Securing Boot of an Embedded Linux on FPGA
International audience The growing complexity of embedded systems makes reconfiguration and embedded OSs (Operating Systems) more and more interesting. FPGAs (Field-Programmable Gate Arrays) are able to perform such a feature with success. With most of the FPGAs, the OS is stored into an external me...
Published in: | 2011 IEEE International Symposium on Parallel and Distributed Processing Workshops and Phd Forum |
---|---|
Main Authors: | , , |
Other Authors: | , , , , , |
Format: | Conference Object |
Language: | English |
Published: |
HAL CCSD
2011
|
Subjects: | |
Online Access: | https://hal-lirmm.ccsd.cnrs.fr/lirmm-00818742 https://doi.org/10.1109/IPDPS.2011.141 |
id |
ftccsdartic:oai:HAL:lirmm-00818742v1 |
---|---|
record_format |
openpolar |
spelling |
ftccsdartic:oai:HAL:lirmm-00818742v1 2023-05-15T13:32:05+02:00 Securing Boot of an Embedded Linux on FPGA Devic, Florian Torres, Lionel Badrignans, Benoit Laboratoire d'Informatique de Robotique et de Microélectronique de Montpellier (LIRMM) Centre National de la Recherche Scientifique (CNRS)-Université de Montpellier (UM) Conception et Test de Systèmes MICroélectroniques (SysMIC) Centre National de la Recherche Scientifique (CNRS)-Université de Montpellier (UM)-Centre National de la Recherche Scientifique (CNRS)-Université de Montpellier (UM) NETHEOS (NETHEOS) Cap Omega Anchorage, Antarctica 2011-05-16 https://hal-lirmm.ccsd.cnrs.fr/lirmm-00818742 https://doi.org/10.1109/IPDPS.2011.141 en eng HAL CCSD info:eu-repo/semantics/altIdentifier/doi/10.1109/IPDPS.2011.141 lirmm-00818742 https://hal-lirmm.ccsd.cnrs.fr/lirmm-00818742 doi:10.1109/IPDPS.2011.141 IEEE International Symposium on Parallel and Distributed Processing Workshops and Phd Forum IPDPS: International Parallel and Distributed Processing Symposium https://hal-lirmm.ccsd.cnrs.fr/lirmm-00818742 IPDPS: International Parallel and Distributed Processing Symposium, May 2011, Anchorage, Antarctica. pp.189-195, ⟨10.1109/IPDPS.2011.141⟩ http://www.ipdps.org/ipdps2011/2011_workshops.html [INFO.INFO-CR]Computer Science [cs]/Cryptography and Security [cs.CR] info:eu-repo/semantics/conferenceObject Conference papers 2011 ftccsdartic https://doi.org/10.1109/IPDPS.2011.141 2021-10-24T15:05:59Z International audience The growing complexity of embedded systems makes reconfiguration and embedded OSs (Operating Systems) more and more interesting. FPGAs (Field-Programmable Gate Arrays) are able to perform such a feature with success. With most of the FPGAs, the OS is stored into an external memory (usually Flash) and running on a processor embedded into the FPGA. We consider that FPGA embedded processor is able to process the OS update through, for instance, an insecure network. However, these features may give rise to security flaws affecting the system integrity or freshness. Integrity can be altered by spoofing or modifying data in order to introduce malicious code. In the same way, freshness can be affected by replaying an old configuration in order to downgrade the system. This work proposes a trusted computing mechanism taking into account the whole security chain from bit stream-to-kernel-boot ensuring, both hardware and software, integrity while preventing replay attacks. This paper summarizes the current counter-measures ensuring integrity, confidentiality and freshness of the bit stream. Then we propose a solution to protect OS kernel against malicious modifications thanks to already trusted bit stream power-up. We also evaluate the area and performance overhead of the proposed architecture and its improvement using asymmetric cryptography. Adding security and increasing performances, this solution generates between 0 and 40% of area overhead depending on the re-usability consideration. Conference Object Antarc* Antarctica Archive ouverte HAL (Hyper Article en Ligne, CCSD - Centre pour la Communication Scientifique Directe) Anchorage 2011 IEEE International Symposium on Parallel and Distributed Processing Workshops and Phd Forum 189 195 |
institution |
Open Polar |
collection |
