SlideShare ist ein Scribd-Unternehmen logo

Thesis presentation

Als PPTX, PDF herunterladen
CHIACHE lee
CHIACHE lee

The document discusses implementing AES encryption using ARM TrustZone technology. It begins with an introduction to ARM and the need for hardware-based security. It then provides an overview of TrustZone, describing its normal and secure worlds. Details are given on implementing TrustZone on a Zynq 7000, including configuration of secure memory regions. The document also outlines the AES encryption algorithm and its key steps of SubBytes, ShiftRows, MixColumns, and AddRoundKey.

1 von 42
AES Encryption using ARM TrustZone technology CHIA-CHE,LEE Adviser: Fareena Saqib 11/22/2016 CHIA-CHE,LEE 1
Outline • Introduction • Hardware-based security • TrustZone • ARM TrustZone on Zynq 7000 • AES encryption algorithm • Results • Future Research • Questions 11/22/2016 CHIA-CHE,LEE 2
Outline • Introduction • Hardware-based security • TrustZone • ARM TrustZone on Zynq 7000 • AES encryption algorithm • Results • Future Research • Questions 11/22/2016 CHIA-CHE,LEE 3
Introduction About ARM… – Over 50 billion ARM processors produced as of 2014. – In 2013, 10 billion ARM processor were produced and "ARM-based chips are found in nearly 60 percent of the world’s mobile devices”. – representing 95% of smartphones, 35% of digital televisions and set-top boxes and 10% of mobile computers. 11/22/2016 CHIA-CHE,LEE 4
Introduction • How to security our sensitive information from leaking? – Malware – Social engineering, trojans, phishing, APT – Theft and loss of devices – Weak security controls – no PIN lock – User intervention – jail breaking, unlocking, etc. • The most commended way to defense malware attacks – antivirus software. • Antivirus cannot effectively verify itself. • When the malwares gain the same access level as antivirus have – Theses defense software can be simply disable. • Needed hardware beased security. 11/22/2016 CHIA-CHE,LEE 5
Introduction • In order to improve security on mobile devices, controlling over hardware through device software is a better approach. • TCG, Trusted Computing Group, is a group form by AMD, Intel, IBM, HP and Microsoft in 2003 to deliver trusted computing in all personal computer platforms. – All major OEMs joined in later • Trusted Platform Module is made for targeting PC market. • What about Mobile devices? • ARM is a market leader by large margin in mobile market. – A large number of applications leveraging ARM trusted environment to provide security to users. 11/22/2016 CHIA-CHE,LEE 6
Outline • Introduction • Hardware-based security • TrustZone • ARM TrustZone on Zynq 7000 • AES encryption algorithm • Results • Future Research • Questions 11/22/2016 CHIA-CHE,LEE 7
Hardware-based security Hardware-based security – TPM, TEE. • A Trusted Platform Module is a microchip that is often built into a motherboard to provide hardware-based security. • There are two important functional components for TPM – – a special register set call Platform Configuration Registers (PCRs) – a cryptographic engine that can execute encryption digital signatures. 11/22/2016 CHIA-CHE,LEE 8
Hardware-based security Hardware-based security – TPM, TEE. • Trusted Execution Environment is a concept of hardware-based tasks isolation firmware. – provide a smaller operating environment that has enough functionality to secure or provide sensitive service. – using a hybrid approach that utilizes both hardware and software to protect data. – The TEE is ideal for supporting natural ID (facial recognition, fingerprint sensor and voice authorization) as PINs and passwords can be easily hacked and stolen. • ARM TrustZone is a TEE for ARM family. • TPM vs TEE:  TEE works alike a bulletproof safe  TPM is a 128-digit combination lock for the safe. 11/22/2016 CHIA-CHE,LEE 9
1. The commend way of sealing information in systems is using testing And debugging function modules as the starting point of hardware attack. Usually are Trace and Jtag - If there are loopholes in the system design, attackers can access different modules through the debugging bug. 2. That figure shows that trustzone can protect sensitive information through JTAG by using Xilinx SDK debugging tool. - people cannot disassemble program. Note: Memory address 1c000000 – 1fffffff is set for secure world used only. Protection from illegal memory access
Outline • Introduction • Hardware-based security • TrustZone • ARM TrustZone on Zynq 7000 • AES encryption algorithm • Results • Future Research • Questions 11/22/2016 CHIA-CHE,LEE 11
TrustZone What is TrustZone? • TrustZone is hardware-based security built into SoCs by semiconductor chip designers who want to provide secure end points and a device root of trust. – TrustZone has a normal world and a secure world. • Very flexible as compared to other security technologies as software defined registers configure secure and non-secure hardware access. • TrustZone defines processors, memories, peripherals and even L2 ares as secure or non- secure hardware. 11/22/2016 CHIA-CHE,LEE 12
TrustZone 11/22/2016 CHIA-CHE,LEE 13 Defining Normal World: • A general purpose OS utilizing multiple functionality provided on the hardware for users rich experience. • Ensured by TZ that Normal world software only can access the non-critical hardware subset • We can assume Normal world has been hacked in most of the cases.
TrustZone 11/22/2016 CHIA-CHE,LEE 14 Defining Secure World: • Secure World software has complete access to both Trusted and Un-Trusted hardware • Secure World only includes minimum functionality and device interfaces. • ARM Does not envisage using General purpose OS inside Secure World, All TEE are limited functionality RTOS-like OS.
TrustZone 11/22/2016 CHIA-CHE,LEE 15 Defining Secure Monitor: • A special hard code in TZ that can switch processor states between two worlds. • The security of secure monitor is ensured by Secure boot code. • Secure Monitor provides Secure Monitor Calls for both worlds use to communicate via Monitor. • The secure monitor mode, a privileged mode always Secure regardless of the state of the NS(Non-Secure) bit.
TrustZone 11/22/2016 CHIA-CHE,LEE 16 The NS bit in AXI interconnect bus protocol has defined: • • AWPROT[1]: Write transaction – low is Secure and high is Non-secure. • • ARPROT[1]: Read transaction – low is Secure and high is Non-secure. • Static assignment of Secure or Non-secure status to MI slots using Xilinx Vivado Tool. • The security-checking feature is provide for each Master interface slot in the AXI interconnect IP.
TrustZone 11/22/2016 CHIA-CHE,LEE 17 CP15 registers and NS(Non-Secure) bit: • The current world defined by the Non-Secure bit in the Secure Configuration register(C1 bit 0). • Bit value for worlds: • NS = 1 is Non-secure world execution. • NS = 0 is secure world execution. • When the Secure Monitor preforms the transformation from one world to the other, processor context must be saved. • it writes the NS bit to change the world operation.
TrustZone 11/22/2016 CHIA-CHE,LEE 18 • Boot up sequence for TrustZone: Two important goals in Booting sequence: 1. Secure monitor needs to be booted up before Secure World and Normal World. • As a secure OS boot. 2. In the boot sequence, Monitor will finish TrustZone feathers initialization (SMC….etc).
