[go: up one dir, main page]

WO2017008133A1 - Architecture sécurisée pour systèmes embarqués - Google Patents

Architecture sécurisée pour systèmes embarqués Download PDF

Info

Publication number
WO2017008133A1
WO2017008133A1 PCT/BR2016/000066 BR2016000066W WO2017008133A1 WO 2017008133 A1 WO2017008133 A1 WO 2017008133A1 BR 2016000066 W BR2016000066 W BR 2016000066W WO 2017008133 A1 WO2017008133 A1 WO 2017008133A1
Authority
WO
WIPO (PCT)
Prior art keywords
memory
architecture
line
address
architecture according
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/BR2016/000066
Other languages
English (en)
Portuguese (pt)
Inventor
Guido Costa Souza DE ARAÚJO
Mário Lúcio CORTÊS
Caio HOFFMAN
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Universidade Estadual de Campinas UNICAMP
Original Assignee
Universidade Estadual de Campinas UNICAMP
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Universidade Estadual de Campinas UNICAMP filed Critical Universidade Estadual de Campinas UNICAMP
Publication of WO2017008133A1 publication Critical patent/WO2017008133A1/fr
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F13/00Interconnection of, or transfer of information or other signals between, memories, input/output devices or central processing units
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/12Protecting executable software
    • G06F21/14Protecting executable software against software analysis or reverse engineering, e.g. by obfuscation
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/73Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information by creating or determining hardware identification, e.g. serial numbers
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/78Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2129Authenticate client device independently of the user

