RESCURE

Abstract

We present RESCURE, a security solution built on software, which retrofits Internet of Things (IoT) devices to secure ones. RESCURE exploits the entropy originating from the random variations of silicon (transistors) during manufacturing and generates a unique unforgeable root key and an identity per device. In this way, root key and identity are inseparable from the IoT hardware. To achieve lifetime reliability (reproducibility) and security (randomness) for root key and identity, we apply error correcting and randomness amplification algorithms to the signals derived from silicon. RESCURE supports certificates which are able to prove the device identity and authenticity. RESCURE supports multiple keys derivation (private keys or private/public key pairs) and End-to-End security. In this way an IoT device is able to communicate securely and independently with multiple actors (e.g., Service Providers). It supports secure storage so it is able to encrypt sensitive data such as application keys, sensitive data or software Intellectual Properties (IP). Finally, the entire device software is protected by secure boot and secure software update mechanisms allowing for malware-free software execution and renewable security and features. RESCURE has been prototyped on an ST32L4 device and its performance is presented across real use case scenarios covering the entire life cycle of the device. It is a low-cost solution for all the devices manufacturers that want to achieve high standard security without redesigning the hardware of their IoT product.