skip to main content
research-article

Enhancing the Security of FPGA-SoCs via the Usage of ARM TrustZone and a Hybrid-TPM

Authors Info & Claims
Published:30 November 2021Publication History
Skip Abstract Section

Abstract

Isolated execution is a concept commonly used for increasing the security of a computer system. In the embedded world, ARM TrustZone technology enables this goal and is currently used on mobile devices for applications such as secure payment or biometric authentication. In this work, we investigate the security benefits achievable through the usage of ARM TrustZone on FPGA-SoCs. We first adapt Microsoft’s implementation of a firmware Trusted Platform Module (fTPM) running inside ARM TrustZone for the Zynq UltraScale+ platform. This adaptation consists in integrating hardware accelerators available on the device to fTPM’s implementation and to enhance fTPM with an entropy source derived from on-chip SRAM start-up patterns. With our approach, we transform a software implementation of a TPM into a hybrid hardware/software design that could address some of the security drawbacks of the original implementation while keeping its flexibility. To demonstrate the security gains obtained via the usage of ARM TrustZone and our hybrid-TPM on FPGA-SoCs, we propose a framework that combines them for enabling a secure remote bitstream loading. The approach consists in preventing the insecure usages of a bitstream reconfiguration interface that are made possible by the manufacturer and to integrate the interface inside a Trusted Execution Environment.

