Analysis and design of a hardware/software trusted platform module for embedded systems

Subscribe (Full Service)


	Search: The ACM Digital Library The Guide

	Feedback

Analysis and design of a hardware/software trusted platform module for embedded systems

Full text

Pdf (1.13 MB)

Source

ACM Transactions on Embedded Computing Systems (TECS) archive
Volume 8 , Issue 1 (December 2008) table of contents

Article No. 8

Year of Publication: 2008

ISSN:1539-9087

Authors

Najwa Aaraj	Princeton University, Princeton, NJ
Anand Raghunathan	Purdue University, West Lafayette, IN
Niraj K. Jha	Princeton University, Princeton, NJ

Publisher

ACM New York, NY, USA

Bibliometrics

Downloads (6 Weeks): 51, Downloads (12 Months): 477, Citation Count: 0

Additional Information:

abstract references index terms collaborative colleagues

Tools and Actions:	Request Permissions Review this Article Save this Article to a Binder Display Formats: BibTeX EndNote ACM Ref

DOI Bookmark:	Use this link to bookmark this Article: http://doi.acm.org/10.1145/1457246.1457254 What is a DOI?

ABSTRACT

Trusted platforms have been proposed as a promising approach to enhance the security of general-purpose computing systems. However, for many resource-constrained embedded systems, the size and cost overheads of a separate Trusted Platform Module (TPM) chip are not acceptable. One alternative is to use a software-based TPM, which implements TPM functions using software that executes in a protected execution domain on the embedded processor itself. However, since many embedded systems have limited processing capabilities and are battery-powered, it is also important to ensure that the computational and energy requirements for SW-TPMs are acceptable.

In this article, we perform an evaluation of the energy and execution time overheads for a SW-TPM implementation on a handheld appliance (Sharp Zaurus PDA). We characterize the execution time and energy required by each TPM command through actual measurements on the target platform. We observe that for most commands, overheads are primarily due to the use of 2,048-bit RSA operations that are performed within the SW-TPM. In order to alleviate SW-TPM overheads, we evaluate the use of Elliptic Curve Cryptography (ECC) as a replacement for the RSA algorithm specified in the Trusted Computing Group (TCG) standards. In addition, we also evaluate the overheads of using the SW-TPM in the context of various end applications, including trusted boot of the Linux operating system (OS), a secure VoIP client, and a secure Web browser. Furthermore, we analyze the computational workload involved in running SW-TPM commands using ECC. We then present a suite of hardware and software enhancements to accelerate these commands—generic custom instructions and exploitation of parallel processing capabilities in multiprocessor systems-on-chip (SoCs). We report results of evaluating the proposed architectures on a commercial embedded processor (Xtensa from Tensilica). Through uniprocessor and multiprocessor optimizations, we could achieve speed-ups of up to 5.71X for individual TPM commands.

