Embedded Trusted Computing with Authenticated Non-volatile Memory

  • Dries Schellekens
  • Pim Tuyls
  • Bart Preneel
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4968)

Abstract

Trusted computing is an emerging technology to improve the trustworthiness of computing platforms. The Trusted Computing Group has proposed specifications for a Trusted Platform Module and a Mobile Trusted Module. One of the key problems when integrating these trusted modules into an embedded system-on-chip design, is the lack of on-chip multiple-time-programmable non-volatile memory. In this paper, we describe a solution to protect the trusted module’s persistent state in external memory against non-invasive attacks. We introduce a minimal cryptographic protocol to achieve an authenticated channel between the trusted module and the external non-volatile memory. A MAC algorithm has to be added to the external memory to ensure authenticity. As a case study, we discuss trusted computing on reconfigurable hardware. In order to make our solution applicable to the low-end FPGA series which has no security measures on board, we present a solution that only relies on the reverse engineering complexity of the undocumented bitstream encoding and uses a physically unclonable function for one-time-programmable key storage. Clearly, this solution is also applicable to high-end series with special security measures on board. Our solution also supports field updates of the trusted module.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Ekberg, J.E., Kylänpää, M.: Mobile Trusted Module (MTM) - an introduction (November 2007), http://research.nokia.com/files/NRCTR2007015.pdf
  2. 2.
    Dietrich, K.: An Integrated Architecture for Trusted Computing for Java enabled Embedded Devices. In: 2nd ACM workshop on Scalable Trusted Computing – STC 2007, pp. 2–6. ACM, New York (2007)CrossRefGoogle Scholar
  3. 3.
    Wilson, P., Frey, A., Mihm, T., Kershaw, D., Alves, T.: Implementing Embedded Security on Dual-Virtual-CPU Systems. IEEE Design and Test of Computers 24(6), 582–591 (2007)CrossRefGoogle Scholar
  4. 4.
    Khan, M.H., Seifert, J.P., Wheeler, D.M., Brizek, J.P.: A Platform-level Trust-Architecture for Hand-held Devices. In: ECRYPT Workshop, CRASH – CRyptographic Advances in Secure Hardware, Leuven, Belgium, p. 16 (2005)Google Scholar
  5. 5.
    Berger, S., Cáceres, R., Goldman, K.A., Perez, R., Sailer, R., van Doorn, L.: vTPM: Virtualizing the Trusted Platform Module. In: Proceedings of the 15th USENIX Security Symposium, Berkeley, CA, USA, p. 21. USENIX Association (2006)Google Scholar
  6. 6.
    Zhang, X., Acıiçmez, O., Seifert, J.P.: A Trusted Mobile Phone Reference Architecture via Secure Kernel. In: 2nd ACM workshop on Scalable Trusted Computing – STC 2007, pp. 7–14. ACM, New York (2007)CrossRefGoogle Scholar
  7. 7.
    Kasper, M.: Virtualisation of a SIM-Card using Trusted Computing. Master’s thesis, Private Fernfachhochschule Darmstadt (2007)Google Scholar
  8. 8.
    Kursawe, K., Schellekens, D., Preneel, B.: Analyzing trusted platform communication. In: ECRYPT Workshop, CRASH – CRyptographic Advances in Secure Hardware, Leuven, Belgium, p. 8 (2005)Google Scholar
  9. 9.
    De Vries, A., Ma, Y.: A logical approach to NVM integration in SOC design. EDN Magazine (2) (January 2007), http://www.impinj.com/pdf/EDN_NVMinSoC.pdf
  10. 10.
    Eisenbarth, T., Güneysu, T., Paar, C., Sadeghi, A.R., Schellekens, D., Wolf, M.: Reconfigurable Trusted Computing in Hardware. In: 2nd ACM workshop on Scalable Trusted Computing – STC 2007, pp. 15–20. ACM, New York (2007)CrossRefGoogle Scholar
  11. 11.
    Sadeghi, A.R., Selhorst, M., Stüble, C., Wachsmann, C., Winandy, M.: TCG inside? A Note on TPM Specification Compliance. In: 1st ACM workshop on Scalable Trusted Computing – STC 2006, pp. 47–56. ACM, New York (2006)CrossRefGoogle Scholar
  12. 12.
    Alves, T., Rudelic, J.: ARM Security Solutions and Intel Authenticated Flash (2007), http://www.arm.com/pdfs/Intel_ARM_Security_WhitePaper.pdf
  13. 13.
    Guajardo, J., Kumar, S.S., Schrijen, G.J., Tuyls, P.: FPGA Intrinsic PUFs and Their Use for IP Protection. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 63–80. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  14. 14.
    Drimer, S.: Volatile FPGA design security – a survey (December 2007), http://www.cl.cam.ac.uk/~sd410/papers/fpga_security.pdf
  15. 15.
    Baetoniu, C., Sheth, S.: FPGA IFF Copy Protection Using Dallas Semiconductor/Maxim DS2432 Secure EEPROMs (August 2005), http://www.xilinx.com/support/documentation/application_notes/xapp780.pdf
  16. 16.
    Gassend, B., Clarke, D.E., van Dijk, M., Devadas, S.: Silicon Physical Unknown Functions. In: Atluri, V. (ed.) ACM Conference on Computer and Communications Security – CCS 2002, pp. 148–160. ACM, New York (2002)CrossRefGoogle Scholar
  17. 17.
    Linnartz, J.P.M.G., Tuyls, P.: New Shielding Functions to Enhance Privacy and Prevent Misuse of Biometric Templates. In: Kittler, J., Nixon, M.S. (eds.) AVBPA 2003. LNCS, vol. 2688, pp. 393–402. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  18. 18.
    Dodis, Y., Reyzin, L., Smith, A.: Fuzzy Extractors: How to Generate Strong Keys from Biometrics and Other Noisy Data. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 523–540. Springer, Heidelberg (2004)Google Scholar
  19. 19.
    Suh, G.E., Clarke, D.E., Gassend, B., van Dijk, M., Devadas, S.: Efficient Memory Integrity Verification and Encryption for Secure Processors. In: 36th Annual International Symposium on Microarchitecture, pp. 339–350. ACM/IEEE (2003)Google Scholar
  20. 20.
    Handschuh, H., Trichina, E.: Securing Flash Technology. In: Breveglieri, L., Gueron, S., Koren, I., Naccache, D., Seifert, J.P. (eds.) 4th International Workshop on Fault Diagnosis and Tolerance in Cryptography – FDTC 2007, pp. 3–17. IEEE Computer Society, Los Alamitos (2007)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2008

Authors and Affiliations

  • Dries Schellekens
    • 1
  • Pim Tuyls
    • 1
    • 2
  • Bart Preneel
    • 1
  1. 1.ESAT-SCD/COSICKatholieke Universiteit LeuvenBelgium
  2. 2.Philips Research LaboratoriesEindhovenThe Netherlands

Personalised recommendations