Providing Root of Trust for ARM TrustZone using On-Chip SRAM

Workshop on Trustworthy Embedded Devices Pub Date : 2014-11-03 DOI:10.1145/2666141.2666145

Shijun Zhao, Qianying Zhang, Guangyao Hu, Yu Qin, D. Feng

{"title":"Providing Root of Trust for ARM TrustZone using On-Chip SRAM","authors":"Shijun Zhao, Qianying Zhang, Guangyao Hu, Yu Qin, D. Feng","doi":"10.1145/2666141.2666145","DOIUrl":null,"url":null,"abstract":"We present the design, implementation and evaluation of the root of trust for the Trusted Execution Environment (TEE) provided by ARM TrustZone based on the on-chip SRAM Physical Unclonable Functions (PUFs). We first implement a building block which provides the foundations for the root of trust: secure key storage and truly random source. The building block doesn't require on or off-chip secure non-volatile memory to store secrets, but provides a high-level security: resistance to physical attackers capable of controlling all external interfaces of the system on chip (SoC). Based on the building block, we build the root of trust consisting of seal/unseal primitives for secure services running in the TEE, and a software-only TPM service running in the TEE which provides rich TPM functionalities for the rich OS running in the normal world of TrustZone. The root of trust resists software attackers capable of compromising the entire rich OS. Besides, both the building block and the root of trust run on the powerful ARM processor. In one word, we leverage the on-chip SRAM, commonly available on mobile devices, to achieve a low-cost, secure, and efficient design of the root of trust.","PeriodicalId":350304,"journal":{"name":"Workshop on Trustworthy Embedded Devices","volume":"7 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2014-11-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"63","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Workshop on Trustworthy Embedded Devices","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/2666141.2666145","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 63

Abstract

We present the design, implementation and evaluation of the root of trust for the Trusted Execution Environment (TEE) provided by ARM TrustZone based on the on-chip SRAM Physical Unclonable Functions (PUFs). We first implement a building block which provides the foundations for the root of trust: secure key storage and truly random source. The building block doesn't require on or off-chip secure non-volatile memory to store secrets, but provides a high-level security: resistance to physical attackers capable of controlling all external interfaces of the system on chip (SoC). Based on the building block, we build the root of trust consisting of seal/unseal primitives for secure services running in the TEE, and a software-only TPM service running in the TEE which provides rich TPM functionalities for the rich OS running in the normal world of TrustZone. The root of trust resists software attackers capable of compromising the entire rich OS. Besides, both the building block and the root of trust run on the powerful ARM processor. In one word, we leverage the on-chip SRAM, commonly available on mobile devices, to achieve a low-cost, secure, and efficient design of the root of trust.

查看原文本刊更多论文

使用片上SRAM为ARM TrustZone提供信任根

基于片上SRAM物理不可克隆功能(puf)，提出了ARM TrustZone提供的可信执行环境(TEE)的信任根的设计、实现和评估。我们首先实现一个构建块，它为信任的根提供了基础:安全的密钥存储和真正的随机源。构建块不需要片上或片外安全的非易失性存储器来存储秘密，但提供了高级别安全性:抵抗能够控制片上系统(SoC)的所有外部接口的物理攻击者。在构建块的基础上，我们为运行在TEE中的安全服务构建了由密封/解密封原语组成的信任根，以及运行在TEE中的纯软件TPM服务，该服务为运行在TrustZone正常世界中的富操作系统提供丰富的TPM功能。信任的根源可以抵抗能够危害整个富操作系统的软件攻击者。此外，构建块和信任根都运行在功能强大的ARM处理器上。简而言之，我们利用移动设备上常见的片上SRAM来实现低成本、安全、高效的信任根设计。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Workshop on Trustworthy Embedded Devices

自引率

0.00%

发文量