Introduction to ES

Question 1

What are ES?

Answer 1

Integrated computing system performing a limited set of well-defined control, regulation, and data processing tasks within a higher-level system
-> electronic system that contains at least one controlling device

Question 2

ES: Resource Constrained

Answer 2

• Constraints can be at hardware level:
  -> CPU running at lower frequencies to consume less power and save battery energy
  -> Less memory for cheaper manufacturing costs
  -> Supporting a subset of peripherals
• Creates the need for new security solutions

Question 3

ES: Requirements

Answer 3

• Act deterministically or in real-time
• Be fault tolerant with graceful degradation
  -> fault tolerance: continues to function correctly in the presence of faults or errors
  -> graceful degradation: safely degrades performance or functionality when errors are encountered

Question 4

Microcontroller Components

Answer 4

• CPU
• Coprocessors
• MMU
• Memories
• Other components related to clock and power management

Question 5

Microcontroller Components: MMU

Answer 5

• Memory Management Unit
• Hardware component that performs virtual memory management (virtual address to physical address mapping), memory isolation in multi-tasking scenarios
  -> MPU: trimmed down version of MMU, only access control for memory regions used by different applications. Isolates memory regions used by individual applications running on the CPU.

Question 6

Microcontroller Components: ROM/PROM

Answer 6

• Read-only-memory: immutable, cannot be changed after manufacturing (content is programmed into ROM during manufacturing)
• Programmable ROM: Content is programmed for one time only after manufacturing (can be fabricated using fuses)

Question 7

Microcontroller Components: RAM & Flash

Answer 7

• Random Access Memory: volatile memory, loses content when power supply is off
• Flash or Electrically Erasable Programmable ROM (EEPROM): non-volatile, does not lose its content when power supply is off, content can be erased and reprogrammed many times

Question 8

Layers of ES

Answer 8

• Two different types of systems:
  -> Baremetal (whole functionality included in the application): Hardware + Application
  -> Full-featured (Known software layers exist): Hardware, Firmware (fest implementierte Software), Loader (loads programs into memory or maps addresses), OS, Applications

Question 9

Integrity Verification

Answer 9

• Ensures that the system is in the expected state
• Ensure that the system is in the expected state
• System state is defined by the contents of its memory
• Ensure integrity by verifying memory contents
  -> make memory immutable (ROM)
  -> check memory contents

Question 10

Check memory contents

Answer 10

• Small code in ROM verifies the contents of flash memory
  -> Code in ROM is started
  -> Code calculates checksum of the contents of flash memory
  -> Checksum is compared with a known reference value
• Based on this principle one can build schemes for secure and authenticated boot

Question 11

Secure Boot

Answer 11

• Ensures the system is started into the expected state
• First element is the Root of Trust for Measurement (RTM) or Trust Anchor
  -> is executed on each system startup
  -> cannot be verified
  -> is trusted
  -> trust in secure boot is based on the trust in RTM
• Each component verifies its successor
  -> If the successor is in the expected, it’s executed
  -> otherwise the boot process is aborted

Question 12

Authenticated Boot

Answer 12

• Enables the verification of the initial system state
  -> external verifier decides on the integrity of the system requirements
  -> Integrity and authenticity of measurements
• Each boot component measures its successor but does not verify it
  -> checksums of all boot components represent the system state right after the completion of the boot process

Question 13

Remote Attestation Requirements

Answer 13

• Authentication of Prover
  -> Authentication must be done by trusted component of the prover
  -> trusted component has exclusive access to key (creates HASH-MAC)
• Freshness of Attestation
  -> Verifier challenges prover on every attestation to ensure freshness
• Integrity of Attestation
  -> the complete state must be attested
  -> State must not change while attested

Question 14

Microcontroller Components: CPU

Answer 14

• Instruction set
• Architecture (ARM, x86, …)
• Bit-width
• Processing power

Question 15

Adversary and Trust Model

Answer 15

• Prover-Verifier interaction:
  -> Prover reports its state to the verifier
  -> State refers to the content of memory
  -> It is represented via a HASH of the memory content
  -> The verifier checks it against the known and expected state
  -> The state HASH is stored locally for verification
• Adversary and Trust Model:
  -> Trust: Typically, a small trusted component (trust anchor) exists on the prover
  -> Adversary: Typically, only software attacks are considered