How Secure Microcontrollers Protect ORWL 'Tamper-Proof' PC

The ORWL tamper-proof computer comes with two secure microcontroller units (MCU), one on the mainboard (Maxim’s MAX32550) and one in the authentication key fob (STMicroelectronics’ ST54D). Design Shift, the company making it, explained in detail how these work to protect the system against tampering.

The Role Of The Secure MCUs

The two secure microcontrollers have multiple roles to ensure the system is protected, including a self-encrypted SSD, tamper-proof active mesh, key fob authentication, out of range lockdown, and off-grid backup.

The self-encrypted SSD automatically encrypts all of the stored data. The key is stored on the mainboard's secure MCU and is given to the SSD only after the users authenticate with their key fobs.

Perhaps the key selling point of the ORWL computer is its enveloping “active mesh,” which is the main physical feature of the system that protects against tampering. The active mesh protects the CPU, mainboard, and the secure MCU. The active mesh and the secure MCU work together, so if anyone tries to tamper with the mesh, the MCU wipes the decryption key for the SSD. This way nobody can get to the data through physical attacks.

The mainboard microcontroller authenticates the physical security key through an NFC connection, and then it monitors the range through a Bluetooth LE connection. The system automatically disconnects the user after the key fob is out of the range of BLE. When the key fob is out of range, the mainboard secure MCU disables the USB ports and puts the system into standby mode. The secure MCU will also cut the power to the Intel subsystem when the security key is out range and if the ORWL PC is moved around.

The secure MCU's battery will last several months. If the user does not replace it during this time, it will automatically destroy the encryption key.

Secure MCU Features

The team behind the ORWL computer said that although dedicated security appliances in the financial, medical, and defense industries have used secure microcontrollers, their tamper-proof computer is probably the only consumer PC to use them. A secure MCU is just like a regular MCU, but with some extra features to protect data from unauthorized access.

Much like ORWL’s own active mesh encasing, the secure microcontrollers also come with their own tamper-proof “conductive meshes,” called “die shields.” The die shield completely surrounds and protects the secure MCU against physical intrusion. The system will delete sensitive data if it detects tampering. Die shields also act as electromagnetic shields to protect against side-channel attacks.

The ORWL team revealed that its mainboard secure MCU is a Cortex M3 with the following security features:

Die shield with self-erasing memory on tamperHardware accelerators for cryptographic primitivesSide channel protection for crypto operationsTrue random number generatorSix tamper sensors for monitoring the active meshTemperature and voltage tamper monitors

The MCU in the physical security key used for user authentication is an ARM “Secure Core” that implements the secure element aspect of NFC and has its own die shield.

Secure MCU Trustworthiness

The OWRL team said that it couldn’t publish the full technical details of the two secure MCUs, because it seems no microcontroller company is willing to give them away without first signing an NDA. That means even if Design Shift gets the technical datasheets, it can’t make them public. However, the team said that there are other ways in which to verify the trustworthiness of the two chips.

Design Shift said that it has indeed entered an NDA with two microcontroller vendors, so it can at least verify itself that everything works as it should. It also noted that other parties could also enter NDAs with the MCU makers to receive the technical datasheets as well.  However, this could get quite expensive, so Design Shift has hired Penumbra, a security company, to audit the security of ORWL. The company will make the audit details public when it’s finished.

The MCUs that ORWL uses are also widespread in the financial industry, which obviously has an incentive to ensure that the chips are secure and without any backdoors that could make their entire financial systems vulnerable to attacks. Because they're widely use, potential attackers may be looking at them for exploitation. These two things should help increase the trust in the security of ORWL’s microcontrollers.

Developer Control

The ORWL team said that it would try to make it as easy as possible for other developers to reprogram the MCUs or allow them to sign all firmware with their own keys. The company will release a dev kit soon with all the tools necessary to build and verify all of ORWL’s firmware.

Design Shift said that the most opaque part of the mainboard's secure MCU is the boot ROM firmware. However, Maxim, the maker of that MCU, agreed to sell it a version of it without any firmware.

This will require $20,000, which Design Shift said it’s willing to pay, but the hard part will be the development of an open source replacement firmware. For this reason, the company is asking the open source community for help. Once the replacement is complete, the custom secure MCU will be available to anyone to use, according to the company.

Lucian Armasu
Lucian Armasu is a Contributing Writer for Tom's Hardware US. He covers software news and the issues surrounding privacy and security.
  • Hydrotricithline
    - True random number generator

    Riiight. :) They've been working on true random number generators for years, it has to be based off of something.. time .. temp.. location.. noise.. static .. something. And considering how it's only mentioned as a side note. Makes me a little curious.

    Also I do get that logically most civilian and 'most' commercial users won't beable to decrypt the SSD with the key 'deleted' but anyone using a system like this (so cost inhibitive and security sensitive, Read as .. PitA to use for most of the market) They should beable to read residual data from SSD (possibly recovering the key); if they cut power to the unit, even with battery backup it could only rewrite the same sector so many times. Or alternatively just plain brute for the drive with end processing power. Granted that would take awhile. but presumably the data is sensitive.

    Security is a process, not a product. This might be an ok tool for the 'secure minded' but I'm more than slightly skeptical on anyone trying to put a price tag on any 'security solution'. I would be very welcomed to see this released to the open source community and see what custom modifications could be added to the firmware however.
    Reply
  • Christopher1
    Actually, they do have true 'random number' generators today. They just pick a number out of the blue with no 'table' to choose from.
    Reply