TrustZone 11/22/2016 CHIA-CHE,LEE 19 Invocation of Secure Monitor Calls (SMC) – • Secure Monitor Calls is a special code to invoke Secure Monitor code to switch worlds, or invoke functions. • In both worlds, Privilege mode is necessary for calling SMC.  In tustzone, systems mainly use User mode, Privilege mode and Monitor mode. • The Secure Monitor will provide an API sets for both worlds in order to invoke SMC.
Outline • Introduction • Hardware-based security • TrustZone • ARM TrustZone on Zynq 7000 • AES encryption algorithm • Results • Future Research • Questions 11/22/2016 CHIA-CHE,LEE 20
ARM TrustZone on Zynq 7000 11/22/2016 CHIA-CHE,LEE 21 • TrustZone support on Zynq SoC • Zynq – 7000 AP SoC consists of 2 domains: PS and PL. • Processing System (PS) - ARM Cortex-A9 MP core processor, peripherals, interconnects etc. provided as hard IP. • Programmable Logic (PL) – Programmable FPGA Fabric. TrustZone security feather provided in both PS and PL with TrustZone related configuration registers provided in PS dynamically programmable during execution.
ARM TrustZone on Zynq 7000 11/22/2016 CHIA-CHE,LEE 22
ARM TrustZone on Zynq 7000 11/22/2016 CHIA-CHE,LEE 23 Implementation Xilinx Zynq-7000 All Programmable SoC SafeG A reliable dual hypervisor for embedded real-time systems for RTOS/GPOS A Open souce platform from Nagoya University RTOS: TOPPERS/FMP Support for SMP and AMP configurations. Kernel and applications are linked in a single monolithic binary. Tasks are assigned to processor cores through a configuration file. FMP provides runtime system calls for migrating a task to a different core. The execution of FMP can be traced and displayed graphically.
ARM TrustZone on Zynq 7000 11/22/2016 CHIA-CHE,LEE 24 Secure Memory Configuration Setting • Zedboard has 512Mbyte Memory in the system. • The physical address of memory region is: 0x00000000 ~ 0x1fffffff : DDR
ARM TrustZone on Zynq 7000 11/22/2016 CHIA-CHE,LEE 25 TrustZone security memory settings are presented into 8 bits. Each bit has 64 MB. Each bit of physical address showed as the following: Bit 0: 0x00000000 - 0x03ffffff 1: 0x04000000 - 0x07ffffff 2: 0x08000000 - 0x0bffffff 3: 0x0C000000 - 0x0fffffff 4: 0x10000000 - 0x13ffffff 5: 0x14000000 - 0x17ffffff 6: 0x18000000 - 0x1bffffff 7: 0x1C000000 - 0x1fffffff REG(TZ_DDR_RAM) = 0xFFFFFFFF & ~(1 << 7); mov r3, #1072 movt r3, #63488 mvn r2, #128 = 0x80 str r2, [r3]
ARM TrustZone on Zynq 7000 11/22/2016 CHIA-CHE,LEE 26 TrustZone SMC API – • All function needs a wrap in order to be callable by SMC • The default SafeG SMC provides SMC system calls : [Static system calls API] #define SAFEG_SYSCALL_ID__GETID (0) / GETID: obtains the ID of a system call by name. #define SAFEG_SYSCALL_ID__SETPERM (1) / SETPERM: set the permissions for a static or dynamic system call. #define SAFEG_SYSCALL_ID__SWITCH (2) / SWITCH: initiates a switch to the opposite world. #define SAFEG_SYSCALL_ID__SIGNAL (3) / SIGNAL: signals an interrupt to the opposite world. [Dynamic system calls API] #define SAFEG_SYSCALL_ID__REGDYN (4) /REGDYN: register a dynamic system call. struct safeg_syscall { uint32_t is_t_callable; uint32_t is_nt_callable; uint8_t name[8]; uint32_t (*function)(uint32_t core_id, uint32_t ns, uint32_t a, uint32_t b, uint32_t c); }
Outline • Introduction • Hardware-based security • TrustZone • ARM TrustZone on Zynq 7000 • AES encryption algorithm • Results • Future Research • Questions 11/22/2016 CHIA-CHE,LEE 27
AES Encryption Algorithm 11/22/2016 CHIA-CHE,LEE 28 • The AES encryption is a symmetric encryption algorithm, and used for encrypt electronic data wisely. • It replaces Data Encryption Standard (DES) encryption algorithm to become one of the most popular encryption algorithm in the world so far. • The standard of Key and Block length is 128 bit, and represented with a matrix (array) of bytes with 4 rows and N columns, N = key length / 32
AES Encryption Algorithm 11/22/2016 CHIA-CHE,LEE 29 • The AES algorithm processes on a two-dimensional array (4 times 4) of bytes called the State. • Initially, for the AES round transformation, the first state us the input plaintext and the final state is the encrypted output. • The round transformation mixes the bytes of the State either individually, row-wise, or column-wise by directing the functions o Sub-Bytes, Shift-Rows, Mix-Columns, and Add-RoundKey sequentially
Convert to State Array 0 1 2 3 4 5 6 7 8 9 101112131415 Input block: 0 4 8 12 1 5 9 13 2 6 10 14 3 7 11 15 S0,0 S0,1 S0,2 S0,3 S1,0 S1,1 S1,2 S1,3 S2,0 S2,1 S2,2 S2,3 S3,0 S3,1 S3,2 S3,3 =
SubBytes • Replace each byte in the state array with its corresponding value from the S-Box 00 44 88 CC 11 55 99 DD 22 66 AA EE 33 77 BB FF 55
ShiftRows • Last three rows are cyclically shifted S0,0 S0,1 S0,2 S0,3 S1,0 S1,1 S1,2 S1,3 S2,0 S2,1 S2,2 S2,3 S3,0 S3,1 S3,2 S3,3 S1,0 S3,0 S3,1 S3,2 S2,0 S2,1
MixColumns • Apply MixColumn transformation to each column S0,0 S0,1 S0,2 S0,3 S1,0 S1,1 S1,2 S1,3 S2,0 S2,1 S2,2 S2,3 S3,0 S3,1 S3,2 S3,3 S’0,0 S’0,1 S’0,2 S’0,3 S’1,0 S’1,1 S’1,2 S’1,3 S’2,0 S’2,1 S’2,2 S’2,3 S’3,0 S’3,1 S’3,2 S’3,3 S0,1 S1,1 S2,1 S3,1 S’0,1 S’1,1 S’2,1 S’3,1 MixColumns() S’0,c = ({02}  S0,c)  ({03}  S1,c)  S2,c  S3,c S’1,c = S0,c  ({02}  S1,c)  ({03}  S2,c)  S3,c S’2,c = S0,c  S1,c  ({02}  S2,c )  ({03}  S3,c) S’3,c = ({03}  S0,c)  S1,c  S2,c  ({02}  S3,c
AddRoundKey • XOR each byte of the round key with its corresponding byte in the state array S0,0 S0,1 S0,2 S0,3 S1,0 S1,1 S1,2 S1,3 S2,0 S2,1 S2,2 S2,3 S3,0 S3,1 S3,2 S3,3 S’0,0 S’0,1 S’0,2 S’0,3 S’1,0 S’1,1 S’1,2 S’1,3 S’2,0 S’2,1 S’2,2 S’2,3 S’3,0 S’3,1 S’3,2 S’3,3 S0,1 S1,1 S2,1 S3,1 S’0,1 S’1,1 S’2,1 S’3,1 R0,0 R0,1 R0,2 R0,3 R1,0 R1,1 R1,2 R1,3 R2,0 R2,1 R2,2 R2,3 R3,0 R3,1 R3,2 R3,3 R0,1 R1,1 R2,1 R3,1 XOR
Outline • Introduction • Hardware-based security • TrustZone • ARM TrustZone on Zynq 7000 • AES encryption algorithm • Results • Future Research • Questions 11/22/2016 CHIA-CHE,LEE 35
Experimentation 11/22/2016 CHIA-CHE,LEE 36
AES DEMO execution flow Calling safeg_syscall_regdyn(); to register AES function to SafeG systemcall table in VMM. Calling safeg_syscall_getid(); to get AES systemcall id from systemcall table in VMM. Receiving safeg_systemcall_invoke(); executing AES function and sending back the output. Calling safeg_syscall_invoke() to invoke AES from trust-OS through VMM. Receiving the output from aes function.
AES DEMO key[] = {0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c}; in[] = {0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a}; Expecting output[] = {0x3a, 0xd7, 0x7b, 0xb4, 0x0d, 0x7a, 0x36, 0x60, 0xa8, 0x9e, 0xca, 0xf3, 0x24, 0x66, 0xef, 0x97};
Real – Time DEMO
Outline • Introduction • Hardware-based security • TrustZone • ARM TrustZone on Zynq 7000 • AES encryption algorithm • Results • Future Research • Questions 11/22/2016 CHIA-CHE,LEE 40
Future Research 11/22/2016 CHIA-CHE,LEE 41 • Physical Unclonable Function (PUF) • An on-chip physical unclonable function is a unique challenge-response function, • which is providing a random signature/response while the chip is powered-on • PUD designs in cryptography engine in FPGA has played an important role in security technology progress.
Outline • Introduction • Hardware-based security • TrustZone • ARM TrustZone on Zynq 7000 • AES encryption algorithm • Results • Future Research • Questions 11/22/2016 CHIA-CHE,LEE 42

