Embedded Trusted Computing with Authenticated Non-volatile Memory
Trusted computing is an emerging technology to improve the trustworthiness of computing platforms. The Trusted Computing Group has proposed specifications for a Trusted Platform Module and a Mobile Trusted Module. One of the key problems when integrating these trusted modules into an embedded system...
Saved in:
Published in | Trusted Computing - Challenges and Applications pp. 60 - 74 |
---|---|
Main Authors | , , |
Format | Book Chapter |
Language | English |
Published |
Berlin, Heidelberg
Springer Berlin Heidelberg
|
Series | Lecture Notes in Computer Science |
Subjects | |
Online Access | Get full text |
Cover
Loading…
Summary: | Trusted computing is an emerging technology to improve the trustworthiness of computing platforms. The Trusted Computing Group has proposed specifications for a Trusted Platform Module and a Mobile Trusted Module. One of the key problems when integrating these trusted modules into an embedded system-on-chip design, is the lack of on-chip multiple-time-programmable non-volatile memory. In this paper, we describe a solution to protect the trusted module’s persistent state in external memory against non-invasive attacks. We introduce a minimal cryptographic protocol to achieve an authenticated channel between the trusted module and the external non-volatile memory. A MAC algorithm has to be added to the external memory to ensure authenticity. As a case study, we discuss trusted computing on reconfigurable hardware. In order to make our solution applicable to the low-end FPGA series which has no security measures on board, we present a solution that only relies on the reverse engineering complexity of the undocumented bitstream encoding and uses a physically unclonable function for one-time-programmable key storage. Clearly, this solution is also applicable to high-end series with special security measures on board. Our solution also supports field updates of the trusted module. |
---|---|
Bibliography: | The work described in this document has been partly financially supported by the IAP Programme P6/26 BCRYPT of the Belgian State (Belgian Science Policy), by the IBBT (Interdisciplinary institute for BroadBand Technology) of the Flemish Government, by the FWO project BBC G.0300.07, and in part by the European Commission through the IST Programme under Contract IST-027635 OPEN_TC. |
ISBN: | 3540689788 9783540689782 |
ISSN: | 0302-9743 1611-3349 |
DOI: | 10.1007/978-3-540-68979-9_5 |