WO2017008133A1 - Architecture sécurisée pour systèmes embarqués - Google Patents
Architecture sécurisée pour systèmes embarqués Download PDFInfo
- Publication number
- WO2017008133A1 WO2017008133A1 PCT/BR2016/000066 BR2016000066W WO2017008133A1 WO 2017008133 A1 WO2017008133 A1 WO 2017008133A1 BR 2016000066 W BR2016000066 W BR 2016000066W WO 2017008133 A1 WO2017008133 A1 WO 2017008133A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- memory
- architecture
- line
- address
- architecture according
- Prior art date
Links
- 230000015654 memory Effects 0.000 claims abstract description 115
- 230000006870 function Effects 0.000 claims description 17
- 230000004044 response Effects 0.000 claims description 6
- 238000012795 verification Methods 0.000 claims description 3
- 238000003780 insertion Methods 0.000 abstract description 2
- 230000037431 insertion Effects 0.000 abstract description 2
- 230000004075 alteration Effects 0.000 abstract 1
- 101001096578 Homo sapiens Rhomboid domain-containing protein 3 Proteins 0.000 description 42
- 102100037471 Rhomboid domain-containing protein 3 Human genes 0.000 description 42
- 239000003795 chemical substances by application Substances 0.000 description 9
- 238000013461 design Methods 0.000 description 6
- 238000012986 modification Methods 0.000 description 4
- 230000004048 modification Effects 0.000 description 4
- 230000008901 benefit Effects 0.000 description 3
- 238000004519 manufacturing process Methods 0.000 description 3
- 238000000034 method Methods 0.000 description 3
- 230000008569 process Effects 0.000 description 3
- 230000009471 action Effects 0.000 description 2
- 230000002155 anti-virotic effect Effects 0.000 description 2
- 230000006399 behavior Effects 0.000 description 2
- 239000000872 buffer Substances 0.000 description 2
- 230000008859 change Effects 0.000 description 2
- 238000004891 communication Methods 0.000 description 2
- 238000010276 construction Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 230000003993 interaction Effects 0.000 description 2
- 208000033748 Device issues Diseases 0.000 description 1
- 238000013459 approach Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000004069 differentiation Effects 0.000 description 1
- 238000005265 energy consumption Methods 0.000 description 1
- 230000010354 integration Effects 0.000 description 1
- 239000000543 intermediate Substances 0.000 description 1
- 230000007257 malfunction Effects 0.000 description 1
- 230000000873 masking effect Effects 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 230000002093 peripheral effect Effects 0.000 description 1
- 230000002265 prevention Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 238000001542 size-exclusion chromatography Methods 0.000 description 1
- 238000012360 testing method Methods 0.000 description 1
- 230000001960 triggered effect Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F13/00—Interconnection of, or transfer of information or other signals between, memories, input/output devices or central processing units
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
- G06F21/14—Protecting executable software against software analysis or reverse engineering, e.g. by obfuscation
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/73—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information by creating or determining hardware identification, e.g. serial numbers
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/78—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2129—Authenticate client device independently of the user
Definitions
- the present invention relates to a secure architecture for authentication and iniquity checking of cache memory lines by means of PUFs for embedded systems and is intended to prevent malicious code from being inserted into these systems. Signs protects the integrity of code and data and makes it possible to detect any program changes to an embedded system (including the operating system, when present).
- PUFs Physical Uncountable Functions
- embedded systems are classified into two categories, Simple Embedded Systems (SES) and Complex Embedded Systems (SEC).
- SES Simple Embedded Systems
- SEC Complex Embedded Systems
- an SEC is capable of having an operating system that can incorporate external storage units as part of the system so that programs and data can be loaded from or stored on these drives.
- This is well exemplified by today's Smartphones and Tahets that are as powerful and have as many functions as some personal computers.
- AEGiS proposed in [1] and [2] is a robust architecture capable of maintaining code and data integrity through PUF-based authentication.
- the major difference with AEGiS architecture is that it can be a secure architecture in a way. independent of any software - including the operating system (OS) - or otherwise only when part of the operating system is reliable.
- OS operating system
- the kernel [or kernei ⁇ is reliable, the difference between the two modes lies in the additional hardware one implementation has of the other.
- the OS is unreliable, operations similar to those performed by the OS have to be implemented in hardware, which makes this implementation more complex and costly to manufacture.
- SECs have computational power for the use of OSs capable of having different layers of security, one of which will house the secure core.
- a program that does not have its authenticity validated is still allowed to run. While all unvalidated code executes in an environment that the architecture considers unsafe, that is, in an environment that may not have access to secure data, an attacker may want to exactly inhibit a program from doing its job. For example, if a particular program is critical to the operation of an embedded system, a lack of access to protected data can lead to critical failures during its operation and even then the system remains active. Thus, the number of possible system failure situations can increase significantly due to the combination of failures that one or more programs can cause simply because their authentications have not been validated.
