Secure IoT Device Architecture Using TrustZone

IoT realizes efficient system such as smart cities, smart factories, and smart agriculture. However, there are risks of cyber attacks against the IoT with the potential to cause serious damage. To protect the IoT systems, protection of the entire system including end-point IoT devices is essential. However, existing software-based protection is insufficient against recent sophisticated attackers who disable or bypass security mechanisms. In this paper, to ensure correct operations of security mechanisms, we propose a secure IoT device architecture using TrustZone. A monitoring engine can be protected from attacks by deploying the engine in a secure world which is isolated from a non-secure. Here, a problem is that each secure and non-secure world has its own virtual memory and OS, thus the monitoring engine in the secure world cannot directly monitor software in the non-secure world. To cope with the semantic gap between the non-secure world and the secure world, the proposed architecture has two monitoring engines: a monitoring engine in the non-secure world for measuring software in the non-secure world and a monitoring engine in secure world for attesting the engine in non-secure world. Moreover, we implement the architecture and show the proposed architecture is feasible on the basis of its evaluation results.