Empfohlen

Trusted platform module copy
Trusted platform module copyTrusted platform module copy
Trusted platform module copyRishi Kumar
 
14k50 auto
14k50 auto14k50 auto
14k50 autoAlfredo Santillan
 
Protecting Data with Short-Lived Encryption Keys and Hardware Root of Trust
Protecting Data with Short-Lived Encryption Keys and Hardware Root of TrustProtecting Data with Short-Lived Encryption Keys and Hardware Root of Trust
Protecting Data with Short-Lived Encryption Keys and Hardware Root of TrustDan Griffin
 
EuskalHack 2017 - Secure initialization of TEEs: when secure boot falls short
EuskalHack 2017 - Secure initialization of TEEs: when secure boot falls shortEuskalHack 2017 - Secure initialization of TEEs: when secure boot falls short
EuskalHack 2017 - Secure initialization of TEEs: when secure boot falls shortCristofaro Mune
 
Trusted Platform Module (TPM)
Trusted Platform Module (TPM)Trusted Platform Module (TPM)
Trusted Platform Module (TPM)k33a
 
Security for io t apr 29th mentor embedded hangout
Security for io t apr 29th mentor embedded hangoutSecurity for io t apr 29th mentor embedded hangout
Security for io t apr 29th mentor embedded hangoutmentoresd
 
Kernel Memory Protection by an Insertable Hypervisor which has VM Introspec...
Kernel Memory Protection by an Insertable Hypervisor which has VM Introspec...Kernel Memory Protection by an Insertable Hypervisor which has VM Introspec...
Kernel Memory Protection by an Insertable Hypervisor which has VM Introspec...Kuniyasu Suzaki
 
DATA SHEET PIC12F675
DATA SHEET PIC12F675DATA SHEET PIC12F675
DATA SHEET PIC12F675dennisayalalaime
 

Empfohlen

Trusted platform module copy
Trusted platform module copyTrusted platform module copy
Trusted platform module copyRishi Kumar
 
14k50 auto
14k50 auto14k50 auto
14k50 autoAlfredo Santillan
 
Protecting Data with Short-Lived Encryption Keys and Hardware Root of Trust
Protecting Data with Short-Lived Encryption Keys and Hardware Root of TrustProtecting Data with Short-Lived Encryption Keys and Hardware Root of Trust
Protecting Data with Short-Lived Encryption Keys and Hardware Root of TrustDan Griffin
 
EuskalHack 2017 - Secure initialization of TEEs: when secure boot falls short
EuskalHack 2017 - Secure initialization of TEEs: when secure boot falls shortEuskalHack 2017 - Secure initialization of TEEs: when secure boot falls short
EuskalHack 2017 - Secure initialization of TEEs: when secure boot falls shortCristofaro Mune
 
Trusted Platform Module (TPM)
Trusted Platform Module (TPM)Trusted Platform Module (TPM)
Trusted Platform Module (TPM)k33a
 
Security for io t apr 29th mentor embedded hangout
Security for io t apr 29th mentor embedded hangoutSecurity for io t apr 29th mentor embedded hangout
Security for io t apr 29th mentor embedded hangoutmentoresd
 
Kernel Memory Protection by an Insertable Hypervisor which has VM Introspec...
Kernel Memory Protection by an Insertable Hypervisor which has VM Introspec...Kernel Memory Protection by an Insertable Hypervisor which has VM Introspec...
Kernel Memory Protection by an Insertable Hypervisor which has VM Introspec...Kuniyasu Suzaki
 
DATA SHEET PIC12F675
DATA SHEET PIC12F675DATA SHEET PIC12F675
DATA SHEET PIC12F675dennisayalalaime
 
Introduction to Trusted Computing
Introduction to Trusted ComputingIntroduction to Trusted Computing
Introduction to Trusted ComputingMaksim Djackov
 
Digital Rights Management and Trusted Computing Base
Digital Rights Management and Trusted Computing BaseDigital Rights Management and Trusted Computing Base
Digital Rights Management and Trusted Computing BaseSajid Marwat
 
Man in the middle attacks on IEC 60870-5-104
Man in the middle attacks on IEC 60870-5-104Man in the middle attacks on IEC 60870-5-104
Man in the middle attacks on IEC 60870-5-104pgmaynard
 
CONFidence 2014: Yaniv Miron: ATMs – We kick their ass
CONFidence 2014: Yaniv Miron: ATMs – We kick their assCONFidence 2014: Yaniv Miron: ATMs – We kick their ass
CONFidence 2014: Yaniv Miron: ATMs – We kick their assPROIDEA
 
Trusted Computing Base
Trusted Computing BaseTrusted Computing Base
Trusted Computing BaseVasily Sartakov
 
Kavya racharla ndh-naropanth_fin
Kavya racharla ndh-naropanth_finKavya racharla ndh-naropanth_fin
Kavya racharla ndh-naropanth_finPacSecJP
 
HKG18-212 - Trusted Firmware M: Introduction
HKG18-212 - Trusted Firmware M: IntroductionHKG18-212 - Trusted Firmware M: Introduction
HKG18-212 - Trusted Firmware M: IntroductionLinaro
 
Yunusov babin 7 sins pres atm v2
Yunusov babin 7 sins pres atm v2Yunusov babin 7 sins pres atm v2
Yunusov babin 7 sins pres atm v2PacSecJP
 
Efficient Reverse Engineering of Automotive Firmware
Efficient Reverse Engineering of Automotive FirmwareEfficient Reverse Engineering of Automotive Firmware
Efficient Reverse Engineering of Automotive FirmwareRiscure
 
