On the integration of physically unclonable functions into ARM TrustZone security technology
On the integration of physically unclonable functions into ARM TrustZone security technology
As Internet of Things (IoT) devices are increasingly used in industry and become further integrated into our daily lives the security of such devices is of paramount concern. Ensuring that the large amount of information that these devices collect is protected and only accessible to authenticated users is a critical requirement of the industry. One potentially inexpensive way to improve device security utilises a Physically Unclonable Function (PUF) to generate a unique random response per device. This random response can be generated in such a way that it can be regenerated reliably and repeatably allowing the response to be considered a signature for each device. This signature could then be used for authentication or key generation purposes, improving trust in IoT devices. The advantage of a PUF based system is that the response does not need to be stored in nonvolatile memory as it is regenerated on demand, hardening the system against physical attacks. With SoC FPGAs being inexpensive and widely available there is potential for their use in both industrial and consumer applications as an additional layer of hardware security. In this paper we investigate and implement a Trusted Execution Environment (TEE) based around a PUF solely implemented in the FPGA fabric on a Xilinx Zynq-7000 SoC FPGA. The PUF response is used to seed a generic entropy maximisation function or Pseudorandom Number Generator (PRNG) with a system controller capable of encrypting data to be useful only to the device. This system interacts with a software platform running in the ARM TrustZone on the ARM Cortex core in the SoC, which handles requests between user programs and the FPGA. The proposed PUF-based security module can generate unique random keys able to pass all NIST tests and protects against physical attacks on buses and nonvolatile memories. These improvements are achieved at a cost of fewer than half the resources on the Zynq-7000 SoC FPGA.
Aitchison, Callum
a3e31cb3-c35b-42b5-b0e7-8e8220680b97
Buckle, Roman
59139e95-9668-4cb4-b00c-3f2bef5776d3
Ch'ng, Alvin
ee6a9864-a86c-4dd3-9931-d87716f38107
Clarke, Christian
2116aaac-799e-44c9-8309-3384e6f37a40
Malley, Jacob
2ba16d71-b9fa-4069-897a-2f88fa49c5f5
Halak, Basel
8221f839-0dfd-4f81-9865-37def5f79f33
September 2020
Aitchison, Callum
a3e31cb3-c35b-42b5-b0e7-8e8220680b97
Buckle, Roman
59139e95-9668-4cb4-b00c-3f2bef5776d3
Ch'ng, Alvin
ee6a9864-a86c-4dd3-9931-d87716f38107
Clarke, Christian
2116aaac-799e-44c9-8309-3384e6f37a40
Malley, Jacob
2ba16d71-b9fa-4069-897a-2f88fa49c5f5
Halak, Basel
8221f839-0dfd-4f81-9865-37def5f79f33
Aitchison, Callum, Buckle, Roman, Ch'ng, Alvin, Clarke, Christian, Malley, Jacob and Halak, Basel
(2020)
On the integration of physically unclonable functions into ARM TrustZone security technology.
In 2020 European Conference on Circuit Theory and Design (ECCTD).
IEEE.
4 pp
.
(doi:10.1109/ECCTD49232.2020.9218417).
Record type:
Conference or Workshop Item
(Paper)
Abstract
As Internet of Things (IoT) devices are increasingly used in industry and become further integrated into our daily lives the security of such devices is of paramount concern. Ensuring that the large amount of information that these devices collect is protected and only accessible to authenticated users is a critical requirement of the industry. One potentially inexpensive way to improve device security utilises a Physically Unclonable Function (PUF) to generate a unique random response per device. This random response can be generated in such a way that it can be regenerated reliably and repeatably allowing the response to be considered a signature for each device. This signature could then be used for authentication or key generation purposes, improving trust in IoT devices. The advantage of a PUF based system is that the response does not need to be stored in nonvolatile memory as it is regenerated on demand, hardening the system against physical attacks. With SoC FPGAs being inexpensive and widely available there is potential for their use in both industrial and consumer applications as an additional layer of hardware security. In this paper we investigate and implement a Trusted Execution Environment (TEE) based around a PUF solely implemented in the FPGA fabric on a Xilinx Zynq-7000 SoC FPGA. The PUF response is used to seed a generic entropy maximisation function or Pseudorandom Number Generator (PRNG) with a system controller capable of encrypting data to be useful only to the device. This system interacts with a software platform running in the ARM TrustZone on the ARM Cortex core in the SoC, which handles requests between user programs and the FPGA. The proposed PUF-based security module can generate unique random keys able to pass all NIST tests and protects against physical attacks on buses and nonvolatile memories. These improvements are achieved at a cost of fewer than half the resources on the Zynq-7000 SoC FPGA.
This record has no associated files available for download.
More information
Published date: September 2020
Identifiers
Local EPrints ID: 446737
URI: http://eprints.soton.ac.uk/id/eprint/446737
PURE UUID: 9bcf0696-7611-4901-bf68-7501e589083b
Catalogue record
Date deposited: 19 Feb 2021 17:32
Last modified: 17 Mar 2024 03:25
Export record
Altmetrics
Contributors
Author:
Callum Aitchison
Author:
Roman Buckle
Author:
Alvin Ch'ng
Author:
Christian Clarke
Author:
Jacob Malley
Author:
Basel Halak
Download statistics
Downloads from ePrints over the past year. Other digital versions may also be available to download e.g. from the publisher's website.
View more statistics