Secure Boot and Remote Attestation in the Sanctum Processor

During the secure boot process for a trusted execution environment, the processor must provide a chain of certificates to the remote client demonstrating that their secure container was established as specified. This certificate chain is rooted at the hardware manufacturer who is responsible for constructing chips according to the correct specification and provisioning them with key material. We consider a semi-honest manufacturer who is assumed to construct chips correctly, but may attempt to obtain knowledge of client private keys during the process. Using the RISC-V Rocket chip architecture as a base, we design, document, and implement an attested execution processor that does not require secure non-volatile memory, nor a private key explicitly assigned by the manufacturer. Instead, the processor derives its cryptographic identity from manufacturing variation measured by a Physical Unclonable Function (PUF). Software executed by a bootloader built into the processor transforms the PUF output into an elliptic curve key pair. The (re)generated private key is used to sign trusted portions of the boot image, and is immediately destroyed. The platform can therefore provide attestations about its state to remote clients. Reliability and security of PUF keys are ensured through the use of a trapdoor computational fuzzy extractor. We present detailed evaluation results for secure boot and attestation by a client of a Rocket chip implementation on a Xilinx Zynq 7000 FPGA

Sanctorum: A lightweight security monitor for secure enclaves

Enclaves have emerged as a particularly compelling primitive to implement trusted execution environments: strongly isolated sensitive user-mode processes in a largely untrusted software environment. While the threat models employed by various enclave systems differ, the high-level guarantees they offer are essentially the same: attestation of an enclave's initial state, as well as a guarantee of enclave integrity and privacy in the presence of an adversary. This work describes Sanctorum, a small trusted code base (TCB), consisting of a generic enclave-capable system, which is sufficient to implement secure enclaves akin to the primitive offered by Intel's SGX. While enclaves may be implemented via unconditionally trusted hardware and microcode, as it is the case in SGX, we employ a smaller TCB principally consisting of authenticated, privileged software, which may be replaced or patched as needed. Sanctorum implements a formally verified specification for generic enclaves on an in-order multiprocessor system meeting baseline security requirements, e.g., the MIT Sanctum processor and the Keystone enclave framework. Sanctorum requires trustworthy hardware including a random number generator, a private cryptographic key pair derived via a secure bootstrapping protocol, and a robust isolation primitive to safeguard sensitive information. Sanctorum's threat model is informed by the threat model of the isolation primitive, and is suitable for adding enclaves to a variety of processor systems.Comment: 6 page

Encryption AXI Transaction Core for Enhanced FPGA Security

The current hot topic in cyber-security is not constrained to software layers. As attacks on electronic circuits have become more usual and dangerous, hardening digital System-on-Chips has become crucial. This article presents a novel electronic core to encrypt and decrypt data between two digital modules through an Advanced eXtensible Interface (AXI) connection. The core is compatible with AXI and is based on a Trivium stream cipher. Its implementation has been tested on a Zynq platform. The core prevents unauthorized data extraction by encrypting data on the fly. In addition, it takes up a small area—242 LUTs—and, as the core’s AXI to AXI path is fully combinational, it does not interfere with the system’s overall performance, with a maximum AXI clock frequency of 175 MHz.This work has been supported within the fund for research groups of the Basque university system IT1440-22 by the Department of Education and within the PILAR ZE-2020/00022 and COMMUTE ZE-2021/00931 projects by the Hazitek program, both of the Basque Government, the latter also by the Ministerio de Ciencia e Innovación of Spain through the Centro para el Desarrollo Tecnológico Industrial (CDTI) within the project IDI-20201264 and IDI-20220543 and through the Fondo Europeo de Desarrollo Regional 2014–2020 (FEDER funds)

Performance of Secure Boot in Embedded Systems

With the proliferation of the Internet of Things (IoT), the need to prioritize the overall system security is more imperative than ever. The IoT will profoundly change the established usage patterns of embedded systems, where devices traditionally operate in relative isolation.Internet connectivity brought by the IoT exposes such previously isolated internal device structures to cyber-attacks through the Internet, which opens new attack vectors and vulnerabilities. For example, a malicious user can modify the firmware or operating system by using a remote connection, aiming to deactivate standard defenses against malware. The criticality of applications, for example, in the Industrial IoT (IIoT) further underlines the need to ensure the integrity of the embedded software. One common approach to ensure system integrity is to verify the operating system and application software during the boot process. However, safety-critical IoT devices have constrained boot-up times, and home IoT devices should become available quickly after being turned on. Therefore, the boot-time can affect the usability of a device.This paper analyses performance trade-offs of secure boot for medium-scale embedded systems, such as Beaglebone and Raspberry Pi. We evaluate two secure boot techniques, one is only software-based, and the second is supported by a hardware-based cryptographic storage unit.For the software-based method, we show that secure boot merely increases the overall boot time by 4 %.Moreover, the additional cryptographic hardware storage increases the boot-up time by 36 %

