Tong Sun,Borui Li,Yixiao Teng,Yi Gao,Wei Dong

DOI: https://doi.org/10.1109/ipsn61024.2024.00021

2024-01-01

Abstract:Internet of Things (IoT) applications have recently been widely used in safety-critical scenarios. To prevent sensitive information leaks, IoT device vendors provide hardware-assisted protections, called Trusted Execution Environments (TEEs), like ARM Trust-Zone. Programming a TEE-based application requires separate code for two components, significantly slowing down the development process. Existing solutions tackle this issue by automatic code partition while not successfully applying it in two complicated scenarios: adding trusted logic and interactions with secure peripherals.We propose dTEE, a declarative approach to secure IoT applications based on TrustZone. dTEE proposes a rapid approach that enables developers to declare tiered-sensitive variables and functions of existing applications. Besides, dTEE automatically transforms device drivers into trusted ones. We evaluate dTEE on four real-world IoT applications and seven micro-benchmarks. Results show that dTEE achieves high expressiveness for supporting 50% more applications than existing approaches and reduces 90% of the lines of code against handcrafted development.

Rui Chang,Liehui Jiang,Wenzhi Chen,Yaobin Xie,Zhongyong Lu

2016-01-01

Abstract:The run-time security guarantee is a hotspot in current cyberspace security research, especially on embedded terminals, e.g., smart hardware, wearable devices, mobile devices. Typically, these devices use universal hardware and software to connect with public network by internet, and are probably open to security threats from Trojan, virus and other malware. As a result, not only personal sensitive data is threatened, economic interests in industry are also compromised. To address the run-time security problems efficiently, first a TrustEnclave-based secure architecture is proposed, and the trusted execution environment is constructed by hardware isolation technology. Then the prototype system is implemented on real TrustZone-enabled hardware devices. Last, both analytical and experimental evaluations are given in the end. The experimental results demonstrate that the proposed security scheme is effective and feasible.

Rui Chang,Liehui Jiang,Wenzhi Chen,Yaobin Xie,Zhongyong Lu

DOI: https://doi.org/10.23919/tst.2017.8030534

2017-01-01

Tsinghua Science & Technology

Abstract:The run-time security guarantee is a hotspot in current cyberspace security research, especially on embedded terminals, such as smart hardware as well as wearable and mobile devices. Typically, these devices use universal hardware and software to connect with public networks via the Internet, and are probably open to security threats from Trojan viruses and other malware. As a result, the security of sensitive personal data is threatened and economic interests in the industry are compromised. To address the run-time security problems efficiently, first, a TrustEnclave-based secure architecture is proposed, and the trusted execution environment is constructed by hardware isolation technology. Then the prototype system is implemented on real TrustZone-enabled hardware devices. Finally, both analytical and experimental evaluations are provided. The experimental results demonstrate the effectiveness and feasibility of the proposed security scheme.

Cui Yan-Li,Zhang Xing

DOI: https://doi.org/10.1109/cnmt.2009.5374540

2009-01-01

Abstract:In the distributed environment, one important security issue is how to apply further security control to the object that is released to other terminals. The appearance of trusted computing technology has provided an effective solution for this issue in the distributed environment. At the same time, through combining trusted computing technology with the strong isolation and sharing characteristic provided by virtual machine technology has further increased the security and the flexibility of distributed access control. Therefore, this paper uses trusted computing technology to improve the security of the terminal in carrying out the distributed access control, designs a trusted terminal architecture that bases on the trusted computing technology and the virtual machine technology as well as a enhanced mode that suits in distributed access control, and on this basis, analyzes the security of system design.

MAO Weifeng,PING Lingdi,JIANG Li,CHEN Xiaoping

DOI: https://doi.org/10.3969/j.issn.1000-3428.2006.12.068

2006-01-01

Abstract:SECOS is a secure operating system with independent intellectual property right,which accords with the requirements of level 4 secure operation system technology.This paper illustrates some key issues of the system,including design method for enchancement of security,improved model from the Bell-La Padula MAC(mandatory access control) implementation,the realization of the model,formal method during the system development,conversiion channel analysis and its prevention,and secure deletion.The performance evaluation shows the design and implementation of SECOS is effective.

