Your search keyword '"Trustzone"' showing total 89 results

1. Trustworthy Environmental Monitoring Using Hardware-Assisted Security Mechanisms.

Author

Segers, Laurent, Talebi, Borna, da Silva, Bruno, Touhafi, Abdellah, and Braeken, An

Subjects

*ENVIRONMENTAL monitoring, *WELL-being

Abstract

Environmental monitoring is essential for safeguarding the health of our planet and protecting human health and well-being. Without trust, the effectiveness of environmental monitoring and the ability to address environmental challenges are significantly compromised. In this paper, we present a sensor platform capable of performing authenticated and trustworthy measurements, together with a lightweight security protocol for sending the data from the sensor to a central server anonymously. Besides presenting a new and very efficient symmetric-key-based protocol, we also demonstrate on real hardware how existing embedded security modules can be utilized for this purpose. We provide an in-depth evaluation of the performance and a detailed security analysis. [ABSTRACT FROM AUTHOR]

Published

2024

2. Trustworthy Environmental Monitoring Using Hardware-Assisted Security Mechanisms

Author

Laurent Segers, Borna Talebi, Bruno da Silva, Abdellah Touhafi, and An Braeken

Subjects

Secure IoT, TrustZone, Secure IoT communication, key agreement protocol, low-power Secure IoT, Chemical technology, TP1-1185

Abstract

Environmental monitoring is essential for safeguarding the health of our planet and protecting human health and well-being. Without trust, the effectiveness of environmental monitoring and the ability to address environmental challenges are significantly compromised. In this paper, we present a sensor platform capable of performing authenticated and trustworthy measurements, together with a lightweight security protocol for sending the data from the sensor to a central server anonymously. Besides presenting a new and very efficient symmetric-key-based protocol, we also demonstrate on real hardware how existing embedded security modules can be utilized for this purpose. We provide an in-depth evaluation of the performance and a detailed security analysis.

Published

2024

3. A Novel Network Data Encryption Method Based on TrustZone.

Author

Hongyan Xu and Yaodong Yuan

Subjects

*DATA encryption, *IMAGE encryption, *WIRELESS sensor networks, *COMPUTER network security, *TRUST, *DATA transmission systems, *SOCIAL networks, *LINEAR network coding

Abstract

To ensure the security of network data transmission, a network data encryption method based on TrustZone was analyzed. The hardware layer was used to provide hardware support for network data encryption. The framework layer was provided with a trusted operating kernel and a common kernel with a rich execution environment through the kernel layer. The framework layer used the key security management unit on the client-application-side to create, write, read, and delete the security key file. The network data encryption and decryption unit on the client-application-side constructed a session connection between the client application side and the trusted application side under the kernel provided by the kernel layer by calling the hardware of the hardware layer. Moreover, the network data encryption and decryption instructions were transmitted to the trusted-application-side network data encryption and decryption unit. The encryption of the memristor neural network and the cubic chaotic map were employed. The network data encryption and decryption results were presented to the user through the application layer. Experiments results prove that, the interval of the optimal key chaotic sequence must be controlled between [-1,1]. The ASCII code value of the network data character sequence before encryption has an obvious distribution pattern to encrypt the network data to be transmitted under the wireless sensor network scenario. The value of the 0-1 balance index of the encrypted network data of this study's method is the closest to 0, and the highest values are approximately 0.0088, 0.0079, and 0.0067. The method in this study can effectively encrypt and decrypt network data. Under different attack types, this method has high integrity of encrypted network data and a high value of avalanche effect. Thus, it has effective anti-attack performance. [ABSTRACT FROM AUTHOR]

Published

2023

4. Trusted Deep Neural Execution—A Survey

Author

Mohammad Fakhruddin Babar and Monowar Hasan

Subjects

Neural network, DNN, trusted execution, TEE, TrustZone, SGX, Electrical engineering. Electronics. Nuclear engineering, TK1-9971

Abstract

The growing use of deep neural networks (DNNs) in various applications has raised concerns about the security and privacy of model parameters and runtime execution. To address these concerns, researchers have proposed using trusted execution environments (TEEs) to build trustworthy neural network execution. This paper comprehensively surveys the literature on trusted neural networks, viz., answering how to efficiently execute neural models inside trusted enclaves. We review the various TEE architectures and techniques employed to achieve secure neural network execution and provide a classification of existing work. Additionally, we discuss the challenges and present a few open issues. We intend that this review will assist researchers and practitioners in understanding the state-of-the-art and identifying research problems.

Published

2023

5. The Data Privacy Protection Method for Hyperledger Fabric Based on Trustzone.

Author

Gao, Wen, Hei, Xinhong, and Wang, Yichuan

Subjects

*DATA privacy, *DATA protection, *DATA encryption, *DATA security, *TRUST, *ELECTRONIC data processing

Abstract

Hyperledger Fabric is a distributed ledger solution platform based on a modular architecture. The cryptographic algorithm is the core of the platform to ensure the security and tamper-resistant of the data on the chain. However, the original Fabric platform lacks the protection of user's keys and cryptographic operations. To this end, this paper proposes a data privacy protection method for Hyperledger Fabric based on Trustzone technology, which places the user's key and the cryptographic operation process of private data in the trusted execution environment for protection. The experimental results based on the existing blockchain network show that the scheme can effectively ensure the security of data encryption process and key static storage, greatly reduce the trusted computing base and the attack surface. The performance loss is within an acceptable range. [ABSTRACT FROM AUTHOR]

Published

2023

6. Defending against OS-Level Malware in Mobile Devices via Real-Time Malware Detection and Storage Restoration

Author

Niusen Chen and Bo Chen

Subjects

OS-level malware, data corruptions, detection, recovery, mobile devices, TrustZone, Technology (General), T1-995

Abstract

Combating the OS-level malware is a very challenging problem as this type of malware can compromise the operating system, obtaining the kernel privilege and subverting almost all the existing anti-malware tools. This work aims to address this problem in the context of mobile devices. As real-world malware is very heterogeneous, we narrow down the scope of our work by especially focusing on a special type of OS-level malware that always corrupts user data. We have designed mobiDOM, the first framework that can combat the OS-level data corruption malware for mobile computing devices. Our mobiDOM contains two components, a malware detector and a data repairer. The malware detector can securely and timely detect the presence of OS-level malware by fully utilizing the existing hardware features of a mobile device, namely, flash memory and Arm TrustZone. Specifically, we integrate the malware detection into the flash translation layer (FTL), a firmware layer embedded into the flash storage hardware, which is inaccessible to the OS; in addition, we run a trusted application in the Arm TrustZone secure world, which acts as a user-level manager of the malware detector. The FTL-based malware detection and the TrustZone-based manager can communicate with each other stealthily via steganography. The data repairer can allow restoring the external storage to a healthy historical state by taking advantage of the out-of-place-update feature of flash memory and our malware-aware garbage collection in the FTL. Security analysis and experimental evaluation on a real-world testbed confirm the effectiveness of mobiDOM.

Published

2022

7. uTango: An Open-Source TEE for IoT Devices

Author

Daniel Oliveira, Tiago Gomes, and Sandro Pinto

Subjects

Arm, IoT, isolation, separation, trusted execution environment (TEE), TrustZone, Electrical engineering. Electronics. Nuclear engineering, TK1-9971

Abstract

Security is one of the main challenges of the Internet of Things (IoT). IoT devices are mainly powered by low-cost microcontrollers (MCUs) that typically lack basic hardware security mechanisms to separate security-critical applications from less critical components. Recently, Arm has started to release Cortex-M MCUs enhanced with TrustZone technology (i.e., TrustZone-M), a system-wide security solution aiming at providing robust protection for IoT devices. Trusted Execution Environments (TEEs) relying on TrustZone hardware have been perceived as safe havens for securing mobile devices. However, for the past few years, considerable effort has gone into unveiling hundreds of vulnerabilities and proposing a collection of relevant defense techniques to address several issues. While new TEE solutions built on TrustZone-M start flourishing, the lessons gathered from the research community appear to be falling short, as these new systems are trapping into the same pitfalls of the past. In this paper, we present uTango, the first multi-world TEE for modern IoT devices. uTango proposes a novel architecture aiming at tackling the major architectural deficiencies currently affecting TrustZone(-M)-assisted TEEs. In particular, we leverage the very same TrustZone hardware primitives used by dual-world implementations to create multiple and equally secure execution environments within the normal world. We demonstrate the benefits of uTango by conducting an extensive evaluation on a real TrustZone-M hardware platform, i.e., Arm Musca-B1. uTango will be open-sourced and freely available on GitHub in hopes of engaging academia and industry on securing the foreseeable trillion IoT devices.

