PEmicro Blog

A Step by Step Example of Using Image Encryption and Usage Restrictions

Jul 09, 2019

This article features a step-by-step example of a company that wants to use the ProCryption Security features of custom encryption and image limitations to: 

  • Secure their programming images/IP from their own source computers all the way to their own Cyclone programmers at an external manufacturer
  • Limit production programming to occur only in a specific date range
  • Generate their own custom Encryption Keys and provision Cyclones with them

Video Overview

For those who prefer a visual approach, watch PEmicro President Kevin Perreault discuss Cyclone security features and their ease of implementation.

Background

A company called SteadyBeat makes heart rate monitors for runners. They have just developed a new and more accurate new model of their heart rate monitor, RunReady 2, that they want to start manufacturing. SteadyBeat has their own set of Cyclone programmers at the XYZ Manufacturing Company. These Cyclones are also used to program several other products SteadyBeat currently manufactures at XYZ Manufacturing Company. 

When SteadyBeat first set up the XYZ Manufacturing Company to produce its products, they provided a set of Cyclones to the manufacturer which had already been provisioned with their own "SteadyBeat_XYZ_Production" ImageKey (encryption key).

Note: The process for creating a custom AES/RSA ImageKey and provisioning Cyclones with it is detailed at the end of this blog post).

Goals

SteadyBeat wants to achieve the following goals:

  1. Make sure the IP included in any RunReady 2 programming data they send to the XYZ manufacturing facility is secure from their source computer all the way to their own Cyclone programmers at that location, regardless of how it is electronically transferred or who at XYZ handles the programming image file. The programming data should be usable only on their Cyclones at that specific facility.
  2. Limit the time-frame when the programming image can be used. This prevents an older image from being accidentally (or intentionally) used in the future.

Solution

SteadyBeat's method for achieving both of their goals with this new product is to encrypt their programming image for RunReady 2 with their existing "SteadyBeat_XYZ_Production" ImageKey and to add the appropriate image restrictions related to date usage. The process, in the Image Creation Utility, is very simple: 

  1. Select the "SteadyBeat_XYZ_Production" ImageKey as the Encryption Setting. (This then becomes the default until changed for generating all images).
  2. Add the 7/8/2019-11/8/2019 date range restriction to the Programming Restrictions
  3. Generate the Image to disk and deliver to XZY as appropriate

A more detailed view of this is:

1. Select the "SteadyBeat_XYZ_Production" ImageKey as the Encryption Setting

In order to provision their Cyclones to support secure images when they first sent the Cyclone programmers to the XYZ Manufacturing Company, SteadyBeat had used the Image Creation Utility to create the "SteadyBeat_XYZ_Production" ImageKey. This ImageKey exists as a file on the computer system which created it. The Image Creation software remembers the last five ImageKeys used/created and the most recently used key is selected by default. 

The SteadyBeat user generating the "RunReady 2" encrypted programming image file will select the "SteadyBeat_XYZ_Production" ImageKey file as the Image Encryption to use when generating the programming image for the new RunReady 2 product line. 

An ImageKey file, by default, has a .imagekey extension. This file can be moved between PCs and used by multiple users. If a new PC was being used to generate the image, the user would choose the "Select Image Encryption Key" in the Image Encryption drop down list and browse to the appropriate ImageKey File:

By choosing the "SteadyBeat_XYZ_Production" ImageKey for the Image Encryption setting, the generated image will only be decryptable on SteadyBeat's XYZ manufacturing company Cyclones which are provisioned with the same key. New Cyclones can be provisioned with the "SteadyBeat_XYZ_Production" ImageKey file at any time, so more Cyclones can be provisioned and provided to the manufacturer as needed. 

Detailed information about how Cyclone programming image encryption functions is available in the blog post Cyclone ProCryption Security - RSA/AES Encryption Added for Production Programming

2. Add Programming Restrictions

SteadyBeat also wants to make sure that programming of the new RunRate 2 units is only done during a specific date range, in this case July 8, 2019 through November 8, 2019. During image creation they set this date range restriction in the ProCryption Security area of the Cyclone Image Creation Utility:

Images can also be restricted by number of programs and number of failures allowed.