Definitions

  • the present invention relates to a secure architecture for authentication and iniquity checking of cache memory lines by means of PUFs for embedded systems and is intended to prevent malicious code from being inserted into these systems. Signs protects the integrity of code and data and makes it possible to detect any program changes to an embedded system (including the operating system, when present).
  • PUFs Physical Uncountable Functions
  • embedded systems are classified into two categories, Simple Embedded Systems (SES) and Complex Embedded Systems (SEC).
  • SES Simple Embedded Systems
  • SEC Complex Embedded Systems
  • an SEC is capable of having an operating system that can incorporate external storage units as part of the system so that programs and data can be loaded from or stored on these drives.
  • This is well exemplified by today's Smartphones and Tahets that are as powerful and have as many functions as some personal computers.
  • AEGiS proposed in [1] and [2] is a robust architecture capable of maintaining code and data integrity through PUF-based authentication.
  • the major difference with AEGiS architecture is that it can be a secure architecture in a way. independent of any software - including the operating system (OS) - or otherwise only when part of the operating system is reliable.
  • OS operating system
  • the kernel [or kernei ⁇ is reliable, the difference between the two modes lies in the additional hardware one implementation has of the other.
  • the OS is unreliable, operations similar to those performed by the OS have to be implemented in hardware, which makes this implementation more complex and costly to manufacture.
  • SECs have computational power for the use of OSs capable of having different layers of security, one of which will house the secure core.
  • a program that does not have its authenticity validated is still allowed to run. While all unvalidated code executes in an environment that the architecture considers unsafe, that is, in an environment that may not have access to secure data, an attacker may want to exactly inhibit a program from doing its job. For example, if a particular program is critical to the operation of an embedded system, a lack of access to protected data can lead to critical failures during its operation and even then the system remains active. Thus, the number of possible system failure situations can increase significantly due to the combination of failures that one or more programs can cause simply because their authentications have not been validated.
  • a model of secure coprocessor architectures is presented by WO2014138626 Al.
  • This architecture features the use of PUFs for key generation from cryptographic primitives, thus making the security of each instance of the architecture unique.
  • the system provides full time integrity !.
  • the architecture is not completely transparent to the software of a computer system, as it depends on new instructions that it specifies for its operation and thus subject to the presence of these instructions in the programs.
  • the architecture allows external memory to be reliable or not, it is possible to use the proposal for applications as certified execution.
  • the biggest differential of architecture compared to other architectures .as now seen, is to have two specific hardware that control the input and output of data. Because of this hardware it is possible to use speculative execution: while data and code obtained from the input hardware are in the process of integrity checking, the processor can execute all the instructions contained in the ⁇ code read and write the data, but the output hardware only allows data outputs when integrity and authenticity are confirmed.
  • US8918647 deals with device authentication, organized as a root server and multiple child nodes, which can be authenticated, but also does not deal with authentication and code and data integrity checking on embedded systems.
  • US814Q824 deals with authenticating an iterative boot code snippet with a hash function. The accumulated final hash value is compared to a stored value. However, because the code only starts after iterative verification, there is a big performance issue. Especially if the scheme is expanded to other system codes than the boot code. Still, the question of data integrity is not addressed, ie whether boot code data can be updated, and what this process is like.
  • the present invention relates to a secure architecture for simple embedded systems, which contemplates a memory controller which is used of PUFs to generate digital authentication tags for cache memory lines. These tags are stored in a new memory that does not allow them to be accessed via software.
  • the architecture can utilize commercially available processors without requiring changes to software already available to processors.
  • the architecture prevents code and data modifications by preventing malicious agents from modifying the operation of a simple embedded system.
  • authenticated memory regions with data can be updated with new authenticity tags generated completely securely, thus allowing the use of architecture in different simple embedded system applications.
  • FIG. 1 Schematic illustrating the proposed architecture, highlighting the processor and MCTRL
  • Figure 2 illustrates a first possible configuration for PTAG-GEN, by combining FPAs with PUFs in PTAG generation.
  • Figure 3 illustrates a second possible configuration for PTAG-GEN.
  • Figure 4 illustrates a third possible configuration for PTAG-GEN.
  • the present invention relates to a secure architecture for simple embedded systems, which contemplates a memory controller that uses PUFs to generate digital authentication tags for cache memory lines. These tags are stored in a new memory that does not allow their access via software.
  • the architecture can utilize commercially available processors without requiring changes to software already available to processors.
  • the architecture prevents code and data modifications by preventing malicious agents from modifying the operation of a simple embedded system.
  • authenticated memory regions with data can be updated with new authenticity tags generated completely securely, thus allowing the use of architecture in different simple embedded system applications.
  • PTAG physical tag
  • MTRL memory controller
  • PTAG-MEM PTAG memory
  • FIG. 1 shows the architecture proposed by the present invention. Inside the chip are the processor and the memory controller (MCTRL). The processor displays its main components and MCTRL only displays the added circuits for safety purposes: the comparator and the PTAGs generator (PTAG-GEN). The MCTRL is the one who receives and sends the data to external memories as well as it passes it to the processor. The cache lines (or blocks of memory) obtained from these data buses are taken to PTAG-GEN by SViCTRL. In addition, it is shown that the physical address of the external memory and the PTAG memory is the same, and both are triggered. at the same time.
  • MCTRL memory controller