Published

2022

8. Cross-World Covert Channel on ARM Trustzone through PMU.

Author

Li, Xinyao and Tyagi, Akhilesh

Subjects

*TRUST, *MACHINE learning, *CACHE memory, *BANDWIDTHS, *SYNCHRONIZATION, *INTERNET of things

Abstract

The TrustZone technology is incorporated in a majority of recent ARM Cortex A and Cortex M processors widely deployed in the IoT world. Security critical code execution inside a so-called secure world is isolated from the rest of the application execution within a normal world. It provides hardware-isolated area called a trusted execution environment (TEE) in the processor for sensitive data and code. This paper demonstrates a vulnerability in the secure world in the form of a cross-world, secure world to normal world, covert channel. Performance counters or Performance Monitoring Unit (PMU) events are used to convey the information from the secure world to the normal world. An encoding program generates appropriate PMU event footprint given a secret S. A corresponding decoding program reads the PMU footprint and infers S using machine learning (ML). The machine learning model can be trained entirely from the data collected from the PMU in user space. Lack of synchronization between PMU start and PMU read adds noise to the encoding/decoding ML models. In order to account for this noise, this study proposes three different synchronization capabilities between the client and trusted applications in the covert channel. These are synchronous, semi-synchronous, and asynchronous. Previously proposed PMU based covert channels deploy L1 and LLC cache PMU events. The latency of these events tends to be 100–1000 cycles limiting the bandwidth of these covert channels. We propose to use microarchitecture level events with latency of 10–100 cycles captured through PMU for covert channel encoding leading to a potential 100× higher bandwidth. This study conducts a series of experiments to evaluate the proposed covert channels under various synchronization models on a TrustZone supported Cortex-A processor using OP-TEE framework. As stated earlier, switch from signaling based on PMU cache events to PMU microarchitectural events leads to approximately 15× higher covert channel bandwidth. This proposed finer-grained microarchitecture event encoding covert channel can achieve throughput of the order of 11 Kbits/s as opposed to previous work's throughput of the order of 760 bits/s. [ABSTRACT FROM AUTHOR]

Published

2022

9. DeepTrust^RT: Confidential Deep Neural Inference Meets Real-Time!

Author

Mohammad Fakhruddin Babar and Monowar Hasan, Babar, Mohammad Fakhruddin, Hasan, Monowar, Mohammad Fakhruddin Babar and Monowar Hasan, Babar, Mohammad Fakhruddin, and Hasan, Monowar

Abstract

Deep Neural Networks (DNNs) are becoming common in "learning-enabled" time-critical applications such as autonomous driving and robotics. One approach to protect DNN inference from adversarial actions and preserve model privacy/confidentiality is to execute them within trusted enclaves available in modern processors. However, running DNN inference inside limited-capacity enclaves while ensuring timing guarantees is challenging due to (a) large size of DNN workloads and (b) extra switching between "normal" and "trusted" execution modes. This paper introduces new time-aware scheduling schemes - DeepTrust^RT - to securely execute deep neural inferences for learning-enabled real-time systems. We first propose a variant of EDF (called DeepTrust^RT-LW) that slices each DNN layer and runs them sequentially in the enclave. However, due to extra context switch overheads of individual layer slices, we further introduce a novel layer fusion technique (named DeepTrust^RT-FUSION). Our proposed scheme provides hard real-time guarantees by fusing multiple layers of DNN workload from multiple tasks; thus allowing them to fit and run concurrently within the enclaves while maintaining real-time guarantees. We implemented and tested DeepTrust^RT ideas on the Raspberry Pi platform running OP-TEE+DarkNet-TZ DNN APIs and three DNN workloads (AlexNet-squeezed, Tiny Darknet, YOLOv3-tiny). Compared to the layer-wise partitioning approach (DeepTrust^RT-LW), DeepTrust^RT-FUSION can schedule up to 3x more tasksets and reduce context switches by up to 11.12x. We further demonstrate the efficacy of DeepTrust^RT using a flight controller (ArduPilot) case study and find that DeepTrust^RT-FUSION retains real-time guarantees where DeepTrust^RT-LW becomes unschedulable.

Published

2024

10. Defending against OS-Level Malware in Mobile Devices via Real-Time Malware Detection and Storage Restoration †.

Author

Chen, Niusen and Chen, Bo

Subjects

MALWARE prevention, MOBILE apps, FLASH memory, INVESTMENT analysis, RANDOM access memory

Abstract

Combating the OS-level malware is a very challenging problem as this type of malware can compromise the operating system, obtaining the kernel privilege and subverting almost all the existing anti-malware tools. This work aims to address this problem in the context of mobile devices. As real-world malware is very heterogeneous, we narrow down the scope of our work by especially focusing on a special type of OS-level malware that always corrupts user data. We have designed mobiDOM, the first framework that can combat the OS-level data corruption malware for mobile computing devices. Our mobiDOM contains two components, a malware detector and a data repairer. The malware detector can securely and timely detect the presence of OS-level malware by fully utilizing the existing hardware features of a mobile device, namely, flash memory and Arm TrustZone. Specifically, we integrate the malware detection into the flash translation layer (FTL), a firmware layer embedded into the flash storage hardware, which is inaccessible to the OS; in addition, we run a trusted application in the Arm TrustZone secure world, which acts as a user-level manager of the malware detector. The FTL-based malware detection and the TrustZone-based manager can communicate with each other stealthily via steganography. The data repairer can allow restoring the external storage to a healthy historical state by taking advantage of the out-of-place-update feature of flash memory and our malware-aware garbage collection in the FTL. Security analysis and experimental evaluation on a real-world testbed confirm the effectiveness of mobiDOM. [ABSTRACT FROM AUTHOR]

Published

2022

11. The Data Privacy Protection Method for Hyperledger Fabric Based on Trustzone

Author

Wen Gao, Xinhong Hei, and Yichuan Wang

Subjects

Hyperledger fabric, Trustzone, privacy, Mathematics, QA1-939

Abstract

Hyperledger Fabric is a distributed ledger solution platform based on a modular architecture. The cryptographic algorithm is the core of the platform to ensure the security and tamper-resistant of the data on the chain. However, the original Fabric platform lacks the protection of user’s keys and cryptographic operations. To this end, this paper proposes a data privacy protection method for Hyperledger Fabric based on Trustzone technology, which places the user‘s key and the cryptographic operation process of private data in the trusted execution environment for protection. The experimental results based on the existing blockchain network show that the scheme can effectively ensure the security of data encryption process and key static storage, greatly reduce the trusted computing base and the attack surface. The performance loss is within an acceptable range.

Published

2023

12. Nanovised Control Flow Attestation.

Author

Ben Yehuda, Raz, Kiperberg, Michael, and Zaidenberg, Nezer Jacob

Subjects

INTERNET servers, RADIO access networks, LINUX operating systems

Abstract

This paper presents an improvement of control flow attestation (C-FLAT) for Linux. C-FLAT is a control attestation system for embedded devices. It was implemented as a software executing in ARM's TrustZone on bare-metal devices. We extend the design and implementation of C-FLAT through the use of a type 2 Nanovisor in the Linux operating system. We call our improved system "C-FLAT Linux". Compared to the original C-FLAT, C-FLAT Linux reduces processing overheads and is able to detect the SlowLoris attack. We describe the architecture of C-FLAT Linux and provide extensive measurements of its performance in benchmarks and real-world scenarios. In addition, we demonstrate the detection of the SlowLoris attack on the Apache web server. [ABSTRACT FROM AUTHOR]

Published

2022

13. A Design and Verification Methodology for a TrustZone Trusted Execution Environment

Author

Haiyong Sun and Hang Lei

Subjects

Formal verification, information flow noninterference, trusted execution environment, TrustZone, Electrical engineering. Electronics. Nuclear engineering, TK1-9971

Abstract

Hardware support for isolated execution (e.g., ARM TrustZone) enables the development of a trusted execution environment (TEE) that ensures the security of the code and data while communicating with a compromised rich execution environment (REE). The ability to satisfy various security services is complicated and usually consists of trusted applications, a trusted kernel and a secure monitor. However, formally verifying the security of an entire TEE security remains challenging. We present a methodology for designing a TEE in a way that enables verification of its security properties. Our methodology consists of forcing a trusted application and kernel to communicate with an REE via a narrow interface and compile and link them with a small secure monitor that implements the interface and runs at the highest privilege level. We provide functional verification of the secure monitor to ensure that it correctly switches the TEE/REE, communicates with the REE at a pre-defined memory space and has no integer overflow vulnerability. We also perform a verification of the secure monitor's scheduler to ensure that it satisfies information flow noninterference. We present a modular verification framework that can prove an end-to-end security property for cross-language programmes (e.g., C and assembly languages). Our evaluation suggests that the methodology scales to real-world TEE applications.

