Enhancing the Security of FPGA-SoCs via the Usage of ARM TrustZone and a Hybrid-TPM

Isolated execution is a concept commonly used for increasing the security of a computer system. In the embedded world, ARM TrustZone technology enables this goal and is currently used on mobile devices for applications such as secure payment or biometric authentication. In this work, we investigate the security benefits achievable through the usage of ARM TrustZone on FPGA-SoCs. We first adapt Microsoft’s implementation of a firmware Trusted Platform Module (fTPM) running inside ARM TrustZone for the Zynq UltraScale+ platform. This adaptation consists in integrating hardware accelerators available on the device to fTPM’s implementation and to enhance fTPM with an entropy source derived from on-chip SRAM start-up patterns. With our approach, we transform a software implementation of a TPM into a hybrid hardware/software design that could address some of the security drawbacks of the original implementation while keeping its flexibility. To demonstrate the security gains obtained via the usage of ARM TrustZone and our hybrid-TPM on FPGA-SoCs, we propose a framework that combines them for enabling a secure remote bitstream loading. The approach consists in preventing the insecure usages of a bitstream reconfiguration interface that are made possible by the manufacturer and to integrate the interface inside a Trusted Execution Environment.

Shared Mobility for Transport and Its Environmental Impact VeSIPreS: A Vehicular Soft Integrity Preservation Scheme for Shared Mobility

Car manufacturers are noticing and encouraging a trend away from individual mobility, where a vehicle is owned and driven by one or only a few other persons, and towards shared-mobility concepts. That means that many different people use and have access to the same vehicle. An attacker disguised as a regular short-time user can use the additional attack vectors (s)he gets by having physical access to tamper the vehicle’s software. The software takes a continuously more crucial role in cars for autonomous driving, and manipulations can have catastrophic consequences for the persons on board. Currently, there is no mechanism available to the vehicle owner to detect such manipulations in the vehicle done by the attacker (short-time user). In this work, a novel vehicle attestation scheme called Vehicular Soft Integrity Preservation Scheme (VeSIPreS) is proposed to detect tampering in the software stack of a vehicle and guarantee the upcoming driver that the previous user has not changed the software of the vehicle. The solution consists of a software module in the vehicle and a mobile-based user application for the vehicle owner to monitor the vehicle’s soft integrity. Inside the vehicle, the software module is implemented in the central gateway, which acts as the primary security component. VeSIPreS uses Trusted Platform Module (TPM) in the central gateway, which anchors trust in our proposed solution. This paper also provides a proof-of-concept implementation with a TPM, demonstrating its application and deployment feasibility and presentig a security analysis to show the security of VeSIPreS.

Remote Attestation on Behavioral Traces for Crowd Quality Control Based on Trusted Platform Module

Behavioral traces of workers have emerged as a new evidence to check the quality of their produced outputs in crowd computing. Whether the evidence is trustworthy or not is a key problem during the process. Challenges will be encountered in addressing this issue, because the evidence comes from unknown or adversarial workers. In this study, we proposed an alternative approach to ensure trustworthy evidence through a hardware-based remote attestation to bridge the gap. The integrity of the evidence was used as the trustworthy criterion. Trusted Platform Module (TPM) was considered the trusted anchor inspired by trusted computing to avoid unreliable or malicious workers. The module carefully recorded and stored many workers’ behavioral traces in the storage measurement log (SML). Each item in the log was extended to a platform configuration register (PCR) by the occurrence sequence of each event. The PCR was a tamper-proof storage inside the TPM. The value of the PCR was also considered evidence together with the SML. The evidence was sent to the crowdsourcing platform with the TPM signature. The platform checked the integrity of the evidence by a series of operations, such as validating the signature and recomputing the SML hash. This process was designed as a remote attestation protocol. The effectiveness, efficiency, and security of the protocol were verified theoretically and through experiments based on the open dataset, WebCrowd25K, and custom dataset. Results show that the proposed method is an alternative solution for ensuring the integrity of behavioral traces.

