Embedded Trusted Computing with Authenticated Non-volatile Memory

Dries Schellekens; Pim Tuyls; Bart Preneel

doi:10.1007/978-3-540-68979-9_5

International Conference on Trusted Computing

Trust 2008: Trusted Computing - Challenges and Applications pp 60-74

Embedded Trusted Computing with Authenticated Non-volatile Memory

Authors
Authors and affiliations

Dries Schellekens
Pim Tuyls
Bart Preneel

Conference paper

DOI: 10.1007/978-3-540-68979-9_5

Part of the Lecture Notes in Computer Science book series (LNCS, volume 4968)

Cite this paper as:: Schellekens D., Tuyls P., Preneel B. (2008) Embedded Trusted Computing with Authenticated Non-volatile Memory. In: Lipp P., Sadeghi AR., Koch KM. (eds) Trusted Computing - Challenges and Applications. Trust 2008. Lecture Notes in Computer Science, vol 4968. Springer, Berlin, Heidelberg

Abstract

Trusted computing is an emerging technology to improve the trustworthiness of computing platforms. The Trusted Computing Group has proposed specifications for a Trusted Platform Module and a Mobile Trusted Module. One of the key problems when integrating these trusted modules into an embedded system-on-chip design, is the lack of on-chip multiple-time-programmable non-volatile memory. In this paper, we describe a solution to protect the trusted module’s persistent state in external memory against non-invasive attacks. We introduce a minimal cryptographic protocol to achieve an authenticated channel between the trusted module and the external non-volatile memory. A MAC algorithm has to be added to the external memory to ensure authenticity. As a case study, we discuss trusted computing on reconfigurable hardware. In order to make our solution applicable to the low-end FPGA series which has no security measures on board, we present a solution that only relies on the reverse engineering complexity of the undocumented bitstream encoding and uses a physically unclonable function for one-time-programmable key storage. Clearly, this solution is also applicable to high-end series with special security measures on board. Our solution also supports field updates of the trusted module.

Preview

Unable to display preview. Download preview PDF.