  • PTAG-MEM is a physical memory isolated by the PTAG bus, which connects the chip to the bus. Its physical address is the same as the main memory, so access to a memory block results in concomitant access to that block's PTAG-MEM block.
  • PTAG memory is at the same level as main memory in the system memory hierarchy.
  • PTAG-MEM technology does not have to be the same as main memory, but it is a design decision to ensure that the time PTAG takes from PTAG-MEM to MCTRL cannot be longer than the time PTAG-GEN takes. to generate a PTAG (taking into account the time required for PTAG-GEN to obtain the Cache Memory Line or bus memory block), as this would delay cache line (or memory block) authentication,
  • PTAG generation is performed by PTAG-GEN which uses either a bus memory cache line or a memory block brought from main memory. Note that in this document it is assumed that a memory block is the bit size equivalent to a Cache memory line, so the terms "memory block” and "cache line of memory” are used in an equivalent manner in this document.
  • This line of cache memory is concatenated to the physical or virtual address. obtained directly from the processor (without intermediates) and this composition is used with input by PTAG-GEN to generate the PTAG associated with said block.
  • PTAG-GEN uses is a PUF in combination with one or more pseudo-random functions (FPAs) to generate PTAGs.
  • FPAs pseudo-random functions
  • Pseudo-random functions serve to blur the composition formed by the virtual (or physical) address and the memory block, while the PUF adds false-entropy entropy) and uniqueness.
  • FPAs pseudo-random functions
  • the memory controller has two functions: checking and storing PTAGs. At verification, the PTAG generated by PTAG-GEN is compared to that brought from PTA6-MEM simultaneously to the memory block. If the two are different a non-masking interrupt (PTAG-NMS) will be issued to the processor by MCTRL. If the PTAGs are equal nothing happens. In storage, the memory controller uses the cache memory line being transferred to main memory at the same time as the processor's line address, so PTAG-GEN demands the generation of PTAG that MCTRL will send to PTAG -MEM.
  • PTAG-NMS non-masking interrupt
  • the PTAG-NM interrupt it must be connected to some extra interrupt pin available on modern processors.
  • an interrupt puts the processor in a state of exception, in which it takes some specific action for treatment. These actions are programmed by the firmware as an interrupt handling routine.
  • MCTRL By monitoring the MCTRL control bus it is possible to identify which hardware has made a request and what is the request. In this way, MCTRL is able to identify when the processor requests a memory block that is not in cache memory, thus indicating that a search has to be taken to the main memory. This way, MCTRL can simultaneously access PTAG memory.
  • the processor communication with the I / O devices inside the chip is arbitrated by the memory controller.
  • One way to do this is to place buffers that intercept this communication and only allow the I / O device to receive data sent by the processor if MCTRL allows it. In this way, MCTRL can directly pass data received from memory to the processor to avoid any performance loss. Meanwhile, MCTRL proceeds with checking the integrity of the memory block that was sent to the processor. If the processor has an input and output instruction, it will be buffered until the memory controller authorizes it. This prevents malicious code from exposing any data outside the secure area (ie outside the chip).
  • memory data blocks when changed may have their digital tag updated.
  • these chips are inside the chip, such as cache lines, they are in a safe environment and updating PTAGs is not susceptible to fraud.
  • PTAG-GEN can be designed in at least three ways, in which the interaction between FPA (s) and PUF (s) maintains the security robustness that computer systems currently demand.
  • FPAs can be set with fixed keys that can be the same for all instances of the architecture, thus making them equivalent to hash functions. Among them may be one or more PUFs. The number will depend on the output size of the first FPA chosen, the type of PUF used, and the number of output bits of the second FPA chosen.
  • the PUF chosen is of type Referee PUF
  • the output of the second FPA is 64-bit.
  • the PTAG-GEN input is the composition of a memory block and its address, as this composition for modern processors is longer than 128 bits, this does not affect the entropy of the output of the first FPA, ie the The amount of information coming in is greater than the information coming out. Thus, it remains an important security property of digital authentication !.
  • the second FPA has output 64-bit, to ensure security properties, the entry must be at least 64-bit, so 64 Referee PUFs are required. Each of these will receive a 128-bit challenge and has a one-bit response.
  • the first FPA will be the challenge of each PUF as well. Since PUFs are unique in each of their instances, it is not possible to predict the response bits, ie the input of the second FPA is totally random in nature. By fine !, the output of the second FPA is the digital label of the memory block and its address.
  • a malicious agent obtains such a machine and attempts to modify the code contained therein so that credit card data is transferred to some peripheral device. He intends to return the modified machine to the restaurant with the intention of stealing sensitive customer data. It will only be able to do this if, in addition to entering malicious code, it also changes the PTAGs in the PTAG-MEM. Which, as discussed earlier, will only work with Irrisible probability. Note that all credit card machine secrecy apparatus is not modified using the architecture proposed here. No difference works! on a card machine with or without the use of this proposal, however, this attack would be blocked. Finally, any success of the malicious agent on one instance of the machine does not open the way for trivial fraud. All the hard work of applying the attack once must be repeated.
  • a company sells GPS with paid monthly updates.
  • a malicious agent tries to take advantage by reselling GPS with the modified software so that updates are downloaded and installed for free. This in the black market should attract people interested in not paying the monthly service charged by the company that originally made the GPS.
  • the malicious agent attempts to resell the product, it has already had all program memory authenticated by PTAGs. The malicious agent will not be able to modify the code successfully. Since, as in the previous example, you will need to modify the PTAG memory with the PTAGs that would give authenticity to your malicious code. Therefore, the malicious agent will not succeed in this endeavor.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Bioethics (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Signal Processing (AREA)
  • Mathematical Physics (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Multimedia (AREA)
  • Technology Law (AREA)
  • Storage Device Security (AREA)

