269 research outputs found
TrustZone based attestation in secure runtime verification for embedded systems
Dissertação de mestrado integrado em Engenharia InformáticaARM TrustZone é um “Ambiente de Execução Confiável” disponibilizado em processadores da ARM, que
equipam grande parte dos sistemas embebidos. Este mecanismo permite assegurar que componentes
crĂticos de uma aplicação executem num ambiente que garante a confidencialidade dos dados e integridade
do cĂłdigo, mesmo que componentes maliciosos estejam instalados no mesmo dispositivo. Neste projecto
pretende-se tirar partido do TrustZone no contexto de uma framework segura de monitorização em tempo
real de sistemas embebidos. Especificamente, pretende-se recorrer a components como o ARM Trusted
Firmware, responsável pelo processo de secure boot em sistemas ARM, para desenvolver um mecanismo
de atestação que providencie garantias de computação segura a entidades remotas.ARM TrustZone is a security extension present on ARM processors that enables the development of hardware
based Trusted Execution Environments (TEEs). This mechanism allows the critical components of an
application to execute in an environment that guarantees data confidentiality and code integrity, even when a
malicious agent is installed on the device. This projects aims to harness TrustZone in the context of a secure
runtime verification framework for embedded devices. Specifically, it aims to harness existing components,
namely ARM Trusted Firmware, responsible for the secure boot process of ARM devices, to implement an
attestation mechanism that provides proof of secure computation to remote parties.This work has been partially supported by the Portuguese Foundation for Science and
Technology (FCT), project REASSURE (PTDC/EEI-COM/28550/2017), co-financed by
the European Regional Development Fund (FEDER), through the North Regional Operational Program (NORTE 2020)
Attestation Mechanisms for Trusted Execution Environments Demystified
Attestation is a fundamental building block to establish trust over software
systems. When used in conjunction with trusted execution environments, it
guarantees the genuineness of the code executed against powerful attackers and
threats, paving the way for adoption in several sensitive application domains.
This paper reviews remote attestation principles and explains how the modern
and industrially well-established trusted execution environments Intel SGX, Arm
TrustZone and AMD SEV, as well as emerging RISC-V solutions, leverage these
mechanisms.Comment: This publication incorporates results from the VEDLIoT project, which
received funding from the European Union's Horizon 2020 research and
innovation programme under grant agreement No 957197. arXiv admin note:
substantial text overlap with arXiv:2204.0679
SGXIO: Generic Trusted I/O Path for Intel SGX
Application security traditionally strongly relies upon security of the
underlying operating system. However, operating systems often fall victim to
software attacks, compromising security of applications as well. To overcome
this dependency, Intel introduced SGX, which allows to protect application code
against a subverted or malicious OS by running it in a hardware-protected
enclave. However, SGX lacks support for generic trusted I/O paths to protect
user input and output between enclaves and I/O devices.
This work presents SGXIO, a generic trusted path architecture for SGX,
allowing user applications to run securely on top of an untrusted OS, while at
the same time supporting trusted paths to generic I/O devices. To achieve this,
SGXIO combines the benefits of SGX's easy programming model with traditional
hypervisor-based trusted path architectures. Moreover, SGXIO can tweak insecure
debug enclaves to behave like secure production enclaves. SGXIO surpasses
traditional use cases in cloud computing and makes SGX technology usable for
protecting user-centric, local applications against kernel-level keyloggers and
likewise. It is compatible to unmodified operating systems and works on a
modern commodity notebook out of the box. Hence, SGXIO is particularly
promising for the broad x86 community to which SGX is readily available.Comment: To appear in CODASPY'1
BLEND: Efficient and blended IoT data storage and communication with application layer security
Many IoT use cases demand both secure storage and secure communication.
Resource-constrained devices cannot afford having one set of crypto protocols
for storage and another for communication. Lightweight application layer
security standards are being developed for IoT communication. Extending these
protocols for secure storage can significantly reduce communication latency and
local processing.
We present BLEND, combining secure storage and communication by storing IoT
data as pre-computed encrypted network packets. Unlike local methods, BLEND not
only eliminates separate crypto for secure storage needs, but also eliminates a
need for real-time crypto operations, reducing the communication latency
significantly. Our evaluation shows that compared with a local solution, BLEND
reduces send latency from 630 microseconds to 110 microseconds per packet.
BLEND enables PKI based key management while being sufficiently lightweight for
IoT. BLEND doesn't need modifications to communication standards used when
extended for secure storage, and can therefore preserve underlying protocols'
security guarantees.Comment: Accepted in IEEE CSR 2022. 10 pages, 7 figure
Proceedings of the Workshop on web applications and secure hardware (WASH 2013).
Web browsers are becoming the platform of choice for applications that need to work across a wide range of different devices, including mobile phones, tablets, PCs, TVs and in-car systems. However, for web applications which require a higher level of assurance, such as online banking, mobile payment, and media distribution (DRM), there are significant security and privacy challenges. A potential solution to some of these problems can be found in the use of secure hardware – such as TPMs, ARM TrustZone, virtualisation and secure elements – but these are rarely accessible to web applications or used by web browsers. The First Workshop on Web Applications and Secure Hardware (WASH'13) focused on how secure hardware could be used to enhance web applications and web browsers to provide functionality such as credential storage, attestation and secure execution. This included challenges in compatibility (supporting the same security features despite different user hardware) as well as multi-device scenarios where a device with hardware mechanisms can help provide assurance for systems without. Also of interest were proposals to enhance existing security mechanisms and protocols, security models where the browser is not trusted by the web application, and enhancements to the browser itself
MicroTEE: Designing TEE OS Based on the Microkernel Architecture
ARM TrustZone technology is widely used to provide Trusted Execution
Environments (TEE) for mobile devices. However, most TEE OSes are implemented
as monolithic kernels. In such designs, device drivers, kernel services and
kernel modules all run in the kernel, which results in large size of the
kernel. It is difficult to guarantee that all components of the kernel have no
security vulnerabilities in the monolithic kernel architecture, such as the
integer overflow vulnerability in Qualcomm QSEE TrustZone and the TZDriver
vulnerability in HUAWEI Hisilicon TEE architecture. This paper presents
MicroTEE, a TEE OS based on the microkernel architecture. In MicroTEE, the
microkernel provides strong isolation for TEE OS's basic services, such as
crypto service and platform key management service. The kernel is only
responsible for providing core services such as address space management,
thread management, and inter-process communication. Other fundamental services,
such as crypto service and platform key management service are implemented as
applications at the user layer. Crypto Services and Key Management are used to
provide Trusted Applications (TAs) with sensitive information encryption, data
signing, and platform attestation functions. Our design avoids the compromise
of the whole TEE OS if only one kernel service is vulnerable. A monitor has
also been added to perform the switch between the secure world and the normal
world. Finally, we implemented a MicroTEE prototype on the Freescale i.MX6Q
Sabre Lite development board and tested its performance. Evaluation results
show that the performance of cryptographic operations in MicroTEE is better
than it in Linux when the size of data is small.Comment: 8 pages, 8 figure
- …