RIPTE: Runtime Integrity Protection Based on Trusted Execution for IoT Device

Lai

Security and Communication Networks

et al. 2023

With the rapid development of computer and communication technology, embedded systems are widely used in smart devices. The increasing connectivity of these systems and the difficulties in providing comprehensive security have made such devices vulnerable to malicious attacks. Passive defense technologies and traffic-based intrusion detection technologies are not fully effective against such attacks. Trusted execution environment (TEE) technology can ensure system security against unknown attacks to some extent. Most researchers use TrustZone to implement TEE. However, the problem is that the API interface of the TEE module which provides the service is not secure. Therefore, to actively defend against attacks, we developed a trusted computing active measurement architecture based on TrustZone. To overcome the serious problem that modules in the trusted execution environment need to be passively invoked to provide services, we have proposed an active measurement closed-loop immune mechanism. To reduce the trusted computing base and reduce the performance overhead, we removed certain functional modules from the trusted execution environment. In addition, based on this architecture, we developed a trust chain and dynamic measurement method to ensure the security of the target applications. We changed the traditional attack response method, which requires the entire system to be restarted after an attack, by developing a fallback mechanism that is more suitable for the system. Finally, we verified the effectiveness of the architecture by developing an attack model. Performance testing and analysis showed that the architecture reduced the impact of the security mechanisms on the system. In the future, we will extend our research to more fine-grained measurements.

Section: Dynamic Measurementmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

TZEAMM: An Efficient and Secure Active Measurement Method Based on TrustZone

Lai

Security and Communication Networks

et al. 2023

Mathematical Problems in Engineering

“…Other threats can affect all three domains at once. e 5G-enabled IoT device security system is made up of the following fundamentals: operators, manufacturers, and other stakeholders develop [23] norms for how global networks interact through standards. is entails evaluating the best ways to protect IoT device networks and people from malicious attacks.…”

Section: G-enabled Iot Network and Device Securitymentioning

confidence: 99%

Securing 5G-IoT Device Connectivity and Coverage Using Boltzmann Machine Keys Generation

Rajawat

Bedi

Goyal

et al. 2021

In terms of growth, effect, and capability, the 5G-enabled Internet of Things (IoT) is incredible. The volume of data distributed and processed by IoT (Internet of Things) systems that trust connectivity and coverage raises some security problems. As IoT technology is directly used in our daily lives, the threats of present cyberspace may grow more prominent globally. Extended network life, coverage, and connectivity are all required for securing IoT-based 5G network devices. As a result of these failures, there are flaws that lead to security breaches. Because purposeful faults can quickly render the entire network dysfunctional, they are more difficult to identify than unexpected failures. Securing IoT-based 5G Network Device Connectivity and Coverage for expending Encryption and Authentication Scheme (EAS) framework is proposed in this study, which uses novel security flaws. In this research, we proposed a Boltzmann machine (BMKG)-based encryption algorithm for securing 5G-enabled IoT device network environment and compared various asymmetric algorithms for key exchange.

“…Zhao et al [20] presented an RoT by using Physical Unclonable Function (PUF), which is based on Static Random Access Memory (SRAM) to provide better secure storage. Qin et al [21] proposed a TEE by combining dynamic measurement and integrity flow control with a PUF device for storing keys and returning program functions' addresses. Benhani et al [22] evaluated the security of ARM TrustZone in Field-Programmable Gate Array (FPGA), thus recommending isolation between secure IPs and non-secure IPs to evade various kinds of attack models.…”

Section: Introductionmentioning

confidence: 99%

Trusted Execution Environment Hardware by Isolated Heterogeneous Architecture for Key Scheduling

et al. 2022

A Trusted Execution Environment (TEE) sets a platform to secure applications based on the Chain-of-Trust (CoT). The starting point of the CoT is called the Root-of-Trust (RoT). However, the RoT implementation often relies on obscurity and provides little flexibility when generating keys to the system. In this paper, a TEE System-on-a-Chip (SoC) architecture is proposed based on a heterogeneous design by combining 64-bit Linux-capable processors with a 32-bit Micro-Controller Unit (MCU). The TEE is built on the 64-bit cores, while the 32-bit MCU takes care of sensitive data and activities. The MCU is isolated from the TEE side by an Isolated Bus (IBus) that sits above the conventional System Bus (SBus). Besides the 32-bit processor, the isolated sub-system contains a Random Access Memory (RAM), a Read-Only Memory (ROM) for storing the boot program, and another ROM for storing root keys. For cryptography accelerators, we have 512-bit Secure Hashing Algorithm 3 (SHA3-512), 128/256-bit Advanced Encryption Standard (AES-128/256), Ed25519, and True Random Number Generator (TRNG) attached to the Peripheral Bus (PBus). Additionally, besides the public channel, the TRNG module also has a private channel that goes directly to the IBus. With RoT implemented inside the isolated sub-system, the RoT is inaccessible from the TEE side after boot. Furthermore, the hidden MCU's secure boot program makes the key generation flexible and could be updated for many security schemes. To summarize, the proposed design features a flexible and secure boot procedure with complete isolation from the TEE domain. Moreover, exclusive secure storage for the root key and cryptographic accelerators are available for the boot process. The implementation was tested on a Virtex-7 XC7VX485T Field-Programmable-Gate-Array (FPGA). It was also synthesized in a Very Large-Scale Integrated (VLSI) circuit with the ROHM-180nm process library.