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	Patroklos G. Argyroudis , Raja Verma , Hitesh Tewari , Donal O'Mahony, Performance Analysis of Cryptographic Protocols on Handheld Devices, Proceedings of the Network Computing and Applications, Third IEEE International Symposium, p.169-174, August 30-September 01, 2004
	2	ARM, 2004. Secure extensions to the ARM architecture. http://www.arm.com/trustzone.
	3	Broekman, M. 2005. End-to-end application security using trusted computing. http://www.cs.ru.nl/onderwijs/afstudereninfo/scripties/2005/MichielBroekmanScriptie.pdf.
	4	Chair for System Security, University of Bochum, Germany, 2005. GRUB TCG Patch to support Trusted Boot. http://trousers.sourceforge.net/grub.html.
	5	Computer Emergency Response Team (CERT). 2005. CERT research 2005 annual report. Carnegie Mellon University. http://www.cert.org/archive/pdf/cert_rsch_annual_rpt_2005.pdf.
	6	Neil Daswani , Dan Boneh, Experimenting with Electronic Commerce on the PalmPilot, Proceedings of the Third International Conference on Financial Cryptography, p.1-16, February 01, 1999
	7	Digium Inc. 2006. Asterisk—The Open Source PBX. http://www.asterisk.org.
	8	Fujitsu. 2004. LifeBook S7000 notebook. http://www.computers.us.fujitsu.com.
	9	Tal Garfinkel , Ben Pfaff , Jim Chow , Mendel Rosenblum , Dan Boneh, Terra: a virtual machine-based platform for trusted computing, Proceedings of the nineteenth ACM symposium on Operating systems principles, October 19-22, 2003, Bolton Landing, NY, USA
	10	J. Groβschädl, Instruction Set Extension for Long Integer Modulo Arithmetic on RISC-Based Smart Cards, Proceedings of the 14th Symposium on Computer Architecture and High Performance Computing (SCAB-PAD'02), p.13, October 28-30, 2002
	11	Darrel Hankerson , Julio López Hernandez , Alfred Menezes, Software Implementation of Elliptic Curve Cryptography over Binary Fields, Proceedings of the Second International Workshop on Cryptographic Hardware and Embedded Systems, p.1-24, August 17-18, 2000
	12	IBM. 2006. TrouSerS - An open-source TCG software stack implementation. http://sourceforge.net/projects/trousers.
	13	IBM. 2004. IBM research report. https://www.trustedcomputinggroup.org/news/articles/rc23363.pdf.
	14	Lenovo. 2007. IBM thinkpad. http://www.pc.ibm.com/us/thinkpad.
	15	Linux Journal. 2004. Sharp Zaurus SL-5600. http://www.linuxjournal.com/article/6792.
	16	Julio López , Ricardo Dahab, Fast Multiplication on Elliptic Curves over GF(2m) without Precomputation, Proceedings of the First International Workshop on Cryptographic Hardware and Embedded Systems, p.316-327, August 12-13, 1999
	17	López, J. and Dahab, R. 2000. An overview of elliptic curve cryptography. Tech. rep. Institute of Computing, State University of Campinas, Brasil.
	18	M. Matsumoto. 1997. Mersenne Twister random numbers generator. http://www.math.sci.hiroshima-u.ac.jp/m-mat/MT/ewhat-is-mt.html.
	19	M. Strasser. 2006. TPM Emulator. ETH, Zurich, Switzerland. http://developer.berlios.de/projects/tpm-emulator.
	20	National Institute of Standards and Technology. 2006. FIPS PUB 186-3: Digital signature standard (DSS). http://csrc.nist.gov/publications/drafts/fips_186-3/Draft-FIPS-186-3%20_March2006. pdf.
	21	National Institute of Standards and Technology. 2006. NIST 800-57: Recommendation for key management - Part 1: General. http://csrc.nist.gov/publications/nistpubs/800-57/SP800-57-Part1.pdf.
	22	OpenSSL. 2007. OpenSSL Project. http://www.openssl.org.
	23	B. J. Phillips , N. Burgess, Implementing 1,024-Bit RSA Exponentiation on a 32-Bit Processor Core, Proceedings of the IEEE International Conference on Application-Specific Systems, Architectures, and Processors, p.127, July 10-12, 2000
	24	Nachiketh R. Potlapally , Srivaths Ravi , Anand Raghunathan , Niraj K. Jha, A Study of the Energy Consumption Characteristics of Cryptographic Algorithms and Security Protocols, IEEE Transactions on Mobile Computing, v.5 n.2, p.128-143, February 2006 [doi>10.1109/TMC.2006.16]
	25	Srivaths Ravi , Anand Raghunathan , Paul Kocher , Sunil Hattangady, Security in embedded systems: Design challenges, ACM Transactions on Embedded Computing Systems (TECS), v.3 n.3, p.461-491, August 2004 [doi>10.1145/1015047.1015049]
	26	Ravi Sandhu , Xinwen Zhang, Peer-to-peer access control architecture using trusted computing technology, Proceedings of the tenth ACM symposium on Access control models and technologies, June 01-03, 2005, Stockholm, Sweden [doi>10.1145/1063979.1064005]
	27	Elaine Shi , Adrian Perrig , Leendert Van Doorn, BIND: A Fine-Grained Attestation Service for Secure Distributed Systems, Proceedings of the 2005 IEEE Symposium on Security and Privacy, p.154-168, May 08-11, 2005 [doi>10.1109/SP.2005.4]
	28	Sean W. Smith, Trusted Computing Platforms: Design and Applications, Springer-Verlag New York, Inc., Secaucus, NJ, 2004
	29	Sun, F., Ravi, S., Raghunathan, A., and Jha, N. K. 2004. Custom-instruction synthesis for extensible-processor platforms. IEEE Trans. Comput. Aid. Design Integra. Circ. Syst. 23, 216--228.
	30	Sun Microsystems. 2005. Sun's elliptic curve technology contribution to the OpenSSL. http://research.sun.com/projects/crypto/FrequenlyAskedQuestions.html.
	31	Tensilica Inc. 2001. Xtensa Application Specific Microprocessor Solutions - Overview Handbook. http://www.tensilica.com.
	32	Tillich, S. and Großschädl. 2004. A simple architectural enhancement for fast and flexible elliptic curve cryptography over binary finite fields GF(2^m). In Proceedings of the 9th International Conference Asia-Pacific Computer Systems Architecture. 282--295.
	33	Trusted Computing Group. 2004. TCG Glossary. https://www.trustedcomputinggroup.org/groups/TCG_Glossary.pdf.
	34	Trusted Computing Group. 2004. TCG specification architecture overview. https://www.trustedcomputinggroup.org/specs/TPM.
	35	Trusted Mobile Platform. 2004. http://www.trusted-mobile.org.
	36	Weimerskirch, A., Stebila, D., and Shantz, S. C. 2003. Generic GF(2^m) arithmetic in software and its application to ECC. In Proceedings of the 8th Australasian Conference Information Security and Privacy (ACISP'03). Springer, Berlin, Germany, NY, 79--92.
	37	Wollinger, T., Jardo, J. G., and Paar, C. 2003. Cryptography in embedded systems: An overview. In Proceedings of the Embedded World Conference. ACM, New York, NY, 735--744.
	38	Gang Xu , Cristian Borcea , Liviu Iftode, Satem: Trusted Service Code Execution across Transactions, Proceedings of the 25th IEEE Symposium on Reliable Distributed Systems, p.321-336, October 02-04, 2006 [doi>10.1109/SRDS.2006.42]