REFERENCES

  1. [1] ARM. 2016. ARM Security Technology - Build a Secure System using TrustZone Technology. Issue D.c. https://developer.arm.com/documentation/PRD29-GENC-009492/c.Google ScholarGoogle Scholar
  2. [2] Arthur Will and Challener David. 2015. A Practical Guide to TPM 2.0: Using the Trusted Platform Module in the New Age of Security (1st ed.). Apress, USA. Google ScholarGoogle ScholarDigital LibraryDigital Library
  3. [3] Barker Elaine and Kelsey John. 2012. NIST Special Publication 800-90A (A Revision of SP 800-90) Recommendation for Random Number Generation Using Deterministic Random Bit Generators. https://csrc.nist.gov/publications/detail/sp/800-90a/rev-1/final.Google ScholarGoogle Scholar
  4. [4] Bassham Lawrence E., Rukhin Andrew L., Soto Juan, Nechvatal James R., Smid Miles E., Barker Elaine B., Leigh Stefan D., Levenson Mark, Vangel Mark, Banks David L., Heckert Nathanael Alan, Dray James F., and Vo San. 2010. SP 800-22 Rev. 1a. A Statistical Test Suite for Random and Pseudorandom Number Generators for Cryptographic Applications. Technical Report. Gaithersburg, MD. Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. [5] Chakraborty Dhiman, Hanzlik Lucjan, and Bugiel Sven. 2019. simTPM: User-centric TPM for mobile devices. In 28th USENIX Security Symposium (USENIX Security’19). USENIX Association, Santa Clara, CA, 533550. Retrieved from https://www.usenix.org/conference/usenixsecurity19/presentation/chakraborty. Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. [6] Costan V. and Devadas S.. 2016. Intel SGX explained. IACR Cryptol. ePrint Arch. 2016 (2016), 86.Google ScholarGoogle Scholar
  7. [7] Electronics Missing Link. 2020. MLE OP-TEE for Zynq Ultrascale+ devices. Retrieved from https://www.missinglinkelectronics.com/security.Google ScholarGoogle Scholar
  8. [8] Ender Maik, Moradi Amir, and Paar Christof. 2020. The unpatchable silicon: A full break of the bitstream encryption of Xilinx 7-series FPGAs. In 29th USENIX Security Symposium (USENIX Security’20). USENIX Association, 18031819. Retrieved from https://www.usenix.org/conference/usenixsecurity20/presentation/ender. Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. [9] F-Secure. 2019. Security advisory: Xilinx ZU+ Encrypt Only Secure Boot bypass. Retrieved from https://github.com/ f-secure-foundry/advisories/blob/master/Security_Advisory-Ref_FSC-HWSEC-VR2019-0001-Xilinx_ZU+-Encrypt_ Only_Secure_Boot_bypass.txt.Google ScholarGoogle Scholar
  10. [10] Gnad Dennis R. E., Oboril Fabian, and Tahoori Mehdi B.. 2017. Voltage drop-based fault attacks on FPGAs using valid bitstreams. In 27th International Conference on Field Programmable Logic and Applications (FPL’17). 17. DOI: https://doi.org/10.23919/FPL.2017.8056840Google ScholarGoogle ScholarCross RefCross Ref
  11. [11] Gravellier Joseph, Dutertre Jean-Max, Teglia Yannick, Moundi Philippe Loubet, and Olivier Francis. 2020. Remote side-channel attacks on heterogeneous SoC. In Smart Card Research and Advanced Applications, Belaïd Sonia and Güneysu Tim (Eds.). Springer International Publishing, Cham, 109125.Google ScholarGoogle ScholarCross RefCross Ref
  12. [12] Gross Mathieu, Jacob Nisha, Zankl Andreas, and Sigl Georg. 2019. Breaking TrustZone memory isolation through malicious hardware on a modern FPGA-SoC. In Proceedings of the 3rd ACM Workshop on Attacks and Solutions in Hardware Security Workshop (ASHES’19). Association for Computing Machinery, New York, NY, 312. DOI: https://doi.org/10.1145/3338508.3359568 Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. [13] Halderman J. Alex, Schoen Seth D., Heninger Nadia, Clarkson William, Paul William, Calandrino Joseph A., Feldman Ariel J., Appelbaum Jacob, and Felten Edward W.. 2009. Lest we remember: Cold-boot attacks on encryption keys. Commun. ACM 52, 5 (May 2009), 9198. DOI: https://doi.org/10.1145/1506409.1506429Google ScholarGoogle ScholarDigital LibraryDigital Library
  14. [14] Hettwer Benjamin, Leger Sebastien, Fennes Daniel, Gehrer Stefan, and Güneysu Tim. 2021. Side-channel analysis of the Xilinx Zynq UltraScale+ encryption engine. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2021, 1 (2021), 279304. DOI: https://doi.org/10.46586/tches.v2021.i1.279-304Google ScholarGoogle Scholar
  15. [15] Holcomb Daniel, Burleson Wayne, and Fu Kevin. 2009. Power-up SRAM state as an identifying fingerprint and source of true random numbers. IEEE Trans. Comput. 58 (10 2009), 11981210. DOI: https://doi.org/10.1109/TC.2008.212 Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. [16] Hosseinzadeh Shohreh, Sequeiros Bernardo, Inácio Pedro R. M., and Leppänen Ville. 2020. Recent trends in applying TPM to cloud computing. Secur. Priv. 3, 1 (2020), e93. DOI: https://doi.org/10.1002/spy2.93Google ScholarGoogle Scholar
  17. [17] Jacob Nisha, Heyszl Johann, Zankl Andreas, Rolfes Carsten, and Sigl Georg. 2017. How to break secure boot on FPGA SoCs through malicious hardware. In Cryptographic Hardware and Embedded Systems – CHES 2017 (Lecture Notes in Computer Science), Vol. 10529. Springer, 425442. DOI: https://doi.org/10.1007/978-3-319-66787-4_21Google ScholarGoogle Scholar
  18. [18] Kaplan David, Powell Jeremy, and Woller Tom. 2016. AMD memory encryption. White Paper (2016). https://developer.amd.com/wordpress/media/2013/12/AMD_Memory_Encryption_Whitepaper_v7-Public.pdf.Google ScholarGoogle Scholar
  19. [19] Khan N., Nitzsche S., López A. G., and Becker J.. 2021. Utilizing and extending trusted execution environment in heterogeneous SoCs for a pay-per-device IP licensing scheme. IEEE Trans. Inf. Forens. Secur. 16 (2021), 25482563. DOI: https://doi.org/10.1109/TIFS.2021.3058777Google ScholarGoogle ScholarCross RefCross Ref
  20. [20] Kim Yoongu, Daly Ross, Kim Jeremie S., Fallin Chris, Lee Ji-Hye, Lee Donghyuk, Wilkerson Chris, Lai Konrad, and Mutlu Onur. 2014. Flipping bits in memory without accessing them: An experimental study of DRAM disturbance errors. In ACM/IEEE 41st International Symposium on Computer Architecture. IEEE Computer Society, 361372. DOI: https://doi.org/10.1109/ISCA.2014.6853210 Google ScholarGoogle ScholarDigital LibraryDigital Library
  21. [21] Kim Yongjin and Kim Evan. 2019. hTPM: Hybrid implementation of trusted platform module. 310. DOI: https://doi.org/10.1145/3338511.3357348Google ScholarGoogle Scholar