Published

2020

14. Cross-World Covert Channel on ARM Trustzone through PMU

Author

Xinyao Li and Akhilesh Tyagi

Subjects

TrustZone, PMU, covert channel attack, IoT, OP-TEE, Chemical technology, TP1-1185

Abstract

The TrustZone technology is incorporated in a majority of recent ARM Cortex A and Cortex M processors widely deployed in the IoT world. Security critical code execution inside a so-called secure world is isolated from the rest of the application execution within a normal world. It provides hardware-isolated area called a trusted execution environment (TEE) in the processor for sensitive data and code. This paper demonstrates a vulnerability in the secure world in the form of a cross-world, secure world to normal world, covert channel. Performance counters or Performance Monitoring Unit (PMU) events are used to convey the information from the secure world to the normal world. An encoding program generates appropriate PMU event footprint given a secret S. A corresponding decoding program reads the PMU footprint and infers S using machine learning (ML). The machine learning model can be trained entirely from the data collected from the PMU in user space. Lack of synchronization between PMU start and PMU read adds noise to the encoding/decoding ML models. In order to account for this noise, this study proposes three different synchronization capabilities between the client and trusted applications in the covert channel. These are synchronous, semi-synchronous, and asynchronous. Previously proposed PMU based covert channels deploy L1 and LLC cache PMU events. The latency of these events tends to be 100–1000 cycles limiting the bandwidth of these covert channels. We propose to use microarchitecture level events with latency of 10–100 cycles captured through PMU for covert channel encoding leading to a potential 100× higher bandwidth. This study conducts a series of experiments to evaluate the proposed covert channels under various synchronization models on a TrustZone supported Cortex-A processor using OP-TEE framework. As stated earlier, switch from signaling based on PMU cache events to PMU microarchitectural events leads to approximately 15× higher covert channel bandwidth. This proposed finer-grained microarchitecture event encoding covert channel can achieve throughput of the order of 11 Kbits/s as opposed to previous work’s throughput of the order of 760 bits/s.

Published

2022

15. TZmCFI: RTOS-Aware Control-Flow Integrity Using TrustZone for Armv8-M.

Author

Kawada, Tomoaki, Honda, Shinya, Matsubara, Yutaka, and Takada, Hiroaki

Subjects

*SECURITY management

Abstract

Control-Flow Integrity (CFI) is a class of defensive techniques against control-flow attacks such as Return-Oriented Programming. We propose a light-weight CFI scheme for RTOS-based applications, TZmCFI, which utilizes TrustZone for Armv8-M, a hardware-assisted security feature for embedded systems with tight resource constraints. TZmCFI embodies several existing CFI techniques to provide a comprehensive protection. The traditional shadow stack technique is used to ensure stack integrity and validate function returns. To protect exception handlers, TZmCFI extends shadow exception stacks, which are a variant of the traditional shadow stack technique we proposed in our previous work, for RTOS integration and performance improvement. We conducted an experiment on Arm Versatile Express Cortex-M Prototyping System (V2M-MPS2+) to evaluate the run-time overhead of the proposed system. [ABSTRACT FROM AUTHOR]

Published

2021

16. Trustzone-based secure lightweight wallet for hyperledger fabric.

Author

Dai, Weiqi, Wang, Qinyuan, Wang, Zeli, Lin, Xiaobin, Zou, Deqing, and Jin, Hai

Subjects

*ELECTRONIC money, *WALLETS, *ELECTRONIC wallets, *BITCOIN

Abstract

With the development of blockchain-based digital currencies, the security of digital wallets becomes more and more important. As far as we know, there is no safe lightweight wallet in hyperledger fabric. To solve the problem, we proposed a T rustzone-based S ecure L ightweight W allet for H yperledger F abric (hereafter referred to as TSLWHF). Firstly, we designed an Unspent Transaction Output (UTXO) set of transactions under blockchain and a signature verification mechanism for transactions, which made it possible to implement the lightweight wallet in hyperledger fabric. Then, we implemented a reliable protection mechanism for private keys and wallet's address, which solved the problem that users' information might be stolen or replaced. Meanwhile, the transaction verification results are guaranteed not to be tampered by hackers through verifying transactions in Trusted Execution Environment (TEE) and encrypting local block headers. Finally, to demonstrate utility, we deployed the system in hyperledger fabric and trustzone. Experiments showed that the wallet reduces the size of locally stored data while protecting the security of user's assets. The time spent on TSLWHF to execute a transaction is 0.589s, which improves transaction's performance compared to Bitcoin wallet. • In hyperledger fabric, we implemented a digital currency system based on the UTXO model, which supports the Simple Payment Verification (SPV). • We designed a secure trustzone-based lightweight wallet for hyperledger fabric, which can protect users' digital assets. • We conducted abundant evaluations, and our proposed system is secure and brings less overheads. [ABSTRACT FROM AUTHOR]

Published

2021

17. Nanovised Control Flow Attestation

Author

Raz Ben Yehuda, Michael Kiperberg, and Nezer Jacob Zaidenberg

Subjects

hypervisor, ARM, Linux, control flow, SlowLoris, TrustZone, Technology, Engineering (General). Civil engineering (General), TA1-2040, Biology (General), QH301-705.5, Physics, QC1-999, Chemistry, QD1-999

Abstract

This paper presents an improvement of control flow attestation (C-FLAT) for Linux. C-FLAT is a control attestation system for embedded devices. It was implemented as a software executing in ARM’s TrustZone on bare-metal devices. We extend the design and implementation of C-FLAT through the use of a type 2 Nanovisor in the Linux operating system. We call our improved system “C-FLAT Linux”. Compared to the original C-FLAT, C-FLAT Linux reduces processing overheads and is able to detect the SlowLoris attack. We describe the architecture of C-FLAT Linux and provide extensive measurements of its performance in benchmarks and real-world scenarios. In addition, we demonstrate the detection of the SlowLoris attack on the Apache web server.

Published

2022

18. Using IM-Visor to stop untrusted IME apps from stealing sensitive keystrokes

Author

Chen Tian, Yazhe Wang, Peng Liu, Qihui Zhou, and Chengyi Zhang

Subjects

TrustZone, Android app security, User privacy, Computer engineering. Computer hardware, TK7885-7895, Electronic computers. Computer science, QA75.5-76.95

Abstract

Abstract Third-party IME (Input Method Editor) apps are often the preference means of interaction for Android users’ input. In this paper, we first discuss the insecurity of IME apps, including the Potentially Harmful Apps (PHAs) and malicious IME apps, which may leak users’ sensitive keystrokes. The current defense system, such as I-BOX, is vulnerable to the prefix substitution attack and the colluding attack due to the post-IME nature. We provide a deeper understanding that all the designs with the post-IME nature are subject to the prefix-substitution and colluding attacks. To remedy the above post-IME system’s flaws, we propose a new idea, pre-IME, which guarantees that “Is this touch event a sensitive keystroke?” analysis will always access user touch events prior to the execution of any IME app code. We design an innovative TrustZone-based framework named IM-Visor which has the pre-IME nature. Specifically, IM-Visor creates the isolation environment named STIE as soon as a user intends to type on a soft keyboard, then the STIE intercepts,Android event sub translates and analyzes the user’s touch input. If the input is sensitive, the translation of keystrokes will be delivered to user apps through a trusted path. Otherwise, IM-Visor replays non-sensitive keystroke touch events for IME apps or replays non-keystroke touch events for other apps. A prototype of IM-Visor has been implemented and tested with several most popular IMEs. The experimental results show that IM-Visor has small runtime overheads.

Published

2018

19. SBLWT: A Secure Blockchain Lightweight Wallet Based on Trustzone

Author

Weiqi Dai, Jun Deng, Qinyuan Wang, Changze Cui, Deqing Zou, and Hai Jin

Subjects

Bitcoin, SPV, wallet, Trustzone, blockchain, Electrical engineering. Electronics. Nuclear engineering, TK1-9971

Abstract

Due to the increasing total value of the digital currency, the security of encryption wallet is becoming more and more important. The hardware-based wallet is safe, but it is inconvenient because users need to carry an additional physical device, the software-based wallet is convenient, but the safety cannot be guaranteed. All these wallets need to synchronize the blockchain, while most current mobile devices do not have the capability to store all blocks. To solve these problems, mobile devices can use simplified payment verification (SPV). Nevertheless, in existing methods, there is no good way to protect the verification process of the transaction. In this paper, we design a secure blockchain lightweight wallet based on Trustzone to protect SPV. It is more portable compared with the hardware wallet, and safer than the software wallet. Through the isolation, it can also protect the private key and the wallet's address from being stolen by the attackers no matter whether the Rich OS is malicious or not. Meanwhile, it can protect the verification process by verifying transactions in the secure execution environment (SEE), and keep the local block headers unreadable directly from the Rich OS through encryption. We deploy it on the RASPBERRY PI 3 MODEL B development board. The result of the experiment shows that it has little impact on the system.

Published

2018

20. ShieLD : Shielding Cross-zone Communication within Limited-resourced IoT Devices running Vulnerable Software Stack

Author

Khurshid, Anum, Yalew, Sileshi, Aslam, Mudassar, Raza, Shahid, Khurshid, Anum, Yalew, Sileshi, Aslam, Mudassar, and Raza, Shahid

Abstract

Securing IoT devices is gaining attention as the security risks associated with these devices increase rapidly. TrustZone-M, a Trusted Execution Environment (TEE) for Cortex-M processors, ensures stronger security within an IoT device by allowing isolated execution of security-critical operations, without trusting the entire software stack. However, TrustZone-M does not guarantee secure cross-world communication between applications in the Normal and Secure worlds. The cryptographic protection of the communication channel is an obvious solution; however, within a low-power IoT device, it incurs high overhead if applied to each cross-world message exchange. We present ShieLD, a framework that enables a secure communication channel between the two TrustZone-M worlds by leveraging the Memory Protection Unit (MPU). ShieLD guarantees confidentiality, integrity and authentication services without requiring any cryptographic operations. We implement and evaluate ShieLD using a Musca-A test chip board with Cortex-M33 that supports TrustZone-M. Our empirical evaluation shows, among other gains, the cross-zone communication protected with ShieLD is 5 times faster than the conventional crypto-based communication.