Leave ATM Forever Alone
Leave ATM Forever AloneLeave ATM Forever Alone
Leave ATM Forever AloneOlga Kochetova
 
DEF CON 27 - XIAOHUIHUI - all the 4g modules could be hacked
DEF CON 27 - XIAOHUIHUI - all the 4g modules could be hackedDEF CON 27 - XIAOHUIHUI - all the 4g modules could be hacked
DEF CON 27 - XIAOHUIHUI - all the 4g modules could be hackedFelipe Prado
 
Controlling PC on ARM using Fault Injection
Controlling PC on ARM using Fault InjectionControlling PC on ARM using Fault Injection
Controlling PC on ARM using Fault InjectionRiscure
 
CNIT 123: Ch 13: Network Protection Systems
CNIT 123: Ch 13: Network Protection SystemsCNIT 123: Ch 13: Network Protection Systems
CNIT 123: Ch 13: Network Protection SystemsSam Bowne
 
System 6000
System 6000System 6000
System 6000Mail Box Production
 
Revisiting atm vulnerabilities for our fun and vendor’s
Revisiting atm vulnerabilities for our fun and vendor’sRevisiting atm vulnerabilities for our fun and vendor’s
Revisiting atm vulnerabilities for our fun and vendor’sOlga Kochetova
 
Authentication Issues between entities during protocol message exchange in SC...
Authentication Issues between entities during protocol message exchange in SC...Authentication Issues between entities during protocol message exchange in SC...
Authentication Issues between entities during protocol message exchange in SC...Manuel Santander
 
Where Are All The ICS Attacks?
Where Are All The ICS Attacks?Where Are All The ICS Attacks?
Where Are All The ICS Attacks?EnergySec
 
ZiLOG Universal Infrared Remote Reference Design
ZiLOG Universal Infrared Remote Reference DesignZiLOG Universal Infrared Remote Reference Design
ZiLOG Universal Infrared Remote Reference DesignDiana Laboy-Rush
 
Introduction to Atmel's 8-bit AVR Microcontrollers
Introduction to Atmel's 8-bit AVR Microcontrollers Introduction to Atmel's 8-bit AVR Microcontrollers
Introduction to Atmel's 8-bit AVR Microcontrollers Premier Farnell
 
Introduction to Avr Microcontrollers
Introduction to Avr MicrocontrollersIntroduction to Avr Microcontrollers
Introduction to Avr MicrocontrollersMohamed Tarek
 
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEE
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEEBKK16-110 A Gentle Introduction to Trusted Execution and OP-TEE
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEELinaro
 
ARMv8-M TrustZone: A New Security Feature for Embedded Systems (FFRI Monthly ...
ARMv8-M TrustZone: A New Security Feature for Embedded Systems (FFRI Monthly ...ARMv8-M TrustZone: A New Security Feature for Embedded Systems (FFRI Monthly ...
ARMv8-M TrustZone: A New Security Feature for Embedded Systems (FFRI Monthly ...FFRI, Inc.
 

Weitere ähnliche Inhalte

Was ist angesagt?

Introduction to Trusted Computing
Introduction to Trusted ComputingIntroduction to Trusted Computing
Introduction to Trusted ComputingMaksim Djackov
 
Digital Rights Management and Trusted Computing Base
Digital Rights Management and Trusted Computing BaseDigital Rights Management and Trusted Computing Base
Digital Rights Management and Trusted Computing BaseSajid Marwat
 
Man in the middle attacks on IEC 60870-5-104
Man in the middle attacks on IEC 60870-5-104Man in the middle attacks on IEC 60870-5-104
Man in the middle attacks on IEC 60870-5-104pgmaynard
 
CONFidence 2014: Yaniv Miron: ATMs – We kick their ass
CONFidence 2014: Yaniv Miron: ATMs – We kick their assCONFidence 2014: Yaniv Miron: ATMs – We kick their ass
CONFidence 2014: Yaniv Miron: ATMs – We kick their assPROIDEA
 
Kavya racharla ndh-naropanth_fin
Kavya racharla ndh-naropanth_finKavya racharla ndh-naropanth_fin
Kavya racharla ndh-naropanth_finPacSecJP
 
HKG18-212 - Trusted Firmware M: Introduction
HKG18-212 - Trusted Firmware M: IntroductionHKG18-212 - Trusted Firmware M: Introduction
HKG18-212 - Trusted Firmware M: IntroductionLinaro
 
Yunusov babin 7 sins pres atm v2
Yunusov babin 7 sins pres atm v2Yunusov babin 7 sins pres atm v2
Yunusov babin 7 sins pres atm v2PacSecJP
 
Efficient Reverse Engineering of Automotive Firmware
Efficient Reverse Engineering of Automotive FirmwareEfficient Reverse Engineering of Automotive Firmware
Efficient Reverse Engineering of Automotive FirmwareRiscure
 
Leave ATM Forever Alone
Leave ATM Forever AloneLeave ATM Forever Alone
Leave ATM Forever AloneOlga Kochetova
 
DEF CON 27 - XIAOHUIHUI - all the 4g modules could be hacked
DEF CON 27 - XIAOHUIHUI - all the 4g modules could be hackedDEF CON 27 - XIAOHUIHUI - all the 4g modules could be hacked
DEF CON 27 - XIAOHUIHUI - all the 4g modules could be hackedFelipe Prado
 
Controlling PC on ARM using Fault Injection
Controlling PC on ARM using Fault InjectionControlling PC on ARM using Fault Injection
Controlling PC on ARM using Fault InjectionRiscure
 
CNIT 123: Ch 13: Network Protection Systems
CNIT 123: Ch 13: Network Protection SystemsCNIT 123: Ch 13: Network Protection Systems
CNIT 123: Ch 13: Network Protection SystemsSam Bowne
 
Revisiting atm vulnerabilities for our fun and vendor’s
Revisiting atm vulnerabilities for our fun and vendor’sRevisiting atm vulnerabilities for our fun and vendor’s
Revisiting atm vulnerabilities for our fun and vendor’sOlga Kochetova
 
Authentication Issues between entities during protocol message exchange in SC...
Authentication Issues between entities during protocol message exchange in SC...Authentication Issues between entities during protocol message exchange in SC...
Authentication Issues between entities during protocol message exchange in SC...Manuel Santander
 
Where Are All The ICS Attacks?
Where Are All The ICS Attacks?Where Are All The ICS Attacks?
Where Are All The ICS Attacks?EnergySec
 
ZiLOG Universal Infrared Remote Reference Design
ZiLOG Universal Infrared Remote Reference DesignZiLOG Universal Infrared Remote Reference Design
ZiLOG Universal Infrared Remote Reference DesignDiana Laboy-Rush
 
Introduction to Atmel's 8-bit AVR Microcontrollers
Introduction to Atmel's 8-bit AVR Microcontrollers Introduction to Atmel's 8-bit AVR Microcontrollers
Introduction to Atmel's 8-bit AVR Microcontrollers Premier Farnell
 
Introduction to Avr Microcontrollers
Introduction to Avr MicrocontrollersIntroduction to Avr Microcontrollers
Introduction to Avr MicrocontrollersMohamed Tarek
 

Was ist angesagt? (20)

Introduction to Trusted Computing
Introduction to Trusted ComputingIntroduction to Trusted Computing
Introduction to Trusted Computing
 
