August 20, 2019

Security; Cryptography and Trusted Service Management od Embedded Systems

I think useful to publish one part of the last lectures I did in the Ecole Centrale de Electronique of Paris ( for the students of the 5th year in Electronics Engineering for Embedded Systems.

The full lecture include one part dedicated at the manufacturing process of the single crystal silicon wafers inside what are fabricated after several “masking” processes the basic “bricks” of each integrated electronic circuit: the transistors (technology unfortunately not more well-known). For whom is interested can find some information within this blog at this address (the post is in italian but the PDF is in English)

Lecture on Semiconductor Technology, Wafer
Fabrication And Testing

This part on the other side point on an introduction of cryptography and security very generic which is necessary to understand the next part on the Trust Service Management that today is terrible important with the global diffusion of  moderns smart phones.

Questions we have to ask ourselves is: How much is safe to do an electronic payment or personal identification with an application installed inside my Smart Phone? And how to grant that confidential info on my phone cannot be obtained or even “tampered” by non-authorized person? And more: how to grant the “authenticity” of their own phone and or the application installed in it?

These questions require a lot of pages of explanations out of the scope of this post and that you can find around the web in several places. Here, for one time, we want to provide a point of view which is not “applicative” from the top point of view, but is from the bottom “hardware” point of view, in other words from the point of who manufacture the chip which should contains the sensible information and which must be protected (in cryptography this piece of information is almost always an access “key”).

This is what normal people don’t know (because simply don’t care, it is normal) but I think it is interesting and important to know that in order to make a smart phone there are plenty of “actors” (industries) which speak each other’s during the manufacturing processes, being the final big manufacturer (the Original Equipment Manufacturer which physically assembly the phone) only the point of the iceberg of an industry which works in background to make very small things- as integrated circuits – but that often require so many engineers as the one required to build a big modern airplane.

The training is also a message to some “experts” that thinks embedded security can be obtained almost exclusively by good “software” algorithms. I think, as many others, that security is an holistic concept, in other words where every systems or subsystems (hardware and or software) is necessary and should be designed following some security rules.

All documents are in English (French will be happy 🙂

I apologize since now for every error or typos which are under my only responsibility as I cannot dedicate more time than I would like to teaching.

This first part is generic introduction on sedurity and crypto


This second part on the contrary explains the TSM cncept (once downloaded the PPT read in presentation mode). The word file is just the “speech” of the slides


01_TRUST PROVISIONING_Slides_explainations

And to avoid to stay too much theoretical, find below link to a video of real use case application.

Silicon Wafer Manufacturing… Italian Style