The use of mobile processors continues to expand at an almost alarming rate. These processors are finding uses in a variety of applications,such as cellular, automotive,and health care. While none of these applications are the same, they do often share common requirements.One such requirement is the need to ensure isolated execution of specific code elements in order to perform critical tasks.
For instance, many users of smart-phones today performan array of banking transactions, from transferring funds tomaking small purchases. Because the applications used toperform these tasks are not guaranteed to be running on a”safe”system,banking institution are begining to requires omelevel of assurance that their respective applications executesecurely on the target device. Not only does this protect theuser from financial loss, but it lowers the liability taken on bythe bank.
Additionally, while the owner of the device may not beconcerned about all the internal security mechanisms in theirdevice, there are several parties who are very concerned aboutthis area.
Cellular and internet providers want to ensure thatdevices connected to their networks are always functioningin accordance with their required policies. This is especiallytrue of corporate IT departments who want to provide securefunctionality on these devices (such as VPN connections).
Before providing these services, they need some form ofassurance that not only is the device functioning according to policy, but that the information stored on the devices to facilitate these types of connections is not accidentally ormaliciously modified.
To address the need for secure exection, the Global Plaformgroup began creating a Trusted Execution Environment (TEE)specification that details the required element necessary tocreate and ensure an isolated execution environment. TheTEE can be used to run trusted applications that functionoutside the execution space of the on-device operating system,or Rich-OS. By providing this isolation, a vulnerability in theRich-OS does not translate to compromise of secure data orunauthorized access to secure components.
While these TEEs do provide sufficient isolation in orderto ensure secure execution, the code that runs inside the TEEmust at all times be protected. The Secure-Boot process is amanditory element for any TEE in order to verify that the codeto be run inside the TEE has not been altered. Performing afull secure-boot requires the use of a secret or private key forencrypting the required software while on disk, and decryptingit prior to execution from memory.
To address these concerns, we present a methodology thatcan be used to leverage a physically unclonable function (PUF) generated AES key to not onlyprotect the TEE, but provide a mechanism for its expansionand customization.
We propose the incorporationof a PUF inside the crypto-engine of modern SoC devices.By using a PUF to generate a secret AES key, we alleviatethe concern of an insider-attack or a disgruntled employeerevealing information about the location or value of the key.
Further, because not even the manufacturer will know whatthe key is, no single entity will have greater control over thedevice than any other. Mobile devices typically have multipleentities of interest and they all want some element of controlon the device without having to worry about being restrictedby anyone else.
In addition to securing the TEE while on disk, the PUFgenerated key will be used to encrypt a measurement ofthe TEE that will also be stored on the disk. During eachboot process, the TEE will be decrypted and measured.
That measurement will then be compared with the measurementstored on disk. If these two do not match, then the system willknow that the TEE on disk has been modified. Otherwise, itcan assume the data is valid and continue the boot process.
This approach also provides a means of modifying the TEEwithout requiring any changes to the underlying hardwareor software. Any time an element of the TEE is added orremoved, a new measurement can be made, encrypted by the crypto-engine using the PUF generated key, and stored ondisk.
Because all measurements are encrypted by the PUFgenerated key, whose value is unknown to any entity and assuch, any accidental or malicious alteration of this informationis currently impossible.
To read this external content in full, download the complete paper from the author archive online at the University of New Mexico.