Digital Rights Management and Trusted Computing Base
Digital Rights Management and Trusted Computing BaseDigital Rights Management and Trusted Computing Base
Digital Rights Management and Trusted Computing Base
 
Man in the middle attacks on IEC 60870-5-104
Man in the middle attacks on IEC 60870-5-104Man in the middle attacks on IEC 60870-5-104
Man in the middle attacks on IEC 60870-5-104
 
CONFidence 2014: Yaniv Miron: ATMs – We kick their ass
CONFidence 2014: Yaniv Miron: ATMs – We kick their assCONFidence 2014: Yaniv Miron: ATMs – We kick their ass
CONFidence 2014: Yaniv Miron: ATMs – We kick their ass
 
Trusted Computing Base
Trusted Computing BaseTrusted Computing Base
Trusted Computing Base
 
Kavya racharla ndh-naropanth_fin
Kavya racharla ndh-naropanth_finKavya racharla ndh-naropanth_fin
Kavya racharla ndh-naropanth_fin
 
HKG18-212 - Trusted Firmware M: Introduction
HKG18-212 - Trusted Firmware M: IntroductionHKG18-212 - Trusted Firmware M: Introduction
HKG18-212 - Trusted Firmware M: Introduction
 
Yunusov babin 7 sins pres atm v2
Yunusov babin 7 sins pres atm v2Yunusov babin 7 sins pres atm v2
Yunusov babin 7 sins pres atm v2
 
Efficient Reverse Engineering of Automotive Firmware
Efficient Reverse Engineering of Automotive FirmwareEfficient Reverse Engineering of Automotive Firmware
Efficient Reverse Engineering of Automotive Firmware
 
Leave ATM Forever Alone
Leave ATM Forever AloneLeave ATM Forever Alone
Leave ATM Forever Alone
 
DEF CON 27 - XIAOHUIHUI - all the 4g modules could be hacked
DEF CON 27 - XIAOHUIHUI - all the 4g modules could be hackedDEF CON 27 - XIAOHUIHUI - all the 4g modules could be hacked
DEF CON 27 - XIAOHUIHUI - all the 4g modules could be hacked
 
Controlling PC on ARM using Fault Injection
Controlling PC on ARM using Fault InjectionControlling PC on ARM using Fault Injection
Controlling PC on ARM using Fault Injection
 
CNIT 123: Ch 13: Network Protection Systems
CNIT 123: Ch 13: Network Protection SystemsCNIT 123: Ch 13: Network Protection Systems
CNIT 123: Ch 13: Network Protection Systems
 
System 6000
System 6000System 6000
System 6000
 
Revisiting atm vulnerabilities for our fun and vendor’s
Revisiting atm vulnerabilities for our fun and vendor’sRevisiting atm vulnerabilities for our fun and vendor’s
Revisiting atm vulnerabilities for our fun and vendor’s
 
Authentication Issues between entities during protocol message exchange in SC...
Authentication Issues between entities during protocol message exchange in SC...Authentication Issues between entities during protocol message exchange in SC...
Authentication Issues between entities during protocol message exchange in SC...
 
Where Are All The ICS Attacks?
Where Are All The ICS Attacks?Where Are All The ICS Attacks?
Where Are All The ICS Attacks?
 
ZiLOG Universal Infrared Remote Reference Design
ZiLOG Universal Infrared Remote Reference DesignZiLOG Universal Infrared Remote Reference Design
ZiLOG Universal Infrared Remote Reference Design
 
Introduction to Atmel's 8-bit AVR Microcontrollers
Introduction to Atmel's 8-bit AVR Microcontrollers Introduction to Atmel's 8-bit AVR Microcontrollers
Introduction to Atmel's 8-bit AVR Microcontrollers
 
Introduction to Avr Microcontrollers
Introduction to Avr MicrocontrollersIntroduction to Avr Microcontrollers
Introduction to Avr Microcontrollers
 

Ähnlich wie Thesis presentation

BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEE
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEEBKK16-110 A Gentle Introduction to Trusted Execution and OP-TEE
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEELinaro
 
ARMv8-M TrustZone: A New Security Feature for Embedded Systems (FFRI Monthly ...
ARMv8-M TrustZone: A New Security Feature for Embedded Systems (FFRI Monthly ...ARMv8-M TrustZone: A New Security Feature for Embedded Systems (FFRI Monthly ...
ARMv8-M TrustZone: A New Security Feature for Embedded Systems (FFRI Monthly ...FFRI, Inc.
 
Hardware-assisted Isolated Execution Environment to run trusted OS and applic...
Hardware-assisted Isolated Execution Environment to run trusted OS and applic...Hardware-assisted Isolated Execution Environment to run trusted OS and applic...
Hardware-assisted Isolated Execution Environment to run trusted OS and applic...Kuniyasu Suzaki
 
08680982.pdfArchitectures for Security A comparative anal.docx
08680982.pdfArchitectures for Security A comparative anal.docx08680982.pdfArchitectures for Security A comparative anal.docx
08680982.pdfArchitectures for Security A comparative anal.docxcroftsshanon
 
RTOS based Confidential Area Security System
RTOS based Confidential Area Security SystemRTOS based Confidential Area Security System
RTOS based Confidential Area Security Systemajinky gadewar
 
RISC-V-Day-Tokyo2018-suzaki
RISC-V-Day-Tokyo2018-suzakiRISC-V-Day-Tokyo2018-suzaki
RISC-V-Day-Tokyo2018-suzakiKuniyasu Suzaki
 
Track 5 session 3 - st dev con 2016 - mechanisms for trusted code execution...
Track 5 session 3 - st dev con 2016 - mechanisms for trusted code execution...Track 5 session 3 - st dev con 2016 - mechanisms for trusted code execution...
Track 5 session 3 - st dev con 2016 - mechanisms for trusted code execution...ST_World
 
Software development in ar mv8 m architecture - yiu
Software development in ar mv8 m architecture - yiuSoftware development in ar mv8 m architecture - yiu
Software development in ar mv8 m architecture - yiuArm
 
HKG18-113- Secure Data Path work with i.MX8M
HKG18-113- Secure Data Path work with i.MX8MHKG18-113- Secure Data Path work with i.MX8M
HKG18-113- Secure Data Path work with i.MX8MLinaro
 
High end security for low-end microcontrollers
High end security for low-end microcontrollersHigh end security for low-end microcontrollers
High end security for low-end microcontrollersMilosch Meriac
 
The Mainframe's Role in Enterprise Security Management - Jean-Marc Darees
The Mainframe's Role in Enterprise Security Management - Jean-Marc DareesThe Mainframe's Role in Enterprise Security Management - Jean-Marc Darees
The Mainframe's Role in Enterprise Security Management - Jean-Marc DareesNRB
 
Confidential compute with hyperledger fabric .v17
Confidential compute with hyperledger fabric .v17Confidential compute with hyperledger fabric .v17
Confidential compute with hyperledger fabric .v17LennartF
 
Demystifying Security Root of Trust Approaches for IoT/Embedded - SFO17-304
Demystifying Security Root of Trust Approaches for IoT/Embedded - SFO17-304Demystifying Security Root of Trust Approaches for IoT/Embedded - SFO17-304
Demystifying Security Root of Trust Approaches for IoT/Embedded - SFO17-304Linaro
 