CHEN Wen-zhi,HUANG Wei,XIE Cheng,HE Qin-ming

DOI: https://doi.org/10.3785/j.issn.1008-973x.2009.02.016

2009-01-01

Abstract:Virtualization was introduced to increase the security of embedded devices while avoiding the shortcomings caused by the hardware-based approach such as poor flexibility,high complexity and high production cost of equipments.Virtualization platform SmartVP offers a secure system environment by the software-based approach.SmartVP partitions the computing resources on the ARM processor into two parallel sets,one for standard real-time operating system T-Kernel and the other for general-purpose operating system Linux.The trusted computing base of SmartVP is constructed by protecting the code and data of the software on T-Kernel,as well as by implementing the fundamental security services and interfaces.Both performance benchmark and applications show that SmartVP improves the security of embedded devices and reduces the implementing risk together with developing time and cost.

Yong-Qiang Lv,Qiang Zhou,Yi-Ci Cai,Gang Qu

DOI: https://doi.org/10.1007/s11390-014-1479-9

IF: 1.871

2014-01-01

Journal of Computer Science and Technology

Abstract:Hardware security has become more and more important in current information security architecture.Recently collected reports have shown that there may have been considerable hardware attacks prepared for possible military usage from all over the world.Due to the intrinsic difference from software security,hardware security has some special features and challenges.In order to guarantee hardware security,academia has proposed the concept of trusted integrated circuits,which aims at a secure circulation of IC design,manufacture and chip using.This paper reviews the main problems of trusted integrated circuits,and concludes four key domains of the trusted IC,namely the trusted IC design,trusted manufacture,trusted IP protection,and trusted chip authentication.The main challenges in those domains are also analyzed based on the current known techniques.Finally,the main limitations of the current techniques and possible future trends are discussed.

FENG Dengguo,LIU Jingbin,QIN Yu,FENG Wei,Wei FENG,Yu QIN,Jingbin LIU,Dengguo FENG

DOI: https://doi.org/10.1360/ssi-2020-0096

2020-08-01

Scientia Sinica Informationis

Abstract:Trusted computing is based on a hardware security mechanism establishing a trusted computing environment and comprehensively enhances the system and network trust from the architectural perspective. With the development of information technology and continuous emergence of new application scenarios, security threats in the cyberspace are becoming increasingly serious; hence, trusted computing is actively researched in both academia and industry to find solutions against such treats. This paper summarizes the development process of trusted computing theory from the perspective of innovation and development. The study centers around one of the authors research results in trusted computing over the past 20 years. It proposes a trusted computing technology architecture that covers two method foundations, three trust cores, and four key technologies. Furthermore, the paper summarizes important research problems in mobile trusted computing, quantum-resistant trusted computing, trusted Internet of Things (IoT), trusted cloud, and trusted blockchain, elaborating on the integration and development of trusted computing in these fields. In mobile trusted computing, the design and implementation of a trusted execution environment architecture with software/hardware co-design is the focus of research. Another two important research issues in mobile trusted computing are the runtime security isolation and protection of the mobile operating systems kernel and trusted execution environment-based mobile application security protection. Due to the characteristics of embedded environments and limitation of resources, the construction of lightweight trusted roots, efficient and secure software attestation, practical secure code update mechanism, and swarm device attestation are important issues for further research in trusted IoT. In new scenarios such as quantum-resistant trusted computing, trusted cloud, and trusted blockchain, trusted computing is also constantly expanding its application boundaries and playing an increasingly important role. Finally, this paper looks ahead and discusses the development trends in trusted computing.

Muhammed Kawser Ahmed,Sujan Kumar Saha,Christophe Bobda

DOI: https://doi.org/10.48550/arXiv.2209.12987

2022-09-27

Abstract:Secure and trustworthy execution in heterogeneous SoCs is a major priority in the modern computing system. Security of SoCs mainly addresses two broad layers of trust issues: 1. Protection against hardware security threats(Side-channel, IP Privacy, Cloning, Fault Injection, and Denial of Service); and 2. Protection against malicious software attacks running on SoC processors. To resist malicious software-level attackers from gaining unauthorized access and compromising security, we propose a root of trust-based trusted execution mechanism \textbf{\textit{(named as \textbf{TrustToken}) }}. TrustToken builds a security block to provide a root of trust-based IP security: secure key generation and truly random source. \textbf{TrustToken} only allows trusted communication between the non-trusted third-party IP and the rest of the SoC world by providing essential security features, i.e., secure, isolated execution, and trusted user interaction. The proposed design achieves this by interconnecting the third-party IP interface to \textbf{TrustToken} Controller and checking IP authorization(Token) signals \texttt{`correctness'} at run-time. \textbf{TrustToken} architecture shows a very low overhead resource utilization LUT (618, 1.16 \%), FF (44, 0.04 \%), and BUFG (2 , 6.25\%) in implementation. The experiment results show that TrustToken can provide a secure, low-cost, and trusted solution for non-trusted SoC IPs.

