Secure boot, trusted boot and remote attestation for ARM TrustZone-based IoT Nodes

Ling, Zhen; Yan, Huaiyu; Shao, Xinhui; Luo, Junzhou; Xu, Yiling; Pearson, Bryan; Fu, Xinwen

doi:10.1016/j.sysarc.2021.102240

Secure boot, trusted boot and remote attestation for ARM TrustZone-based IoT Nodes

Journal Article · Thu Jul 15 00:00:00 EDT 2021 · Journal of Systems Architecture

DOI:https://doi.org/10.1016/j.sysarc.2021.102240· OSTI ID:1977682

^[1]; Yan, Huaiyu ^[2]; Shao, Xinhui ^[2]; Luo, Junzhou ^[2]; Xu, Yiling ^[3]; Pearson, Bryan ^[4]; Fu, Xinwen ^[5]

Southeast Univ., Nanjing (China); OSTI
Southeast Univ., Nanjing (China)
Alibaba Group, Hangzhou (China)
Univ. of Central Florida, Orlando, FL (United States)
Univ. of Massachusetts, Lowell, MA (United States)

With the extensive application of IoT techniques, IoT devices have become ubiquitous in daily lives. Meanwhile, attacks against IoT devices have emerged to compromise IoT devices by tampering with system pre-installed programs or injecting new malware. To mitigate these attacks, integrity enforcement of IoT systems has been proposed. The integrity of an IoT device system includes load-time integrity and runtime integrity. In this paper, we design an IoT system based on ARM TrustZone to enforce the system integrity. First, we establish the root of trust and propose a hybrid booting approach consisting of both secure boot and trusted boot to enforce the system load-time integrity. Second, we investigate a paging-based process integrity measurement method to measure the NW processes and conduct remote attestation based on the measurement results ensuring the NW runtime process integrity. We implement an IoT prototype system on a NXP i.MX6Q SABRE SD development board to assess its feasibility. Finally, real-world experiment results demonstrate that our prototype introduces negligible performance overhead to the original system.

View Accepted Manuscript (DOE)

Research Organization:: Univ. of Central Florida, Orlando, FL (United States)

Sponsoring Organization:: USDOE Office of Energy Efficiency and Renewable Energy (EERE)

Grant/Contract Number:: EE0009152

OSTI ID:: 1977682

Journal Information:: Journal of Systems Architecture, Journal Name: Journal of Systems Architecture Vol. 119; ISSN 1383-7621

Publisher:: ElsevierCopyright Statement

Country of Publication:: United States

Language:: English

References (22)