Review of Hardware based solutions for trusted cloud computing.pptx
Review of Hardware based solutions for trusted cloud computing.pptxReview of Hardware based solutions for trusted cloud computing.pptx
Review of Hardware based solutions for trusted cloud computing.pptxssusere142fe
 
Analysis of Security and Compliance using Oracle SPARC T-Series Servers: Emph...
Analysis of Security and Compliance using Oracle SPARC T-Series Servers: Emph...Analysis of Security and Compliance using Oracle SPARC T-Series Servers: Emph...
Analysis of Security and Compliance using Oracle SPARC T-Series Servers: Emph...Ramesh Nagappan
 
6 andrii grygoriev - security issues in arm trust zone software
6 andrii grygoriev - security issues in arm trust zone software6 andrii grygoriev - security issues in arm trust zone software
6 andrii grygoriev - security issues in arm trust zone softwareIevgenii Katsan
 
RISC-V 30906 hex five multi_zone iot firmware
RISC-V 30906 hex five multi_zone iot firmwareRISC-V 30906 hex five multi_zone iot firmware
RISC-V 30906 hex five multi_zone iot firmwareRISC-V International
 

Ähnlich wie Thesis presentation (20)

BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEE
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEEBKK16-110 A Gentle Introduction to Trusted Execution and OP-TEE
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEE
 
ARMv8-M TrustZone: A New Security Feature for Embedded Systems (FFRI Monthly ...
ARMv8-M TrustZone: A New Security Feature for Embedded Systems (FFRI Monthly ...ARMv8-M TrustZone: A New Security Feature for Embedded Systems (FFRI Monthly ...
ARMv8-M TrustZone: A New Security Feature for Embedded Systems (FFRI Monthly ...
 
Hardware-assisted Isolated Execution Environment to run trusted OS and applic...
Hardware-assisted Isolated Execution Environment to run trusted OS and applic...Hardware-assisted Isolated Execution Environment to run trusted OS and applic...
Hardware-assisted Isolated Execution Environment to run trusted OS and applic...
 
08680982.pdfArchitectures for Security A comparative anal.docx
08680982.pdfArchitectures for Security A comparative anal.docx08680982.pdfArchitectures for Security A comparative anal.docx
08680982.pdfArchitectures for Security A comparative anal.docx
 
RTOS based Confidential Area Security System
RTOS based Confidential Area Security SystemRTOS based Confidential Area Security System
RTOS based Confidential Area Security System
 
RISC-V-Day-Tokyo2018-suzaki
RISC-V-Day-Tokyo2018-suzakiRISC-V-Day-Tokyo2018-suzaki
RISC-V-Day-Tokyo2018-suzaki
 
Track 5 session 3 - st dev con 2016 - mechanisms for trusted code execution...
Track 5 session 3 - st dev con 2016 - mechanisms for trusted code execution...Track 5 session 3 - st dev con 2016 - mechanisms for trusted code execution...
Track 5 session 3 - st dev con 2016 - mechanisms for trusted code execution...
 
Software development in ar mv8 m architecture - yiu
Software development in ar mv8 m architecture - yiuSoftware development in ar mv8 m architecture - yiu
Software development in ar mv8 m architecture - yiu
 
HKG18-113- Secure Data Path work with i.MX8M
HKG18-113- Secure Data Path work with i.MX8MHKG18-113- Secure Data Path work with i.MX8M
HKG18-113- Secure Data Path work with i.MX8M
 
High end security for low-end microcontrollers
High end security for low-end microcontrollersHigh end security for low-end microcontrollers
High end security for low-end microcontrollers
 
The Mainframe's Role in Enterprise Security Management - Jean-Marc Darees
The Mainframe's Role in Enterprise Security Management - Jean-Marc DareesThe Mainframe's Role in Enterprise Security Management - Jean-Marc Darees
The Mainframe's Role in Enterprise Security Management - Jean-Marc Darees
 
Confidential compute with hyperledger fabric .v17
Confidential compute with hyperledger fabric .v17Confidential compute with hyperledger fabric .v17
Confidential compute with hyperledger fabric .v17
 
Project_updated
Project_updatedProject_updated
Project_updated
 
Demystifying Security Root of Trust Approaches for IoT/Embedded - SFO17-304
Demystifying Security Root of Trust Approaches for IoT/Embedded - SFO17-304Demystifying Security Root of Trust Approaches for IoT/Embedded - SFO17-304
Demystifying Security Root of Trust Approaches for IoT/Embedded - SFO17-304
 
PIC16F1934.PDF
PIC16F1934.PDFPIC16F1934.PDF
PIC16F1934.PDF
 
Intel core i5
Intel core i5Intel core i5
Intel core i5
 
Review of Hardware based solutions for trusted cloud computing.pptx
Review of Hardware based solutions for trusted cloud computing.pptxReview of Hardware based solutions for trusted cloud computing.pptx
Review of Hardware based solutions for trusted cloud computing.pptx
 
Analysis of Security and Compliance using Oracle SPARC T-Series Servers: Emph...
Analysis of Security and Compliance using Oracle SPARC T-Series Servers: Emph...Analysis of Security and Compliance using Oracle SPARC T-Series Servers: Emph...
Analysis of Security and Compliance using Oracle SPARC T-Series Servers: Emph...
 
6 andrii grygoriev - security issues in arm trust zone software
6 andrii grygoriev - security issues in arm trust zone software6 andrii grygoriev - security issues in arm trust zone software
6 andrii grygoriev - security issues in arm trust zone software
 
RISC-V 30906 hex five multi_zone iot firmware
RISC-V 30906 hex five multi_zone iot firmwareRISC-V 30906 hex five multi_zone iot firmware
RISC-V 30906 hex five multi_zone iot firmware
 

