scholarly journals Attacking TrustZone on devices lacking memory protection

2021 ◽  
Author(s):  
Ron Stajnrod ◽  
Raz Ben Yehuda ◽  
Nezer Jacob Zaidenberg
Keyword(s):  
Memory Protection ◽  
Design And Implementation ◽  
Execution Environment ◽  
Processor Cores ◽  
Trusted Execution Environment

AbstractARM TrustZone offers a Trusted Execution Environment (TEE) embedded into the processor cores. Some vendors offer ARM modules that do not fully comply with TrustZone specifications, which may lead to vulnerabilities in the system. In this paper, we present a DMA attack tutorial from the insecure world onto the secure world, and the design and implementation of this attack in a real insecure hardware.

scholarly journals SoftME: A Software-Based Memory Protection Approach for TEE System to Resist Physical Attacks

2019 ◽  
Vol 2019 ◽  
pp. 1-12 ◽  
Author(s):  
Meiyu Zhang ◽  
Qianying Zhang ◽  
Shijun Zhao ◽  
Zhiping Shi ◽  
Yong Guan
Keyword(s):  
Prototype System ◽  
Sensitive Data ◽  
Embedded Devices ◽  
Memory Space ◽  
Memory Protection ◽  
System Overhead ◽  
Execution Environment ◽  
On Chip ◽  
The Internet Of Things ◽  
Trusted Execution Environment

The development of the Internet of Things has made embedded devices widely used. Embedded devices are often used to process sensitive data, making them the target of attackers. ARM TrustZone technology is used to protect embedded device data from compromised operating systems and applications. But as the value of the data stored in embedded devices increases, more and more effective physical attacks have emerged. However, TrustZone cannot resist physical attacks. We propose SoftME, an approach that utilizes the on-chip memory space to provide a trusted execution environment for sensitive applications. We protect the confidentiality and integrity of the data stored on the off-chip memory. In addition, we design task scheduling in the encryption process. We implement a prototype system of our approach on the development board supporting TrustZone and evaluate the overhead of our approach. The experimental results show that our approach improves the security of the system, and there is no significant increase in system overhead.

scholarly journals Bypassing Isolated Execution on RISC-V using Side-Channel-Assisted Fault-Injection and Its Countermeasure

2021 ◽  
pp. 28-68
Author(s):  
Shoei Nashimoto ◽  
Daisuke Suzuki ◽  
Rei Ueno ◽  
Naofumi Homma
Keyword(s):  
Real World ◽  
Fault Injection ◽  
Side Channel ◽  
Proof Of Concept ◽  
Malicious Software ◽  
Memory Protection ◽  
Channel Information ◽  
Execution Environment ◽  
Fault Injection Attack ◽  
Trusted Execution Environment

RISC-V is equipped with physical memory protection (PMP) to prevent malicious software from accessing protected memory regions. PMP provides a trusted execution environment (TEE) that isolates secure and insecure applications. In this study, we propose a side-channel-assisted fault-injection attack to bypass isolation based on PMP. The proposed attack scheme involves extracting successful glitch parameters for fault injection from side-channel information under crossdevice conditions. A proof-of-concept TEE compatible with PMP in RISC-V was implemented, and the feasibility and effectiveness of the proposed attack scheme was validated through experiments in TEEs. The results indicate that an attacker can bypass the isolation of the TEE and read data from the protected memory region In addition, we experimentally demonstrate that the proposed attack applies to a real-world TEE, Keystone. Furthermore, we propose a software-based countermeasure that prevents the proposed attack.

IIoTEED: An Enhanced, Trusted Execution Environment for Industrial IoT Edge Devices

2017 ◽  
Vol 21 (1) ◽  
pp. 40-47 ◽  
Author(s):  
Sandro Pinto ◽  
Tiago Gomes ◽  
Jorge Pereira ◽  
Jorge Cabral ◽  
Adriano Tavares
Keyword(s):  
Industrial Iot ◽  
Execution Environment ◽  
Trusted Execution Environment

Enhancing the Security of FPGA-SoCs via the Usage of ARM TrustZone and a Hybrid-TPM

2022 ◽  
Vol 15 (1) ◽  
pp. 1-26
Author(s):  
Mathieu Gross ◽  
Konrad Hohentanner ◽  
Stefan Wiehler ◽  
Georg Sigl
Keyword(s):  
Software Design ◽  
Hardware Accelerators ◽  
Biometric Authentication ◽  
Trusted Platform Module ◽  
Start Up ◽  
Execution Environment ◽  
On Chip ◽  
Trusted Platform ◽  
Trusted Execution Environment ◽  
Entropy Source

Isolated execution is a concept commonly used for increasing the security of a computer system. In the embedded world, ARM TrustZone technology enables this goal and is currently used on mobile devices for applications such as secure payment or biometric authentication. In this work, we investigate the security benefits achievable through the usage of ARM TrustZone on FPGA-SoCs. We first adapt Microsoft’s implementation of a firmware Trusted Platform Module (fTPM) running inside ARM TrustZone for the Zynq UltraScale+ platform. This adaptation consists in integrating hardware accelerators available on the device to fTPM’s implementation and to enhance fTPM with an entropy source derived from on-chip SRAM start-up patterns. With our approach, we transform a software implementation of a TPM into a hybrid hardware/software design that could address some of the security drawbacks of the original implementation while keeping its flexibility. To demonstrate the security gains obtained via the usage of ARM TrustZone and our hybrid-TPM on FPGA-SoCs, we propose a framework that combines them for enabling a secure remote bitstream loading. The approach consists in preventing the insecure usages of a bitstream reconfiguration interface that are made possible by the manufacturer and to integrate the interface inside a Trusted Execution Environment.

Sign in / Sign up

Export Citation Format

Share Document