The University of Southampton
University of Southampton Institutional Repository

On the integration of physically unclonable functions into ARM TrustZone security technology

On the integration of physically unclonable functions into ARM TrustZone security technology
On the integration of physically unclonable functions into ARM TrustZone security technology
As Internet of Things (IoT) devices are increasingly used in industry and become further integrated into our daily lives the security of such devices is of paramount concern. Ensuring that the large amount of information that these devices collect is protected and only accessible to authenticated users is a critical requirement of the industry. One potentially inexpensive way to improve device security utilises a Physically Unclonable Function (PUF) to generate a unique random response per device. This random response can be generated in such a way that it can be regenerated reliably and repeatably allowing the response to be considered a signature for each device. This signature could then be used for authentication or key generation purposes, improving trust in IoT devices. The advantage of a PUF based system is that the response does not need to be stored in nonvolatile memory as it is regenerated on demand, hardening the system against physical attacks. With SoC FPGAs being inexpensive and widely available there is potential for their use in both industrial and consumer applications as an additional layer of hardware security. In this paper we investigate and implement a Trusted Execution Environment (TEE) based around a PUF solely implemented in the FPGA fabric on a Xilinx Zynq-7000 SoC FPGA. The PUF response is used to seed a generic entropy maximisation function or Pseudorandom Number Generator (PRNG) with a system controller capable of encrypting data to be useful only to the device. This system interacts with a software platform running in the ARM TrustZone on the ARM Cortex core in the SoC, which handles requests between user programs and the FPGA. The proposed PUF-based security module can generate unique random keys able to pass all NIST tests and protects against physical attacks on buses and nonvolatile memories. These improvements are achieved at a cost of fewer than half the resources on the Zynq-7000 SoC FPGA.
IEEE
Aitchison, Callum
a3e31cb3-c35b-42b5-b0e7-8e8220680b97
Buckle, Roman
59139e95-9668-4cb4-b00c-3f2bef5776d3
Ch'ng, Alvin
ee6a9864-a86c-4dd3-9931-d87716f38107
Clarke, Christian
2116aaac-799e-44c9-8309-3384e6f37a40
Malley, Jacob
2ba16d71-b9fa-4069-897a-2f88fa49c5f5
Halak, Basel
8221f839-0dfd-4f81-9865-37def5f79f33
Aitchison, Callum
a3e31cb3-c35b-42b5-b0e7-8e8220680b97
Buckle, Roman
59139e95-9668-4cb4-b00c-3f2bef5776d3
Ch'ng, Alvin
ee6a9864-a86c-4dd3-9931-d87716f38107
Clarke, Christian
2116aaac-799e-44c9-8309-3384e6f37a40
Malley, Jacob
2ba16d71-b9fa-4069-897a-2f88fa49c5f5
Halak, Basel
8221f839-0dfd-4f81-9865-37def5f79f33

Aitchison, Callum, Buckle, Roman, Ch'ng, Alvin, Clarke, Christian, Malley, Jacob and Halak, Basel (2020) On the integration of physically unclonable functions into ARM TrustZone security technology. In 2020 European Conference on Circuit Theory and Design (ECCTD). IEEE. 4 pp . (doi:10.1109/ECCTD49232.2020.9218417).

Record type: Conference or Workshop Item (Paper)

Abstract

As Internet of Things (IoT) devices are increasingly used in industry and become further integrated into our daily lives the security of such devices is of paramount concern. Ensuring that the large amount of information that these devices collect is protected and only accessible to authenticated users is a critical requirement of the industry. One potentially inexpensive way to improve device security utilises a Physically Unclonable Function (PUF) to generate a unique random response per device. This random response can be generated in such a way that it can be regenerated reliably and repeatably allowing the response to be considered a signature for each device. This signature could then be used for authentication or key generation purposes, improving trust in IoT devices. The advantage of a PUF based system is that the response does not need to be stored in nonvolatile memory as it is regenerated on demand, hardening the system against physical attacks. With SoC FPGAs being inexpensive and widely available there is potential for their use in both industrial and consumer applications as an additional layer of hardware security. In this paper we investigate and implement a Trusted Execution Environment (TEE) based around a PUF solely implemented in the FPGA fabric on a Xilinx Zynq-7000 SoC FPGA. The PUF response is used to seed a generic entropy maximisation function or Pseudorandom Number Generator (PRNG) with a system controller capable of encrypting data to be useful only to the device. This system interacts with a software platform running in the ARM TrustZone on the ARM Cortex core in the SoC, which handles requests between user programs and the FPGA. The proposed PUF-based security module can generate unique random keys able to pass all NIST tests and protects against physical attacks on buses and nonvolatile memories. These improvements are achieved at a cost of fewer than half the resources on the Zynq-7000 SoC FPGA.

Full text not available from this repository.

More information

Published date: September 2020

Identifiers

Local EPrints ID: 446737
URI: http://eprints.soton.ac.uk/id/eprint/446737
PURE UUID: 9bcf0696-7611-4901-bf68-7501e589083b
ORCID for Basel Halak: ORCID iD orcid.org/0000-0003-3470-7226

Catalogue record

Date deposited: 19 Feb 2021 17:32
Last modified: 23 Mar 2021 02:43

Export record

Altmetrics

Contributors

Author: Callum Aitchison
Author: Roman Buckle
Author: Alvin Ch'ng
Author: Christian Clarke
Author: Jacob Malley
Author: Basel Halak ORCID iD

University divisions

Download statistics

Downloads from ePrints over the past year. Other digital versions may also be available to download e.g. from the publisher's website.

View more statistics

Atom RSS 1.0 RSS 2.0

Contact ePrints Soton: eprints@soton.ac.uk

ePrints Soton supports OAI 2.0 with a base URL of http://eprints.soton.ac.uk/cgi/oai2

This repository has been built using EPrints software, developed at the University of Southampton, but available to everyone to use.

We use cookies to ensure that we give you the best experience on our website. If you continue without changing your settings, we will assume that you are happy to receive cookies on the University of Southampton website.

×