Archive ouverte HAL (Hyper Article en Ligne, CCSD - Centre pour la Communication Scientifique Directe) |
op_collection_id |
ftccsdartic |
language |
English |
topic |
[INFO.INFO-CR]Computer Science [cs]/Cryptography and Security [cs.CR] |
spellingShingle |
[INFO.INFO-CR]Computer Science [cs]/Cryptography and Security [cs.CR] Devic, Florian Torres, Lionel Badrignans, Benoit Securing Boot of an Embedded Linux on FPGA |
topic_facet |
[INFO.INFO-CR]Computer Science [cs]/Cryptography and Security [cs.CR] |
description |
International audience The growing complexity of embedded systems makes reconfiguration and embedded OSs (Operating Systems) more and more interesting. FPGAs (Field-Programmable Gate Arrays) are able to perform such a feature with success. With most of the FPGAs, the OS is stored into an external memory (usually Flash) and running on a processor embedded into the FPGA. We consider that FPGA embedded processor is able to process the OS update through, for instance, an insecure network. However, these features may give rise to security flaws affecting the system integrity or freshness. Integrity can be altered by spoofing or modifying data in order to introduce malicious code. In the same way, freshness can be affected by replaying an old configuration in order to downgrade the system. This work proposes a trusted computing mechanism taking into account the whole security chain from bit stream-to-kernel-boot ensuring, both hardware and software, integrity while preventing replay attacks. This paper summarizes the current counter-measures ensuring integrity, confidentiality and freshness of the bit stream. Then we propose a solution to protect OS kernel against malicious modifications thanks to already trusted bit stream power-up. We also evaluate the area and performance overhead of the proposed architecture and its improvement using asymmetric cryptography. Adding security and increasing performances, this solution generates between 0 and 40% of area overhead depending on the re-usability consideration. |
author2 |
Laboratoire d'Informatique de Robotique et de Microélectronique de Montpellier (LIRMM) Centre National de la Recherche Scientifique (CNRS)-Université de Montpellier (UM) Conception et Test de Systèmes MICroélectroniques (SysMIC) Centre National de la Recherche Scientifique (CNRS)-Université de Montpellier (UM)-Centre National de la Recherche Scientifique (CNRS)-Université de Montpellier (UM) NETHEOS (NETHEOS) Cap Omega |
format |
Conference Object |
author |
Devic, Florian Torres, Lionel Badrignans, Benoit |
author_facet |
Devic, Florian Torres, Lionel Badrignans, Benoit |
author_sort |
Devic, Florian |
title |
Securing Boot of an Embedded Linux on FPGA |
title_short |
Securing Boot of an Embedded Linux on FPGA |
title_full |
Securing Boot of an Embedded Linux on FPGA |
title_fullStr |
Securing Boot of an Embedded Linux on FPGA |
title_full_unstemmed |
Securing Boot of an Embedded Linux on FPGA |
title_sort |
securing boot of an embedded linux on fpga |
publisher |
HAL CCSD |
publishDate |
2011 |
url |
https://hal-lirmm.ccsd.cnrs.fr/lirmm-00818742 https://doi.org/10.1109/IPDPS.2011.141 |
op_coverage |
Anchorage, Antarctica |
geographic |
Anchorage |
geographic_facet |
Anchorage |
genre |
Antarc* Antarctica |
genre_facet |
Antarc* Antarctica |
op_source |
IEEE International Symposium on Parallel and Distributed Processing Workshops and Phd Forum IPDPS: International Parallel and Distributed Processing Symposium https://hal-lirmm.ccsd.cnrs.fr/lirmm-00818742 IPDPS: International Parallel and Distributed Processing Symposium, May 2011, Anchorage, Antarctica. pp.189-195, ⟨10.1109/IPDPS.2011.141⟩ http://www.ipdps.org/ipdps2011/2011_workshops.html |
op_relation |
info:eu-repo/semantics/altIdentifier/doi/10.1109/IPDPS.2011.141 lirmm-00818742 https://hal-lirmm.ccsd.cnrs.fr/lirmm-00818742 doi:10.1109/IPDPS.2011.141 |
op_doi |
https://doi.org/10.1109/IPDPS.2011.141 |
container_title |
2011 IEEE International Symposium on Parallel and Distributed Processing Workshops and Phd Forum |
container_start_page |
189 |
op_container_end_page |
195 |
_version_ |
1766024041196421120 |