External Authenticated Non-volatile Memory with Lifecycle Management for State Protection in Trusted Computing
Contemporary processor ASICs for embedded devices often include a trusted execution environment (TrEE) typically realized using a secure, isolated processing mode. TrEEs are used for implementing security services. The isolation can be complete with on-board RAM and ROM reserved for the exclusive use of these environments, but ASICs that also include non-volatile memory (NVM) are not readily available or cost-effective. This makes it difficult to deploy security services where persistent storage of state is critical to security. One solution is to use external authenticated non-volatile memory (EANVM), e.g. in a different ASIC. This introduces the need for a key management scheme for pairing and secure communication between the processor and the EANVM unit. Design of such a key management scheme needs to allow for lifecycle management requirements such as field-replacement of EANVM units and testability, both of newly fabricated as well as field-returned units.
In this paper we identify the requirements for lifecycle management of an EANVM which can be used by a TrEE for securing its state persistently. We then present a hardware design that meets both the usual security requirements as well as the lifecycle management requirements simultaneously. Although the design can constitute its own chip, it is intended to be added to a secondary ASIC on the device, one that already has NVM for other reasons (e.g. to store configuration parameters persistently), but has a few tens of NVM cells to spare for this design. Consequently, our design offers an inexpensive way for state protection for TrEEs.
KeywordsMemory Cell Error Recovery Trust Platform Module Memory Component Service Point
Unable to display preview. Download preview PDF.
- 1.Alves, T., Rudeli, J.: ARM Security Solutions and Intel Authenticated Flash – How to integrate Intel Authenticated Flash with ARM TrustZone for maximum system protection. Design Reuse (October 2007), http://www.design-reuse.com/articles/16975/arm-security-solutions-and-intel-authenticated-flash-how-to-integrate-intel-authenticated-flash-with-arm-trustzone-for-maximum-system-protection.html
- 2.ARM. Trustzone-enabled processor, http://www.arm.com/pdfs/DDI0301D_arm1176jzfs_r0p2_trm.pdf
- 3.Badrignans, B., Elbaz, R., Torres, L.: Secure update mechanism for remote update of fpga-based system. In: International Symposium on Industrial Embedded Systems, SIES 2008, June 2008, pp. 221–224 (2008)Google Scholar
- 4.Ekberg, J.-E., Kylanpaa, M.: Mobile trusted module. Technical Report NRC-TR-2007-015, Nokia Research Center (November 2007), http://research.nokia.com/files/NRCTR2007015.pdf
- 6.Srage, J., Azema, J.: M-Shield mobile security technology, TI White paper (2005), http://focus.ti.com/pdfs/wtbu/ti_mshield_whitepaper.pdf
- 7.Trusted Platform Module (TPM) Specifications, https://www.trustedcomputinggroup.org/specs/TPM/