This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

Secure storage of keys in nrf32

Hi, Is some kind of mechanism available to store private and public keys securely in nrf32 device?

Parents
  • Hi,

    In the nRF52832 we have something called readback protection that prevents a hacker to use a debugger to read the flash and RAM. You can enable readback protection of the device by writing '00' to the APPROTECT register. You can also do this with our tool nrfjprog:

    nrfjprog -f nrf52 --rbp ALL && nrfjprog --pinreset -f nrf52
    

    Setting APPROTECT "disconnects" the ability to connect with a programmer/debugger, but it still allows the microcontroller to access its own flash and RAM area. See this whitepaper.

    The only way to 'reopen/unlock' the device after APPROTECT is set, is to issue an ERASEALL command through the CTRL-AP access port, and then issue a reset through the CTRL-AP. (nrfjprog --recover). This will erase the entire code flash and UICR area of the device, in addition to the entire RAM.

    However, it will be possible for an attacker with enough will (and money) to decap/open the chip and extract data from the flash physically using very low level tools. If you use the same private key for all devices, then it's a big risk as if a hacker can hack one device he get the key for all devices.

    If you want to use shared private keys on the device, we recommend using a co-processor(secure element) that supports secure key provisioning to keep it secret during and after production. This will protect against leaking sensitive data during production and safeguards the identity of the devices. Generally these co-processors can protect against decapping of the device, making it impossible to read out any security material.

Reply
  • Hi,

    In the nRF52832 we have something called readback protection that prevents a hacker to use a debugger to read the flash and RAM. You can enable readback protection of the device by writing '00' to the APPROTECT register. You can also do this with our tool nrfjprog:

    nrfjprog -f nrf52 --rbp ALL && nrfjprog --pinreset -f nrf52
    

    Setting APPROTECT "disconnects" the ability to connect with a programmer/debugger, but it still allows the microcontroller to access its own flash and RAM area. See this whitepaper.

    The only way to 'reopen/unlock' the device after APPROTECT is set, is to issue an ERASEALL command through the CTRL-AP access port, and then issue a reset through the CTRL-AP. (nrfjprog --recover). This will erase the entire code flash and UICR area of the device, in addition to the entire RAM.

    However, it will be possible for an attacker with enough will (and money) to decap/open the chip and extract data from the flash physically using very low level tools. If you use the same private key for all devices, then it's a big risk as if a hacker can hack one device he get the key for all devices.

    If you want to use shared private keys on the device, we recommend using a co-processor(secure element) that supports secure key provisioning to keep it secret during and after production. This will protect against leaking sensitive data during production and safeguards the identity of the devices. Generally these co-processors can protect against decapping of the device, making it impossible to read out any security material.

Children
No Data
Related