Cryptography and Security,Signal Processing

Xiaoyang Zeng

2008-01-01

Abstract:An SOC platform that is suitable for wireless security application is proposed.It employs a host CPU and a security processor to form a dual-core architecture,which can realize wireless security protocols with strong flexibility.The security processor integrates multiple IP cores for various cryptographic algorithms,and can accelerate many commonly used security calculations.Compared with the traditional SOC platform based on separate coprocessors,this architecture achieves higher performance but occupies less CPU resources.The test chip is based on SMIC 0.18 μm technology and its function is well verified.The proposed SOC platform can be used as a solution for security applications on wireless terminals.

Abhishek Basak,Swarup Bhunia,Thomas Tkacik,Sandip Ray

DOI: https://doi.org/10.1109/tifs.2017.2658544

IF: 7.231

2017-07-01

IEEE Transactions on Information Forensics and Security

Abstract:Modern system-on-chip (SoC) designs involve integration of a large number of intellectual property (IP) blocks, many of which are acquired from untrusted third-party vendors. An IP containing a security vulnerability-whether inadvertent or malicious-may compromise the trustworthiness of the entire SoC, e.g., by leaking sensitive information or causing execution failures at key points. Existing functional validation approaches, post-manufacturing tests, and IP trust verification techniques are inadequate to accomplish comprehensive system-level security assurance in the presence of untrusted IPs. In this paper, we analyze security issues at the SoC level caused by untrusted IPs. We also propose a novel, resilient SoC security architecture to ensure trusted SoC operation with untrusted IPs. Our architecture realizes fine-grained IP-trust aware security policies in an efficient security policy checker that enables run-time monitoring of security issues arising from untrusted IPs. It also exploits on-chip design-for-debug architecture to ensure trusted information flow from IP blocks to the security policy checker. Unlike existing solutions to the untrusted IP problem, which rely on verification of IP trust before they are integrated into an SoC, the proposed approach follows a fundamentally different architecture-level solution based on run-time resilience. We demonstrate the effectiveness of this framework for system protection using several illustrative practical use cases. We also provide experimental results to show that the overhead of the proposed architecture is modest on representative SoC designs.

computer science, theory & methods,engineering, electrical & electronic

Binh Kieu-Do-Nguyen,Khai-Duy Nguyen,Tuan-Kiet Dang,Nguyen The The Binh,Cuong Pham-Quoc,Ngoc-Thinh Tran,Cong-Kha Pham,Trong-Thuc Hoang

DOI: https://doi.org/10.3390/electronics13132508

IF: 2.9

2024-06-27

Electronics

Abstract:The Trusted Execution Environment (TEE) is designed to establish a safe environment that prevents the execution of unauthenticated programs. The nature of TEE is a continuous verification process with hashing, signing, and verifying. Such a process is called the Chain-of-Trust, derived from the Root-of-Trust (RoT). Typically, the RoT is pre-programmed, hard-coded, or embedded in hardware, which is locally produced and checked before booting. The TEE employs various cryptographic processes throughout the boot process to verify the authenticity of the bootloader. It also validates other sensitive data and applications, such as software connected to the operating system. TEE is a self-contained environment and should not serve as the RoT or handle secure boot operations. Therefore, the issue of implementing hardware for RoT has become a challenge that requires further investigation and advancement. The main objective of this proposal is to introduce a secured RISC-V-based System-on-Chip (SoC) architecture capable of securely booting a TEE using a versatile boot program while maintaining complete isolation from the TEE processors. The suggested design has many cryptographic accelerators essential for the secure boot procedure. Furthermore, a separate 32-bit MicroController Unit (MCU) is concealed from the TEE side. This MCU manages sensitive information, such as the root key, and critical operations like the Zero Stage BootLoader (ZSBL) and key generation program. Once the RoT is integrated into the isolated sub-system, it becomes completely unavailable from the TEE side, even after booting, using any method. Besides providing a secured boot flow, the system is integrated with essential crypto-cores supporting Transport Layer Security (TLS) 1.3. The chip is finally fabricated using the Complementary Metal–Oxide–Semiconductor (CMOS) 180 nm process.

engineering, electrical & electronic,physics, applied,computer science, information systems

TAN Zhiyong,SI Tiange,LIU Ouo,DAI Yiqi

DOI: https://doi.org/10.3321/j.issn:1000-0054.2009.07.023

2009-01-01

Abstract:A trusted computing model was developed for the non-local-storage characteristics of the server-end storage computer architecture. The model achieves high flexibility and scalability by replacing the original trusted platform module (TPM) hardware with a software module implemented on the server. The model ensures the security of the computing platform by establishing a complete trust chain from the beginning of the boot stage of the client operating system. Implementation of a prototype system shows that since the server measures the trust of all clients, a security strategy can be formulated to implement real trustworthiness on the entire local area network.