Thesis presentation

  • 1. AES Encryption using ARM TrustZone technology CHIA-CHE,LEE Adviser: Fareena Saqib 11/22/2016 CHIA-CHE,LEE 1
  • 2. Outline • Introduction • Hardware-based security • TrustZone • ARM TrustZone on Zynq 7000 • AES encryption algorithm • Results • Future Research • Questions 11/22/2016 CHIA-CHE,LEE 2
  • 3. Outline • Introduction • Hardware-based security • TrustZone • ARM TrustZone on Zynq 7000 • AES encryption algorithm • Results • Future Research • Questions 11/22/2016 CHIA-CHE,LEE 3
  • 4. Introduction About ARM… – Over 50 billion ARM processors produced as of 2014. – In 2013, 10 billion ARM processor were produced and "ARM-based chips are found in nearly 60 percent of the world’s mobile devices”. – representing 95% of smartphones, 35% of digital televisions and set-top boxes and 10% of mobile computers. 11/22/2016 CHIA-CHE,LEE 4
  • 5. Introduction • How to security our sensitive information from leaking? – Malware – Social engineering, trojans, phishing, APT – Theft and loss of devices – Weak security controls – no PIN lock – User intervention – jail breaking, unlocking, etc. • The most commended way to defense malware attacks – antivirus software. • Antivirus cannot effectively verify itself. • When the malwares gain the same access level as antivirus have – Theses defense software can be simply disable. • Needed hardware beased security. 11/22/2016 CHIA-CHE,LEE 5
  • 6. Introduction • In order to improve security on mobile devices, controlling over hardware through device software is a better approach. • TCG, Trusted Computing Group, is a group form by AMD, Intel, IBM, HP and Microsoft in 2003 to deliver trusted computing in all personal computer platforms. – All major OEMs joined in later • Trusted Platform Module is made for targeting PC market. • What about Mobile devices? • ARM is a market leader by large margin in mobile market. – A large number of applications leveraging ARM trusted environment to provide security to users. 11/22/2016 CHIA-CHE,LEE 6
  • 7. Outline • Introduction • Hardware-based security • TrustZone • ARM TrustZone on Zynq 7000 • AES encryption algorithm • Results • Future Research • Questions 11/22/2016 CHIA-CHE,LEE 7
  • 8. Hardware-based security Hardware-based security – TPM, TEE. • A Trusted Platform Module is a microchip that is often built into a motherboard to provide hardware-based security. • There are two important functional components for TPM – – a special register set call Platform Configuration Registers (PCRs) – a cryptographic engine that can execute encryption digital signatures. 11/22/2016 CHIA-CHE,LEE 8
  • 9. Hardware-based security Hardware-based security – TPM, TEE. • Trusted Execution Environment is a concept of hardware-based tasks isolation firmware. – provide a smaller operating environment that has enough functionality to secure or provide sensitive service. – using a hybrid approach that utilizes both hardware and software to protect data. – The TEE is ideal for supporting natural ID (facial recognition, fingerprint sensor and voice authorization) as PINs and passwords can be easily hacked and stolen. • ARM TrustZone is a TEE for ARM family. • TPM vs TEE:  TEE works alike a bulletproof safe  TPM is a 128-digit combination lock for the safe. 11/22/2016 CHIA-CHE,LEE 9
  • 10. 1. The commend way of sealing information in systems is using testing And debugging function modules as the starting point of hardware attack. Usually are Trace and Jtag - If there are loopholes in the system design, attackers can access different modules through the debugging bug. 2. That figure shows that trustzone can protect sensitive information through JTAG by using Xilinx SDK debugging tool. - people cannot disassemble program. Note: Memory address 1c000000 – 1fffffff is set for secure world used only. Protection from illegal memory access
  • 11. Outline • Introduction • Hardware-based security • TrustZone • ARM TrustZone on Zynq 7000 • AES encryption algorithm • Results • Future Research • Questions 11/22/2016 CHIA-CHE,LEE 11
  • 12. TrustZone What is TrustZone? • TrustZone is hardware-based security built into SoCs by semiconductor chip designers who want to provide secure end points and a device root of trust. – TrustZone has a normal world and a secure world. • Very flexible as compared to other security technologies as software defined registers configure secure and non-secure hardware access. • TrustZone defines processors, memories, peripherals and even L2 ares as secure or non- secure hardware. 11/22/2016 CHIA-CHE,LEE 12
  • 13. TrustZone 11/22/2016 CHIA-CHE,LEE 13 Defining Normal World: • A general purpose OS utilizing multiple functionality provided on the hardware for users rich experience. • Ensured by TZ that Normal world software only can access the non-critical hardware subset • We can assume Normal world has been hacked in most of the cases.
  • 14. TrustZone 11/22/2016 CHIA-CHE,LEE 14 Defining Secure World: • Secure World software has complete access to both Trusted and Un-Trusted hardware • Secure World only includes minimum functionality and device interfaces. • ARM Does not envisage using General purpose OS inside Secure World, All TEE are limited functionality RTOS-like OS.
  • 15. TrustZone 11/22/2016 CHIA-CHE,LEE 15 Defining Secure Monitor: • A special hard code in TZ that can switch processor states between two worlds. • The security of secure monitor is ensured by Secure boot code. • Secure Monitor provides Secure Monitor Calls for both worlds use to communicate via Monitor. • The secure monitor mode, a privileged mode always Secure regardless of the state of the NS(Non-Secure) bit.
  • 16. TrustZone 11/22/2016 CHIA-CHE,LEE 16 The NS bit in AXI interconnect bus protocol has defined: • • AWPROT[1]: Write transaction – low is Secure and high is Non-secure. • • ARPROT[1]: Read transaction – low is Secure and high is Non-secure. • Static assignment of Secure or Non-secure status to MI slots using Xilinx Vivado Tool. • The security-checking feature is provide for each Master interface slot in the AXI interconnect IP.
  • 17. TrustZone 11/22/2016 CHIA-CHE,LEE 17 CP15 registers and NS(Non-Secure) bit: • The current world defined by the Non-Secure bit in the Secure Configuration register(C1 bit 0). • Bit value for worlds: • NS = 1 is Non-secure world execution. • NS = 0 is secure world execution. • When the Secure Monitor preforms the transformation from one world to the other, processor context must be saved. • it writes the NS bit to change the world operation.
  • 18. TrustZone 11/22/2016 CHIA-CHE,LEE 18 • Boot up sequence for TrustZone: Two important goals in Booting sequence: 1. Secure monitor needs to be booted up before Secure World and Normal World. • As a secure OS boot. 2. In the boot sequence, Monitor will finish TrustZone feathers initialization (SMC….etc).
  • 19. TrustZone 11/22/2016 CHIA-CHE,LEE 19 Invocation of Secure Monitor Calls (SMC) – • Secure Monitor Calls is a special code to invoke Secure Monitor code to switch worlds, or invoke functions. • In both worlds, Privilege mode is necessary for calling SMC.  In tustzone, systems mainly use User mode, Privilege mode and Monitor mode. • The Secure Monitor will provide an API sets for both worlds in order to invoke SMC.