  22. [22] Krautter Jonas, Gnad Dennis R. E., and Tahoori Mehdi B.. 2018. FPGAhammer: Remote voltage fault attacks on shared FPGAs, suitable for DFA on AES. IACR Trans. Cryptog. Hardw. Embed. Syst. 2018, 3 (Aug. 2018), 4468. DOI: https://doi.org/10.13154/tches.v2018.i3.44-68Google ScholarGoogle ScholarCross RefCross Ref
  23. [23] Leest Vincent, Sluis Erik, Schrijen Geert, Tuyls Pim, and Handschuh Helena. 2012. Efficient implementation of true random number generator based on SRAM PUFs. In Cryptography and Security: From Theory to Applications: Essays Dedicated to Jean-Jacques Quisquater on the Occasion of His 65th Birthday, David Naccache (Eds.). Springer Berlin Heidelberg, 300–318. DOI: 10.1007/978-3-642-28368-0_20Google ScholarGoogle Scholar
  24. [24] Linaro. 2020. OP-TEE: Open Portable Trusted Execution Environment. Retrieved from https://github.com/OP-TEE.Google ScholarGoogle Scholar
  25. [25] Maiti Abhranil, Gunreddy Vikash, and Schaumont Patrick. 2011. A Systematic Method to Evaluate and Compare the Performance of Physical Unclonable Functions. Cryptology ePrint Archive, Report 2011/657. Retrieved from https://eprint.iacr.org/2011/657.Google ScholarGoogle Scholar
  26. [26] Microsoft. 2020. MS TPM 2.0 Reference Implementation. Retrieved from https://github.com/microsoft/ms-tpm-20-ref.Google ScholarGoogle Scholar
  27. [27] Moghimi Daniel, Sunar Berk, Eisenbarth Thomas, and Heninger Nadia. 2020. TPM-FAIL: TPM meets timing and lattice attacks. In 29th USENIX Security Symposium (USENIX Security’20). USENIX Association, Boston, MA. Retrieved from https://www.usenix.org/conference/usenixsecurity20/presentation/moghimi. Google ScholarGoogle ScholarDigital LibraryDigital Library
  28. [28] Moradi Amir, Barenghi Alessandro, Kasper Timo, and Paar Christof. 2011. On the vulnerability of FPGA bitstream encryption against power analysis attacks: Extracting keys from Xilinx Virtex-II FPGAs. In 18th ACM Conference on Computer and Communications Security. 111124. Google ScholarGoogle ScholarDigital LibraryDigital Library
  29. [29] Platform Global. 2018. Introduction to Trusted Execution Environments. https://globalplatform.wpengine.com/resource-publication/introductionto-trusted-execution-environments/.Google ScholarGoogle Scholar
  30. [30] Raj Himanshu, Saroiu Stefan, Wolman Alec, Aigner Ronald, Cox Jeremiah, England Paul, Fenner Chris, Kinshumann Kinshuman, Loeser Jork, Mattoon Dennis, Nystrom Magnus, Robinson David, Spiger Rob, Thom Stefan, and Wooten David. 2015. fTPM: A Firmware-based TPM 2.0 Implementation. Technical Report MSR-TR-2015-84. Microsoft Research. Retrieved from https://www.microsoft.com/en-us/research/publication/ftpm-a-firmware-based-tpm-2-0-implementation/.Google ScholarGoogle Scholar
  31. [31] Schrijen Geert-Jan and Leest Vincent van der. 2012. Comparative analysis of SRAM memories used as PUF primitives. In Design, Automation, and Test in Europe Conference (DATE’12). EDA Consortium, San Jose, CA, USA, 13191324. Google ScholarGoogle ScholarDigital LibraryDigital Library
  32. [32] Sun Haonan, He Rongyu, Zhang Yong, Wang Ruiyun, Ip W. H., and Yung Kai. 2018. eTPM: A trusted cloud platform enclave TPM scheme based on Intel SGX technology. Sensors 18 (11 2018), 3807. DOI: https://doi.org/10.3390/s18113807Google ScholarGoogle ScholarCross RefCross Ref
  33. [33] Tajik Shahin, Lohrke Heiko, Seifert Jean-Pierre, and Boit Christian. 2017. On the power of optical contactless probing: Attacking bitstream encryption of FPGAs. In ACM SIGSAC Conference on Computer and Communications Security. 16611674. Google ScholarGoogle ScholarDigital LibraryDigital Library
  34. [34] Vliegen Jo, Mentens Nele, and Verbauwhede Ingrid. 2014. Secure, remote, dynamic reconfiguration of FPGAs. ACM Trans. Reconfig. Technol. Syst. 7, 4 (2014), 119. Google ScholarGoogle ScholarDigital LibraryDigital Library
  35. [35] Vliegen J., Rabbani M. M., Conti M., and Mentens N.. 2019. SACHa: Self-attestation of configurable hardware. In Design, Automation Test in Europe Conference (DATE). 746751. DOI: https://doi.org/10.23919/DATE.2019.8714775Google ScholarGoogle ScholarCross RefCross Ref
  36. [36] Wild A. and Güneysu T.. 2014. Enabling SRAM-PUFs on Xilinx FPGAs. In 24th International Conference on Field Programmable Logic and Applications (FPL’14). 14.Google ScholarGoogle ScholarCross RefCross Ref
  37. [37] Xilinx. 2018. Developing Tamper-resistant Designs with Zynq UltraScale+ Devices. XAPP1323 (v1.1). https://www.xilinx.com/support/documentation/application_notes/xapp1323-zynq-usp-tamper-resistant-designs.pdf.Google ScholarGoogle Scholar
  38. [38] Xilinx. 2019. Accelerating Cryptographic Performance on the Zynq UltraScale+MPSoC. WP512 (v1.0). https://www.xilinx.com/support/documentation/white_papers/wp512-accelcrypto.pdf.Google ScholarGoogle Scholar
  39. [39] Xilinx. 2019. Measured Boot of Zynq UltraScale+ devices. XAPP1342 (v1.0). https://www.xilinx.com/support/documentation/application_notes/xapp1342-measured-boot.pdf.Google ScholarGoogle Scholar
  40. [40] Xilinx. 2020. Solution ZynqMP PL Programming. Retrieved from https://xilinx-wiki.atlassian.net/wiki/spaces/A/pages/18841847/Solution+ZynqMP+PL+Programming.Google ScholarGoogle Scholar
  41. [41] (Xilinx) Nathan Menhorn. 2018. External Secure Storage Using the PUF. XAPP1333 (v1.0). https://www.xilinx.com/support/documentation/application_notes/xapp1333-external-storage-puf.pdf.Google ScholarGoogle Scholar
  42. [42] Zhang Ning, Sun Kun, Shands Deborah, Lou Wenjing, and Hou Y. Thomas. 2016. TruSpy: Cache Side-Channel Information Leakage from the Secure World on ARM Devices. Cryptology ePrint Archive, Report 2016/980. Retrieved from DOI: https://eprint.iacr.org/2016/980.Google ScholarGoogle Scholar
  43. [43] Zhao Mark and Suh G. Edward. 2018. FPGA-based remote power side-channel attacks. In IEEE Symposium on Security and Privacy (SP’18). 229244. DOI: https://doi.org/10.1109/SP.2018.00049Google ScholarGoogle Scholar
  44. [44] Zhao Shijun, Zhang Qianying, Hu Guangyao, Qin Yu, and Feng Dengguo. 2014. Providing root of trust for ARM TrustZone using on-chip SRAM. In 4th International Workshop on Trustworthy Embedded Devices (TrustED’14). Association for Computing Machinery, New York, NY, 2536. DOI: https://doi.org/10.1145/2666141.2666145Google ScholarGoogle Scholar