Published

2023

21. On-Device Power Analysis Across Hardware Security Domains.

Author

Colin O’Flynn and Alex Dewar

Subjects

Side channel analysis, TrustZone, cross-domain attacks, Computer engineering. Computer hardware, TK7885-7895, Information technology, T58.5-58.64

Abstract

Side-channel power analysis is a powerful method of breaking secure cryptographic algorithms, but typically power analysis is considered to require specialized measurement equipment on or near the device. Assuming an attacker first gained the ability to run code on the unsecure side of a device, they could trigger encryptions and use the on-board ADC to capture power traces of that hardware encryption engine. This is demonstrated on a SAML11 which contains a M23 core with a TrustZone-M implementation as the hardware security barrier. This attack requires 160 × 106 traces, or approximately 5 GByte of data. This attack does not use any external measurement equipment, entirely performing the power analysis using the ADC on-board the microcontroller under attack. The attack is demonstrated to work both from the non-secure and secure environment on the chip, being a demonstration of a cross-domain power analysis attack. To understand the effect of noise and sample rate reduction, an attack is mounted on the SAML11 hardware AES peripheral using classic external equipment, and results are compared for various sample rates and hardware setups. A discussion on how users of this device can help prevent such remote attacks is also presented, along with metrics that can be used in evaluating other devices. Complete copies of all recorded power traces and scripts used by the authors are publicly presented.

Published

2019

22. Demystifying Arm TrustZone: A Comprehensive Survey.

Author

PINTO, SANDRO and SANTOS, NUNO

Subjects

*ARM microprocessors, *INTERNET of things, *MOTIVATION (Psychology), *MICROCONTROLLERS, *SYSTEMS on a chip

Abstract

The world is undergoing an unprecedented technological transformation, evolving into a state where ubiquitous Internet-enabled "things" will be able to generate and share large amounts of security- and privacysensitive data. To cope with the security threats that are thus foreseeable, system designers can find in Arm TrustZone hardware technology a most valuable resource. TrustZone is a System-on-Chip and CPU systemwide security solution, available on today's Arm application processors and present in the new generation Arm microcontrollers, which are expected to dominate the market of smart "things." Although this technology has remained relatively underground since its inception in 2004, over the past years, numerous initiatives have significantly advanced the state of the art involving Arm TrustZone. Motivated by this revival of interest, this paper presents an in-depth study of TrustZone technology. We provide a comprehensive survey of relevant work from academia and industry, presenting existing systems into two main areas, namely, Trusted Execution Environments and hardware-assisted virtualization. Furthermore, we analyze the most relevant weaknesses of existing systems and propose new research directions within the realm of tiniest devices and the Internet of Things, which we believe to have potential to yield high-impact contributions in the future. [ABSTRACT FROM AUTHOR]

Published

2019

23. Building Trust for Smart Connected Devices: The Challenges and Pitfalls of TrustZone

Author

Nikolaos Koutroumpouchos, Christoforos Ntantogian, and Christos Xenakis

Subjects

TrustZone, Trusted Execution Environments, vulnerabilities, exploitation, side channel attacks, IoT, Chemical technology, TP1-1185

Abstract

TrustZone-based Trusted Execution Environments (TEEs) have been utilized extensively for the implementation of security-oriented solutions for several smart intra and inter-connected devices. Although TEEs have been promoted as the starting point for establishing a device root of trust, a number of published attacks against the most broadly utilized TEE implementations request a second view on their security. The aim of this research is to provide an analytical and educational exploration of TrustZone-based TEE vulnerabilities with the goal of pinpointing design and implementation flaws. To this end, we provide a taxonomy of TrustZone attacks, analyze them, and more importantly derive a set of critical observations regarding their nature. We perform a critical appraisal of the vulnerabilities to shed light on their underlying causes and we deduce that their manifestation is the joint effect of several parameters that lead to this situation. The most important ones are the closed implementations, the lack of security mechanisms, the shared resource architecture, and the absence of tools to audit trusted applications. Finally, given the severity of the identified issues, we propose possible improvements that could be adopted by TEE implementers to remedy and improve the security posture of TrustZone and future research directions.

Published

2021

24. Nanovised Control Flow Attestation

Author

Nezer Jacob Zaidenberg, Michael Kiperberg, and Raz Ben yehuda

Subjects

Fluid Flow and Transfer Processes, pääsynvalvonta, Software_OPERATINGSYSTEMS, virtualisointi, Process Chemistry and Technology, Linux, hypervisor, ARM, control flow, SlowLoris, TrustZone, General Engineering, Computer Science Applications, General Materials Science, tietoturva, Instrumentation

Abstract

This paper presents an improvement of control flow attestation (C-FLAT) for Linux. C-FLAT is a control attestation system for embedded devices. It was implemented as a software executing in ARM’s TrustZone on bare-metal devices. We extend the design and implementation of C-FLAT through the use of a type 2 Nanovisor in the Linux operating system. We call our improved system “C-FLAT Linux”. Compared to the original C-FLAT, C-FLAT Linux reduces processing overheads and is able to detect the SlowLoris attack. We describe the architecture of C-FLAT Linux and provide extensive measurements of its performance in benchmarks and real-world scenarios. In addition, we demonstrate the detection of the SlowLoris attack on the Apache web server.

Published

2022

25. μRTZVisor: A Secure and Safe Real-Time Hypervisor.

Author

Martins, José, Alves, João, Cabral, Jorge, Tavares, Adriano, and Pinto, Sandro

Subjects

VIRTUAL machine systems, COMPUTER operating systems, SOFTWARE engineering, ELECTRONICS, COMPUTER systems

Abstract

Virtualization has been deployed as a key enabling technology for coping with the ever growing complexity and heterogeneity of modern computing systems. However, on its own, classical virtualization is a poor match for modern endpoint embedded system requirements such as safety, security and real-time, which are our main target. Microkernel-based approaches to virtualization have been shown to bridge the gap between traditional and embedded virtualization. This notwithstanding, existent microkernel-based solutions follow a highly para-virtualized approach, which inherently requires a significant software engineering effort to adapt guest operating systems (OSes) to run as userland components. In this paper, we present mRTZVisor as a new TrustZone-assisted hypervisor that distinguishes itself from state-of-the-art TrustZone solutions by implementing a microkernel-like architecture while following an object-oriented approach. Contrarily to existing microkernel-based solutions, mRTZVisor is able to run nearly unmodified guest OSes, while, contrarily to existing TrustZone-assisted solutions, it provides a high degree of functionality and configurability, placing strong emphasis on the real-time support. Our hypervisor was deployed and evaluated on a Xilinx Zynq-based platform. Experiments demonstrate that the hypervisor presents a small trusted computing base size (approximately 60KB), and a performance overhead of less than 2% for a 10 ms guest-switching rate. [ABSTRACT FROM AUTHOR]

Published

2017

26. uTango: an open-source TEE for IoT devices

Author

Oliveira, Daniel José Cunha, Gomes, Tiago Manuel Ribeiro, Pinto, Sandro, and Universidade do Minho

Subjects

IoT, Science & Technology, Internet of Things, Trusted Execution Environment, TrustZone, Indústria, inovação e infraestruturas, Program processors, TEE, Separation, Isolation, Codes, Hardware, Arm, Security, Computer architecture, trusted execution environment (TEE), Software, Engenharia e Tecnologia::Engenharia Eletrotécnica, Eletrónica e Informática

Abstract

Security is one of the main challenges of the Internet of Things (IoT). IoT devices are mainly powered by low-cost microcontrollers (MCUs) that typically lack basic hardware security mechanisms to separate security-critical applications from less critical components. Recently, Arm has started to release Cortex-M MCUs enhanced with TrustZone technology (i.e., TrustZone-M), a system-wide security solution aiming at providing robust protection for IoT devices. Trusted Execution Environments (TEEs) relying on TrustZone hardware have been perceived as safe havens for securing mobile devices. However, for the past few years, considerable effort has gone into unveiling hundreds of vulnerabilities and proposing a collection of relevant defense techniques to address several issues. While new TEE solutions built on TrustZone-M start flourishing, the lessons gathered from the research community appear to be falling short, as these new systems are trapping into the same pitfalls of the past. In this paper, we present UTANGO, the first multi-world TEE for modern IoT devices. UTANGO proposes a novel architecture aiming at tackling the major architectural deficiencies currently affecting TrustZone(-M)-assisted TEEs. In particular, we leverage the very same TrustZone hardware primitives used by dual-world implementations to create multiple and equally secure execution environments within the normal world. We demonstrate the benefits of UTANGO by conducting an extensive evaluation on a real TrustZone-M hardware platform, i.e., Arm Musca-B1. UTANGO will be open-sourced and freely available on GitHub in hopes of engaging academia and industry on securing the foreseeable trillion IoT devices., This work was supported in part by the Fundacao para a Ciencia e Tecnologia (FCT) within the Research and Development Units under Grant UIDB/00319/2020, and in part by FCT within the Ph.D. Scholarship under Grant 2020.04585.BD.

