 

Technical Background

The emSecure signing operation starts by using a secure hash algorithm (SHA1) to generate a hash from the original data. Using the 2kBit RSA private key along with the hash, a digital signature is generated using RSA encryption.
emSecure Signing Technical Details:

]

The emSecure verification process starts with the data one wishes to verify and the digital signature which was created from the original file. A hash file is generated for the unverified data. The public key and RSA decryption is used to generate the original hash and then compared to verify whether the data file is genuine.

emSecure Verification Technical Details:

 

---

 

FAQs

Q:	I want to inhibit copying a whole firmware from one product hardware to another cloned one. How can I prevent it to be run from the cloned version with emSecure?
A:	Nearly every modern MCU includes a unique ID, which is different on every device. When the signature covers this UID it is only valid on one single device and cannot be run on a cloned or copied product. The firmware can verify the signature at boot-time.
Q:	I added a digital signature to my product. Where should I verify it?
A:	Signature verification can be done in-product or off-product. With in-product verification the firmware for example verifies the digital signature at boot-time and refuses to run when the signature cannot be verified. With off-product verification an external application, e.g. a PC application communicating with the device, reads the signature and data from the product and verifies it.
Q:	I want my product to only run genuine firmware images. How can I achieve this with emSecure?
A:	To make sure a firmware image is genuine, the complete image can be signed with a digital signature. Like when using a CRC for integrity checks, the signature is sent with the firmware data upon a firmware update. The application or bootloader programming the firmware onto the device validates the firmware data with its signature. The signature can only be generated with the private key and should be provided by the developer with the firmware data.
Q:	I am providing additional licenses for my product which shall be locked to a specific user or computer. Can I generate license keys with emSecure?
A:	Yes. emSecure can generate unique license keys for any data, like a computer ID, a user name, e-mail address or any other data.
Q:	My product is sending data to a computer application. Can I make sure the computer application is getting data only from my product with emSecure?
A:	Yes. In this case the product is used to sign the data and the computer applications verifies it. To prevent the private key from being read from the product it might be stored encrypted on the product or in the application and decrypted prior to signing the data.
Q:	Does emSecure support DSA or ECDSA?
A:	No, but both DSA and ECDSA signing and verification code is available from SEGGER. Please get in touch with us if you feel DSA or ECDSA signature verification is what you need.
Q:	My question is not listed above. Where can I get more information?
A:	For more information feel free to contact us at info@phaedsys.com

 

 

 

> Segger main page

 

> RTOS

 

> Graphics library

> File system

> USB

 

> TCP/IP Stack

> Microsoft LFN and FAT
information and licensing

 

> software components

 

>Compiler Validation

> MISRA-C

 

> MISRA C++

> ISO-C standard

> ISO-C++ Standard

 

> Language Vulnerabilities

 

> QuEST Style Guides

 

> QuEST software Engineering

 

> QuEST C traps and pitfalls

 

> QuEST Debugging

 

> QuEST testing