- a model of secure coprocessor architectures is presented by WO2014138626 Al.
- This architecture features the use of PUFs for key generation from cryptographic primitives, thus making the security of each instance of the architecture unique.
- the system provides full time integrity !.
- the architecture is not completely transparent to the software of a computer system, as it depends on new instructions that it specifies for its operation and thus subject to the presence of these instructions in the programs.
- the architecture allows external memory to be reliable or not, it is possible to use the proposal for applications as certified execution.
- the biggest differential of architecture compared to other architectures .as now seen, is to have two specific hardware that control the input and output of data. Because of this hardware it is possible to use speculative execution: while data and code obtained from the input hardware are in the process of integrity checking, the processor can execute all the instructions contained in the ⁇ code read and write the data, but the output hardware only allows data outputs when integrity and authenticity are confirmed.
- US8918647 deals with device authentication, organized as a root server and multiple child nodes, which can be authenticated, but also does not deal with authentication and code and data integrity checking on embedded systems.
- US814Q824 deals with authenticating an iterative boot code snippet with a hash function. The accumulated final hash value is compared to a stored value. However, because the code only starts after iterative verification, there is a big performance issue. Especially if the scheme is expanded to other system codes than the boot code. Still, the question of data integrity is not addressed, ie whether boot code data can be updated, and what this process is like.
- the present invention relates to a secure architecture for simple embedded systems, which contemplates a memory controller which is used of PUFs to generate digital authentication tags for cache memory lines. These tags are stored in a new memory that does not allow them to be accessed via software.
- the architecture can utilize commercially available processors without requiring changes to software already available to processors.
- the architecture prevents code and data modifications by preventing malicious agents from modifying the operation of a simple embedded system.
- authenticated memory regions with data can be updated with new authenticity tags generated completely securely, thus allowing the use of architecture in different simple embedded system applications.
- FIG. 1 Schematic illustrating the proposed architecture, highlighting the processor and MCTRL
- Figure 2 illustrates a first possible configuration for PTAG-GEN, by combining FPAs with PUFs in PTAG generation.
- Figure 3 illustrates a second possible configuration for PTAG-GEN.
- Figure 4 illustrates a third possible configuration for PTAG-GEN.
- the present invention relates to a secure architecture for simple embedded systems, which contemplates a memory controller that uses PUFs to generate digital authentication tags for cache memory lines. These tags are stored in a new memory that does not allow their access via software.
- the architecture can utilize commercially available processors without requiring changes to software already available to processors.
- the architecture prevents code and data modifications by preventing malicious agents from modifying the operation of a simple embedded system.
- authenticated memory regions with data can be updated with new authenticity tags generated completely securely, thus allowing the use of architecture in different simple embedded system applications.
- PTAG physical tag
- MTRL memory controller
- PTAG-MEM PTAG memory
- FIG. 1 shows the architecture proposed by the present invention. Inside the chip are the processor and the memory controller (MCTRL). The processor displays its main components and MCTRL only displays the added circuits for safety purposes: the comparator and the PTAGs generator (PTAG-GEN). The MCTRL is the one who receives and sends the data to external memories as well as it passes it to the processor. The cache lines (or blocks of memory) obtained from these data buses are taken to PTAG-GEN by SViCTRL. In addition, it is shown that the physical address of the external memory and the PTAG memory is the same, and both are triggered. at the same time.
- MCTRL memory controller
- PTAG-MEM is a physical memory isolated by the PTAG bus, which connects the chip to the bus. Its physical address is the same as the main memory, so access to a memory block results in concomitant access to that block's PTAG-MEM block.
- PTAG memory is at the same level as main memory in the system memory hierarchy.
- PTAG-MEM technology does not have to be the same as main memory, but it is a design decision to ensure that the time PTAG takes from PTAG-MEM to MCTRL cannot be longer than the time PTAG-GEN takes. to generate a PTAG (taking into account the time required for PTAG-GEN to obtain the Cache Memory Line or bus memory block), as this would delay cache line (or memory block) authentication,
- PTAG generation is performed by PTAG-GEN which uses either a bus memory cache line or a memory block brought from main memory. Note that in this document it is assumed that a memory block is the bit size equivalent to a Cache memory line, so the terms "memory block” and "cache line of memory” are used in an equivalent manner in this document.
- This line of cache memory is concatenated to the physical or virtual address. obtained directly from the processor (without intermediates) and this composition is used with input by PTAG-GEN to generate the PTAG associated with said block.
- PTAG-GEN uses is a PUF in combination with one or more pseudo-random functions (FPAs) to generate PTAGs.