Published

2022

27. ShieLD: Shielding Cross-zone Communication within Limited-resourced IoT Devices running Vulnerable Software Stack

Author

Anum Khurshid, Sileshi Demesie Yalew, Mudassar Aslam, and Shahid Raza

Subjects

IoT, Internet of things, TrustZone-M, IoT Security, Cortex-M, Trusted Execution Environments, Communications channels, Virtualizations, Codes, Communication channels (information theory), Virtualization, Computer architecture, Electrical and Electronic Engineering, Communication channels, Memory-management, Code, Communication Systems, TrustZone, Program processors, TEE, Cortexes, Cryptography, Memory management, Software, Memory architecture, Kommunikationssystem

Abstract

Securing IoT devices is gaining attention as the security risks associated with these devices increase rapidly. TrustZone-M, a Trusted Execution Environment (TEE) for Cortex-M processors, ensures stronger security within an IoT device by allowing isolated execution of security-critical operations, without trusting the entire software stack. However, TrustZone-M does not guarantee secure cross-world communication between applications in the Normal and Secure worlds. The cryptographic protection of the communication channel is an obvious solution; however, within a low-power IoT device, it incurs high overhead if applied to each cross-world message exchange. We present ShieLD, a framework that enables a secure communication channel between the two TrustZone-M worlds by leveraging the Memory Protection Unit (MPU). ShieLD guarantees confidentiality, integrity and authentication services without requiring any cryptographic operations. We implement and evaluate ShieLD using a Musca-A test chip board with Cortex-M33 that supports TrustZone-M. Our empirical evaluation shows, among other gains, the cross-zone communication protected with ShieLD is 5 times faster than the conventional crypto-based communication.

Published

2022

28. Attacking TrustZone on devices lacking memory protection

Author

Ron Stajnrod, Raz Ben Yehuda, and Nezer Jacob Zaidenberg

Subjects

sulautettu tietotekniikka, Computational Theory and Mathematics, Hardware and Architecture, Computer Science (miscellaneous), esineiden internet, TrustZone, security, tietoturva, verkkohyökkäykset, Software, haavoittuvuus

Abstract

ARM TrustZone offers a Trusted Execution Environment (TEE) embedded into the processor cores. Some vendors offer ARM modules that do not fully comply with TrustZone specifications, which may lead to vulnerabilities in the system. In this paper, we present a DMA attack tutorial from the insecure world onto the secure world, and the design and implementation of this attack in a real insecure hardware.

Published

2022

29. Trusted Operations on Sensor Data †

Author

Hassaan Janjua, Wouter Joosen, Sam Michiels, and Danny Hughes

Subjects

Trusted Execution Environment (TEE), Rich Execution Environment (REE), TrustZone, secure world, normal world, trusted application, authenticity, fidelity, Chemical technology, TP1-1185

Abstract

The widespread use of mobile devices has allowed the development of participatory sensing systems that capture various types of data using the existing or external sensors attached to mobile devices. Gathering data from such anonymous sources requires a mechanism to establish the integrity of sensor readings. In many cases, sensor data need to be preprocessed on the device itself before being uploaded to the target server while ensuring the chain of trust from capture to the delivery of the data. This can be achieved by a framework that provides a means to implement arbitrary operations to be performed on trusted sensor data, while guaranteeing the security and integrity of the data. This paper presents the design and implementation of a framework that allows the capture of trusted sensor data from both external and internal sensors on a mobile phone along with the development of trusted operations on sensor data while providing a mechanism for performing predefined operations on the data such that the chain of trust is maintained. The evaluation shows that the proposed system ensures the security and integrity of sensor data with minimal performance overhead.

Published

2018

30. Securing IoT communications using trusted execution environments

Author

Universitat Politècnica de Catalunya. Departament de Teoria del Senyal i Comunicacions, Centre Suisse d'Électronique et de Microtechnique (CSEM), Delgado Gonzalo, Ricard, Rodríguez Fonollosa, José Adrián, Benedito i Saura, Oscar, Universitat Politècnica de Catalunya. Departament de Teoria del Senyal i Comunicacions, Centre Suisse d'Électronique et de Microtechnique (CSEM), Delgado Gonzalo, Ricard, Rodríguez Fonollosa, José Adrián, and Benedito i Saura, Oscar

Abstract

Els dispositius IoT i vestibles cada vegada recopilen més dades personals sensibles. A causa de la naturalesa d'aquestes dades, és de summa importància emmagatzemar-les i processar-les de forma segura. Aquest treball de fi de grau presenta un sistema de comunicació centrat en els dispositius IoT amb un servidor de retransmissió de missatges segur. Adaptem el protocol MQTT (Message Queuing Telemetry Transport) per aprofitar els entorns d'execució segura (TEE, per les seves sigles en anglès), una àrea segura del processador que garanteix la integritat i confidencialitat de les dades processades. Això permet el desxifrat segur i posterior xifrat dels missatges que passen pel servidor de retransmissió sense exposar-los al seu sistema operatiu. Finalment, presentem una avaluació exhaustiva de l'aplicació que s'executa en l'entorn d'execució segura, incloent-hi proves amb dades reals, i arribem a la conclusió que el sistema provoca un canvi notable en el rendiment. Tot i això, és una opció viable per a entorns amb pocs clients., Los dispositivos IoT y vestibles cada vez recopilan más datos personales sensibles. Debido a la naturaleza de estos datos, es de suma importancia almacenarlos y procesarlos de forma segura. Este trabajo de fin de grado presenta un sistema de comunicación centrado en los dispositivos IoT con un servidor de retransmisión de mensajes seguro. Adaptamos el protocolo MQTT (Message Queuing Telemetry Transport) para aprovechar los entornos de ejecución segura (TEE, por sus siglas en inglés), un área segura del procesador que garantiza la integridad y confidencialidad de los datos procesados. Esto permite el descifrado seguro y posterior cifrado de los mensajes que pasan por el servidor de retransmisión sin exponerlos a su sistema operativo. Finalmente, presentamos una evaluación exhaustiva de la aplicación que se ejecuta en el entorno de ejecución segura, incluyendo pruebas con datos reales, y llegamos a la conclusión de que el sistema provoca un cambio notable en el rendimiento. Aun así, es una opción viable para entornos con pocos clientes., Wearables and IoT devices are increasingly gathering personal sensitive data. Because of the nature of the data, storing and performing computations over it in a privacy-preserving fashion is of paramount importance. This bachelor's thesis presents an IoT-centric communication system with a secure relay server. We adapt the Message Queuing Telemetry Transport (MQTT) protocol to leverage trusted executed environments (TEE), a secure area of the processor that guarantees data integrity and confidentiality. This allows the secure decryption and later encryption of the messages passing through the relay server without exposing them to its operative system. Finally, we present a thorough evaluation of the application running in the TEE, including tests with real-world data, and we conclude that the system comes with a notable overhead, while still being a viable option for production environments with small amounts of clients., Outgoing

Published

2021

31. Self-secured devices: high performance and secure I/O access in TrustZone-based systems

Author

Pinto, Sandro, Machado, Pedro Miguel Silvestre, Oliveira, Daniel José Cunha, Cerdeira, David Martins, Gomes, Tiago Manuel Ribeiro, and Universidade do Minho

Subjects

Self-secured devices, Science & Technology, Virtualization, Security, TrustZone, TEE

Abstract

Arm TrustZone is a hardware technology that adds significant value to the ongoing security picture. TrustZone-based systems typically consolidate multiple environments into the same platform, requiring resources to be shared among them. Currently, hardware devices on TrustZone-enabled system-on-chip (SoC) solutions can only be configured as secure or non-secure, which means the dual-world concept of TrustZone is not spread to the inner logic of the devices. The traditional passthrough model dictates that both worlds cannot use the same device concurrently. Furthermore, existing shared device access methods have been proven to cause a negative impact on the overall system in terms of security and performance.This work introduces the concept of self-secured devices, a novel approach for shared device access in TrustZone-based architectures. This concept extends the TrustZone dual-world model to the device itself, providing a secure and non-secure logical interface in a single device instance. The solution was deployed and evaluated on the LTZVisor, an open-source and lightweight TrustZone-assisted hypervisor. The obtained results are encouraging, demonstrating that our solution requires only a few additional hardware resources when compared with the native device implementation, while providing a secure solution for device sharing., This work has been supported by FCT -Fundação para a Ciência e a Tecnologia, Portugal within the R&D Units Project Scope: UIDB/00319/2020.

