17,863 research outputs found
Efficient Implementation on Low-Cost SoC-FPGAs of TLSv1.2 Protocol with ECC_AES Support for Secure IoT Coordinators
Security management for IoT applications is a critical research field, especially when taking into account the performance variation over the very different IoT devices. In this paper, we present high-performance client/server coordinators on low-cost SoC-FPGA devices for secure IoT data collection. Security is ensured by using the Transport Layer Security (TLS) protocol based on the TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 cipher suite. The hardware architecture of the proposed coordinators is based on SW/HW co-design, implementing within the hardware accelerator core Elliptic Curve Scalar Multiplication (ECSM), which is the core operation of Elliptic Curve Cryptosystems (ECC). Meanwhile, the control of the overall TLS scheme is performed in software by an ARM Cortex-A9 microprocessor. In fact, the implementation of the ECC accelerator core around an ARM microprocessor allows not only the improvement of ECSM execution but also the performance enhancement of the overall cryptosystem. The integration of the ARM processor enables to exploit the possibility of embedded Linux features for high system flexibility. As a result, the proposed ECC accelerator requires limited area, with only 3395 LUTs on the Zynq device used to perform high-speed, 233-bit ECSMs in 413 ”s, with a 50 MHz clock. Moreover, the generation of a 384-bit TLS handshake secret key between client and server coordinators requires 67.5 ms on a low cost Zynq 7Z007S device
TrustShadow: Secure Execution of Unmodified Applications with ARM TrustZone
The rapid evolution of Internet-of-Things (IoT) technologies has led to an
emerging need to make it smarter. A variety of applications now run
simultaneously on an ARM-based processor. For example, devices on the edge of
the Internet are provided with higher horsepower to be entrusted with storing,
processing and analyzing data collected from IoT devices. This significantly
improves efficiency and reduces the amount of data that needs to be transported
to the cloud for data processing, analysis and storage. However, commodity OSes
are prone to compromise. Once they are exploited, attackers can access the data
on these devices. Since the data stored and processed on the devices can be
sensitive, left untackled, this is particularly disconcerting.
In this paper, we propose a new system, TrustShadow that shields legacy
applications from untrusted OSes. TrustShadow takes advantage of ARM TrustZone
technology and partitions resources into the secure and normal worlds. In the
secure world, TrustShadow constructs a trusted execution environment for
security-critical applications. This trusted environment is maintained by a
lightweight runtime system that coordinates the communication between
applications and the ordinary OS running in the normal world. The runtime
system does not provide system services itself. Rather, it forwards requests
for system services to the ordinary OS, and verifies the correctness of the
responses. To demonstrate the efficiency of this design, we prototyped
TrustShadow on a real chip board with ARM TrustZone support, and evaluated its
performance using both microbenchmarks and real-world applications. We showed
TrustShadow introduces only negligible overhead to real-world applications.Comment: MobiSys 201
The future of Cybersecurity in Italy: Strategic focus area
This volume has been created as a continuation of the previous one, with the aim of outlining a set of focus areas and actions that the Italian Nation research community considers essential. The book touches many aspects of cyber security, ranging from the definition of the infrastructure and controls needed to organize cyberdefence to the actions and technologies to be developed to be better protected, from the identification of the main technologies to be defended to the proposal of a set of horizontal actions for training, awareness raising, and risk management
- âŠ