- FPAs pseudo-random functions
- Pseudo-random functions serve to blur the composition formed by the virtual (or physical) address and the memory block, while the PUF adds false-entropy entropy) and uniqueness.
- FPAs pseudo-random functions
- the memory controller has two functions: checking and storing PTAGs. At verification, the PTAG generated by PTAG-GEN is compared to that brought from PTA6-MEM simultaneously to the memory block. If the two are different a non-masking interrupt (PTAG-NMS) will be issued to the processor by MCTRL. If the PTAGs are equal nothing happens. In storage, the memory controller uses the cache memory line being transferred to main memory at the same time as the processor's line address, so PTAG-GEN demands the generation of PTAG that MCTRL will send to PTAG -MEM.
- PTAG-NMS non-masking interrupt
- the PTAG-NM interrupt it must be connected to some extra interrupt pin available on modern processors.
- an interrupt puts the processor in a state of exception, in which it takes some specific action for treatment. These actions are programmed by the firmware as an interrupt handling routine.
- MCTRL By monitoring the MCTRL control bus it is possible to identify which hardware has made a request and what is the request. In this way, MCTRL is able to identify when the processor requests a memory block that is not in cache memory, thus indicating that a search has to be taken to the main memory. This way, MCTRL can simultaneously access PTAG memory.
- the processor communication with the I / O devices inside the chip is arbitrated by the memory controller.
- One way to do this is to place buffers that intercept this communication and only allow the I / O device to receive data sent by the processor if MCTRL allows it. In this way, MCTRL can directly pass data received from memory to the processor to avoid any performance loss. Meanwhile, MCTRL proceeds with checking the integrity of the memory block that was sent to the processor. If the processor has an input and output instruction, it will be buffered until the memory controller authorizes it. This prevents malicious code from exposing any data outside the secure area (ie outside the chip).
- memory data blocks when changed may have their digital tag updated.
- these chips are inside the chip, such as cache lines, they are in a safe environment and updating PTAGs is not susceptible to fraud.
- PTAG-GEN can be designed in at least three ways, in which the interaction between FPA (s) and PUF (s) maintains the security robustness that computer systems currently demand.
- FPAs can be set with fixed keys that can be the same for all instances of the architecture, thus making them equivalent to hash functions. Among them may be one or more PUFs. The number will depend on the output size of the first FPA chosen, the type of PUF used, and the number of output bits of the second FPA chosen.
- the PUF chosen is of type Referee PUF
- the output of the second FPA is 64-bit.
- the PTAG-GEN input is the composition of a memory block and its address, as this composition for modern processors is longer than 128 bits, this does not affect the entropy of the output of the first FPA, ie the The amount of information coming in is greater than the information coming out. Thus, it remains an important security property of digital authentication !.
- the second FPA has output 64-bit, to ensure security properties, the entry must be at least 64-bit, so 64 Referee PUFs are required. Each of these will receive a 128-bit challenge and has a one-bit response.
- the first FPA will be the challenge of each PUF as well. Since PUFs are unique in each of their instances, it is not possible to predict the response bits, ie the input of the second FPA is totally random in nature. By fine !, the output of the second FPA is the digital label of the memory block and its address.
- a malicious agent obtains such a machine and attempts to modify the code contained therein so that credit card data is transferred to some peripheral device. He intends to return the modified machine to the restaurant with the intention of stealing sensitive customer data. It will only be able to do this if, in addition to entering malicious code, it also changes the PTAGs in the PTAG-MEM. Which, as discussed earlier, will only work with Irrisible probability. Note that all credit card machine secrecy apparatus is not modified using the architecture proposed here. No difference works! on a card machine with or without the use of this proposal, however, this attack would be blocked. Finally, any success of the malicious agent on one instance of the machine does not open the way for trivial fraud. All the hard work of applying the attack once must be repeated.
- a company sells GPS with paid monthly updates.
- a malicious agent tries to take advantage by reselling GPS with the modified software so that updates are downloaded and installed for free. This in the black market should attract people interested in not paying the monthly service charged by the company that originally made the GPS.
- the malicious agent attempts to resell the product, it has already had all program memory authenticated by PTAGs. The malicious agent will not be able to modify the code successfully. Since, as in the previous example, you will need to modify the PTAG memory with the PTAGs that would give authenticity to your malicious code. Therefore, the malicious agent will not succeed in this endeavor.
