Secure IoT Firmware For RISC-V Processors

March 26, 2021 Leave a comment


Credits: Embedded World Conference 2021 Proceedings, http://www.embedded-world.eu

Abstract — Building secure RISC-V devices is challenging as the RISC-V ISA doesn’t specify the hardware blocks necessary for the trusted execution of the many 3rd party components of the software stack. RISC-V developers are left alone figuring out how to shield trusted code from unverified 3rd party software libraries. In this paper, we introduce the industry-first secure IoT stack for RISC-V. We describe and explain all hardware and software components necessary to build state-of-the-art device, firmware, and cloud management service. These include RISC-V 32-bit SoC, MultiZone Trusted Execution Environment, TCP/IP connectivity, TLS/ECC cryptography, and MQTT client and broker providing telemetry and OTA applications deployment and firmware updates. All components are built on free and open standards, distributed under permissive licensing, and freely available for download from GitHub.

 

INTRODUCTION

Building secure IoT firmware for embedded devices is challenging. These resource-constrained devices typically lack the hardware resources necessary for the trusted execution of the many complex 3rd party software components required for secure operations. And state-of-the-art security features like secure boot, remote attestation, authenticated access to commercial cloud services, and over-the-air (OTA) firmware updates require a number of complex 3rd party software components [1,2]. Read more of this post

Filed under IoT Security, Papers, RISC-V Tagged with , , , , , , , , , , , , , , ,

Secure IoT Firmware For Cortex-M Processors

March 26, 2021 Leave a comment


Credits: Embedded World Conference 2021 Proceedings, http://www.embedded-world.eu

Abstract — Developing secure IoT applications is challenging. Traditional Arm(v7) Cortex M devices lack TrustZone like functionality for the safe execution of the many 3rd party components of the software stack. And the upgrade to new Cortex M devices with TrustZone inexorably leads to a lengthy and expensive system redesign. In this paper, we introduce an alternative path to a TrustZone upgrade, based on an innovative hardware-enforced software-defined Trusted Execution Environment. We describe and detail all software components necessary to build a complete state-of-the-art secure IoT firmware for any Cortex M device – with or without TrustZone. These include the MultiZone Trusted Execution Environment, TCP/IP connectivity, TLS/ECC cryptography, and MQTT client providing telemetry and OTA updates. All components are built on free and open standards, distributed under permissive licensing, and freely available for download from GitHub.

 

INTRODUCTION

Building secure IoT firmware is challenging. State-of-the-art security features like secure boot, authenticated access to commercial cloud services, and over-the-air (OTA) firmware updates require a number of complex 3rd party software components [1,2]. These libraries are difficult to integrate, expose the system to increased attack surface, and inevitably lead to the dangerous execution of trusted and untrusted code in the same chip – where one single faulty instruction has the potential to compromise the integrity of the whole system – i.e., software vulnerabilities and backdoors [1,3]. Read more of this post

Filed under IoT Security, Papers Tagged with , , , , , , , , , , , , , , , , ,

A Clean Slate Approach to Linux Security RISC-V Enclaves

March 26, 2020 2 Comments


Credits: Embedded World Conference 2020 Proceedings, http://www.embedded-world.eu

Abstract – Hardware consolidation requirements and sophisticated new functional requirements are forcing embedded systems designers to mix safety-critical applications with complex rich operating systems. The resulting mixed-criticality systems present orders of magnitude larger code base and unacceptably greater attack surface and system vulnerability – often exposed to remote attack. To address this emerging threat model, we propose a new zero-trust computing architecture based on the concept of multi zone enclaves for RISC-V based Linux systems.

 

INTRODUCTION

We live in the era of the Internet-of-Things (IoT). Billions of interconnected devices are now integral part of our lives, perform a myriad of functions, manage safety-critical operations, and generate and process vast amounts of sensitive data. As these systems are connected to the external world, they are inherently exposed to an endless number of cybersecurity threads [1, 2]. As shown by many recent high-profile cybersecurity incidents, the viability of this new Internet era heavily depends on the security of these devices and on the trust we are willing to put on them [2]. Read more of this post

Filed under IoT Security, Papers, RISC-V Tagged with , , , , , , , , ,

Multi Zone Security for Arm Cortex-M Devices

March 26, 2020 1 Comment


Credits: Embedded World Conference 2020 Proceedings, http://www.embedded-world.eu

Abstract —Developing secure Internet of Things devices is becoming more and more difficult. Complex functional requirements are increasingly met with the addition of untrusted 3rd party components. The resulting monolithic firmware presents vastly larger code base, greater attack surface, and increased system vulnerability. In addition, cost and low-power requirements lead to resource-constrained microcontroller architectures. These lack basic hardware security mechanisms and the ability to separate multiple trusted applications from less critical components. A new zero-trust model is required to address the intrinsic security threat posed by the resulting multi-source monolithic firmware. In this paper, we propose a novel approach to embedded security based on hardware-enforced, software-defined separation of multiple, equally secure, functional domains. We start by analyzing why the traditional “two-worlds” model is no longer suitable for modern IoT applications. We then introduce the concept of a lightweight, multi zone, trusted execution environment capable of enforcing security and separation for a multitude of equally-secure functional domains. Finally, we explain the details of the actual implementation of this model in Arm Cortex-M7 processors.