  • 20. Outline • Introduction • Hardware-based security • TrustZone • ARM TrustZone on Zynq 7000 • AES encryption algorithm • Results • Future Research • Questions 11/22/2016 CHIA-CHE,LEE 20
  • 21. ARM TrustZone on Zynq 7000 11/22/2016 CHIA-CHE,LEE 21 • TrustZone support on Zynq SoC • Zynq – 7000 AP SoC consists of 2 domains: PS and PL. • Processing System (PS) - ARM Cortex-A9 MP core processor, peripherals, interconnects etc. provided as hard IP. • Programmable Logic (PL) – Programmable FPGA Fabric. TrustZone security feather provided in both PS and PL with TrustZone related configuration registers provided in PS dynamically programmable during execution.
  • 22. ARM TrustZone on Zynq 7000 11/22/2016 CHIA-CHE,LEE 22
  • 23. ARM TrustZone on Zynq 7000 11/22/2016 CHIA-CHE,LEE 23 Implementation Xilinx Zynq-7000 All Programmable SoC SafeG A reliable dual hypervisor for embedded real-time systems for RTOS/GPOS A Open souce platform from Nagoya University RTOS: TOPPERS/FMP Support for SMP and AMP configurations. Kernel and applications are linked in a single monolithic binary. Tasks are assigned to processor cores through a configuration file. FMP provides runtime system calls for migrating a task to a different core. The execution of FMP can be traced and displayed graphically.
  • 24. ARM TrustZone on Zynq 7000 11/22/2016 CHIA-CHE,LEE 24 Secure Memory Configuration Setting • Zedboard has 512Mbyte Memory in the system. • The physical address of memory region is: 0x00000000 ~ 0x1fffffff : DDR
  • 25. ARM TrustZone on Zynq 7000 11/22/2016 CHIA-CHE,LEE 25 TrustZone security memory settings are presented into 8 bits. Each bit has 64 MB. Each bit of physical address showed as the following: Bit 0: 0x00000000 - 0x03ffffff 1: 0x04000000 - 0x07ffffff 2: 0x08000000 - 0x0bffffff 3: 0x0C000000 - 0x0fffffff 4: 0x10000000 - 0x13ffffff 5: 0x14000000 - 0x17ffffff 6: 0x18000000 - 0x1bffffff 7: 0x1C000000 - 0x1fffffff REG(TZ_DDR_RAM) = 0xFFFFFFFF & ~(1 << 7); mov r3, #1072 movt r3, #63488 mvn r2, #128 = 0x80 str r2, [r3]
  • 26. ARM TrustZone on Zynq 7000 11/22/2016 CHIA-CHE,LEE 26 TrustZone SMC API – • All function needs a wrap in order to be callable by SMC • The default SafeG SMC provides SMC system calls : [Static system calls API] #define SAFEG_SYSCALL_ID__GETID (0) / GETID: obtains the ID of a system call by name. #define SAFEG_SYSCALL_ID__SETPERM (1) / SETPERM: set the permissions for a static or dynamic system call. #define SAFEG_SYSCALL_ID__SWITCH (2) / SWITCH: initiates a switch to the opposite world. #define SAFEG_SYSCALL_ID__SIGNAL (3) / SIGNAL: signals an interrupt to the opposite world. [Dynamic system calls API] #define SAFEG_SYSCALL_ID__REGDYN (4) /REGDYN: register a dynamic system call. struct safeg_syscall { uint32_t is_t_callable; uint32_t is_nt_callable; uint8_t name[8]; uint32_t (*function)(uint32_t core_id, uint32_t ns, uint32_t a, uint32_t b, uint32_t c); }
  • 27. Outline • Introduction • Hardware-based security • TrustZone • ARM TrustZone on Zynq 7000 • AES encryption algorithm • Results • Future Research • Questions 11/22/2016 CHIA-CHE,LEE 27
  • 28. AES Encryption Algorithm 11/22/2016 CHIA-CHE,LEE 28 • The AES encryption is a symmetric encryption algorithm, and used for encrypt electronic data wisely. • It replaces Data Encryption Standard (DES) encryption algorithm to become one of the most popular encryption algorithm in the world so far. • The standard of Key and Block length is 128 bit, and represented with a matrix (array) of bytes with 4 rows and N columns, N = key length / 32
  • 29. AES Encryption Algorithm 11/22/2016 CHIA-CHE,LEE 29 • The AES algorithm processes on a two-dimensional array (4 times 4) of bytes called the State. • Initially, for the AES round transformation, the first state us the input plaintext and the final state is the encrypted output. • The round transformation mixes the bytes of the State either individually, row-wise, or column-wise by directing the functions o Sub-Bytes, Shift-Rows, Mix-Columns, and Add-RoundKey sequentially
  • 30. Convert to State Array 0 1 2 3 4 5 6 7 8 9 101112131415 Input block: 0 4 8 12 1 5 9 13 2 6 10 14 3 7 11 15 S0,0 S0,1 S0,2 S0,3 S1,0 S1,1 S1,2 S1,3 S2,0 S2,1 S2,2 S2,3 S3,0 S3,1 S3,2 S3,3 =
  • 31. SubBytes • Replace each byte in the state array with its corresponding value from the S-Box 00 44 88 CC 11 55 99 DD 22 66 AA EE 33 77 BB FF 55
  • 32. ShiftRows • Last three rows are cyclically shifted S0,0 S0,1 S0,2 S0,3 S1,0 S1,1 S1,2 S1,3 S2,0 S2,1 S2,2 S2,3 S3,0 S3,1 S3,2 S3,3 S1,0 S3,0 S3,1 S3,2 S2,0 S2,1
  • 33. MixColumns • Apply MixColumn transformation to each column S0,0 S0,1 S0,2 S0,3 S1,0 S1,1 S1,2 S1,3 S2,0 S2,1 S2,2 S2,3 S3,0 S3,1 S3,2 S3,3 S’0,0 S’0,1 S’0,2 S’0,3 S’1,0 S’1,1 S’1,2 S’1,3 S’2,0 S’2,1 S’2,2 S’2,3 S’3,0 S’3,1 S’3,2 S’3,3 S0,1 S1,1 S2,1 S3,1 S’0,1 S’1,1 S’2,1 S’3,1 MixColumns() S’0,c = ({02}  S0,c)  ({03}  S1,c)  S2,c  S3,c S’1,c = S0,c  ({02}  S1,c)  ({03}  S2,c)  S3,c S’2,c = S0,c  S1,c  ({02}  S2,c )  ({03}  S3,c) S’3,c = ({03}  S0,c)  S1,c  S2,c  ({02}  S3,c
  • 34. AddRoundKey • XOR each byte of the round key with its corresponding byte in the state array S0,0 S0,1 S0,2 S0,3 S1,0 S1,1 S1,2 S1,3 S2,0 S2,1 S2,2 S2,3 S3,0 S3,1 S3,2 S3,3 S’0,0 S’0,1 S’0,2 S’0,3 S’1,0 S’1,1 S’1,2 S’1,3 S’2,0 S’2,1 S’2,2 S’2,3 S’3,0 S’3,1 S’3,2 S’3,3 S0,1 S1,1 S2,1 S3,1 S’0,1 S’1,1 S’2,1 S’3,1 R0,0 R0,1 R0,2 R0,3 R1,0 R1,1 R1,2 R1,3 R2,0 R2,1 R2,2 R2,3 R3,0 R3,1 R3,2 R3,3 R0,1 R1,1 R2,1 R3,1 XOR
  • 35. Outline • Introduction • Hardware-based security • TrustZone • ARM TrustZone on Zynq 7000 • AES encryption algorithm • Results • Future Research • Questions 11/22/2016 CHIA-CHE,LEE 35
  • 37. AES DEMO execution flow Calling safeg_syscall_regdyn(); to register AES function to SafeG systemcall table in VMM. Calling safeg_syscall_getid(); to get AES systemcall id from systemcall table in VMM. Receiving safeg_systemcall_invoke(); executing AES function and sending back the output. Calling safeg_syscall_invoke() to invoke AES from trust-OS through VMM. Receiving the output from aes function.
  • 38. AES DEMO key[] = {0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c}; in[] = {0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a}; Expecting output[] = {0x3a, 0xd7, 0x7b, 0xb4, 0x0d, 0x7a, 0x36, 0x60, 0xa8, 0x9e, 0xca, 0xf3, 0x24, 0x66, 0xef, 0x97};
  • 40. Outline • Introduction • Hardware-based security • TrustZone • ARM TrustZone on Zynq 7000 • AES encryption algorithm • Results • Future Research • Questions 11/22/2016 CHIA-CHE,LEE 40
  • 41. Future Research 11/22/2016 CHIA-CHE,LEE 41 • Physical Unclonable Function (PUF) • An on-chip physical unclonable function is a unique challenge-response function, • which is providing a random signature/response while the chip is powered-on • PUD designs in cryptography engine in FPGA has played an important role in security technology progress.
  • 42. Outline • Introduction • Hardware-based security • TrustZone • ARM TrustZone on Zynq 7000 • AES encryption algorithm • Results • Future Research • Questions 11/22/2016 CHIA-CHE,LEE 42