Hardware-based Security for Virtual Trusted Platform Modules

Virtual Trusted Platform modules (TPMs) were proposed as a software-based alternative to the hardware-based TPMs to allow the use of their cryptographic functionalities in scenarios where multiple TPMs are required in a single platform, such as in virtualized environments. However, virtualizing TPMs, especially virutalizing the Platform Configuration Registers (PCRs), strikes against one of the core principles of Trusted Computing, namely the need for a hardware-based root of trust. In this paper we show how strength of hardware-based security can be gained in virtual PCRs by binding them to their corresponding hardware PCRs. We propose two approaches for such a binding. For this purpose, the first variant uses binary hash trees, whereas the other variant uses incremental hashing. In addition, we present an FPGA-based implementation of both variants and evaluate their performance

A novel technique for FPGA IP protection

The configuration data sequence of a field programmable gate array (FPGA) is an intellectual property (IP) of the original designer. With the increase in deployment of FPGAs in modern embedded systems, the IP protection of FPGA hardware designs has become a necessary requirement for many IP vendors. There have been already many proposals to overcome this problem using symmetric encryption techniques but these methods need a cryptographic key to be stored in a non-volatile memory located on FPGA or in a battery-backed RAM (Random Access Memory) as done in some of the current FPGAs. The expenses with the proposed methods are, occupation of larger area on FPGA in the former case and limited lifetime of the device in the latter. In contrast, we propose a novel method which combines the dynamic partial reconfiguration (dynamic PR) feature of an SRAM-based FPGA with the public key cryptography (PKC) to protect the FPGA configuration files without the need to store any keys on FPGA

Sustainable Trusted Computing: A Novel Approach for a Flexible and Secure Update of Cryptographic Engines on a Trusted Platform Module

Trusted computing is gaining an increasing acceptance in the industry and finding its way to cloud computing. With this penetration, the question arises whether the concept of hardwired security modules will cope with the increasing sophistication and security requirements of future IT systems and the ever expanding threats and violations. So far, embedding cryptographic hardware engines into the Trusted Platform Module (TPM) has been regarded as a security feature. However, new developments in cryptanalysis, side-channel analysis, and the emergence of novel powerful computing systems, such as quantum computers, can render this approach useless. Given that, the question arises: Do we have to throw away all TPMs and lose the data protected by them, if someday a cryptographic engine on the TPM becomes insecure? To address this question, we present a novel architecture called Sustainable Trusted Platform Module (STPM), which guarantees a secure update of the TPM cryptographic engines without compromising the system’s trustworthiness. The STPM architecture has been implemented as a proof-of-concept on top of a Xilinx Virtex-5 FPGA platform, demonstrating the test cases with an update of the fundamental hash and asymmetric engines of the TPM

Evaluating the Impact of Integrating a Security Module on the Real-Time Properties of a System

Part 8: Real-Time Aspects in Distributed SystemsInternational audienceWith a rise in the deployment of electronics in today’s systems especially in automobiles, the task of securing them against various attacks has become a major challenge. In particular, the most vulnerable points are: (i) communication paths between the Electronic Control Units (ECUs) and between sensors & actuators and the ECU, (ii) remote software updates from the manufacturer and the in-field system. However, when including additional mechanisms to secure such systems, especially real-time systems, there will be a major impact on the real-time properties and on the overall performance of the system. Therefore, the goal of this work is to deploy a minimal security module in a target real-time system and to analyze its impact on the aforementioned properties of the system, while achieving the goals of secure communication and authentic system update. From this analysis, it has been observed that, with the integration of such a security module into the ECU, the response time of the system is strictly dependent on the utilized communication interface between the ECU processor and the security module. The analysis is performed utilizing the security module operating at different frequencies and communicating over two different interfaces i.e., Low-Pin-Count (LPC) bus and Memory-Mapped I/O (MMIO) method

A Novel Technique for FPGA IP Protection

The configuration data sequence of a field programmable gate array (FPGA) is an intellectual property (IP) of the original designer. With the increase in deployment of FPGAs in modern embedded systems, the IP protection of FPGA hardware designs has become a necessary requirement for many IP vendors. There have been already many proposals to overcome this problem using symmetric encryption techniques but these methods need a cryptographic key to be stored in a non-volatile memory located on FPGA or in a battery-backed RAM (Random Access Memory) as done in some of the current FPGAs. The expenses with the proposed methods are, occupation of larger area on FPGA in the former case and limited lifetime of the device in the latter. In contrast, we propose a novel method which combines the dynamic partial reconfiguration (dynamic PR) feature of an SRAM-based FPGA with the public key cryptography (PKC) to protect the FPGA configuration files without the need to store any keys on FPGA

A Novel Design Flow for Tamper-Resistant Self-Healing Properties of FPGA Devices without Configuration Readback Capability

Self-healing systems can restore their original functionality by use of run-time self-reconfiguration, a feature supplied by state of the art FPGA devices. Commonly, integrity checks are performed by reading back the device configuration and validating its hash value. Systems which are prone to tampering and piracy of intellectual property may disable configuration readback, which renders this method infeasible. We propose to secure systems by use of test vectors, requiring a certain system input sequence to always generate the same system output. The presented security mechanism is hard to tamper with and does not interfere with normal system operation. Although the required hardware overhead may be high in general, we show that the overhead can be kept relatively low if the method is applied only to select parts of the system, without any detrimental effect to the level of security that our mechanism provides. The mechanism is introduced into VHDL code using an automatic process

Survey of Methods to Improve Side-Channel Resistance on Partial Reconfigurable Platforms

In this survey we introduce a few secure hardware implementation methods for FPGA platforms in the context of side-channel analysis. Side-channel attacks may exploit data-dependent physical leakage to estimate secret parameters like a cryptographic key. In particular, IP-cores for security applications on embedded systems equippe with FPGAs have to be made secure against these attacks. Thus, we discuss how the countermeasures, known from literature, can be applied on FPGA-based systems to improve the side-channel resistance. After introducing the reader to the FPGA technology and the FPGA reconfiguration workflow, we discuss the hiding-based countermeasure against power analysis attacks especially designed for reconfigurable FPGAs