Published

2021

32. A TrustEnclave-Based Architecture for Ensuring Run-Time Security in Embedded Terminals.

Author

Rui Chang, Liehui Jiang, Wenzhi Chen, Yaobin Xie, and Zhongyong Lu

Subjects

INTERNET security, TROJAN horses (Computer viruses), COMPUTER networks, COMPUTER software, COMPUTER architecture

Abstract

The run-time security guarantee is a hotspot in current cyberspace security research, especially on embedded terminals, such as smart hardware as well as wearable and mobile devices. Typically, these devices use universal hardware and software to connect with public networks via the Internet, and are probably open to security threats from Trojan viruses and other malware. As a result, the security of sensitive personal data is threatened and economic interests in the industry are compromised. To address the run-time security problems efficiently, first, a TrustEnclave-based secure architecture is proposed, and the trusted execution environment is constructed by hardware isolation technology. Then the prototype system is implemented on real TrustZone-enabled hardware devices. Finally, both analytical and experimental evaluations are provided. The experimental results demonstrate the effectiveness and feasibility of the proposed security scheme. [ABSTRACT FROM AUTHOR]

Published

2017

33. A Private User Data Protection Mechanism in TrustZone Architecture Based on Identity Authentication.

Author

Bo Zhao, Yu Xiao, Yuqing Huang, and Xiaoyu Cui

Subjects

DATA protection, COMPUTER access control, EMBEDDED computer systems, COMPUTER security, PERFORMANCE evaluation

Abstract

In TrustZone architecture, the Trusted Application (TA) in the secure world does not certify the identity of Client Applications (CA) in the normal world that request data access, which represents a user data leakage risk. This paper proposes a private user data protection mechanism in TrustZone to avoid such risks. We add corresponding modules to both the secure world and the normal world and authenticate the identity of CA to prevent illegal access to private user data. Then we analyze the system security, and perform validity and performance tests. The results show that this method can perform effective identity recognition and control of CA to protect the security of private user data. After adding authentication modules, the data operation time of system increases by about 0.16 s, an acceptable price to pay for the improved security. [ABSTRACT FROM AUTHOR]

Published

2017

34. Securing IoT communications using trusted execution environments

Author

Benedito i Saura, Oscar, Universitat Politècnica de Catalunya. Departament de Teoria del Senyal i Comunicacions, Centre Suisse d'Électronique et de Microtechnique (CSEM), Delgado Gonzalo, Ricard, and Rodríguez Fonollosa, José Adrián

Subjects

Computing Methodologies, IoT, Informàtica [Àrees temàtiques de la UPC], Informàtica, Matemàtiques i estadística [Àrees temàtiques de la UPC], 68 Computer science::68U Computing methodologies and applications [Classificació AMS], TrustZone, Trusted execution environment, MQTT

Abstract

Els dispositius IoT i vestibles cada vegada recopilen més dades personals sensibles. A causa de la naturalesa d'aquestes dades, és de summa importància emmagatzemar-les i processar-les de forma segura. Aquest treball de fi de grau presenta un sistema de comunicació centrat en els dispositius IoT amb un servidor de retransmissió de missatges segur. Adaptem el protocol MQTT (Message Queuing Telemetry Transport) per aprofitar els entorns d'execució segura (TEE, per les seves sigles en anglès), una àrea segura del processador que garanteix la integritat i confidencialitat de les dades processades. Això permet el desxifrat segur i posterior xifrat dels missatges que passen pel servidor de retransmissió sense exposar-los al seu sistema operatiu. Finalment, presentem una avaluació exhaustiva de l'aplicació que s'executa en l'entorn d'execució segura, incloent-hi proves amb dades reals, i arribem a la conclusió que el sistema provoca un canvi notable en el rendiment. Tot i això, és una opció viable per a entorns amb pocs clients. Los dispositivos IoT y vestibles cada vez recopilan más datos personales sensibles. Debido a la naturaleza de estos datos, es de suma importancia almacenarlos y procesarlos de forma segura. Este trabajo de fin de grado presenta un sistema de comunicación centrado en los dispositivos IoT con un servidor de retransmisión de mensajes seguro. Adaptamos el protocolo MQTT (Message Queuing Telemetry Transport) para aprovechar los entornos de ejecución segura (TEE, por sus siglas en inglés), un área segura del procesador que garantiza la integridad y confidencialidad de los datos procesados. Esto permite el descifrado seguro y posterior cifrado de los mensajes que pasan por el servidor de retransmisión sin exponerlos a su sistema operativo. Finalmente, presentamos una evaluación exhaustiva de la aplicación que se ejecuta en el entorno de ejecución segura, incluyendo pruebas con datos reales, y llegamos a la conclusión de que el sistema provoca un cambio notable en el rendimiento. Aun así, es una opción viable para entornos con pocos clientes. Wearables and IoT devices are increasingly gathering personal sensitive data. Because of the nature of the data, storing and performing computations over it in a privacy-preserving fashion is of paramount importance. This bachelor's thesis presents an IoT-centric communication system with a secure relay server. We adapt the Message Queuing Telemetry Transport (MQTT) protocol to leverage trusted executed environments (TEE), a secure area of the processor that guarantees data integrity and confidentiality. This allows the secure decryption and later encryption of the messages passing through the relay server without exposing them to its operative system. Finally, we present a thorough evaluation of the application running in the TEE, including tests with real-world data, and we conclude that the system comes with a notable overhead, while still being a viable option for production environments with small amounts of clients. Outgoing

Published

2021

35. KEVLAR-TZ: A Secure Cache for ARM TrustZone

Author

Benedito, Oscar, Delgado-Gonzalo, Ricard, Schiavoni, Valerio, Centre Suisse d'Electronique et Microtechnique SA (CSEM), Université de Neuchâtel (UNINE), Miguel Matos, Fabíola Greve, TC 6, and WG 6.1

Subjects

FOS: Computer and information sciences, [INFO.INFO-NI]Computer Science [cs]/Networking and Internet Architecture [cs.NI], OP-TEE, Computer Science - Cryptography and Security, Edge devices, [INFO]Computer Science [cs], TrustZone, Caching, Cryptography and Security (cs.CR), TEE

Abstract

Edge devices are increasingly in charge of storing privacy-sensitive data, in particular implantables, wearables, and nearables can potentially collect and process high-resolution vital signs 24/7. Storing and performing computations over such data in a privacy-preserving fashion is of paramount importance. We present KEVLAR-TZ, an application-level trusted cache designed to leverage ARM TrustZone, a popular trusted execution environment available in consumer-grade devices. To facilitate the integration with existing systems and IoT devices and protocols, KEVLAR-TZ exposes a REST-based interface with connection endpoints inside the TrustZone enclave. Furthermore, it exploits the on-device secure persistent storage to guarantee durability of data across reboots. We fully implemented KEVLAR-TZ on top of the OP-TEE framework, and experimentally evaluated its performance. Our results showcase performance trade-offs, for instance in terms of throughput and latency, for various workloads, and we believe our results can be useful for practitioners and in general developers of systems for TrustZone. KEVLAR-TZ is available as open-source at https://github.com/mqttz/kevlar-tz/., 15 pages, 21st International Conference on Distributed Applications and Interoperable Systems (DAIS21)

Published

2021

36. TrustZone based attestation in secure runtime verification for embedded systems

Author

Quaresma, Miguel Miranda, Almeida, José Bacelar, and Universidade do Minho

Subjects

Attestation, Embedded systems, Sistemas embedidos, TrustZone, Atestação, TEE, Engenharia e Tecnologia::Engenharia Eletrotécnica, Eletrónica e Informática

Abstract

Dissertação de mestrado integrado em Engenharia Informática, ARM TrustZone é um “Ambiente de Execução Confiável” disponibilizado em processadores da ARM, que equipam grande parte dos sistemas embebidos. Este mecanismo permite assegurar que componentes críticos de uma aplicação executem num ambiente que garante a confidencialidade dos dados e integridade do código, mesmo que componentes maliciosos estejam instalados no mesmo dispositivo. Neste projecto pretende-se tirar partido do TrustZone no contexto de uma framework segura de monitorização em tempo real de sistemas embebidos. Especificamente, pretende-se recorrer a components como o ARM Trusted Firmware, responsável pelo processo de secure boot em sistemas ARM, para desenvolver um mecanismo de atestação que providencie garantias de computação segura a entidades remotas., ARM TrustZone is a security extension present on ARM processors that enables the development of hardware based Trusted Execution Environments (TEEs). This mechanism allows the critical components of an application to execute in an environment that guarantees data confidentiality and code integrity, even when a malicious agent is installed on the device. This projects aims to harness TrustZone in the context of a secure runtime verification framework for embedded devices. Specifically, it aims to harness existing components, namely ARM Trusted Firmware, responsible for the secure boot process of ARM devices, to implement an attestation mechanism that provides proof of secure computation to remote parties., This work has been partially supported by the Portuguese Foundation for Science and Technology (FCT), project REASSURE (PTDC/EEI-COM/28550/2017), co-financed by the European Regional Development Fund (FEDER), through the North Regional Operational Program (NORTE 2020).