3. Generate An Encrypted Programming Image

To finish, SteadyBeat simply generates the encrypted programming image and saves it to disk. 

By default, encrypted images have an .esap extension and non-encrypted images have a .sap extension:

SteadyBeat can now send the encrypted programming image (.esap file) electronically to their manufacturer knowing their valuable IP is safely secured with industry standard AES/RSA encryption. Only Cyclones which have been provisioned with their key can decrypt and use the programming image. Decryption on Cyclone programmers which have the "SteadyBeat_XYZ_Production" ImageKey is transparent - encrypted images load and function exactly like other programming images. 

XYZ Manufacturing can transfer the Encrypted Programming Image to the appropriate Cyclones using the Cyclone Control Suite (GUI, Console, and SDK).

Any person at XYZ Manufacturing who has a copy of the encrypted image (the .esap file) will not be able to reverse-engineer the programming data stored within the image (even someone with the ImageKey can't do this) or store the encrypted image to a Cyclone which has not been provisioned with the "SteadyBeat_XYZ_Production" ImageKey.

ImageKeys on the PC are themselves partially encrypted so that certain pieces can only by used on a Cyclone. Even with this, they should be handled with care as they can be loaded into any Cyclone.

Initial Key Creation and Provisioning of Cyclones

In the above example, SteadyBeat had already created the "SteadyBeat_XYZ_Production" ImageKey and provisioned Cyclones with it for previous production projects. Key creation and provisioning of a Cyclone is generally a one-time step and as such is not something a user will need to perform regularly. Nevertheless, it is very easy to do so. Here are the steps that SteadyBeat would have followed to create such a key and add it to the Cyclones before shipping:

1. Create the "SteadyBeat_XYZ_Production" ImageKey

Creating a new ImageKey file is extremely simple. Start the Image Creation utility and select "Create Image Encryption Key..." from the Image Encryption drop down list. This pops up a dialog asking the user to specify an ImageKey description which will be how the key is displayed on a Cyclone. When the user clicks "Generate Encryption Key", they will be prompted for a filename and where to save the ImageKey. This file can be used to provision Cyclones and should be kept in a safe location.

2. Provisioning a Cyclone with the "SteadyBeat_XYZ_Production" ImageKey

The Cyclone Control GUI can be used to add ImageKeys to Cyclones. Start the Cyclone Control GUI utility and open the Cyclone that you wish to provision with the ImageKey. Select the "Encryption Keys" tabs. This will show all ImageKeys currently in the Cyclone. To provision the Cyclone with the "SteadyBeat_XYZ_Production" ImageKey, click the "Add Encryption Key" button: 

Then select the appropriate ImageKey:

The ImageKey gets added into the encrypted storage of the Cyclone: 

The Cyclone can now load and decrypt images encrypted with the "SteadyBeat_XYZ_Production" ImageKey. If the ImageKey is ever deleted from the Cyclone, the Cyclone will lose access to any images which were encrypted with it.

The Cyclone Control Console application can also be used to add, remove, and list ImageKeys in a Cyclone.

A more thorough explanation of the steps covered here, including how to provision Cyclones with an encryption key, is available in the Cyclone User Manual.

Strong Protection, Simple Implementation

This example demonstrates how easy it is to use the security and control that the ProCryption Security license provides to the user's manufacturing process. Once configured, it works seamlessly on the production side. Cyclone users can keep valuable IP safe without a difficult management process. Cyclone programmers leverage the industry leading wolfSSL cryptography stack to provide advanced cryptography protection and enablement for production programming setups.PEmicro's Cyclone FX programmers include this powerful new technology, and Cyclone LC users have the flexibility to simply optionally add the license and add it to their Cyclone. 

Tags related to this Blog Post

Cyclone     Cyclone FX     ARM     NXP     Production Programming