How to Secure a RISC-V Embedded System in Just 30 Minutes

March 1, 2019 Leave a comment

Credits: Embedded World Conference 2019 Proceedings, http://www.embedded-world.eu

Abstract — The free and open RISC-V ISA defines many important building blocks of security. Properly implementing them is the system designer responsibility. So, the real question is: How does one properly secure a RISC-V embedded system? This paper offers a practical guide to using these security blocks to build a state-of-the-art Trusted Execution Environment (TEE) with a multitude of isolated security domains – Zones, and secure communications between them. The paper also shows how to verify Zone isolation and benchmark overall TEE system performance.

INTRODUCTION
Originally developed at U.C. Berkeley, the free and open RISC-V ISA promises to bring the innovation and collaboration of the open source community to the hardware world. When it comes to security, RISC-V specifications [1] provide many important building blocks and the rapidly growing RISC-V ecosystem even more. For designers used to traditional closed-source proprietary architectures, the complexity associated with properly implementing these new security technologies may prove daunting [2].

From a system design perspective, the real question is: How do I properly secure a RISC-V embedded system? In this paper, we describe how to secure a RISC-V system using the free and open MultiZone Security Trusted Execution Environment (TEE) – developed and maintained by Hex Five Security, Inc. MultiZone Security provides signed boot, hardware enforced isolation for an unlimited number of security domains – Zones, a secure messaging system between Zones, secure interrupts, and operates on top of the standard RISC-V ISA.

Read more of this post

Filed under IoT Security, Papers, RISC-V Tagged with , , , , , , , , , , , , , , ,

How to Build a RISC-V System In Just 30 Minutes

March 1, 2019 2 Comments

Credits: Embedded World Conference 2019 Proceedings, http://www.embedded-world.eu

Abstract — RISC-V is an open ISA (instruction set architecture) enabling a new era of innovation for processor architectures. RISC-V includes open source processor cores, toolchains, simulators and other key supporting components. The RISC-V ecosystem enables a new level of innovation in processor architecture that will be a key driver for the needed gains in performance and power efficiency over the next decade.

Introduction
The rapid growth of RISC-V has been truly impressive to witness. Originally developed at UC Berkeley as a means to support a graduate student project, the free and open ISA has become widely popular promising to bring the innovation and collaboration of the open source community to the hardware world – and to dramatically disrupt the whole semiconductor industry in the process.

So really the question is: How do I get started with RISC-V?

Read more of this post

Filed under Papers, RISC-V Tagged with , , , , , , , , , , , , , , , , , , ,

RISC-V security: First piece of the puzzle falls into place

September 24, 2018 Leave a comment

 

By Thomas Claburn

10 Sep 2018 at 20:08

Credits: http://www.theregister.co.uk/2018/09/10/sifive_hex_five_riscv_secure_environment/

 

If you’ve been looking at SiFive‘s RISC-V-based chip technology and thinking, y’know what, it’s missing an Arm TrustZone-style element to run sensitive code, well, here’s some good news.

And if you’re just into processor design and checking out alternatives to Arm CPU cores, then this may be some interesting news.

SiFive helps organizations turn semiconductor designs based on the open-source RISC-V instruction set architecture (ISA) into chips. On Monday, it announced it has integrated Hex Five Security’s MultiZone Security trusted execution environment (TEE) into its Freedom SDK.

The technical confection gives companies creating RISC-V chips the tools to implement a security environment comparable to ARM’s TrustZone, though perhaps without past flaws. It should help users of the SiFive toolchain bring security-enforcing silicon to market faster.

Hex Five‘s technology, as its name suggests, allows for the creation of multiple isolated zones in which sensitive code – such as secure boot procedures and cryptographic routines – can run without interference from other programs or operating systems executing at the same time. It works with a Configurator tool that combines the compiled code with a Hex Five nanokernel to run within the secured environment.

Read more of this post

Filed under IoT Security, RISC-V Tagged with , , , , , , , , , , ,

Hypervisors in Embedded Systems: Applications and Architectures

April 15, 2018 1 Comment

Credits: Embedded World Conference 2018, ISBN 978-3-645-50173-6, http://www.embedded-world.eu

Abstract — As microprocessor architectures have evolved with direct hardware support for virtualization, hypervisor software has become not just practical in embedded systems, but present in many commercials applications. This paper discusses embedded systems use cases for hypervisors, including their use in workload consolidation and security applications.

Introduction

Hypervisors are a type of operating system software that allows multiple traditional operating systems to run on the same microprocessor [1]. They were originally introduced in traditional IT data centers to solve workload balancing and system utilization challenges. Initial hypervisors required changes to the guest OS to compensate for a lack of hardware support for the isolation required between guest operating systems. As microprocessor architectures have evolved with direct hardware support for virtualization, hypervisors have become not just practical in embedded systems, but are present in deployed applications [2]. Hypervisors are here to stay in embedded systems. This paper discusses embedded systems use cases for hypervisors, including their use in workload consolidation and security applications.

Read more of this post

Filed under IoT Security, Papers Tagged with , , , , , , , , , ,

Physically Unclonable Functions – A new way to establish trust in silicon

March 20, 2018 Leave a comment

Credits: Embedded World Conference 2018, ISBN 978-3-645-50173-6, http://www.embedded-world.eu

Download full paper https://bringyourownit.files.wordpress.com/2018/03/puf-physically-unclonable-functions-a-new-way-to-establish-trust-in-silicon.pdf

Abstract — As billions of devices connect to the Internet, security and trust become crucial. This paper proposes a new approach to provisioning a root of trust for every device, based on Physical Unclonable Functions (PUFs). PUFs rely on the unique differences of each silicon component introduced by minute and uncontrollable variations in the manufacturing process. These variations are virtually impossible to replicate. As such they provide an effective way to uniquely identify each device and to extract cryptographic keys used for strong device authentication. This paper describes cutting-edge real-world applications of SRAM PUF technology applied to a hardware security subsystem, as a mechanism to secure software on a microcontroller and as a basis for authenticating IoT devices to the cloud.

