Authors: Kang Huang, Wanting Zhou, Shiwei Yuan, Lei Li

Abstract:

Since information technology develops rapidly, the security issue has become an increasingly critical for computer system. In particular, as cloud computing and the Internet of Things (IoT) continue to gain widespread adoption, computer systems need to new security threats and attacks. The Root of Trust (RoT) is the foundation for providing basic trusted computing, which is used to verify the security and trustworthiness of other components. Designing a reliable RoT and guaranteeing its own security are essential for improving the overall security and credibility of computer systems. In this paper, we discuss the implementation of self-security technology based on the RISC-V RoT at the hardware level. To effectively safeguard the security of the RoT, researches on security safeguard technology on the RoT have been studied. At first, a lightweight and secure boot framework is proposed as a secure mechanism. Secondly, two kinds of memory protection mechanism are built to against memory attacks. Moreover, hardware implementation of proposed method has been also investigated. A series of experiments and tests have been carried on to verify to effectiveness of the proposed method. The experimental results demonstrated that the proposed approach is effective in verifying the integrity of the RoT’s own boot rom, user instructions, and data, ensuring authenticity and enabling the secure boot of the RoT’s own system. Additionally, our approach provides memory protection against certain types of memory attacks, such as cache leaks and tampering, and ensures the security of root-of-trust sensitive information, including keys.

Keywords: Root of Trust, secure boot, memory protection, hardware security.

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 80

References:

[1] R. Perez, “Silicon systems security and building a root of trust,” in 2015 IEEE Asian Solid-State Circuits Conference (A-SSCC). IEEE, 2015, pp. 1–4.
[2] B. Møller, M. Pedersen, and T. Bøgedal, “Formally verifying security properties for opentitan boot code with uppaal,” To Appear. MA thesis. AAU, 2021.
[3] T. Lu, “A survey on risc-v security: Hardware and architecture,” arXiv preprint arXiv:2107.04175, 2021.
[4] Y. Gui, A. S. Siddiqui, and F. Saqib, “Hardware based root of trust for electronic control units,” in SoutheastCon 2018. IEEE, 2018, pp. 1–7.
[5] A. Ehret, E. Del Rosario, K. Gettings, and M. A. Kinsy, “A hardware root-of-trust design for low-power soc edge devices,” in 2020 IEEE High Performance Extreme Computing Conference (HPEC). IEEE, 2020, pp. 1–6.
[6] A. Tomlinson, “Introduction to the tpm,” Smart Cards, Tokens, Security and Applications, pp. 173–191, 2017.
[7] E. Benhani, L. Bossuet, and A. Aubert, “The security of arm trustzone in a fpga-based soc,” IEEE Transactions on Computers, vol. 68, no. 8, pp. 1238–1248, 2019.
[8] H. Raj, S. Saroiu, A. Wolman, R. Aigner, J. Cox, P. England, C. Fenner, K. Kinshumann, J. Loeser, D. Mattoon et al., “ftpm: A firmware-based tpm 2.0 implementation,” Microsoft Research, pp. 0–23, 2015.
[9] J. Van Bulck, M. Minkin, O. Weisse, D. Genkin, B. Kasikci, F. Piessens, M. Silberstein, T. F. Wenisch, Y. Yarom, and R. Strackx, “Foreshadow: Extracting the keys to the intel sgx kingdom with transient out-of-order execution,” in Proceedings fo the 27th USENIX Security Symposium. USENIX Association, 2018.
[10] N. R. Weidler, D. Brown, S. A. Mitchel, J. Anderson, J. R. Williams, A. Costley, C. Kunz, C. Wilkinson, R. Wehbe, and R. Gerdes, “Return-oriented programming on a cortex-m processor,” in 2017 IEEE Trustcom/BigDataSE/ICESS. IEEE, 2017, pp. 823–832.
[11] J. Haj-Yahya, M. M. Wong, V. Pudi, S. Bhasin, and A. Chattopadhyay, “Lightweight secure-boot architecture for risc-v system-on-chip,” in 20th International Symposium on Quality Electronic Design (ISQED). IEEE, 2019, pp. 216–223.
[12] X. Zheng, X. Hu, J. Zhang, J. Yang, S. Cai, and X. Xiong, “An efficient and low-power design of the sm3 hash algorithm for iot,” Electronics, vol. 8, no. 9, p. 1033, 2019.
[13] J. Daemen and V. Rijmen, “Aes proposal: Rijndael,” 1999.
[14] F. Armknecht and J. Guajardo, “Fourth international workshop on trustworthy embedded devices (trusted 2014),” in Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, 2014, pp. 1548–1549.