The document discusses implementing AES encryption using ARM TrustZone technology. It begins with an introduction to ARM and the need for hardware-based security. It then provides an overview of TrustZone, describing its normal and secure worlds. Details are given on implementing TrustZone on a Zynq 7000, including configuration of secure memory regions. The document also outlines the AES encryption algorithm and its key steps of SubBytes, ShiftRows, MixColumns, and AddRoundKey.
1. AES Encryption using ARM
TrustZone technology
CHIA-CHE,LEE
Adviser: Fareena Saqib
11/22/2016 CHIA-CHE,LEE 1
2. Outline
• Introduction
• Hardware-based security
• TrustZone
• ARM TrustZone on Zynq 7000
• AES encryption algorithm
• Results
• Future Research
• Questions
11/22/2016 CHIA-CHE,LEE 2
3. Outline
• Introduction
• Hardware-based security
• TrustZone
• ARM TrustZone on Zynq 7000
• AES encryption algorithm
• Results
• Future Research
• Questions
11/22/2016 CHIA-CHE,LEE 3
4. Introduction
About ARM…
– Over 50 billion ARM processors produced as of 2014.
– In 2013, 10 billion ARM processor were produced and "ARM-based chips are found in nearly 60 percent of the world’s
mobile devices”.
– representing 95% of smartphones, 35% of digital televisions and set-top boxes and 10% of mobile computers.
11/22/2016 CHIA-CHE,LEE 4
5. Introduction
• How to security our sensitive information from leaking?
– Malware
– Social engineering, trojans, phishing, APT
– Theft and loss of devices
– Weak security controls – no PIN lock
– User intervention – jail breaking, unlocking, etc.
• The most commended way to defense malware attacks
– antivirus software.
• Antivirus cannot effectively verify itself.
• When the malwares gain the same access level as antivirus have
– Theses defense software can be simply disable.
• Needed hardware beased security.
11/22/2016 CHIA-CHE,LEE 5
6. Introduction
• In order to improve security on mobile devices, controlling over hardware through device
software is a better approach.
• TCG, Trusted Computing Group, is a group form by AMD, Intel, IBM, HP and Microsoft in 2003
to deliver trusted computing in all personal computer platforms.
– All major OEMs joined in later
• Trusted Platform Module is made for targeting PC market.
• What about Mobile devices?
• ARM is a market leader by large margin in mobile market.
– A large number of applications leveraging ARM trusted environment to provide security to users.
11/22/2016 CHIA-CHE,LEE 6
7. Outline
• Introduction
• Hardware-based security
• TrustZone
• ARM TrustZone on Zynq 7000
• AES encryption algorithm
• Results
• Future Research
• Questions
11/22/2016 CHIA-CHE,LEE 7
8. Hardware-based security
Hardware-based security – TPM, TEE.
• A Trusted Platform Module is a microchip that is often built into a motherboard to provide
hardware-based security.
• There are two important functional components for TPM –
– a special register set call Platform Configuration Registers (PCRs)
– a cryptographic engine that can execute encryption digital signatures.
11/22/2016 CHIA-CHE,LEE 8
9. Hardware-based security
Hardware-based security – TPM, TEE.
• Trusted Execution Environment is a concept of hardware-based tasks isolation firmware.
– provide a smaller operating environment that has enough functionality to secure or provide sensitive service.
– using a hybrid approach that utilizes both hardware and software to protect data.
– The TEE is ideal for supporting natural ID (facial recognition, fingerprint sensor and voice authorization) as PINs and
passwords can be easily hacked and stolen.
• ARM TrustZone is a TEE for ARM family.
• TPM vs TEE:
TEE works alike a bulletproof safe
TPM is a 128-digit combination lock for the safe.
11/22/2016 CHIA-CHE,LEE 9
10. 1. The commend way of sealing information in systems is using testing
And debugging function modules as the starting point of hardware attack.
Usually are Trace and Jtag
- If there are loopholes in the system design, attackers can access
different modules through the debugging bug.
2. That figure shows that trustzone can protect sensitive information
through JTAG by using Xilinx SDK debugging tool.
- people cannot disassemble program.
Note: Memory address 1c000000 – 1fffffff is set for secure world used only.
Protection from illegal memory access
11. Outline
• Introduction
• Hardware-based security
• TrustZone
• ARM TrustZone on Zynq 7000
• AES encryption algorithm
• Results
• Future Research
• Questions
11/22/2016 CHIA-CHE,LEE 11
12. TrustZone
What is TrustZone?
• TrustZone is hardware-based security built into SoCs by semiconductor chip designers who
want to provide secure end points and a device root of trust.
