Securing Boot of an Embedded Linux on FPGA

International audience The growing complexity of embedded systems makes reconfiguration and embedded OSs (Operating Systems) more and more interesting. FPGAs (Field-Programmable Gate Arrays) are able to perform such a feature with success. With most of the FPGAs, the OS is stored into an external me...

Full description

Bibliographic Details
Published in:2011 IEEE International Symposium on Parallel and Distributed Processing Workshops and Phd Forum
Main Authors: Devic, Florian, Torres, Lionel, Badrignans, Benoit
Other Authors: Laboratoire d'Informatique de Robotique et de Microélectronique de Montpellier (LIRMM), Université de Montpellier (UM)-Centre National de la Recherche Scientifique (CNRS), Conception et Test de Systèmes MICroélectroniques (SysMIC), Université de Montpellier (UM)-Centre National de la Recherche Scientifique (CNRS)-Université de Montpellier (UM)-Centre National de la Recherche Scientifique (CNRS), NETHEOS (NETHEOS), Cap Omega
Format: Conference Object
Language:English
Published: HAL CCSD 2011
Subjects:
[INFO.INFO-CR]Computer Science [cs]/Cryptography and Security [cs.CR]
Anchorage
Antarc*
Antarctica
Online Access:https://hal-lirmm.ccsd.cnrs.fr/lirmm-00818742
https://doi.org/10.1109/IPDPS.2011.141
id ftunimontpellier:oai:HAL:lirmm-00818742v1
record_format openpolar
spelling ftunimontpellier:oai:HAL:lirmm-00818742v1 2024-09-09T19:03:22+00:00 Securing Boot of an Embedded Linux on FPGA Devic, Florian Torres, Lionel Badrignans, Benoit Laboratoire d'Informatique de Robotique et de Microélectronique de Montpellier (LIRMM) Université de Montpellier (UM)-Centre National de la Recherche Scientifique (CNRS) Conception et Test de Systèmes MICroélectroniques (SysMIC) Université de Montpellier (UM)-Centre National de la Recherche Scientifique (CNRS)-Université de Montpellier (UM)-Centre National de la Recherche Scientifique (CNRS) NETHEOS (NETHEOS) Cap Omega Anchorage, Antarctica 2011-05-16 https://hal-lirmm.ccsd.cnrs.fr/lirmm-00818742 https://doi.org/10.1109/IPDPS.2011.141 en eng HAL CCSD info:eu-repo/semantics/altIdentifier/doi/10.1109/IPDPS.2011.141 lirmm-00818742 https://hal-lirmm.ccsd.cnrs.fr/lirmm-00818742 doi:10.1109/IPDPS.2011.141 IEEE International Symposium on Parallel and Distributed Processing Workshops and Phd Forum IPDPS: International Parallel and Distributed Processing Symposium https://hal-lirmm.ccsd.cnrs.fr/lirmm-00818742 IPDPS: International Parallel and Distributed Processing Symposium, May 2011, Anchorage, Antarctica. pp.189-195, ⟨10.1109/IPDPS.2011.141⟩ http://www.ipdps.org/ipdps2011/2011_workshops.html [INFO.INFO-CR]Computer Science [cs]/Cryptography and Security [cs.CR] info:eu-repo/semantics/conferenceObject Conference papers 2011 ftunimontpellier https://doi.org/10.1109/IPDPS.2011.141 2024-06-26T04:04:30Z International audience The growing complexity of embedded systems makes reconfiguration and embedded OSs (Operating Systems) more and more interesting. FPGAs (Field-Programmable Gate Arrays) are able to perform such a feature with success. With most of the FPGAs, the OS is stored into an external memory (usually Flash) and running on a processor embedded into the FPGA. We consider that FPGA embedded processor is able to process the OS update through, for instance, an insecure network. However, these features may give rise to security flaws affecting the system integrity or freshness. Integrity can be altered by spoofing or modifying data in order to introduce malicious code. In the same way, freshness can be affected by replaying an old configuration in order to downgrade the system. This work proposes a trusted computing mechanism taking into account the whole security chain from bit stream-to-kernel-boot ensuring, both hardware and software, integrity while preventing replay attacks. This paper summarizes the current counter-measures ensuring integrity, confidentiality and freshness of the bit stream. Then we propose a solution to protect OS kernel against malicious modifications thanks to already trusted bit stream power-up. We also evaluate the area and performance overhead of the proposed architecture and its improvement using asymmetric cryptography. Adding security and increasing performances, this solution generates between 0 and 40% of area overhead depending on the re-usability consideration. Conference Object Antarc* Antarctica Université de Montpellier: HAL Anchorage 2011 IEEE International Symposium on Parallel and Distributed Processing Workshops and Phd Forum 189 195