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- General Health & Medical Sciences (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- Technology Law (AREA)
- Multimedia (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Mathematical Physics (AREA)
- Storage Device Security (AREA)
Abstract
La présente invention concerne une architecture sécurisée d'authentification et de vérification d'intégrité de lignes de mémoire cache au moyen de PUF pour systèmes embarqués, et vise à éviter l'insertion d'un code malveillant dans ces systèmes. Elle protège ainsi l'intégrité de code et de données et permet la détection de toute modification éventuelle dans les programmes d'un système embarqué (y compris le système d'exploitation, s'il y a lieu). Elle trouve une application dans le domaine des systèmes informatique, plus particulièrement dans l'architecture de systèmes embarqués et dans la sécurité de l'information.
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
BR102015016831-4A BR102015016831B1 (pt) | 2015-07-14 | 2015-07-14 | Arquitetura segura para sistemas embarcados |
BRBR1020150168314 | 2015-07-14 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2017008133A1 true WO2017008133A1 (fr) | 2017-01-19 |
Family
ID=57756589
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/BR2016/000066 WO2017008133A1 (fr) | 2015-07-14 | 2016-07-12 | Architecture sécurisée pour systèmes embarqués |
Country Status (2)
Country | Link |
---|---|
BR (1) | BR102015016831B1 (fr) |
WO (1) | WO2017008133A1 (fr) |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20090113136A1 (en) * | 2007-10-30 | 2009-04-30 | Sandisk Il Ltd. | Caching for structural integrity schemes |
US20140082721A1 (en) * | 2012-09-19 | 2014-03-20 | Nuvoton Technology Corporation | Secured computing system with asynchronous authentication |
WO2014138626A1 (fr) * | 2013-03-08 | 2014-09-12 | Robert Bosch Gmbh | Systèmes et procédés permettant de conserver une intégrité et une confidentialité dans des plates-formes informatiques non sécurisées |
-
2015
- 2015-07-14 BR BR102015016831-4A patent/BR102015016831B1/pt active IP Right Grant
-
2016
- 2016-07-12 WO PCT/BR2016/000066 patent/WO2017008133A1/fr active Application Filing
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20090113136A1 (en) * | 2007-10-30 | 2009-04-30 | Sandisk Il Ltd. | Caching for structural integrity schemes |
US20140082721A1 (en) * | 2012-09-19 | 2014-03-20 | Nuvoton Technology Corporation | Secured computing system with asynchronous authentication |
WO2014138626A1 (fr) * | 2013-03-08 | 2014-09-12 | Robert Bosch Gmbh | Systèmes et procédés permettant de conserver une intégrité et une confidentialité dans des plates-formes informatiques non sécurisées |
Also Published As
Publication number | Publication date |
---|---|
BR102015016831B1 (pt) | 2022-12-06 |
BR102015016831A2 (pt) | 2017-01-24 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11374967B2 (en) | Systems and methods for detecting replay attacks on security space | |
KR102573921B1 (ko) | 바이러스/멀웨어로부터 안전한 저장 장치, 그것을 포함한 컴퓨팅 시스템 및 그것의 방법 | |
CN107092495B (zh) | 平台固件铠装技术 | |
JP5500458B2 (ja) | プロセッサメインメモリのメモリコンテンツのセキュリティ保護 | |
US11256797B2 (en) | Remote attestation for multi-core processor | |
JP4883459B2 (ja) | ポイントツーポイント相互接続システム上のセキュアな環境初期化命令の実行 | |
US10999081B2 (en) | Dynamic certificate management for a distributed authentication system | |
Vasudevan et al. | CARMA: A hardware tamper-resistant isolated execution environment on commodity x86 platforms | |
KR20170095161A (ko) | 시큐어 시스템 온 칩 | |
US10360370B2 (en) | Authenticated access to manageability hardware components | |
US10558589B1 (en) | Secure data access between computing devices using host-specific key | |
US9935768B2 (en) | Processors including key management circuits and methods of operating key management circuits | |
EP3757838B1 (fr) | Atténuation des attaques au démarrage à chaud pour les modules de mémoire non-volatile | |
CN116049825A (zh) | 管理基板管理控制器的存储器中的秘密的存储 | |
US20130002398A1 (en) | Apparatus, System, and Method for Providing Attribute Identity Control Associated with a Processor | |
CN113946881A (zh) | 安全串行外围接口(spi)闪存 | |
US20230010319A1 (en) | Deriving independent symmetric encryption keys based upon a type of secure boot using a security processor | |
WO2017008133A1 (fr) | Architecture sécurisée pour systèmes embarqués | |
WO2021037344A1 (fr) | Dispositif sécurisé et système informatique | |
US20230015334A1 (en) | Deriving dependent symmetric encryption keys based upon a type of secure boot using a security processor | |
US20220358208A1 (en) | Systems and methods for enabling accelerator-based secure execution zones | |
Chilingirian | Hashing hardware: identifying hardware during boot-time system verification |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 16823571 Country of ref document: EP Kind code of ref document: A1 |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 16823571 Country of ref document: EP Kind code of ref document: A1 |