– TrustZone has a normal world and a secure world.
• Very flexible as compared to other security technologies as software defined registers
configure secure and non-secure hardware access.
• TrustZone defines processors, memories, peripherals and even L2 ares as secure or non-
secure hardware.
11/22/2016 CHIA-CHE,LEE 12
13. TrustZone
11/22/2016 CHIA-CHE,LEE 13
Defining Normal World:
• A general purpose OS utilizing multiple
functionality provided on the hardware for users
rich experience.
• Ensured by TZ that Normal world software only
can access the non-critical hardware subset
• We can assume Normal world has been hacked
in most of the cases.
14. TrustZone
11/22/2016 CHIA-CHE,LEE 14
Defining Secure World:
• Secure World software has complete access to
both Trusted and Un-Trusted hardware
• Secure World only includes minimum
functionality and device interfaces.
• ARM Does not envisage using General purpose
OS inside Secure World, All TEE are limited
functionality RTOS-like OS.
15. TrustZone
11/22/2016 CHIA-CHE,LEE 15
Defining Secure Monitor:
• A special hard code in TZ that can switch
processor states between two worlds.
• The security of secure monitor is ensured by
Secure boot code.
• Secure Monitor provides Secure Monitor Calls
for both worlds use to communicate via Monitor.
• The secure monitor mode, a privileged mode
always Secure regardless of the state of the
NS(Non-Secure) bit.
16. TrustZone
11/22/2016 CHIA-CHE,LEE 16
The NS bit in AXI interconnect bus protocol has defined:
• • AWPROT[1]: Write transaction – low is Secure and high is Non-secure.
• • ARPROT[1]: Read transaction – low is Secure and high is Non-secure.
• Static assignment of Secure or Non-secure status to MI slots using Xilinx Vivado Tool.
• The security-checking feature is provide for each Master interface slot in the AXI interconnect IP.
17. TrustZone
11/22/2016 CHIA-CHE,LEE 17
CP15 registers and NS(Non-Secure) bit:
• The current world defined by the Non-Secure bit in the Secure Configuration register(C1 bit
0).
• Bit value for worlds:
• NS = 1 is Non-secure world execution.
• NS = 0 is secure world execution.
• When the Secure Monitor preforms the transformation from one world to the other,
processor context must be saved.
• it writes the NS bit to change the world operation.
18. TrustZone
11/22/2016 CHIA-CHE,LEE 18
• Boot up sequence for TrustZone:
Two important goals in Booting
sequence:
1. Secure monitor needs to be
booted up before Secure
World and Normal World.
• As a secure OS boot.
2. In the boot sequence, Monitor
will finish TrustZone feathers
initialization (SMC….etc).
19. TrustZone
11/22/2016 CHIA-CHE,LEE 19
Invocation of Secure Monitor Calls (SMC) –
• Secure Monitor Calls is a special code to invoke Secure Monitor code to switch
worlds, or invoke functions.
• In both worlds, Privilege mode is necessary for calling SMC.
In tustzone, systems mainly use User mode, Privilege mode and Monitor
mode.
• The Secure Monitor will provide an API sets for both worlds in order to invoke
SMC.
20. Outline
• Introduction
• Hardware-based security
• TrustZone
• ARM TrustZone on Zynq 7000
• AES encryption algorithm
• Results
• Future Research
• Questions
11/22/2016 CHIA-CHE,LEE 20
21. ARM TrustZone on Zynq 7000
11/22/2016 CHIA-CHE,LEE 21
• TrustZone support on Zynq SoC
• Zynq – 7000 AP SoC consists of 2 domains: PS and PL.
• Processing System (PS) - ARM Cortex-A9 MP core processor, peripherals,
interconnects etc. provided as hard IP.
• Programmable Logic (PL) – Programmable FPGA Fabric.
TrustZone security feather provided
in both PS and PL with TrustZone
related configuration registers
provided in PS dynamically
programmable during execution.
23. ARM TrustZone on Zynq 7000
11/22/2016 CHIA-CHE,LEE 23
Implementation
Xilinx Zynq-7000 All Programmable SoC
SafeG
A reliable dual hypervisor for embedded real-time systems for RTOS/GPOS
A Open souce platform from Nagoya University
RTOS: TOPPERS/FMP
Support for SMP and AMP configurations.
Kernel and applications are linked in a single monolithic binary.
Tasks are assigned to processor cores through a configuration file.
FMP provides runtime system calls for migrating a task to a different core.
The execution of FMP can be traced and displayed graphically.