 

INTRODUCTION

The Internet of Things (IoT) is comprised of billions of interconnected devices that, by definition, are exposed to remote attack – potentially resulting in the most damaging type of cyber threats: distributed denial of service or DDOS. While early design concerns were mostly related to connectivity and interoperability, a multitude of recent high-profile cyberattacks has shown that the success of this new Internet era is heavily dependent on the trust and the security built into these devices [1, 2]. Read more of this post

Filed under IoT Security, Papers Tagged with , , , , , , , , ,

User Mode Interrupts – A Must for Securing Embedded Systems

March 3, 2019 3 Comments

Credits: Embedded World Conference 2019 Proceedings, http://www.embedded-world.eu

Abstract — With the advent of the Internet of Things (IoT), devices are becoming smaller, smarter and increasingly connected. This explosion in connectivity creates a larger attack surface and new security threats. Recent cybersecurity attacks clearly demonstrated that the success of this new Internet era depends heavily on the security of those embedded devices that make up the IoT. In this paper, we argue in favor of a paradigm shift in the way computing systems are conceived and designed. We explain why the free and open RISC-V ISA promises to be a game-changer for embedded security, and we share our experience developing the industry-first RISC-V secure implementation of FreeRTOS based on MultiZone Security, the first Trusted Execution Environment for RISC-V. In the context of this research, we explain how to implement user-mode interrupts to secure modern embedded systems.

INTRODUCTION
The world is undergoing an unprecedented technological transformation, evolving from isolated systems to ubiquitous Internet-enabled ‘things’ capable of generating and handling vast amounts of security-critical and privacy-sensitive data [1]. This novel paradigm, commonly referred to as the Internet of Things (IoT), is a new reality that is enriching our everyday life but simultaneously creating several risks. Recent cybersecurity incidents, such as the Mirai Botnet, have clearly demonstrated that the success of this new Internet era is heavily dependent upon the trust and security built in these IoT devices.
The ongoing cat-and-mouse game of hacks and patches is largely due by the intrinsic lack of security of the traditional computing model, which is not safe nor secure. Mainstream operating systems (OSes) are designed for functionality and speed. These systems follow a monolithic architecture, with most of the services enjoying privileged execution rights. Typically, programs share the same access to code and data and functional blocks communicate via shared memory structures such as buffers, stacks and hypes – a single failure in one component can bring the entire system down [2]. Even more evolved systems that implements virtual memory protection schemas have shown several vulnerabilities, mainly due to the complexity of the software necessary to operate the underlying MMU [3].

Read more of this post

Filed under IoT Security, Papers, RISC-V Tagged with , , , , , , , , , , , , , , , , , , ,

How to Build a RISC-V System In Just 30 Minutes

March 1, 2019 2 Comments

Credits: Embedded World Conference 2019 Proceedings, http://www.embedded-world.eu

Abstract — RISC-V is an open ISA (instruction set architecture) enabling a new era of innovation for processor architectures. RISC-V includes open source processor cores, toolchains, simulators and other key supporting components. The RISC-V ecosystem enables a new level of innovation in processor architecture that will be a key driver for the needed gains in performance and power efficiency over the next decade.

Introduction
The rapid growth of RISC-V has been truly impressive to witness. Originally developed at UC Berkeley as a means to support a graduate student project, the free and open ISA has become widely popular promising to bring the innovation and collaboration of the open source community to the hardware world – and to dramatically disrupt the whole semiconductor industry in the process.

So really the question is: How do I get started with RISC-V?

Read more of this post

Filed under Papers, RISC-V Tagged with , , , , , , , , , , , , , , , , , , ,

Hypervisors in Embedded Systems: Applications and Architectures

April 15, 2018 1 Comment

Credits: Embedded World Conference 2018, ISBN 978-3-645-50173-6, http://www.embedded-world.eu

Abstract — As microprocessor architectures have evolved with direct hardware support for virtualization, hypervisor software has become not just practical in embedded systems, but present in many commercials applications. This paper discusses embedded systems use cases for hypervisors, including their use in workload consolidation and security applications.

