• PDF / 1,028,598 Bytes
• 18 Pages / 439.37 x 666.142 pts Page_size
• 75 Downloads / 176 Views

DOWNLOAD

REPORT

Fraunhofer Institute for Applied and Integrated Security (AISEC), Munich, Germany {nisha.jacob,johann.heyszl, andreas.zankl,carsten.rolfes}@aisec.fraunhofer.de 2 Technische Universit¨ at M¨ unchen, EI SEC, Munich, Germany [email protected]

Abstract. Embedded IoT devices are often built upon large system on chip computing platforms running a significant stack of software. For certain computation-intensive operations such as signal processing or encryption and authentication of large data, chips with integrated FPGAs, FPGA SoCs, which provide high performance through configurable hardware designs, are used. In this contribution, we demonstrate how an FPGA hardware design can compromise the important secure boot process of the main software system to boot from a malicious network source instead of an authentic signed kernel image. This significant and new threat arises from the fact that the CPU and FPGA are connected to the same memory bus, so that FPGA hardware designs can interfere with secure boot routines on FPGA SoCs that are without any interruption on regular SoCs. An enabling factor is that integrated hardware designs are likely bought from external partners and there is a realistic lack of security review at the system integrators. This facilitates flaws or even unwanted functionality in such hardware designs. We perform a proof of concept on a Xilinx Zynq-7000 FPGA SoC, and the threat can be generalized to other devices. We also present as effective mitigation, an easy-to-review and re-usable wrapper module which prevents any unauthorized memory access by included hardware designs. Keywords: FPGA SoCs · Secure boot · Hardware design · Outsourced · Threat

1

Introduction

We are currently experiencing a rapid increase in the number of embedded devices being used in the context of the Internet-of-Things (IoT) and cyber physical systems. The application domains of such systems range from automotive, aviation, infrastructure, to industrial production and even home appliances. Across all domains, embedded systems are mostly build on powerful high-volume System on Chips (SoCs) running a mixture of open-source and closed source c International Association for Cryptologic Research 2017  W. Fischer and N. Homma (Eds.): CHES 2017, LNCS 10529, pp. 425–442, 2017. DOI: 10.1007/978-3-319-66787-4 21

426

N. Jacob et al.

software, and include network communication interfaces. Such devices perform critical tasks, however, are at the same time physically accessible for attackers in many cases. Fortunately, several security mechanisms have been developed to counteract possible attacks based on physical access. The arguably most important and widely adopted countermeasure is a secure boot mechanism which ensures that only authentic and unmodified software can be run right from the start of the first code within the CPU. This prevents attackers from manipulating software images and restarting devices into a manipulated behaviour. As such, it can be seen as the foundation of all further software security measures. Some applications of

Recommend Documents

Secure Hardware

176 47 2MB

Symmetric Multiprocessor Design for Hybrid CPU/FPGA SoCs

116 93 1MB

Evolvable Hardware Architectures on FPGA for Side-Channel Security

174 61 39MB

A CNN Hardware Accelerator in FPGA for Stacked Hourglass Network

149 8 29MB

Identifying Malicious Code Through Reverse Engineering

179 57 12MB

Research on Temperature Characteristics of IoT Chip Hardware Trojan Based on FPGA

157 54 103MB

How to Build Optimally Secure PRFs Using Block Ciphers

165 13 22MB

Trusted Boot

178 39 28MB

How to Prevent Private Data from being Disclosed to a Malicious Attacker

168 21 5MB

Creativity in the Analects : how to break the rules in the right way

172 71 506KB

Boot Camp Approach to Surgical Training

221 87 5MB

Spring Boot Actuator

156 72 3MB