Introduction

The Internet of Things already connects billions of devices and this number is expected to grow into the tens of millions in the coming years [5]. To build a trustworthy Internet of Things, it is essential for these devices to have a secure and reliable method to connect to services in the cloud and to each other. A trustworthy authentication mechanism based on device-unique secret keys is needed such that devices can be uniquely identified and such that the source and authenticity of exchanged data can be verified.

In a world of billions of interconnected devices, trust implies more than sound cryptography and resilient transmission protocols: it extends to the device itself, including its hardware and software. The main electronic components within a device must have a well-protected security boundary where cryptographic algorithms can be executed in a secure manner, protected from physical tampering, network attacks or malicious application code [18]. In addition, the cryptographic keys at the basis of the security subsystem must be securely stored and accessible only by the security subsystem itself. The actual hardware and software of the security subsystem must be trusted and free of known vulnerabilities. This can be achieved by reducing the size of the code to minimize the statistical probability of errors, by properly testing and verifying its functionality, by making it unmodifiable for regular users and applications (e.g. part of secure boot or in ROM) but updateable upon proper authentication (to mitigate eventual vulnerabilities before they are exploited on a large scale). Ideally, an attestation mechanism is integrated with the authentication mechanism to assure code integrity at the moment of connecting to a cloud service [3].

Read more of this post

Filed under IoT Security, Papers Tagged with , , , , , , , , , ,

Hardware Enforced Virtualization Of Llinux Home Gateways

March 20, 2018 Leave a comment

Credits: Embedded World Conference 2018, ISBN 978-3-645-50173-6, http://www.embedded-world.eu

Abstract — Trust and security are central to embedded computing as network devices – such as home gateways – have become the first line of defense for the IoT devices connected to the smart home. In this paper, we present a virtualization-based approach to securing home gateway while preserving functionality and performance.

Introduction

Trust and security have never been more important to the embedded computing world, especially when it comes to network devices, such as home gateways, that are the first line of defense for the IoT devices connected to the smart home [4]. In 2017, a plethora of stories have confirmed that these devices are fundamentally broken from a security perspective.

Read more of this post

Filed under IoT Security, Papers Tagged with , , , , , , , , , , ,

When IoT Attacks – The End of the World as We Know It?

October 20, 2017 Leave a comment

Excerpts of my interview with Phil Muncaster @philmuncaster

InfoSecurity Magazine Q4/2017, 4 October 2017

https://www.infosecurity-magazine.com/digital-editions/digital-edition-q4-2017/

Focus on the Firmware

A cursory look at OWASP’s IoT Security Guidance will highlight just how many elements in the IoT ecosystem could be exploited. Among others, these include the web interface, network, transport encryption layer, mobile app and device firmware. The latter is a key area of focus for the prpl Foundation, a non-profit which is trying to coral the industry into taking a new hardware-based approach to IoT security. Cesare Garlati, chief security strategist, claims that hackers could exploit IoT chip firmware to re-flash the image, allowing them to reboot and execute arbitrary code. “The issue with this kind of attack is that it gives the hackers complete control of the device and it is persistent; it can’t be undone via a system reboot, for example”, he tells Infosecurity. The answer is to ensure IoT systems will only boot up if the first piece of software to execute is cryptographically signed by a trusted entity. “It needs to match on the other side with a public key or certificate which is hard-coded into the device, anchoring the ‘Root of Trust’ into the hardware to make it tamper proof ”, says Garlati.

Read more of this post

Filed under IoT Security, Top Posts Tagged with , , , , , , , , ,

Danger with drones getting hacked: it will get worse before it gets better

July 7, 2017 4 Comments

With the recent news of a drone causing chaos at Gatwick airport, hacking IoT devices has resurfaced as a topic of discussion especially regarding the security issues should a multitude of devices be hacked.

In the optimal situation, there is no way that anyone should be able to access, much less hijack, the critical functions of an IoT device such as a drone. While the power for destruction from just one drone may seem paltry, directing these drones in large numbers at a target is a very real, and dangerous, possibility – as confirmed by this news.

Read more of this post

Filed under IoT Security Tagged with , , , , , , , ,

Embedded World 2017 – IoT coming of age.

March 27, 2017 Leave a comment

Last week I had the pleasure of attending Embedded World 2017 in Germany as I was invited to give a couple of presentations on the pioneering work we have been doing at the prpl Foundation with regards to the prplHypervisor™ and prplPUF™ APIs for securing IoT. As it turns out, IoT was the top line at the conference that drew in more than 30,000 trade visitors – and the event solidified the notion that embedded computing is now synonymous with IoT.

Read more of this post

Filed under IoT Security, Top Posts Tagged with , , , , , , , , , , , ,

Dronejacking – a disaster waiting to happen.

March 17, 2017 4 Comments

By James O’Malley – original post at https://eandt.theiet.org/content/articles/2017/03/drones-wide-open-to-hijack-threats

Drones wide open to hijack threats

Don’t let that flying drone out of your sight: you never know where it might turn up next.

Last year, customers of Amazon in Cambridge began signing up for a novel delivery option.  A 25kg drone, which is able to fly up to 10 miles gripping a book-sized package underneath, took just 13 minutes to fly from the warehouse nearby, landing briefly to drop the order on a delivery mat marked with the distributor’s single-letter logo in the customer’s rear garden.

Read more of this post

Filed under IoT Security Tagged with , , , , , ,

Older posts

Newer posts