Introduction

Hypervisors are a type of operating system software that allows multiple traditional operating systems to run on the same microprocessor [1]. They were originally introduced in traditional IT data centers to solve workload balancing and system utilization challenges. Initial hypervisors required changes to the guest OS to compensate for a lack of hardware support for the isolation required between guest operating systems. As microprocessor architectures have evolved with direct hardware support for virtualization, hypervisors have become not just practical in embedded systems, but are present in deployed applications [2]. Hypervisors are here to stay in embedded systems. This paper discusses embedded systems use cases for hypervisors, including their use in workload consolidation and security applications.

Read more of this post

Filed under IoT Security, Papers Tagged with , , , , , , , , , ,

Physically Unclonable Functions – A new way to establish trust in silicon

March 20, 2018 Leave a comment

Credits: Embedded World Conference 2018, ISBN 978-3-645-50173-6, http://www.embedded-world.eu

Download full paper https://bringyourownit.files.wordpress.com/2018/03/puf-physically-unclonable-functions-a-new-way-to-establish-trust-in-silicon.pdf

Abstract — As billions of devices connect to the Internet, security and trust become crucial. This paper proposes a new approach to provisioning a root of trust for every device, based on Physical Unclonable Functions (PUFs). PUFs rely on the unique differences of each silicon component introduced by minute and uncontrollable variations in the manufacturing process. These variations are virtually impossible to replicate. As such they provide an effective way to uniquely identify each device and to extract cryptographic keys used for strong device authentication. This paper describes cutting-edge real-world applications of SRAM PUF technology applied to a hardware security subsystem, as a mechanism to secure software on a microcontroller and as a basis for authenticating IoT devices to the cloud.

Introduction

The Internet of Things already connects billions of devices and this number is expected to grow into the tens of millions in the coming years [5]. To build a trustworthy Internet of Things, it is essential for these devices to have a secure and reliable method to connect to services in the cloud and to each other. A trustworthy authentication mechanism based on device-unique secret keys is needed such that devices can be uniquely identified and such that the source and authenticity of exchanged data can be verified.

In a world of billions of interconnected devices, trust implies more than sound cryptography and resilient transmission protocols: it extends to the device itself, including its hardware and software. The main electronic components within a device must have a well-protected security boundary where cryptographic algorithms can be executed in a secure manner, protected from physical tampering, network attacks or malicious application code [18]. In addition, the cryptographic keys at the basis of the security subsystem must be securely stored and accessible only by the security subsystem itself. The actual hardware and software of the security subsystem must be trusted and free of known vulnerabilities. This can be achieved by reducing the size of the code to minimize the statistical probability of errors, by properly testing and verifying its functionality, by making it unmodifiable for regular users and applications (e.g. part of secure boot or in ROM) but updateable upon proper authentication (to mitigate eventual vulnerabilities before they are exploited on a large scale). Ideally, an attestation mechanism is integrated with the authentication mechanism to assure code integrity at the moment of connecting to a cloud service [3].

Read more of this post

Filed under IoT Security, Papers Tagged with , , , , , , , , , ,

Hardware Enforced Virtualization Of Llinux Home Gateways

March 20, 2018 Leave a comment

Credits: Embedded World Conference 2018, ISBN 978-3-645-50173-6, http://www.embedded-world.eu

Abstract — Trust and security are central to embedded computing as network devices – such as home gateways – have become the first line of defense for the IoT devices connected to the smart home. In this paper, we present a virtualization-based approach to securing home gateway while preserving functionality and performance.

Introduction

Trust and security have never been more important to the embedded computing world, especially when it comes to network devices, such as home gateways, that are the first line of defense for the IoT devices connected to the smart home [4]. In 2017, a plethora of stories have confirmed that these devices are fundamentally broken from a security perspective.

Read more of this post

Filed under IoT Security, Papers Tagged with , , , , , , , , , , ,

Virtualization, silicon, and open source are conspiring to secure the Internet of Things

January 28, 2016 1 Comment

My chat with Brandon Lewis, Technology Editor at  IoT Design, highlighting prpl’s push around roots-of-trust, virtualization, open source, and interoperability in order to secure the Internet of Things (IoT).

Credits: Brandon Lewis, IoT Design, January 28, 2016 @TechieLew

security-guidance-coverThe prpl Foundation is known for open source tools and frameworks like OpenWrt and QEMU, but has recently ventured into the security domain with a new Security prpl Engineering Group (PEG) and the “Security Guidance for Critical Areas of Embedded Computing” document, not to mention wooing you away from your role at security giant Trend Micro. What can you tell us about the drivers behind these moves?

Cesare: One way to look at it is a supply-and-demand schema. On the demand side, according to Gartner, the security market was worth $77 billion in 2015 and it’s going to grow much faster. One strong demand-side driver is the need for stronger security, because industry is not doing a very good job of it – and when I say industry I mean from silicon to software to services – and all of the spending is not resulting in better information security. Read more of this post

Filed under IoT Security Tagged with , , , , , , , , , , , , , ,

Older posts