institution Open Polar
collection Université de Montpellier: HAL
op_collection_id ftunimontpellier
language English
topic [INFO.INFO-CR]Computer Science [cs]/Cryptography and Security [cs.CR]
spellingShingle [INFO.INFO-CR]Computer Science [cs]/Cryptography and Security [cs.CR]
Devic, Florian
Torres, Lionel
Badrignans, Benoit
Securing Boot of an Embedded Linux on FPGA
topic_facet [INFO.INFO-CR]Computer Science [cs]/Cryptography and Security [cs.CR]
description International audience The growing complexity of embedded systems makes reconfiguration and embedded OSs (Operating Systems) more and more interesting. FPGAs (Field-Programmable Gate Arrays) are able to perform such a feature with success. With most of the FPGAs, the OS is stored into an external memory (usually Flash) and running on a processor embedded into the FPGA. We consider that FPGA embedded processor is able to process the OS update through, for instance, an insecure network. However, these features may give rise to security flaws affecting the system integrity or freshness. Integrity can be altered by spoofing or modifying data in order to introduce malicious code. In the same way, freshness can be affected by replaying an old configuration in order to downgrade the system. This work proposes a trusted computing mechanism taking into account the whole security chain from bit stream-to-kernel-boot ensuring, both hardware and software, integrity while preventing replay attacks. This paper summarizes the current counter-measures ensuring integrity, confidentiality and freshness of the bit stream. Then we propose a solution to protect OS kernel against malicious modifications thanks to already trusted bit stream power-up. We also evaluate the area and performance overhead of the proposed architecture and its improvement using asymmetric cryptography. Adding security and increasing performances, this solution generates between 0 and 40% of area overhead depending on the re-usability consideration.
author2 Laboratoire d'Informatique de Robotique et de Microélectronique de Montpellier (LIRMM)
Université de Montpellier (UM)-Centre National de la Recherche Scientifique (CNRS)
Conception et Test de Systèmes MICroélectroniques (SysMIC)
Université de Montpellier (UM)-Centre National de la Recherche Scientifique (CNRS)-Université de Montpellier (UM)-Centre National de la Recherche Scientifique (CNRS)
NETHEOS (NETHEOS)
Cap Omega
format Conference Object
author Devic, Florian
Torres, Lionel
Badrignans, Benoit
author_facet Devic, Florian
Torres, Lionel
Badrignans, Benoit
author_sort Devic, Florian
title Securing Boot of an Embedded Linux on FPGA
title_short Securing Boot of an Embedded Linux on FPGA
title_full Securing Boot of an Embedded Linux on FPGA
title_fullStr Securing Boot of an Embedded Linux on FPGA
title_full_unstemmed Securing Boot of an Embedded Linux on FPGA
title_sort securing boot of an embedded linux on fpga
publisher HAL CCSD
publishDate 2011
url https://hal-lirmm.ccsd.cnrs.fr/lirmm-00818742
https://doi.org/10.1109/IPDPS.2011.141
op_coverage Anchorage, Antarctica
geographic Anchorage
geographic_facet Anchorage
genre Antarc*
Antarctica
genre_facet Antarc*
Antarctica
op_source IEEE International Symposium on Parallel and Distributed Processing Workshops and Phd Forum
IPDPS: International Parallel and Distributed Processing Symposium
https://hal-lirmm.ccsd.cnrs.fr/lirmm-00818742
IPDPS: International Parallel and Distributed Processing Symposium, May 2011, Anchorage, Antarctica. pp.189-195, ⟨10.1109/IPDPS.2011.141⟩
http://www.ipdps.org/ipdps2011/2011_workshops.html
op_relation info:eu-repo/semantics/altIdentifier/doi/10.1109/IPDPS.2011.141
lirmm-00818742
https://hal-lirmm.ccsd.cnrs.fr/lirmm-00818742
doi:10.1109/IPDPS.2011.141
op_doi https://doi.org/10.1109/IPDPS.2011.141
container_title 2011 IEEE International Symposium on Parallel and Distributed Processing Workshops and Phd Forum
container_start_page 189
op_container_end_page 195
_version_ 1809817383639973888

Similar Items