Design, implementation, and analysis of efficient tools based on PUFs for hardware security applications

A Physical Unclonable Function (PUF) is a physical system that leverages manufacturing process variations to generate unclonable and inherent instance-specific measurements of physical objects. PUF is equivalent to human biometrics in many ways where each human has a unique fingerprint. PUF can securely generate unique and unclonable signatures that allow PUF to bootstrap the implementation of various physical security issues. In this thesis, we discuss PUFs, extend it to a novel SW-PUF, and explore some techniques to utilize it in security applications. We first present the SW-PUF - basic building block of this thesis, a novel PUF design that measures processor chip ALU silicon biometrics in a manner similar to all PUFs. Additionally, it composes the silicon measurement with the data-dependent delay of a particular program instruction in a way that is difficult to decompose through a mathematical model. We then implement the proposed PUF to solve various security issues for applications such as Software Protection and Trusted Computing. We prove that the SW-PUF can provide a more robust root of trust for measurement than the existing trusted platform module (TPM). Second, we present the Reversible SW-PUF , a novel PUF design based on the SW-PUF that is capable of computing partial inputs given its outputs. Given the random output signature of specific instruction in a specific basic block of the program, only the computing platform that originally computed the instruction can accurately regenerate the inputs of the instruction correctly within a certain number of bits. We then implement the Reversible SW-PUF to provide a verifiable computation method. Our scheme links the outsourced software with the cloud-node hardware to provide proof of the computational integrity and the resultant correctness of the results with high probability. Finally, we employ the SW-PUF and the Reversible SW-PUF to provide a trust attribute for data on the Internet of Thing (IoT) systems by combining data provenance and privacy-preserving methods. In our scheme, an IoT server can ensure that the received data comes from the IoT device that owns it. In addition, the server can verify the integrity of the data by validating the provenance metadata for data creation and modification

Enhancing Trust in Devices and Transactions of the Internet of Things

With the rise of the Internet of Things (IoT), billions of smart embedded devices will interact frequently.These interactions will produce billions of transactions.With IoT, users can utilize their phones, home appliances, wearables, or any other wireless embedded device to conduct transactions.For example, a smart car and a parking lot can utilize their sensors to negotiate the fees of a parking spot.The success of IoT applications highly depends on the ability of wireless embedded devices to cope with a large number of transactions.However, these devices face significant constraints in terms of memory, computation, and energy capacity.With our work, we target the challenges of accurately recording IoT transactions from resource-constrained devices. We identify three domain-problems: a) malicious software modification, b) non-repudiation of IoT transactions, and c) inability of IoT transactions to include sensors readings and actuators.The motivation comes from two key factors.First, with Internet connectivity, IoT devices are exposed to cyber-attacks.Internet connectivity makes it possible for malicious users to find ways to connect and modify the software of a device.Second, we need to store transactions from IoT devices that are owned or operated by different stakeholders.The thesis includes three papers. In the first paper, we perform an empirical evaluation of Secure Boot on embedded devices.In the second paper, we propose IoTLogBlock, an architecture to record off-line transactions of IoT devices.In the third paper, we propose TinyEVM, an architecture to execute off-chain smart contracts on IoT devices with an ability to include sensor readings and actuators as part of IoT transactions

Invited Paper: Secure Boot and Remote Attestation in the Sanctum Processor

© 2018 IEEE. During the secure boot process for a trusted execution environment, the processor must provide a chain of certificates to the remote client demonstrating that their secure container was established as specified. This certificate chain is rooted at the hardware manufacturer who is responsible for constructing chips according to the correct specification and provisioning them with key material. We consider a semi-honest manufacturer who is assumed to construct chips correctly, but may attempt to obtain knowledge of client private keys during the process. Using the RISC-V Rocket chip architecture as a base, we design, document, and implement an attested execution processor that does not require secure non-volatile memory, nor a private key explicitly assigned by the manufacturer. Instead, the processor derives its cryptographic identity from manufacturing variation measured by a Physical Unclonable Function (PUF). Software executed by a bootloader built into the processor transforms the PUF output into an elliptic curve key pair. The (re)generated private key is used to sign trusted portions of the boot image, and is immediately destroyed. The platform can therefore provide attestations about its state to remote clients. Reliability and security of PUF keys are ensured through the use of a trapdoor computational fuzzy extractor. We present detailed evaluation results for secure boot and attestation by a client of a Rocket chip implementation on a Xilinx Zynq 7000 FPGA