Abstract

La présente invention concerne une architecture sécurisée d'authentification et de vérification d'intégrité de lignes de mémoire cache au moyen de PUF pour systèmes embarqués, et vise à éviter l'insertion d'un code malveillant dans ces systèmes. Elle protège ainsi l'intégrité de code et de données et permet la détection de toute modification éventuelle dans les programmes d'un système embarqué (y compris le système d'exploitation, s'il y a lieu). Elle trouve une application dans le domaine des systèmes informatique, plus particulièrement dans l'architecture de systèmes embarqués et dans la sécurité de l'information.
PCT/BR2016/000066 2015-07-14 2016-07-12 Architecture sécurisée pour systèmes embarqués Ceased WO2017008133A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
BR102015016831-4A BR102015016831B1 (pt) 2015-07-14 2015-07-14 Arquitetura segura para sistemas embarcados
BRBR1020150168314 2015-07-14

Publications (1)

Publication Number Publication Date
WO2017008133A1 true WO2017008133A1 (fr) 2017-01-19

Family

ID=57756589

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/BR2016/000066 Ceased WO2017008133A1 (fr) 2015-07-14 2016-07-12 Architecture sécurisée pour systèmes embarqués

Country Status (2)

Country Link
BR (1) BR102015016831B1 (fr)
WO (1) WO2017008133A1 (fr)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090113136A1 (en) * 2007-10-30 2009-04-30 Sandisk Il Ltd. Caching for structural integrity schemes
US20140082721A1 (en) * 2012-09-19 2014-03-20 Nuvoton Technology Corporation Secured computing system with asynchronous authentication
WO2014138626A1 (fr) * 2013-03-08 2014-09-12 Robert Bosch Gmbh Systèmes et procédés permettant de conserver une intégrité et une confidentialité dans des plates-formes informatiques non sécurisées

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090113136A1 (en) * 2007-10-30 2009-04-30 Sandisk Il Ltd. Caching for structural integrity schemes
US20140082721A1 (en) * 2012-09-19 2014-03-20 Nuvoton Technology Corporation Secured computing system with asynchronous authentication
WO2014138626A1 (fr) * 2013-03-08 2014-09-12 Robert Bosch Gmbh Systèmes et procédés permettant de conserver une intégrité et une confidentialité dans des plates-formes informatiques non sécurisées

Also Published As

Publication number Publication date
BR102015016831A2 (pt) 2017-01-24
BR102015016831B1 (pt) 2022-12-06

Similar Documents

Publication Publication Date Title
US11374967B2 (en) Systems and methods for detecting replay attacks on security space
KR102573921B1 (ko) 바이러스/멀웨어로부터 안전한 저장 장치, 그것을 포함한 컴퓨팅 시스템 및 그것의 방법
CN110785759B (zh) 用于多核处理器的远程认证
JP5500458B2 (ja) プロセッサメインメモリのメモリコンテンツのセキュリティ保護
CN107092495B (zh) 平台固件铠装技术
TWI851820B (zh) 積體電路、用於安全地管理用於資料安全的多個密鑰的系統以及由積體電路執行的方法
CN105046163B (zh) 保护嵌入式管理程序系统中的重要数据结构
US10360370B2 (en) Authenticated access to manageability hardware components
CN106415585A (zh) 安全启动期间的密钥提取
CN110799979B (zh) 用于多核处理器的安全密钥存储
US9935768B2 (en) Processors including key management circuits and methods of operating key management circuits
EP3757838B1 (fr) Atténuation des attaques au démarrage à chaud pour les modules de mémoire non-volatile
CN113946881A (zh) 安全串行外围接口(spi)闪存
WO2022236037A1 (fr) Systèmes et procédés pour activer des zones d'exécution sécurisées basées sur un accélérateur
CN119808083B (zh) 一种基于权限管理的rsic-v cpu安全芯片
CN115238308A (zh) 一种数据保护方法、装置、电子设备及存储介质
CN111357003A (zh) 预操作系统环境中的数据保护
WO2017008133A1 (fr) Architecture sécurisée pour systèmes embarqués
US20230010319A1 (en) Deriving independent symmetric encryption keys based upon a type of secure boot using a security processor
US20230015334A1 (en) Deriving dependent symmetric encryption keys based upon a type of secure boot using a security processor
CN103119553B (zh) 平台固件铠装技术
Chilingirian Hashing hardware: identifying hardware during boot-time system verification

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 16823571

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 16823571

Country of ref document: EP

Kind code of ref document: A1