{"title":"FISMOS -安全模块的FPGA实现作为开源","authors":"Philipp Schubaur, Peter Knauer, D. Merli","doi":"10.1145/3600160.3605168","DOIUrl":null,"url":null,"abstract":"Many IoT devices are trusted with critical tasks and therefore require solid device security. As a result, manufacturers search for cost-efficient and easy-to-integrate trust anchors, but common IT solutions, like a Trusted Platform Modules (TPMs) are often not suitable for Internet of Things (IoT) use cases. Simultaneously, the adoption of System on Chip (SoC) devices, integrating a set of ARM® cores and Programmable Logic (PL) within one package are on the rise in several industries. While the ARM® processors facilitate networking and graphical user interfaces, a Field Programmable Gate Array (FPGA) fabric enables real-time control or acceleration of AI applications on the edge. This paper presents a solution to combine these trends for the benefit of device security: an FPGA Implementation of a Security Module as Open Source (FISMOS). The security module focuses on simplicity, providing security capabilities by little expense of logic as well as engineering resources. FISMOS is based on the PicoRV32 soft-core processor and features an AXI memory interface for data exchange with its host. It enables secure symmetric and asymmetric cryptographic functions, key enclosure, and may serve as a trust anchor for the Linux kernel. This configuration allows for customized security functionalities and a robust segmentation between the encapsulated area of the FISMOS and the Linux OS.","PeriodicalId":107145,"journal":{"name":"Proceedings of the 18th International Conference on Availability, Reliability and Security","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2023-08-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"FISMOS – An FPGA Implementation of a Security Module as Open Source\",\"authors\":\"Philipp Schubaur, Peter Knauer, D. Merli\",\"doi\":\"10.1145/3600160.3605168\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Many IoT devices are trusted with critical tasks and therefore require solid device security. As a result, manufacturers search for cost-efficient and easy-to-integrate trust anchors, but common IT solutions, like a Trusted Platform Modules (TPMs) are often not suitable for Internet of Things (IoT) use cases. Simultaneously, the adoption of System on Chip (SoC) devices, integrating a set of ARM® cores and Programmable Logic (PL) within one package are on the rise in several industries. While the ARM® processors facilitate networking and graphical user interfaces, a Field Programmable Gate Array (FPGA) fabric enables real-time control or acceleration of AI applications on the edge. This paper presents a solution to combine these trends for the benefit of device security: an FPGA Implementation of a Security Module as Open Source (FISMOS). The security module focuses on simplicity, providing security capabilities by little expense of logic as well as engineering resources. FISMOS is based on the PicoRV32 soft-core processor and features an AXI memory interface for data exchange with its host. It enables secure symmetric and asymmetric cryptographic functions, key enclosure, and may serve as a trust anchor for the Linux kernel. This configuration allows for customized security functionalities and a robust segmentation between the encapsulated area of the FISMOS and the Linux OS.\",\"PeriodicalId\":107145,\"journal\":{\"name\":\"Proceedings of the 18th International Conference on Availability, Reliability and Security\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2023-08-29\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the 18th International Conference on Availability, Reliability and Security\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/3600160.3605168\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 18th International Conference on Availability, Reliability and Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3600160.3605168","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
FISMOS – An FPGA Implementation of a Security Module as Open Source
Many IoT devices are trusted with critical tasks and therefore require solid device security. As a result, manufacturers search for cost-efficient and easy-to-integrate trust anchors, but common IT solutions, like a Trusted Platform Modules (TPMs) are often not suitable for Internet of Things (IoT) use cases. Simultaneously, the adoption of System on Chip (SoC) devices, integrating a set of ARM® cores and Programmable Logic (PL) within one package are on the rise in several industries. While the ARM® processors facilitate networking and graphical user interfaces, a Field Programmable Gate Array (FPGA) fabric enables real-time control or acceleration of AI applications on the edge. This paper presents a solution to combine these trends for the benefit of device security: an FPGA Implementation of a Security Module as Open Source (FISMOS). The security module focuses on simplicity, providing security capabilities by little expense of logic as well as engineering resources. FISMOS is based on the PicoRV32 soft-core processor and features an AXI memory interface for data exchange with its host. It enables secure symmetric and asymmetric cryptographic functions, key enclosure, and may serve as a trust anchor for the Linux kernel. This configuration allows for customized security functionalities and a robust segmentation between the encapsulated area of the FISMOS and the Linux OS.