Sustainable Trusted Computing: A Novel Approach for a Flexible and Secure Update of Cryptographic Engines on a Trusted Platform Module

Trusted computing is gaining an increasing acceptance in the industry and finding its way to cloud computing. With this penetration, the question arises whether the concept of hardwired security modules will cope with the increasing sophistication and security requirements of future IT systems and the ever expanding threats and violations. So far, embedding cryptographic hardware engines into the Trusted Platform Module (TPM) has been regarded as a security feature. However, new developments in cryptanalysis, side-channel analysis, and the emergence of novel powerful computing systems, such as quantum computers, can render this approach useless. Given that, the question arises: Do we have to throw away all TPMs and lose the data protected by them, if someday a cryptographic engine on the TPM becomes insecure? To address this question, we present a novel architecture called Sustainable Trusted Platform Module (STPM), which guarantees a secure update of the TPM cryptographic engines without compromising the system’s trustworthiness. The STPM architecture has been implemented as a proof-of-concept on top of a Xilinx Virtex-5 FPGA platform, demonstrating the test cases with an update of the fundamental hash and asymmetric engines of the TPM

Evaluating the Impact of Integrating a Security Module on the Real-Time Properties of a System

Part 8: Real-Time Aspects in Distributed SystemsInternational audienceWith a rise in the deployment of electronics in today’s systems especially in automobiles, the task of securing them against various attacks has become a major challenge. In particular, the most vulnerable points are: (i) communication paths between the Electronic Control Units (ECUs) and between sensors & actuators and the ECU, (ii) remote software updates from the manufacturer and the in-field system. However, when including additional mechanisms to secure such systems, especially real-time systems, there will be a major impact on the real-time properties and on the overall performance of the system. Therefore, the goal of this work is to deploy a minimal security module in a target real-time system and to analyze its impact on the aforementioned properties of the system, while achieving the goals of secure communication and authentic system update. From this analysis, it has been observed that, with the integration of such a security module into the ECU, the response time of the system is strictly dependent on the utilized communication interface between the ECU processor and the security module. The analysis is performed utilizing the security module operating at different frequencies and communicating over two different interfaces i.e., Low-Pin-Count (LPC) bus and Memory-Mapped I/O (MMIO) method