24. ARM TrustZone on Zynq 7000
11/22/2016 CHIA-CHE,LEE 24
Secure Memory Configuration Setting
• Zedboard has 512Mbyte Memory in the system.
• The physical address of memory region is:
0x00000000 ~ 0x1fffffff : DDR
25. ARM TrustZone on Zynq 7000
11/22/2016 CHIA-CHE,LEE 25
TrustZone security memory settings are presented into 8
bits. Each bit has 64 MB. Each bit of physical address showed
as the following:
Bit 0: 0x00000000 - 0x03ffffff
1: 0x04000000 - 0x07ffffff
2: 0x08000000 - 0x0bffffff
3: 0x0C000000 - 0x0fffffff
4: 0x10000000 - 0x13ffffff
5: 0x14000000 - 0x17ffffff
6: 0x18000000 - 0x1bffffff
7: 0x1C000000 - 0x1fffffff
REG(TZ_DDR_RAM) = 0xFFFFFFFF & ~(1 << 7);
mov r3, #1072
movt r3, #63488
mvn r2, #128 = 0x80
str r2, [r3]
26. ARM TrustZone on Zynq 7000
11/22/2016 CHIA-CHE,LEE 26
TrustZone SMC API –
• All function needs a wrap in order to be callable by SMC
• The default SafeG SMC provides SMC system calls :
[Static system calls API]
#define SAFEG_SYSCALL_ID__GETID (0)
/ GETID: obtains the ID of a system call by name.
#define SAFEG_SYSCALL_ID__SETPERM (1)
/ SETPERM: set the permissions for a static or dynamic system call.
#define SAFEG_SYSCALL_ID__SWITCH (2)
/ SWITCH: initiates a switch to the opposite world.
#define SAFEG_SYSCALL_ID__SIGNAL (3)
/ SIGNAL: signals an interrupt to the opposite world.
[Dynamic system calls API]
#define SAFEG_SYSCALL_ID__REGDYN (4)
/REGDYN: register a dynamic system call.
struct safeg_syscall
{
uint32_t is_t_callable;
uint32_t is_nt_callable;
uint8_t name[8];
uint32_t (*function)(uint32_t core_id, uint32_t ns,
uint32_t a, uint32_t b, uint32_t c);
}
27. Outline
• Introduction
• Hardware-based security
• TrustZone
• ARM TrustZone on Zynq 7000
• AES encryption algorithm
• Results
• Future Research
• Questions
11/22/2016 CHIA-CHE,LEE 27
28. AES Encryption Algorithm
11/22/2016 CHIA-CHE,LEE 28
• The AES encryption is a symmetric encryption algorithm, and used for encrypt electronic
data wisely.
• It replaces Data Encryption Standard (DES) encryption algorithm to become one of the
most popular encryption algorithm in the world so far.
• The standard of Key and Block length is 128 bit, and represented with a matrix (array) of
bytes with 4 rows and N columns, N = key length / 32
29. AES Encryption Algorithm
11/22/2016 CHIA-CHE,LEE 29
• The AES algorithm processes on a two-dimensional array (4 times 4) of bytes called the
State.
• Initially, for the AES round transformation, the first state us the input plaintext and the
final state is the encrypted output.
• The round transformation mixes the bytes of the State either individually, row-wise, or
column-wise by directing the functions
o Sub-Bytes, Shift-Rows, Mix-Columns, and Add-RoundKey sequentially
37. AES DEMO execution flow
Calling safeg_syscall_regdyn();
to register AES function to SafeG systemcall
table in VMM.
Calling safeg_syscall_getid();
to get AES systemcall id from systemcall table
in VMM.
Receiving safeg_systemcall_invoke();
executing AES function and sending back the
output.
Calling safeg_syscall_invoke()
to invoke AES from trust-OS through VMM.
Receiving the output from aes function.
40. Outline
• Introduction
• Hardware-based security
• TrustZone
• ARM TrustZone on Zynq 7000
• AES encryption algorithm
• Results
• Future Research
• Questions
11/22/2016 CHIA-CHE,LEE 40
41. Future Research
11/22/2016 CHIA-CHE,LEE 41
• Physical Unclonable Function (PUF)
• An on-chip physical unclonable function is a unique challenge-response function,
• which is providing a random signature/response while the chip is powered-on
• PUD designs in cryptography engine in FPGA has played an important role in
security technology progress.
42. Outline
• Introduction
• Hardware-based security
• TrustZone
• ARM TrustZone on Zynq 7000
• AES encryption algorithm
• Results
• Future Research
• Questions
11/22/2016 CHIA-CHE,LEE 42