TAMEC: Trusted Augmented Mobile Execution on Cloud

Cloud computing has emerged as an attractive platform for individuals and businesses to augment their basic processing capabilities. Mobile devices with access to Internet are also turning towards clouds for resource-intensive tasks by working out a trade-off between resources required for performing computation on-device against those required for off-loading task to the cloud. However, as with desktop clients, mobile clients face significant concerns related to confidentiality and integrity of data and applications moved to and from the cloud. Cloud-related security solutions proposed for desktop clients could not be readily ported to mobile clients owing to the obvious limitation in their processing capabilities and restrained battery life. We address this problem by proposing architecture for secure exchange and trusted execution between mobile devices and cloud hosts. We establish a symmetric-key-based secure communication channel between mobile and cloud, backed by a trusted coordinator. We also employee a Trusted Platform Module- (TPM-) based attestation of the cloud nodes on which the data and applications of mobile device will be hosted. This gives a comprehensive solution for end-to-end secure and trusted interaction of the mobile device with cloud hosts.

Establishment of Trust in Internet of Things by Integrating Trusted Platform Module: To Counter Cybersecurity Challenges

With the increasing day-to-day acceptance of IOT computing, the issues related to it are also getting more attention. The current IOT computing infrastructure brings some security challenges concerned with the users/customers and CSP. The users can store their confidential data at IOT storage and can access them anytime when they need. Lack of trust exists among IOT users and between IOT users and CSP. The prevention of this risk is a big research issue and it needs to be solved. There is a need for trusted IOT computing in recent times to provide trusted services. Here, we propose the integration of TPM in IOT computing to performs cryptographic operations and provide hardware-based security. In this domain, different schemes and methods have been proposed to build trust in IOT computing, but the suitable solution has not been presented by these schemes because these schemes lack in terms of some security services. A comparative study based on trusted computing schemes has also been presented in this paper along with different implementations of critical analysis. Our study is based on an overview of the main issues and summarizing the literature along with their strengths and limitations. In the end, we integrated the trusted platform module in the IOT architecture to establish the trust in IOT computing and to enhance the cybersecurity challenges and evaluated it with the help of mathematical/algorithms/graph theory/matrices and logical diagrams.

Cryptographic Keys Generating and Renewing System for IoT Network Nodes—A Concept

Designers and users of the Internet of Things (IoT) are devoting more and more attention to the issues of security and privacy as well as the integration of data coming from various areas. A critical element of cooperation is building mutual trust and secure data exchange. Because IoT devices usually have small memory resources, limited computing power, and limited energy resources, it is often impossible to effectively use a well-known solution based on the Certification Authority. This article describes the concept of the system for a cryptographic Key Generating and Renewing system (KGR). The concept of the solution is based on the use of the hardware Trusted Platform Module (TPM) v2.0 to support the procedures of creating trust structures, generating keys, protecting stored data, and securing data exchange between system nodes. The main tasks of the system are the secure distribution of a new symmetric key and renewal of an expired key for data exchange parties. The KGR system is especially designed for clusters of the IoT nodes but can also be used by other systems. A service based on the Message Queuing Telemetry Transport (MQTT) protocol will be used to exchange data between nodes of the KGR system.

Design and Implementation of Inter-operable and Secure Agent Migration Protocol

Mobile agent technology is an active research topic and has found its uses in various diverse areas ranging from simple personal assistance to complex distributed big data systems. Its usage permits offline and autonomous execution as compared to classical distributed systems. The free roaming nature of agents makes it prone to several security threats during its transit state, with an added overhead in its interoperability among different types of platforms. To address these problems, both software and hardware based approaches have been proposed to ensure protection at various transit points. However, these approaches do not ensure interoperability and protection to agents during transit over a channel, simultaneously. In this regard, an agent requires a trustworthy, interoperable, and adaptive protocol for secure migration. In this paper, to answer these research issues, we first analyse security flaws in existing agent protection frameworks. Second, we implemented a novel migration architecture which is: 1) fully inter-operable compliance to the Foundation for Intelligent Physical Agents (FIPA) and 2) trustworthy based on Computing Trusted Platform Module (TPM). The proposed approach is validated by testing on software TPM of IBM, JSR321, and jTPMTools as TPM and Trusted Computing Software Stack (TSS) interfaces, JADE-agent framework and 7Mobility Service (JIPMS). Validation is also performed on systems bearing physical TPM-chips. Moreover, some packages of JIPMS are also modified by embedding our proposed approach into their functions. Our performance results show that our approach merely adds an execution overhead during the binding and unbinding phases