Published

2020

37. Suporte para múltiplos sistemas operativos em microcontroladores com TrustZone-M

Author

Santos, Afonso Manuel Macedo Dos, Pinto, Sandro, and Universidade do Minho

Subjects

Low-end, Multi-OS, OS, TrustZone, Engenharia Eletrotécnica, Eletrónica e Informática [Engenharia e Tecnologia], Hypervisor, ARMv8-M, Engenharia e Tecnologia::Engenharia Eletrotécnica, Eletrónica e Informática

Abstract

Dissertação de mestrado em Engenharia Eletrónica Industrial e Computadores, The technological developments are helping to spread and strengthen embedded and IoT markets. As a consequence, more and more portable devices have become part of our daily routines, having access to private and personal information. Naturally, security has become one of the most important requirements of these systems. Other requirements include, for instance, portability and energy efficiency. These devices normally perform more than one function/action, and usually, for each of those functions, a full operating system is responsible for its data processing. So, to fulfil all the mentioned requirements, operating systems (Operating System (OS)es) are deployed on arm low-end platforms, with Armv8-M pushing towards the, de facto, microprocessors architecture. The processor features the TrustZone technology that divides the execution into two states; a secure (almighty), and a non-secure (with no privileges) state. The OSes have their execution supervised by a monitor software, the hypervisor, that also manages the memory used by each OS. Modern low-end hypervisors only allow executing two OSes, where the priorities and permissions to each can be configured, sometimes giving to some OS the same permissions as the software monitors. The security of the system can be compromised if this privileged OS is attacked and starts to corrupt the data from the other OS. For addressing this problem, this MSc thesis proposes a multi-OS hypervisor in which every OS is executed from the less privileged (non-secure) state while the inactive ones have their information secured. This security by separation (i.e. time and space partitioning) is assured by the TrustZone security extension that prevents the executing OS to access unauthorized third-party information. The hypervisor, with the TrustZone features, is responsible to perform the scheduler and change memory proprieties. The results presented a highly secure hypervisor, where the OSes are completely isolated from each other., Os desenvolvimentos tecnológicos estão na base da difusão e fortalecimento dos mercados de sistemas embebidos e de IoT. Como consequência, cada vez mais dispositivos móveis passaram a fazer parte das nossas rotinas diárias, tendo acesso a informações pessoais e privadas. Naturalmente, a segurança tornou-se num dos requisitos mais importantes destes sistemas. Outros requisitos incluem, por exemplo, a portabilidade e a eficiência energética. Estes dispositivos normalmente executam mais do que uma função/ação e, geralmente, para a cada uma dessas funções, está associado um sistema operativo (SO) responsável pelo processamento dos dados. Portanto, para atender a todos os requisitos mencionados, os SOs são implantados numa plataforma de baixa gama da ARM (com a inovadora arquitetura para micropocessadores, ARMv8-M). O processador possui a tecnologia TrustZone que divide a sua execução em dois estados; um estado seguro (privilégios completos) e um não seguro (sem privilégios). Os SOs têm normalmente a execução supervisionada por um software de monitorização (hypervisor) que também gere a memória de cada SO. Os hipervisores low-end modernos permitem apenas a execução de dois SOs, nos quais as suas prioridades e permissões podem ser configuradas, por vezes, concedendo a alguns SOs as mesmas permissões que o software monitor. A segurança do sistema pode ser comprometida se este SO privilegiado for atacado e corromper os dados de terceiros. Esta dissertação propõe um hipervisor multi-OS no qual todos os SOs são executados no estado menos privilegiado (não seguro) enquanto que os inativos têm a sua informação protegida. Esta segurança por separação (partição espacial e temporal) é garantida através da TrustZone, que impede o SO em execução de aceder a informações privadas de terceiros. O hipervisor, utilizando os recursos da TrustZone, é responsável por executar o escalonador e alterar as propriedades da memória. Os resultados apresentaram um hipervisor altamente seguro, onde os SOs estão totalmente isolados entre si.

Published

2020

38. Using IM-Visor to stop untrusted IME apps from stealing sensitive keystrokes

Author

Chengyi Zhang, Qihui Zhou, Yazhe Wang, Tian Chen, and Peng Liu

Subjects

lcsh:Computer engineering. Computer hardware, Computer Networks and Communications, Computer science, 0211 other engineering and technologies, lcsh:TK7885-7895, 02 engineering and technology, Computer security, computer.software_genre, Keystroke logging, lcsh:QA75.5-76.95, Trusted path, Artificial Intelligence, Visor, 020204 information systems, 0202 electrical engineering, electronic engineering, information engineering, Input method, Android (operating system), 021110 strategic, defence & security studies, TrustZone, Android app security, User privacy, lcsh:Electronic computers. Computer science, computer, Software, Information Systems, Soft keyboard

Abstract

Third-party IME (Input Method Editor) apps are often the preference means of interaction for Android users’ input. In this paper, we first discuss the insecurity of IME apps, including the Potentially Harmful Apps (PHAs) and malicious IME apps, which may leak users’ sensitive keystrokes. The current defense system, such as I-BOX, is vulnerable to the prefix substitution attack and the colluding attack due to the post-IME nature. We provide a deeper understanding that all the designs with the post-IME nature are subject to the prefix-substitution and colluding attacks. To remedy the above post-IME system’s flaws, we propose a new idea, pre-IME, which guarantees that “Is this touch event a sensitive keystroke?” analysis will always access user touch events prior to the execution of any IME app code. We design an innovative TrustZone-based framework named IM-Visor which has the pre-IME nature. Specifically, IM-Visor creates the isolation environment named STIE as soon as a user intends to type on a soft keyboard, then the STIE intercepts,Android event sub translates and analyzes the user’s touch input. If the input is sensitive, the translation of keystrokes will be delivered to user apps through a trusted path. Otherwise, IM-Visor replays non-sensitive keystroke touch events for IME apps or replays non-keystroke touch events for other apps. A prototype of IM-Visor has been implemented and tested with several most popular IMEs. The experimental results show that IM-Visor has small runtime overheads.

Published

2018

39. SBLWT: A Secure Blockchain Lightweight Wallet Based on Trustzone

Author

Deng Jun, Weiqi Dai, Changze Cui, Qinyuan Wang, Deqing Zou, and Hai Jin

Subjects

blockchain, General Computer Science, Computer science, media_common.quotation_subject, 02 engineering and technology, Encryption, Computer security, computer.software_genre, Public-key cryptography, SPV, SAFER, 0202 electrical engineering, electronic engineering, information engineering, General Materials Science, Isolation (database systems), Block (data storage), media_common, business.industry, General Engineering, 020207 software engineering, Payment, wallet, Digital currency, 020201 artificial intelligence & image processing, lcsh:Electrical engineering. Electronics. Nuclear engineering, Trustzone, business, lcsh:TK1-9971, Mobile device, Database transaction, computer, Bitcoin

Abstract

Due to the increasing total value of the digital currency, the security of encryption wallet is becoming more and more important. The hardware-based wallet is safe, but it is inconvenient because users need to carry an additional physical device, the software-based wallet is convenient, but the safety cannot be guaranteed. All these wallets need to synchronize the blockchain, while most current mobile devices do not have the capability to store all blocks. To solve these problems, mobile devices can use simplified payment verification (SPV). Nevertheless, in existing methods, there is no good way to protect the verification process of the transaction. In this paper, we design a secure blockchain lightweight wallet based on Trustzone to protect SPV. It is more portable compared with the hardware wallet, and safer than the software wallet. Through the isolation, it can also protect the private key and the wallet's address from being stolen by the attackers no matter whether the Rich OS is malicious or not. Meanwhile, it can protect the verification process by verifying transactions in the secure execution environment (SEE), and keep the local block headers unreadable directly from the Rich OS through encryption. We deploy it on the RASPBERRY PI 3 MODEL B development board. The result of the experiment shows that it has little impact on the system.

Published

2018

40. Secure microcontrollers

Author

Schläpfer, Tobias, Rüst, Andreas, Schläpfer, Tobias, and Rüst, Andreas

Abstract

Security in IoT devices is a global topic nowadays. Rising awareness and up-coming regulations will force manufacturers to increase the level of security on their IoT devices. The challenge is now to leverage the elaborate, well-known computer security algorithms to resource constrained IoT devices. With the new generation of secure microcontrollers, Arm TrustZone is now available for battery powered IoT devices. The purpose of this presentation is to introduce the concept of secure microcontrollers, showing specific application examples for different silicon vendors. Furthermore, the presentation will show advantages and weaknesses of secure microcontrollers compared to dedicated off-chip solutions like secure elements.

Published

2019

41. PSpSys: A time-predictable mixed-criticality system architecture based on ARM TrustZone.

Author

Jiang, Zhe, Dong, Pan, Wei, Ran, Zhao, Qingling, Wang, Yankai, Zhu, Dizhong, Zhuang, Yan, and Audsley, Neil

Subjects

*MULTIPLEXING

Abstract

In mixed-criticality systems, components often have different criticality requirements that must be met. Components with different criticality requirements must be partitioned into independent execution domains with robust inter-domain isolation, in order to prevent interference between domains of different criticality. For the most critical components, timing-predictability and performance/efficiency are key in ensuring the correct execution of critical components. Existing approaches achieve the required inter-domain isolation using either virtualisation technology or a hardware isolation environment. However, these approaches often conflict with the required timing-predictability and performance/efficiency of components with the highest criticality, which originates from (i) the introduction of complicated system architectures; (ii) the neglection of partitioning and multiplexing of I/Os; (iii) the lack of bounded worst-case timing. In this article, we propose a new mixed-criticality system architecture based on ARM TrustZone technology, termed P arallel Sp ace Sys tem (PSpSys), which is a timing-predictable system architecture with hardware-level isolation and predictable inter-domain shared I/O management. In addition, an alternative co-processor is also proposed for PSpSys , which significantly improves performance with reduced system complexity. PSpSys therefore can be applied to safety-critical mechatronic systems (e.g. unmanned autonomous systems, field robotics) which perform tasks on different critical levels. Finally, we demonstrate how PSpSys can be exploited to achieve all the required features in real hardware platform (Xilinx ZC706 evaluation board). [ABSTRACT FROM AUTHOR]

