Abstract
Trusted computing is an emerging technology to improve the trustworthiness of computing platforms. The Trusted Computing Group has proposed specifications for a Trusted Platform Module and a Mobile Trusted Module. One of the key problems when integrating these trusted modules into an embedded system-on-chip design, is the lack of on-chip multiple-time-programmable non-volatile memory. In this paper, we describe a solution to protect the trusted module’s persistent state in external memory against non-invasive attacks. We introduce a minimal cryptographic protocol to achieve an authenticated channel between the trusted module and the external non-volatile memory. A MAC algorithm has to be added to the external memory to ensure authenticity. As a case study, we discuss trusted computing on reconfigurable hardware. In order to make our solution applicable to the low-end FPGA series which has no security measures on board, we present a solution that only relies on the reverse engineering complexity of the undocumented bitstream encoding and uses a physically unclonable function for one-time-programmable key storage. Clearly, this solution is also applicable to high-end series with special security measures on board. Our solution also supports field updates of the trusted module.
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
The work described in this document has been partly financially supported by the IAP Programme P6/26 BCRYPT of the Belgian State (Belgian Science Policy), by the IBBT (Interdisciplinary institute for BroadBand Technology) of the Flemish Government, by the FWO project BBC G.0300.07, and in part by the European Commission through the IST Programme under Contract IST-027635 OPEN_TC.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Ekberg, J.E., Kylänpää, M.: Mobile Trusted Module (MTM) - an introduction (November 2007), http://research.nokia.com/files/NRCTR2007015.pdf
Dietrich, K.: An Integrated Architecture for Trusted Computing for Java enabled Embedded Devices. In: 2nd ACM workshop on Scalable Trusted Computing – STC 2007, pp. 2–6. ACM, New York (2007)
Wilson, P., Frey, A., Mihm, T., Kershaw, D., Alves, T.: Implementing Embedded Security on Dual-Virtual-CPU Systems. IEEE Design and Test of Computers 24(6), 582–591 (2007)
Khan, M.H., Seifert, J.P., Wheeler, D.M., Brizek, J.P.: A Platform-level Trust-Architecture for Hand-held Devices. In: ECRYPT Workshop, CRASH – CRyptographic Advances in Secure Hardware, Leuven, Belgium, p. 16 (2005)
Berger, S., Cáceres, R., Goldman, K.A., Perez, R., Sailer, R., van Doorn, L.: vTPM: Virtualizing the Trusted Platform Module. In: Proceedings of the 15th USENIX Security Symposium, Berkeley, CA, USA, p. 21. USENIX Association (2006)
Zhang, X., Acıiçmez, O., Seifert, J.P.: A Trusted Mobile Phone Reference Architecture via Secure Kernel. In: 2nd ACM workshop on Scalable Trusted Computing – STC 2007, pp. 7–14. ACM, New York (2007)
Kasper, M.: Virtualisation of a SIM-Card using Trusted Computing. Master’s thesis, Private Fernfachhochschule Darmstadt (2007)
Kursawe, K., Schellekens, D., Preneel, B.: Analyzing trusted platform communication. In: ECRYPT Workshop, CRASH – CRyptographic Advances in Secure Hardware, Leuven, Belgium, p. 8 (2005)
De Vries, A., Ma, Y.: A logical approach to NVM integration in SOC design. EDN Magazine (2) (January 2007), http://www.impinj.com/pdf/EDN_NVMinSoC.pdf
Eisenbarth, T., Güneysu, T., Paar, C., Sadeghi, A.R., Schellekens, D., Wolf, M.: Reconfigurable Trusted Computing in Hardware. In: 2nd ACM workshop on Scalable Trusted Computing – STC 2007, pp. 15–20. ACM, New York (2007)
Sadeghi, A.R., Selhorst, M., Stüble, C., Wachsmann, C., Winandy, M.: TCG inside? A Note on TPM Specification Compliance. In: 1st ACM workshop on Scalable Trusted Computing – STC 2006, pp. 47–56. ACM, New York (2006)
Alves, T., Rudelic, J.: ARM Security Solutions and Intel Authenticated Flash (2007), http://www.arm.com/pdfs/Intel_ARM_Security_WhitePaper.pdf
Guajardo, J., Kumar, S.S., Schrijen, G.J., Tuyls, P.: FPGA Intrinsic PUFs and Their Use for IP Protection. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 63–80. Springer, Heidelberg (2007)
Drimer, S.: Volatile FPGA design security – a survey (December 2007), http://www.cl.cam.ac.uk/~sd410/papers/fpga_security.pdf
Baetoniu, C., Sheth, S.: FPGA IFF Copy Protection Using Dallas Semiconductor/Maxim DS2432 Secure EEPROMs (August 2005), http://www.xilinx.com/support/documentation/application_notes/xapp780.pdf
Gassend, B., Clarke, D.E., van Dijk, M., Devadas, S.: Silicon Physical Unknown Functions. In: Atluri, V. (ed.) ACM Conference on Computer and Communications Security – CCS 2002, pp. 148–160. ACM, New York (2002)
Linnartz, J.P.M.G., Tuyls, P.: New Shielding Functions to Enhance Privacy and Prevent Misuse of Biometric Templates. In: Kittler, J., Nixon, M.S. (eds.) AVBPA 2003. LNCS, vol. 2688, pp. 393–402. Springer, Heidelberg (2003)
Dodis, Y., Reyzin, L., Smith, A.: Fuzzy Extractors: How to Generate Strong Keys from Biometrics and Other Noisy Data. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 523–540. Springer, Heidelberg (2004)
Suh, G.E., Clarke, D.E., Gassend, B., van Dijk, M., Devadas, S.: Efficient Memory Integrity Verification and Encryption for Secure Processors. In: 36th Annual International Symposium on Microarchitecture, pp. 339–350. ACM/IEEE (2003)
Handschuh, H., Trichina, E.: Securing Flash Technology. In: Breveglieri, L., Gueron, S., Koren, I., Naccache, D., Seifert, J.P. (eds.) 4th International Workshop on Fault Diagnosis and Tolerance in Cryptography – FDTC 2007, pp. 3–17. IEEE Computer Society, Los Alamitos (2007)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2008 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Schellekens, D., Tuyls, P., Preneel, B. (2008). Embedded Trusted Computing with Authenticated Non-volatile Memory. In: Lipp, P., Sadeghi, AR., Koch, KM. (eds) Trusted Computing - Challenges and Applications. Trust 2008. Lecture Notes in Computer Science, vol 4968. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-68979-9_5
Download citation
DOI: https://doi.org/10.1007/978-3-540-68979-9_5
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-68978-2
Online ISBN: 978-3-540-68979-9
eBook Packages: Computer ScienceComputer Science (R0)