Yuan Tao,Wei Hu,Sheng Li

DOI: https://doi.org/10.1109/icaa53760.2021.00155

2021-01-01

Abstract:Industrial control system requires high availability. In principle, security measures should not adversely affect the basic functions of high availability industrial control system. The method of building a secure and trusted PLC are proposed based on trusted computing. Under the premise of ensuring business security, the security protection system of industrial control system is built through trusted computing, and hardware solutions are provided on the security master controller. In order to prevent the attack from the industrial control system network, the encryption technology is used to ensure the confidentiality and integrity of the communication session, which are between the field of control equipment layer and the process monitoring equipment layer, so as to make the industrial control system in a stable and reliable state.

Mohammed Nabeel,Mohammed Ashraf,Satwik Patnaik,Vassos Soteriou,Ozgur Sinanoglu,Johann Knechtel

DOI: https://doi.org/10.1109/TC.2020.3020777

2020-09-30

Abstract:Dedicated, after acceptance and publication, in memory of the late Vassos Soteriou. For the first time, we leverage the 2.5D interposer technology to establish system-level security in the face of hardware- and software-centric adversaries. More specifically, we integrate chiplets (i.e., third-party hard intellectual property of complex functionality, like microprocessors) using a security-enforcing interposer. Such hardware organization provides a robust 2.5D root of trust for trustworthy, yet powerful and flexible, computation systems. The security paradigms for our scheme, employed firmly by design and construction, are: 1) stringent physical separation of trusted from untrusted components, and 2) runtime monitoring. The system-level activities of all untrusted commodity chiplets are checked continuously against security policies via physically separated security features. Aside from the security promises, the good economics of outsourced supply chains are still maintained; the system vendor is free to procure chiplets from the open market, while only producing the interposer and assembling the 2.5D system oneself. We showcase our scheme using the Cortex-M0 core and the AHB-Lite bus by ARM, building a secure 64-core system with shared memories. We evaluate our scheme through hardware simulation, considering different threat scenarios. Finally, we devise a physical-design flow for 2.5D systems, based on commercial-grade design tools, to demonstrate and evaluate our 2.5D root of trust.

Cryptography and Security,Hardware Architecture

Dongxu CHENG,Chi ZHANG,LIU Jianwei,LI Dawei,GUAN Zhenyu,ZHAO Wei,XU Mai,Jianwei LIU,Dawei LI,Zhenyu GUAN,Wei ZHAO,Mai XU

DOI: https://doi.org/10.1016/j.cja.2021.03.004

IF: 5.7

2021-11-01

Chinese Journal of Aeronautics

Abstract:With the wide application of electronic hardware in aircraft such as air-to-ground communication, satellite communication, positioning system and so on, aircraft hardware is facing great secure pressure. Focusing on the secure problem of aircraft hardware, this paper proposes a supervisory control architecture based on secure System-on-a-Chip (SoC) system. The proposed architecture is attack-immune and trustworthy, which can support trusted escrow application and Dynamic Integrity Measurement (DIM) without interference. This architecture is characterized by a Trusted Monitoring System (TMS) hardware isolated from the Main Processor System (MPS), a secure access channel from TMS to the running memory of the MPS, and the channel is unidirectional. Based on this architecture, the DIM program running on TMS is used to measure and call the Lightweight Measurement Agent <strong>(</strong>LMA<strong>)</strong> program running on MPS. By this method, the Operating System (OS) kernel, key software and data of the MPS can be dynamically measured without disturbance, which makes it difficult for adversaries to attack through software. Besides, this architecture has been fully verified on FPGA prototype system. Compared with the existing systems, our architecture achieves higher security and is more efficient on DIM, which can fully supervise the running of application and aircraft hardware OS.