Published

2022

42. Towards a TrustZone-Assisted Hypervisor for Real-Time Embedded Systems

Author

Adriano Tavares, Tiago Gomes, Jorge Pereira, Sandro Pinto, Mongkol Ekpanyapong, and Universidade do Minho

Subjects

Computer science, Hardware virtualization, Full virtualization, Embedded systems, Overhead (engineering), 02 engineering and technology, Storage virtualization, computer.software_genre, Virtualization, 020204 information systems, 0202 electrical engineering, electronic engineering, information engineering, Real-time operating system, Science & Technology, business.industry, 020206 networking & telecommunications, Hypervisor, TrustZone, Monitor, RODOS, Hardware and Architecture, Virtual machine, Embedded system, ARM, Operating system, business, Real-time, computer

Abstract

Virtualization technology starts becoming more and more widespread in the embedded space. The penalties incurred by standard software-based virtualization is pushing research towards hardware-assisted solutions. Among the existing commercial off-the-shelf technologies for secure virtualization, ARM TrustZone is attracting particular attention. However, it is often seen with some scepticism due to the dual-OS limitation of existing state-of-the-art solutions. This letter presents the implementation of a TrustZone-based hypervisor for real-time embedded systems, which allows multiple RTOS partitions on the same hardware platform. The results demonstrate that virtualization overhead is less than 2 percent for a 10 milliseconds guest-switching rate, and the system remains deterministic. This work goes beyond related work by implementing a TrustZone-assisted solution that allows the execution of an arbitrary number of guest OSes while providing the foundation to drive next generation of secure virtualization solutions for resource-constrained embedded devices., This work has been supported by COMPETE: POCI-01-0145- FEDER-007043 and FCT – Fundação para a Ciência e Tecnologia – (grant SFRH/BD/91530/2012 and UID/CEC/00319/2013).

Published

2017

43. IIoTEED: An Enhanced, Trusted Execution Environment for Industrial IoT Edge Devices

Author

Jorge Cabral, Tiago Gomes, Sandro Pinto, Adriano Tavares, Jorge Pereira, and Universidade do Minho

Subjects

edge device, Edge device, Internet/Web technologies, Computer Networks and Communications, Computer science, Network security, Internet of Things, security, 02 engineering and technology, computer.software_genre, Computer security, Software, industrial Internet of Things, 0202 electrical engineering, electronic engineering, information engineering, Trust management (information system), Science & Technology, business.industry, 020208 electrical & electronic engineering, trusted execution environment, TrustZone, Attack surface, Embedded system, ARM, smart industries, Industrial Internet, 020201 artificial intelligence & image processing, Web service, business, computer

Abstract

With the advent of the Internet of Things (IoT), security has emerged as a major design goal for smart connected devices. This explosion in connectivity created a larger attack surface area. Software-based approaches have been applied for security purposes; however, these methods must be extended with security-oriented technologies that promote hardware as the root of trust. The ARM TrustZone can enable trusted execution environments (TEEs), but existing solutions disregard real-time needs. Here, the authors demonstrate why TrustZone is becoming a reference technology for securing IoT edge devices, and how enhanced TEEs can help meet industrial IoT applications real-time requirements., This work has been supported by COMPETE (POCI-01-0145-FEDER-007043) and Fundacao para a Ciencia e Tecnologia (FCT) under grant SFRH/BD/91530/2012 and UID/CEC/00319/2013., info:eu-repo/semantics/publishedVersion

Published

2017

44. Αξιολόγηση της ασφάλειας των αξιόπιστων περιβάλλοντων εκτέλεσης που βασίζονται στη τεχνολογία Trustzone

Author

Nikolaos Koutroumpouchos, Ξενάκης, Χρήστος, Σχολή Τεχνολογιών Πληροφορικής και Επικοινωνιών. Τμήμα Ψηφιακών Συστημάτων, and Ασφάλεια Ψηφιακών Συστημάτων

Subjects

Αξιόπιστο περιβάλλον εκτέλεσης, Εκτίμηση ασφάλειας, TrustZone

Abstract

Trusted execution environments are marketed as a secure and robust solution that can greatly enhance the overall security of the system it is installed on. In this work we aim to analyze the architecture of trusted execution environment as a concept while also seeing in detail the implementation aspects of the TrustZone based trusted execution environments. Furthermore we aim to evaluate the actual security provided by this solution through an exploration of the characteristics of the various attacks and vulnerabilities that have been recorded in the bibliography.

Published

2019

45. Arm security alternatives

Author

Yehuda, Raz Ben, Leon, Roee, Zaidenberg, Nezer, Cruz, Tiago, and Simoes, Paulo

Subjects

avoin lähdekoodi, verkkomaksaminen, virtualisointi, trusted computing, ARM architecture, TrustZone, kyberturvallisuus, virtualization

Abstract

Many real-world scenarios such as protecting DRM, online payments and usage in NFC payments in embedded devices require a trustworthy “trusted execution environment” (TEE) platform. The TEE should run on the ARM architecture. That is popular in embedded devices. Furthermore, past experience has proved that such TEE platform should be available in source code form. Without the source code 3rd parties and user cannot be conducted code review audit. Lack of review put doubt on the system as a trustworthy environment. The popular Android OS supports various TEE implementations. Each TEE OS implementation has its own unique way of deploying trusted applications(trustlets) and its own distinct features. Choosing a proper TEE operating system can be a problem for trust applications developers. When choosing TEE applications developers has many conflicting goals. The developers attempt to ensure that their apps work on as many different Android devices as possible. Furthermore, developers relay on the TEE for certain features and must ensure the suggested TEE provides all the features that they need. We survey multiple ARM TrustZone TEE operating systems that are commonly available and in use today. We wish to provide all the information for IoT vendors and SoC manufacturer to select a suitable TEE. peerReviewed

Published

2019

46. Securing PIN-based authentication in smartwatches with just two gestures

Author

Francesco Palmieri, Meriem Guerar, Alessio Merlo, Luca Verderame, and Mauro Migliardi

Subjects

Authentication, Computer Networks and Communications, Computer science, PIN, NFC services, smartwatch, Computer Science Applications, Theoretical Computer Science, Smartwatch, Computational Theory and Mathematics, Human–computer interaction, trustzone, bezel, authentication, Software, Gesture

Published

2019

47. Securing PIN-based Authentication in Smartwatches With just Two Gestures

Author

Guerar, Meriem, Migliardi, Mauro, Francesco, Palmieri, Luca, Verderame, and Alessio, Merlo

Subjects

Authentication, Smartwatch, Authentication, TrustZone, NFC services, PIN, Bezel, PIN, TrustZone, Bezel, NFC services, Smartwatch

Published

2019

48. Secure boot, trusted boot and remote attestation for ARM TrustZone-based IoT Nodes.

Author

Ling, Zhen, Yan, Huaiyu, Shao, Xinhui, Luo, Junzhou, Xu, Yiling, Pearson, Bryan, and Fu, Xinwen

Subjects

*INTERNET of things, *MALWARE

Abstract

With the extensive application of IoT techniques, IoT devices have become ubiquitous in daily lives. Meanwhile, attacks against IoT devices have emerged to compromise IoT devices by tampering with system pre-installed programs or injecting new malware. To mitigate these attacks, integrity enforcement of IoT systems has been proposed. The integrity of an IoT device system includes load-time integrity and runtime integrity. In this paper, we design an IoT system based on ARM TrustZone to enforce the system integrity. First, we establish the root of trust and propose a hybrid booting approach consisting of both secure boot and trusted boot to enforce the system load-time integrity. Second, we investigate a paging-based process integrity measurement method to measure the NW processes and conduct remote attestation based on the measurement results ensuring the NW runtime process integrity. We implement an IoT prototype system on a NXP i.MX6Q SABRE SD development board to assess its feasibility. Real-world experiment results demonstrate that our prototype introduces negligible performance overhead to the original system. [ABSTRACT FROM AUTHOR]

Published

2021

49. Using IM-Visor to stop untrusted IME apps from stealing sensitive keystrokes

Author

Tian, Chen, Wang, Yazhe, Liu, Peng, Zhou, Qihui, and Zhang, Chengyi

Published

2018

50. Introspection for ARM TrustZone with the ITZ library

Author

Guerra, M., Taubmann, B., Reiser, H. P., Yalew, Sileshi Demesie, Correia, M., Guerra, M., Taubmann, B., Reiser, H. P., Yalew, Sileshi Demesie, and Correia, M.

Abstract

TrustZone is an extension of the ARM architecture that allows software executed in ARM processors to be split in two environments: the normal world that runs a common operating system (e.g., Android or Linux) and its applications, and the secure world that runs security services or others that need to be isolated from the normal world. This work aims to provide support for analyzing the security status of the normal world from the secure world. For this purpose, we present a Virtual Machine Introspection (VMI) library that leverages the TrustZone architecture. VMI tools and the library run in the secure world and inspect the normal world. We present an experimental evaluation of the library in an i.MX53 development board., QC 20180905

Published

2018