External Authenticated Non-volatile Memory with Lifecycle Management for State Protection in Trusted Computing

  • Jan-Erik Ekberg
  • N. Asokan
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6163)


Contemporary processor ASICs for embedded devices often include a trusted execution environment (TrEE) typically realized using a secure, isolated processing mode. TrEEs are used for implementing security services. The isolation can be complete with on-board RAM and ROM reserved for the exclusive use of these environments, but ASICs that also include non-volatile memory (NVM) are not readily available or cost-effective. This makes it difficult to deploy security services where persistent storage of state is critical to security. One solution is to use external authenticated non-volatile memory (EANVM), e.g. in a different ASIC. This introduces the need for a key management scheme for pairing and secure communication between the processor and the EANVM unit. Design of such a key management scheme needs to allow for lifecycle management requirements such as field-replacement of EANVM units and testability, both of newly fabricated as well as field-returned units.

In this paper we identify the requirements for lifecycle management of an EANVM which can be used by a TrEE for securing its state persistently. We then present a hardware design that meets both the usual security requirements as well as the lifecycle management requirements simultaneously. Although the design can constitute its own chip, it is intended to be added to a secondary ASIC on the device, one that already has NVM for other reasons (e.g. to store configuration parameters persistently), but has a few tens of NVM cells to spare for this design. Consequently, our design offers an inexpensive way for state protection for TrEEs.


Memory Cell Error Recovery Trust Platform Module Memory Component Service Point 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Alves, T., Rudeli, J.: ARM Security Solutions and Intel Authenticated Flash – How to integrate Intel Authenticated Flash with ARM TrustZone for maximum system protection. Design Reuse (October 2007),
  2. 2.
  3. 3.
    Badrignans, B., Elbaz, R., Torres, L.: Secure update mechanism for remote update of fpga-based system. In: International Symposium on Industrial Embedded Systems, SIES 2008, June 2008, pp. 221–224 (2008)Google Scholar
  4. 4.
    Ekberg, J.-E., Kylanpaa, M.: Mobile trusted module. Technical Report NRC-TR-2007-015, Nokia Research Center (November 2007),
  5. 5.
    Schellekens, D., Tuyls, P., Preneel, B.: Embedded trusted computing with authenticated non-volatile memory. In: Lipp, P., Sadeghi, A.-R., Koch, K.-M. (eds.) Trust 2008. LNCS, vol. 4968, pp. 60–74. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  6. 6.
    Srage, J., Azema, J.: M-Shield mobile security technology, TI White paper (2005),
  7. 7.
    Trusted Platform Module (TPM) Specifications,
  8. 8.
    Wu, C.-H., Kuo, T.-W., Li Chang, P.: An efficient b-tree layer implementation for flash-memory storage systems. ACM Trans. Embed. Comput. Syst. 6(3), 19 (2007)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Jan-Erik Ekberg
    • 1
  • N. Asokan
    • 1
  1. 1.Nokia Research CenterHelsinki

Personalised recommendations