References

1.
Ekberg, J.E., Kylänpää, M.: Mobile Trusted Module (MTM) - an introduction (November 2007), http://research.nokia.com/files/NRCTR2007015.pdf
2.
Dietrich, K.: An Integrated Architecture for Trusted Computing for Java enabled Embedded Devices. In: 2nd ACM workshop on Scalable Trusted Computing – STC 2007, pp. 2–6. ACM, New York (2007)CrossRefGoogle Scholar
3.
Wilson, P., Frey, A., Mihm, T., Kershaw, D., Alves, T.: Implementing Embedded Security on Dual-Virtual-CPU Systems. IEEE Design and Test of Computers 24(6), 582–591 (2007)CrossRefGoogle Scholar
4.
Khan, M.H., Seifert, J.P., Wheeler, D.M., Brizek, J.P.: A Platform-level Trust-Architecture for Hand-held Devices. In: ECRYPT Workshop, CRASH – CRyptographic Advances in Secure Hardware, Leuven, Belgium, p. 16 (2005)
5.
Berger, S., Cáceres, R., Goldman, K.A., Perez, R., Sailer, R., van Doorn, L.: vTPM: Virtualizing the Trusted Platform Module. In: Proceedings of the 15th USENIX Security Symposium, Berkeley, CA, USA, p. 21. USENIX Association (2006)
6.
Zhang, X., Acıiçmez, O., Seifert, J.P.: A Trusted Mobile Phone Reference Architecture via Secure Kernel. In: 2nd ACM workshop on Scalable Trusted Computing – STC 2007, pp. 7–14. ACM, New York (2007)CrossRefGoogle Scholar
7.
Kasper, M.: Virtualisation of a SIM-Card using Trusted Computing. Master’s thesis, Private Fernfachhochschule Darmstadt (2007)
8.
Kursawe, K., Schellekens, D., Preneel, B.: Analyzing trusted platform communication. In: ECRYPT Workshop, CRASH – CRyptographic Advances in Secure Hardware, Leuven, Belgium, p. 8 (2005)
9.
De Vries, A., Ma, Y.: A logical approach to NVM integration in SOC design. EDN Magazine (2) (January 2007), http://www.impinj.com/pdf/EDN_NVMinSoC.pdf
10.
Eisenbarth, T., Güneysu, T., Paar, C., Sadeghi, A.R., Schellekens, D., Wolf, M.: Reconfigurable Trusted Computing in Hardware. In: 2nd ACM workshop on Scalable Trusted Computing – STC 2007, pp. 15–20. ACM, New York (2007)CrossRefGoogle Scholar
11.
Sadeghi, A.R., Selhorst, M., Stüble, C., Wachsmann, C., Winandy, M.: TCG inside? A Note on TPM Specification Compliance. In: 1st ACM workshop on Scalable Trusted Computing – STC 2006, pp. 47–56. ACM, New York (2006)CrossRefGoogle Scholar
12.
Alves, T., Rudelic, J.: ARM Security Solutions and Intel Authenticated Flash (2007), http://www.arm.com/pdfs/Intel_ARM_Security_WhitePaper.pdf
13.
Guajardo, J., Kumar, S.S., Schrijen, G.J., Tuyls, P.: FPGA Intrinsic PUFs and Their Use for IP Protection. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 63–80. Springer, Heidelberg (2007)CrossRefGoogle Scholar
14.
Drimer, S.: Volatile FPGA design security – a survey (December 2007), http://www.cl.cam.ac.uk/~sd410/papers/fpga_security.pdf
15.
Baetoniu, C., Sheth, S.: FPGA IFF Copy Protection Using Dallas Semiconductor/Maxim DS2432 Secure EEPROMs (August 2005), http://www.xilinx.com/support/documentation/application_notes/xapp780.pdf
16.
Gassend, B., Clarke, D.E., van Dijk, M., Devadas, S.: Silicon Physical Unknown Functions. In: Atluri, V. (ed.) ACM Conference on Computer and Communications Security – CCS 2002, pp. 148–160. ACM, New York (2002)CrossRefGoogle Scholar
17.
Linnartz, J.P.M.G., Tuyls, P.: New Shielding Functions to Enhance Privacy and Prevent Misuse of Biometric Templates. In: Kittler, J., Nixon, M.S. (eds.) AVBPA 2003. LNCS, vol. 2688, pp. 393–402. Springer, Heidelberg (2003)CrossRefGoogle Scholar
18.
Dodis, Y., Reyzin, L., Smith, A.: Fuzzy Extractors: How to Generate Strong Keys from Biometrics and Other Noisy Data. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 523–540. Springer, Heidelberg (2004)Google Scholar
19.
Suh, G.E., Clarke, D.E., Gassend, B., van Dijk, M., Devadas, S.: Efficient Memory Integrity Verification and Encryption for Secure Processors. In: 36th Annual International Symposium on Microarchitecture, pp. 339–350. ACM/IEEE (2003)
20.
Handschuh, H., Trichina, E.: Securing Flash Technology. In: Breveglieri, L., Gueron, S., Koren, I., Naccache, D., Seifert, J.P. (eds.) 4th International Workshop on Fault Diagnosis and Tolerance in Cryptography – FDTC 2007, pp. 3–17. IEEE Computer Society, Los Alamitos (2007)CrossRefGoogle Scholar

Copyright information

Authors and Affiliations

Dries Schellekens
- 1
Pim Tuyls
- 1
- 2
Bart Preneel
- 1

1.ESAT-SCD/COSICKatholieke Universiteit LeuvenBelgium
2.Philips Research LaboratoriesEindhovenThe Netherlands

Personalised recommendations

Actions

Buy eBook

USD 69.99

Instant download
Readable on all devices
Own it forever
Local sales tax included if applicable

Embedded Trusted Computing with Authenticated Non-volatile Memory

Abstract

Preview

Copyright information

Authors and Affiliations

Personalised recommendations

Cookies