Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
skip to main content
10.1007/978-3-030-79025-7_17guideproceedingsArticle/Chapter ViewAbstractPublication PagesConference Proceedingsacm-pubtype
Article

Providing Tamper-Secure SoC Updates Through Reconfigurable Hardware

Published: 29 June 2021 Publication History

Abstract

Remote firmware updates have become the de facto standard to guarantee a secure deployment of often decentrally operated IoT devices. However, the transfer and the provision of updates are considered as highly security-critical. Immunity requirements, such as the authenticity of the update provider and the integrity and confidentiality of the content typically loaded from an external cloud server over an untrusted network are therefore mandatory. This is especially true for FPGA-based programmable System-on-Chip (PSoC) architectures, as they are ideal implementation candidates for products with a long lifetime due to their adaptivity of both software and hardware configurations. In this paper, we propose a methodology for securely updating PSoC architectures by exploiting the reconfigurable logic of the FPGA. In the proposed approach, the FPGA serves as a secure anchor point by performing the required authenticity and integrity checks before granting the system update to be installed. In particular, a hardware design called Trusted Update Unit (TUU) is defined that is loaded from memory for the duration of an update session to first verify the identity of an external update provider and then, based on this verification, to establish a secure channel for protected data transfers. The proposed approach is also able to secure the confidentiality of cryptographic keys even if the software of the PSoC is compromised by applying them only as device-intrinsic secrets. Finally, an implementation of the approach on a Xilinx Zynq PSoC is described and evaluated for the design objectives performance and resource costs.

References

[1]
Anderson, J.H.: A PUF design for secure FPGA-based embedded systems. In: ASPDAC. IEEE (2010)
[2]
Baudet M, Lubicz D, Micolod J, and Tassiaux A On the security of oscillator-based random number generators J. Cryptol. 2010 24 2 398-425
[3]
Canvel B, Hiltgen A, Vaudenay S, and Vuagnoux M Boneh D Password interception in a SSL/TLS channel Advances in Cryptology - CRYPTO 2003 2003 Heidelberg Springer 583-599
[4]
Coughlin, A., Cusack, G., Wampler, J., Keller, E., Wustrow, E.: Breaking the trust dependence on third party processes for reconfigurable secure hardware. In: FPGA (2019)
[5]
Drimer S and Kuhn MG Becker J, Woods R, Athanas P, and Morgan F A protocol for secure remote updates of FPGA configurations Reconfigurable Computing: Architectures, Tools and Applications 2009 Heidelberg Springer 50-61
[6]
Guajardo J, Kumar SS, Schrijen G-J, and Tuyls P Paillier P and Verbauwhede I FPGA intrinsic PUFs and their use for IP protection Cryptographic Hardware and Embedded Systems - CHES 2007 2007 Heidelberg Springer 63-80
[7]
Guajardo, J., Kumar, S.S., Schrijen, G.J., Tuyls, P.: Physical unclonable functions and public-key crypto for FPGA IP protection. In: FPL (2007)
[8]
Koblitz, N.: Elliptic curve cryptosystems. Math. Comput. 48(177), 203–209 (1987)
[9]
Morris, K.: Xilinx Hits the Road with Daimler SoCs to Power Automotive AI Applications. https://www.eejournal.com/article/xilinx-hits-the-road-with-daimler. Accessed March 2021
[10]
Ray, S., Basak, A., Bhunia, S.: Patching the Internet of Things. IEEE Spectr. 54(11), 30–35 (2017)
[11]
Ronen, E., Gillham, R., Genkin, D., Shamir, A., Wong, D., Yarom, Y.: The 9 lives of bleichenbacher’s CAT: new cache attacks on TLS implementations. In: SP. IEEE (2019)
[12]
Simpson E and Schaumont P Goubin L and Matsui M Offline hardware/software authentication for reconfigurable platforms Cryptographic Hardware and Embedded Systems - CHES 2006 2006 Heidelberg Springer 311-323
[13]
Somorovsky, J.: Systematic fuzzing and testing of TLS libraries. In: CCS (2016)
[14]
Streit F et al. Data acquisition and control at the edge: a hardware/software-reconfigurable approach Prod. Eng. 2020 14 3 365-371
[15]
Streit, F.J., Fritz, F., Becher, A., et al.: Secure boot from non-volatile memory for programmable SoC architectures. In: HOST. IEEE (2020)
[16]
Streit, F.J., Letras, M., Schid, M., Falk, J., Wildermann, S., Teich, J.: High-level synthesis for hardware/software co-design of distributed smart camera systems. In: ICDSC. ACM (2017)
[17]
Unterstein, F., Jacob, N., Hanley, N., Gu, C., Heyszl, J.: SCA secure and updatable crypto engines for FPGA SoC bitstream decryption. In: ASHES (2019)
[18]
Zandberg, K., Schleiser, K., Acosta, F., Tschofenig, H., Baccelli, E.: Secure firmware updates for constrained IoT devices using open standards: a reality check. IEEE Access 7, 71907–71920 (2019)

Index Terms

  1. Providing Tamper-Secure SoC Updates Through Reconfigurable Hardware
        Index terms have been assigned to the content through auto-classification.

        Recommendations

        Comments

        Information & Contributors

        Information

        Published In

        cover image Guide Proceedings
        Applied Reconfigurable Computing. Architectures, Tools, and Applications: 17th International Symposium, ARC 2021, Virtual Event, June 29–30, 2021, Proceedings
        Jun 2021
        343 pages
        ISBN:978-3-030-79024-0
        DOI:10.1007/978-3-030-79025-7

        Publisher

        Springer-Verlag

        Berlin, Heidelberg

        Publication History

        Published: 29 June 2021

        Author Tags

        1. Security
        2. FPGA
        3. Secure update
        4. Hardware/Software co-design

        Qualifiers

        • Article

        Contributors

        Other Metrics

        Bibliometrics & Citations

        Bibliometrics

        Article Metrics

        • 0
          Total Citations
        • 0
          Total Downloads
        • Downloads (Last 12 months)0
        • Downloads (Last 6 weeks)0
        Reflects downloads up to 28 Dec 2024

        Other Metrics

        Citations

        View Options

        View options

        Media

        Figures

        Other

        Tables

        Share

        Share

        Share this Publication link

        Share on social media