engineering, aerospace

Bowen Zhao,Jiuhui Li,Peiming Xu,Xiaoguo Li,Qingqi Pei,Yulong Shen

2024-12-02

Abstract:Secure outsourced computation (SOC) provides secure computing services by taking advantage of the computation power of cloud computing and the technology of privacy computing (e.g., homomorphic encryption). Expanding computational operations on encrypted data (e.g., enabling complex calculations directly over ciphertexts) and broadening the applicability of SOC across diverse use cases remain critical yet challenging research topics in the field. Nevertheless, previous SOC solutions frequently lack the computational efficiency and adaptability required to fully meet evolving demands. To this end, in this paper, we propose a toolkit for TEE-assisted (Trusted Execution Environment) SOC over integers, named TRUST. In terms of system architecture, TRUST falls in a single TEE-equipped cloud server only through seamlessly integrating the computation of REE (Rich Execution Environment) and TEE. In consideration of TEE being difficult to permanently store data and being vulnerable to attacks, we introduce a (2, 2)-threshold homomorphic cryptosystem to fit the hybrid computation between REE and TEE. Additionally, we carefully design a suite of SOC protocols supporting unary, binary and ternary operations. To achieve applications, we present \texttt{SEAT}, secure data trading based on TRUST. Security analysis demonstrates that TRUST enables SOC, avoids collusion attacks among multiple cloud servers, and mitigates potential secret leakage risks within TEE (e.g., from side-channel attacks). Experimental evaluations indicate that TRUST outperforms the state-of-the-art and requires no alignment of data as well as any network communications. Furthermore, \texttt{SEAT} is as effective as the \texttt{Baseline} without any data protection.

Cryptography and Security

Qi-Xian Huang,Min-Yi Chiu,Chi-Shen Yeh,Hung-Min Sun

DOI: https://doi.org/10.3390/su142013660

IF: 3.9

2022-01-01

Sustainability

Abstract:In recent years, since edge computing has become more and more popular, its security issues have become apparent and have received unprecedented attention. Thus, the current research concentrates on security not only regarding devices such as PCs, smartphones, tablets, and IoTs, but also the automobile industry. However, since attack vectors have become more sophisticated than ever, we cannot just protect the zone above the system software layer in a certain operating system, such as Linux, for example. In addition, the challenges in IoT devices, such as power consumption, performance efficiency, and authentication management, still need to be solved. Since most IoT devices are controlled remotely, the security regarding system maintenance and upgrades has become a big issue. Therefore, a mechanism that can maintain IoT devices within a trusted environment based on localhost or over-the-air (OTA) will be a viable solution. We propose a mechanism called STBEAT, integrating an open-source project with ARM TrustZone to solve the challenges of upgrading the IoT system and updating system files more safely. This paper focuses on the ARMv7 architecture and utilizes the security stack from TrustZone to OP-TEE under the STM32 board package, and finally obtains the security key from the trusted application, which is used to conduct the cryptographic operations and then install the newer image on the MMC interface. To sum up, we propose a novel software update strategy and integrated ARM TrustZone security extension to beef up the embedded ecosystem.

Haocheng Ma,Jiaji He,Yanjiang Liu,Jun Kuai,He Li,Leibo Liu,Yiqiang Zhao

DOI: https://doi.org/10.1109/tcad.2020.3035346

IF: 2.9

2020-01-01

IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems

Abstract:Field-programmable gate arrays (FPGAs) are integrated circuits (ICs) that can be reconfigured to the desired functionalities, without manufacturing dedicated chips. Due to their programmable nature, FPGAs have been prevalent in the large majority of modern systems. This raises high demands for verifying the security of circuit implementations on FPGAs, since they are vulnerable to hardware trojans (HTs) that can be inserted through modified configuration files. In this article, we propose an on-chip security framework to ensure the trustworthiness of circuit implementations on FPGAs at runtime. The core of the framework is a time-to-digital converter (TDC)-based hardware security primitive that can be predeployed on FPGAs to verify whether the FPGA-based designs are tampered with or corrupted by HTs. The parameter-adjustable TDC sensor, which is the primary component of the primitive, is carefully designed, adjusted, and implemented, thus the TDC sensor can monitor the transient voltage fluctuations within FPGAs with a high resolution. Versus statistical data analysis, tiny abnormal variations introduced by the Trojan insertion and activation are distinguished. Experimental results on Xilinx Spartan-6 FPGAs demonstrate the effectiveness of the proposed TDC-based on-chip trust evaluation framework and HT detection method.

WANG Zhen-yu,LIU Xin-jie,REN Jie,LIU Hai-lei,WU Jie

DOI: https://doi.org/10.3969/j.issn.1000-3428.2008.22.084

2008-01-01

Abstract:The paper discusses the key problems to build embedded trusted computing environment,such as embedded trusted boot process,the extension and driver design of TPM,embedded TSS and trusted security component.The embedded trusted boot process is able to ensure the trusted attestation among users,terminals and application by making a combination of BR,USBKey and TPM.The scheme is able to make embedded platform more secure,practical and reusable.