Johannes Winter

Trusted computing building blocks for embedded linux-based ARM trustzone platforms

Security is an emerging topic in the field of mobile and embedded platforms. The Trusted Computing Group (TCG) has outlined one possible approach to mobile platform security by recently extending their set of Trusted Computing specifications with Mobile Trusted Modules (MTMs). The MTM specification [13] published by the TCG is a platform independent approach to Trusted Computing explicitly allowing for a wide range of potential implementations. ARM follows a different approach to mobile platform security, by extending platforms with hardware supported ARM TrustZone security [3] mechanisms. This paper outlines an approach to merge TCG-style Trusted Computing concepts with ARM TrustZone technology in order to build an open Linux-based embedded trusted computing platform.

Implementation Aspects of Mobile and Embedded Trusted Computing

Nowadays, trusted platform modules (TPMs) are usually deployed together with desktop PCs and notebooks. However, these platforms are not the only ones that can host TPMs. Mobile and embedded platforms like cell phones can also host TPMs but may have different requirements and different use-case scenarios. In contrast to common TPMs, TPMs for mobile platforms do not need to be implemented as micro controllers, leading to different security assumptions. In order to find these differences, we have designed and implemented two approaches for mobile TPMs that are analyzed in detail in the context of this paper.

Lightweight anonymous authentication with TLS and DAA for embedded mobile devices

Although anonymous authentication has been extensively studied, so far no scheme has been widely adopted in practice. A particular issue with fully anonymous authentication schemes is that users cannot easily be prevented from copying and sharing credentials. In this paper, we propose an anonymous authentication scheme for mobile devices that prevents copying and sharing of credentials based on hardware security features. Our system is an optimized adaptation of an existing direct anonymous attestation (DAA) scheme, specifically designed for resource-constrained mobile devices. Our solution provides (i) anonymity and untraceability of mobile embedded devices against service providers, (ii) secure device authentication even against collusions of malicious service providers, and (iii) allows for revocation of authentication credentials. We present a new cryptographic scheme with a proof of security, as well as an implementation on ARM TrustZone. Moreover, we evaluate the efficiency of our approach and demonstrate its suitability for mobile devices.

A flexible software development and emulation framework for ARM trustzone

ARM TrustZone is a hardware isolation mechanism to improve software security. Despite its widespread availability in mobile and embedded devices, development of software for it has been hampered by a lack of openly available emulation and development frameworks. In this paper we provide a comprehensive open-source software environment for experiments with ARM TrustZone, based on the foundations of the well known open-source QEMU platform emulator. Our software framework is complemented by a prototype kernel running within a trusted environment. We validate our software environment with an application example featuring a software based Trusted Platform Module hosted in a TrustZone protected runtime environment and an Android operating system accessing it through an high-level, industry-standard Trusted Computing API.

Secure Boot Revisited

The security of mobile and embedded devices can be significantly improved by using mobile-trusted-modules (MTMs). How these MTMs can be implemented and integrated in mobile devices is subject to current research. A major part of this research addresses different implementation variants of MTMs. MTMs provide many features that enable a platform to provide a trustworthy proof of its current configuration. However, the security of mobile devices does not solely rely on MTMs - it also depends on the boot process. This process forms the foundation for trusted services that are started on the device later. Hence, the TCGs mobile phone working group has published an approach how a secure boot process could be performed. However, their publication does not specify the required steps and components in detail, which allows device manufacturers to implement the process in many different ways - consequently, many different implementations are possible. Furthermore, we propose a software image verification concept for our approach. The concept is based on the reference-integrity-metric (RIM) certificates specified by the TCG and allows an easy verification of the loaded software images as well as easy management of RIM certificates to support the secure boot process. Additionally, we show how it is possible to to use software based MTM, with our approach.

A hijacker's guide to the LPC bus

In this paper, we analyze the communication mechanism of trusted platform modules via the low-pin-count bus. While the trusted platform module is considered to be tamper resistant, the communication channel between this module and the rest of the trusted platform turns out to be comparatively insecure. It has been shown that passive attacks can be mounted on the TPM and its bus communication with fairly inexpensive equipment, however, similar active attacks have not been reported, yet. We tackle this problem and show how the communication on the LPC bus can be actively manipulated with simple and inexpensive equipment. Moreover, we show how our manipulation can be used to circumvent the chain of trust provided by trusted platforms.

Experimenting with ARM TrustZone -- Or: How I Met Friendly Piece of Trusted Hardware

ARM TrustZone is an emerging embedded security technology based on the split of a system into a secure and normal world. Currently a number of System-on-Chip platforms exist, which include support for ARM TrustZone. Unfortunately relatively little work has been done on open-source software for TrustZone systems. In our belief this is partly caused by the lack of cost-efficient development boards, which allow access to ARM TrustZone features. This paper discusses experiences made by the authors with a rather inexpensive development board and shows how system-level development on TrustZone-enabled hardware is possible in class-room settings.

A hijacker's guide to communication interfaces of the trusted platform module

In this paper, we analyze the communication of trusted platform modules and their interface to the hosting platforms. While trusted platform modules are considered to be tamper resistant, the communication channel between these modules and the rest of the trusted platform turns out to be comparatively insecure. It has been shown that passive attacks can be mounted against TPMs and their bus communication with fairly inexpensive equipment, however, similar active attacks have not been reported, yet. We pursue the idea of an active attack and show how the communication protocol of the LPC bus can be actively manipulated with basic and inexpensive equipment. Moreover, we show how our manipulations can be used to circumvent the security mechanisms, e.g. the chain of trust, provided by modern trusted platforms. In addition, we demonstrate how the proposed attack can be extended to manipulate communication buses on embedded systems.

Hardware-security technologies for industrial IoT: TrustZone and security controller

The transition from product-centric to service-centric business models presents a major challenge to industrial automation and manufacturing systems. This transition increases Machine-to-Machine connectivity among industrial devices, industrial controls systems, and factory floor devices. While initiatives like Industry 4.0 or the Industrial Internet Consortium motivate this transition, the emergence of the Internet of Things and Cyber Physical Systems are key enablers. However, automated and autonomous processes require trust in the communication entities and transferred data. Therefore, we study how to secure a smart service use case for industrial maintenance scenarios. In this use case, equipment needs to securely transmit its status information to local and remote recipients. We investigate and compare two security technologies that provide isolation and a secured execution environment: ARM TrustZone and a Security Controller. To compare these technologies we design and implement a device snapshot authentication system. Our results indicate that the TrustZone based approach promises greater flexibility and performance, but only the Security Controller strongly protects against physical attacks. We argue that the best technology actually depends on the use case and propose a hybrid approach that maximizes security for high-security industrial applications. We believe that the insights we gained will help introducing advanced security mechanisms into the future Industrial Internet of Things.

Group Signatures on Mobile Devices: Practical Experiences

Group signature schemes enable participants to sign on behalf of a group in an anonymous manner. The upcoming ISO20008-2 standard defines seven such schemes, which differ in terms of capabilities, used crypto systems and revocation approaches. Further information about practical considerations, such as runtime performance or implementation overhead is considered useful when deciding for a certain scheme. We present a Java framework that allows for a detailed comparison of the mechanisms, of which three are already implemented. For these implemented mechanisms, a detailed performance evaluation is shown for both a notebook and Android-based mobile devices. Furthermore, significant experiences during implementing and evaluating the schemes as well as crucial bottlenecks are pointed out. We remain in the flexible Java environment, without special platform-specific optimizations. Using precomputation, we already achieve acceptable online signing timings. Signing times are considered most important given proposed application scenarios.