Design and Implementation of the PHaSE Core: Establishing Hardware Roots of Trust for Safety-Critical Embedded Devices
Resumo
The assessment of cybersecurity standards for safety-critical embedded systems has gained momentum across the aerospace, medical, defense, and automotive industries. A key challenge in complying with these standards is establishing robust Hardware Roots of Trust that account for evolving threats and malicious hardware changes. This research outlines the development of the Programmable Hardware Siloed Engine (PHaSE) core, integrated within an FPGA to act as an improvement over Trusted Platform Modules (TPMs). The design will support secure boot, ensure confidentiality, offer tamper resistance, and establish security enclaves. To assess its functionality, resource utilization during secure boot is analyzed whilst benchmarking it against commercial TPMs.Referências
Arthur, W., Challener, D., and Goldman, K. (2015). A Practical Guide to TPM 2.0: Using the New Trusted Platform Module in the New Age of Security. Apress Media, LLC, New York City.
Bertoni, G., Daemen, J., Peeters, M., and Van Assche, G. (2013). Keccak. In Johansson, T. and Nguyen, P. Q., editors, Advances in Cryptology – EUROCRYPT 2013, pages 313–314, Berlin, Heidelberg. Springer Berlin Heidelberg.
De Oliveira Nunes, I., Ding, X., and Tsudik, G. (2021). On the root of trust identification problem. IPSN ’21, page 315–327, New York, NY, USA. Association for Computing Machinery.
Hoeller, A. and Toegl, R. (2018). Trusted platform modules in cyber-physical systems: On the interference between security and dependability. In IEEE European Symposium on Security and Privacy Workshops (EuroS&PW), pages 136–144, London, UK.
Lin, K.-J. and Wang, C.-Y. (2012). Using tpm to improve boot security at bios layer. In 2012 IEEE International Conference on Consumer Electronics (ICCE), pages 376–377, Las Vegas, NV.
Pereira, L., Ortiz, L., Rossi, D., Rosa, M., Fonseca, K., Prado, C., Rust, L., Britto, A., and Riella, R. (2018). Using intel sgx to enforce auditing of running software in in- secure environments. In 2018 IEEE International Conference on Cloud Computing Technology and Science (CloudCom), pages 243–246.
Perez, R., Sailer, R., and Van Doorn, L. (2006). VTPM: virtualizing the trusted platform module. In Proceedings of the 15th Conf. on USENIX Security Symposium, pages 305–320, Vancouver, Canada.
Ray, S. (2019). Safety, security, and reliability: The automotive robustness problem and an architectural solution. In 2019 IEEE International Conference on Consumer Electronics (ICCE), pages 1–4.
Sevinç, P. E., Strasser, M., and Basin, D. (2007). Securing the distribution and storage of secrets with trusted platform modules. In Proceedings of the 1st IFIP TC6/WG8.8 /WG11.2 International Conference on Information Security Theory and Practices: Smart Cards, Mobile and Ubiquitous Computing Systems, WISTP’07, page 53–66. Springer-Verlag.
Thomas, D. B., Howes, L., and Luk, W. (2009). A comparison of cpus, gpus, fpgas, and massively parallel processor arrays for random number generation. In Proceedings of the ACM/SIGDA International Symposium on Field Programmable Gate Arrays, FPGA ’09, page 63–72, New York, NY, USA. Association for Computing Machinery.
Bertoni, G., Daemen, J., Peeters, M., and Van Assche, G. (2013). Keccak. In Johansson, T. and Nguyen, P. Q., editors, Advances in Cryptology – EUROCRYPT 2013, pages 313–314, Berlin, Heidelberg. Springer Berlin Heidelberg.
De Oliveira Nunes, I., Ding, X., and Tsudik, G. (2021). On the root of trust identification problem. IPSN ’21, page 315–327, New York, NY, USA. Association for Computing Machinery.
Hoeller, A. and Toegl, R. (2018). Trusted platform modules in cyber-physical systems: On the interference between security and dependability. In IEEE European Symposium on Security and Privacy Workshops (EuroS&PW), pages 136–144, London, UK.
Lin, K.-J. and Wang, C.-Y. (2012). Using tpm to improve boot security at bios layer. In 2012 IEEE International Conference on Consumer Electronics (ICCE), pages 376–377, Las Vegas, NV.
Pereira, L., Ortiz, L., Rossi, D., Rosa, M., Fonseca, K., Prado, C., Rust, L., Britto, A., and Riella, R. (2018). Using intel sgx to enforce auditing of running software in in- secure environments. In 2018 IEEE International Conference on Cloud Computing Technology and Science (CloudCom), pages 243–246.
Perez, R., Sailer, R., and Van Doorn, L. (2006). VTPM: virtualizing the trusted platform module. In Proceedings of the 15th Conf. on USENIX Security Symposium, pages 305–320, Vancouver, Canada.
Ray, S. (2019). Safety, security, and reliability: The automotive robustness problem and an architectural solution. In 2019 IEEE International Conference on Consumer Electronics (ICCE), pages 1–4.
Sevinç, P. E., Strasser, M., and Basin, D. (2007). Securing the distribution and storage of secrets with trusted platform modules. In Proceedings of the 1st IFIP TC6/WG8.8 /WG11.2 International Conference on Information Security Theory and Practices: Smart Cards, Mobile and Ubiquitous Computing Systems, WISTP’07, page 53–66. Springer-Verlag.
Thomas, D. B., Howes, L., and Luk, W. (2009). A comparison of cpus, gpus, fpgas, and massively parallel processor arrays for random number generation. In Proceedings of the ACM/SIGDA International Symposium on Field Programmable Gate Arrays, FPGA ’09, page 63–72, New York, NY, USA. Association for Computing Machinery.
Publicado
16/09/2024
Como Citar
SERAFIM, Manoel Augusto de Souza.
Design and Implementation of the PHaSE Core: Establishing Hardware Roots of Trust for Safety-Critical Embedded Devices. In: WORKSHOP DE TRABALHOS DE INICIAÇÃO CIENTÍFICA E DE GRADUAÇÃO EM ANDAMENTO - SIMPÓSIO BRASILEIRO DE SEGURANÇA DA INFORMAÇÃO E DE SISTEMAS COMPUTACIONAIS (SBSEG), 24. , 2024, São José dos Campos/SP.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2024
.
p. 358-363.
DOI: https://doi.org/10.5753/sbseg_estendido.2024.241821.