Period adaptation of real-time control tasks with fixed-priority scheduling in cyber-physical systems Dai, Xiaotian; Burns, Alan Journal of Systems Architecture, Vol. 103 https://doi.org/10.1016/j.sysarc.2019.101691	journal	February 2020
Build real-time communication for hybrid dual-OS system Dong, Pan; Jiang, Zhe; Burns, Alan Journal of Systems Architecture, Vol. 107 https://doi.org/10.1016/j.sysarc.2020.101774	journal	August 2020
Edge-based auditing method for data security in resource-constrained Internet of Things Wang, Tian; Mei, Yaxin; Liu, Xuxun Journal of Systems Architecture, Vol. 114 https://doi.org/10.1016/j.sysarc.2020.101971	journal	March 2021
Building the IBM 4758 secure coprocessor Dyer, J. G.; Lindemann, M.; Perez, R. Computer, Vol. 34, Issue 10 https://doi.org/10.1109/2.955100	journal	January 2001
Security analysis on consumer and industrial IoT devices Wurm, Jacob; Hoang, Khoa; Arias, Orlando 2016 21st Asia and South Pacific Design Automation Conference (ASP-DAC) https://doi.org/10.1109/ASPDAC.2016.7428064	conference	January 2016
SATIN: A Secure and Trustworthy Asynchronous Introspection on Multi-Core ARM Processors Wan, Shengye; Sun, Jianhua; Sun, Kun 2019 49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN) https://doi.org/10.1109/DSN.2019.00040	conference	June 2019
TruSense: Information Leakage from TrustZone Zhang, Ning; Sun, Kun; Shands, Deborah IEEE INFOCOM 2018 - IEEE Conference on Computer Communications https://doi.org/10.1109/INFOCOM.2018.8486293	conference	April 2018
Security Vulnerabilities of Internet of Things: A Case Study of the Smart Plug System Ling, Zhen; Luo, Junzhou; Xu, Yiling IEEE Internet of Things Journal, Vol. 4, Issue 6 https://doi.org/10.1109/JIOT.2017.2707465	journal	December 2017
Software Vulnerability Detection Using Deep Neural Networks: A Survey Lin, Guanjun; Wen, Sheng; Han, Qing-Long Proceedings of the IEEE, Vol. 108, Issue 10 https://doi.org/10.1109/JPROC.2020.2993293	journal	October 2020
Bootstrapping Trust in Commodity Computers Parno, Bryan; McCune, Jonathan M.; Perrig, Adrian 2010 IEEE Symposium on Security and Privacy https://doi.org/10.1109/SP.2010.32	conference	May 2010
SoK: Introspections on Trust and the Semantic Gap Jain, Bhushan; Baig, Mirza Basim; Zhang, Dongli 2014 IEEE Symposium on Security and Privacy https://doi.org/10.1109/SP.2014.45	conference	May 2014
KI-Mon ARM: A Hardware-Assisted Event-triggered Monitoring Platform for Mutable Kernel Object Lee, Hojoon; Moon, Hyungon; Heo, Ingoo IEEE Transactions on Dependable and Secure Computing, Vol. 16, Issue 2 https://doi.org/10.1109/TDSC.2017.2679710	journal	March 2019
Android HIV: A Study of Repackaging Malware for Evading Machine-Learning Detection Chen, Xiao; Li, Chaoran; Wang, Derui IEEE Transactions on Information Forensics and Security, Vol. 15 https://doi.org/10.1109/TIFS.2019.2932228	journal	January 2020
Privacy and Security in Internet of Things and Wearable Devices Arias, Orlando; Wurm, Jacob; Hoang, Khoa IEEE Transactions on Multi-Scale Computing Systems, Vol. 1, Issue 2 https://doi.org/10.1109/TMSCS.2015.2498605	journal	April 2015
Stealthy malware detection through vmm-based "out-of-the-box" semantic view reconstruction Jiang, Xuxian; Wang, Xinyuan; Xu, Dongyan Proceedings of the 14th ACM conference on Computer and communications security https://doi.org/10.1145/1315245.1315262	conference	October 2007
Lest we remember Halderman, J. Alex; Schoen, Seth D.; Heninger, Nadia Communications of the ACM, Vol. 52, Issue 5 https://doi.org/10.1145/1506409.1506429	journal	May 2009
Vigilare Moon, Hyungon; Lee, Hojoon; Lee, Jihoon Proceedings of the 2012 ACM conference on Computer and communications security https://doi.org/10.1145/2382196.2382202	conference	October 2012
Providing Root of Trust for ARM TrustZone using On-Chip SRAM Zhao, Shijun; Zhang, Qianying; Hu, Guangyao Proceedings of the 4th International Workshop on Trustworthy Embedded Devices https://doi.org/10.1145/2666141.2666145	conference	November 2014
Drive Rein, Andre Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security https://doi.org/10.1145/3052973.3052975	conference	April 2017
TrustShadow: Secure Execution of Unmodified Applications with ARM TrustZone Guan, Le; Liu, Peng; Xing, Xinyu Proceedings of the 15th Annual International Conference on Mobile Systems, Applications, and Services https://doi.org/10.1145/3081333.3081349	conference	June 2017
Research on Dynamic Integrity Measurement Model Based on Memory Paging Mechanism Chang, Chaowen; Chen, Xin; Wang, Shuai Discrete Dynamics in Nature and Society, Vol. 2014 https://doi.org/10.1155/2014/478985	journal	January 2014
Hardware-Based Run-Time Code Integrity in Embedded Devices Wehbe, Taimour; Mooney, Vincent; Keezer, David Cryptography, Vol. 2, Issue 3 https://doi.org/10.3390/cryptography2030020	journal	August 2018

Similar Records

Companion Assisted Software Based Remote Attestation in SCADA Networks

Conference · Sun Jan 31 23:00:00 EST 2021 · OSTI ID:1831692

Developing an AI-Powered Zero-Trust Cybersecurity Framework for Malware Prevention in Nuclear Power Plants

Conference · Thu Dec 14 23:00:00 EST 2023 · OSTI ID:2367312

CROWBAR: Natively Fuzzing Trusted Applications Using ARM CoreSight

Journal Article · Wed Jun 14 20:00:00 EDT 2023 · Journal of Hardware and Systems Security · OSTI ID:1985308

Related Subjects

97 MATHEMATICS AND COMPUTING
Integrity
Internet of Things
TrustZone

Secure boot, trusted boot and remote attestation for ARM TrustZone-based IoT Nodes

Citation Formats

References (22)

Similar Records

Related Subjects