Index Terms

  1. Enhancing the Security of FPGA-SoCs via the Usage of ARM TrustZone and a Hybrid-TPM

          Recommendations

          Comments

          Login options

          Check if you have access through your login credentials or your institution to get full access on this article.

          Sign in

          Full Access

          • Published in

            cover image ACM Transactions on Reconfigurable Technology and Systems
            ACM Transactions on Reconfigurable Technology and Systems  Volume 15, Issue 1
            March 2022
            262 pages
            ISSN:1936-7406
            EISSN:1936-7414
            DOI:10.1145/3494949
            • Editor:
            • Deming Chen
            Issue’s Table of Contents

            Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

            Publisher

            Association for Computing Machinery

            New York, NY, United States

            Publication History

            • Published: 30 November 2021
            • Accepted: 1 June 2021
            • Revised: 1 May 2021
            • Received: 1 March 2021
            Published in trets Volume 15, Issue 1

            Permissions

            Request permissions about this article.

            Request Permissions

            Check for updates

            Qualifiers

            • research-article
            • Refereed

          PDF Format

          View or Download as a PDF file.

          PDF

          eReader

          View online with eReader.

          eReader

          Full Text

          View this article in Full Text.

          View Full Text

          HTML Format

          View this article in HTML Format .

          View HTML Format
          About Cookies On This Site

          We use cookies to ensure that we give you the best experience on our website.

          Learn more

          Got it!