Embedded Trusted Computing with Authenticated Non-volatile Memory

Trusted computing is an emerging technology to improve the trustworthiness of computing platforms. The Trusted Computing Group has proposed specifications for a Trusted Platform Module and a Mobile Trusted Module. One of the key problems when integrating these trusted modules into an embedded system-on-chip design, is the lack of on-chip multiple-time-programmable non-volatile memory. In this paper, we describe a solution to protect the trusted module's persistent state in external memory against non-invasive attacks. We introduce a minimal cryptographic protocol to achieve an authenticated channel between the trusted module and the external non-volatile memory. A MAC algorithm has to be added to the external memory to ensure authenticity. As a case study, we discuss trusted computing on reconfigurable hardware. In order to make our solution applicable to the low-end FPGA series which has no security measures on board, we present a solution that only relies on the reverse engineering complexity of the undocumented bitstream encoding and uses a physically unclonable function for one-time-programmable key storage. Clearly, this solution is also applicable to high-end series with special security measures on board. Our solution also supports field updates of the trusted module.

[1]  Kurt Dietrich An integrated architecture for trusted computing for java enabled embedded devices , 2007, STC '07.

[2]  Jan-Erik Ekberg NRC-TR-2007-015 Mobile Trusted Module ( MTM )-an introduction , 2007 .

[3]  Srinivas Devadas,et al.  Controlled Physical Unknown Functions: Applications to Secure Smartcards and Certified Execution , 2002 .

[4]  Michael Kasper Virtualisation of a SIM-Card using trusted computing , 2007, Informatiktage.

[5]  B. Preneel,et al.  Analyzing trusted platform communication ? , 2005 .

[6]  Helena Handschuh,et al.  Securing Flash Technology , 2007, Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC 2007).

[7]  Srinivas Devadas,et al.  Silicon physical random functions , 2002, CCS '02.

[8]  Saar Drimer,et al.  Volatile FPGA design security { a survey , 2008 .

[9]  Jorge Guajardo,et al.  FPGA Intrinsic PUFs and Their Use for IP Protection , 2007, CHES.

[10]  Ahmad-Reza Sadeghi,et al.  Reconfigurable trusted computing in hardware , 2007, STC '07.

[11]  Stefan Berger,et al.  vTPM: Virtualizing the Trusted Platform Module , 2006, USENIX Security Symposium.

[12]  Jean-Paul M. G. Linnartz,et al.  New Shielding Functions to Enhance Privacy and Prevent Misuse of Biometric Templates , 2003, AVBPA.

[13]  Ahmad-Reza Sadeghi,et al.  TCG inside?: a note on TPM specification compliance , 2006, STC '06.

[14]  Marten van Dijk,et al.  Efficient memory integrity verification and encryption for secure processors , 2003, Proceedings. 36th Annual IEEE/ACM International Symposium on Microarchitecture, 2003. MICRO-36..

[15]  Jean-Pierre Seifert,et al.  A trusted mobile phone reference architecturevia secure kernel , 2007, STC '07.

[16]  Michael Tunstall,et al.  Montgomery Multiplication with Redundancy Check , 2007 .

[17]  Rafail Ostrovsky,et al.  Fuzzy Extractors: How to Generate Strong Keys from Biometrics and Other Noisy Data , 2004, SIAM J. Comput..

[18]  Peter Wilson,et al.  Implementing Embedded Security on Dual-Virtual-CPU Systems , 2007, IEEE Design & Test of Computers.