An Embedded System Trusted Computing Architecture Based on Improved TPM

foreword

At present, some traditional information security technologies used in information systems lack active defense functions, resulting in most security issues being resolved in the absence of a unified security system. With the development of the Internet of Things (IoT), the applications of various embedded systems are growing, such as sensor networks, smart cards, mobile devices, medical equipment, avionics, automotive and smart grid control systems, etc.

On the one hand, embedded systems are open to the Internet/Mobile Internet and have external attack channels in IoT. On the other hand, the architecture of embedded systems is too simple, its resource permissions can be used arbitrarily, and its executable programs can easily contain malicious codes to control the system.

Therefore, embedded systems can pose security issues. Solving the security of embedded systems is a new challenge in the field of embedded applications in the Internet of Things era. To solve the security of embedded systems in the Internet of Things, it is necessary to improve the architecture, strengthen the active monitoring and prevention mechanisms for viruses or malicious codes, and improve the security of the entire system.

The Trusted Computing Group (TCG) has proposed a set of trusted computing concepts and methods for PC information security issues. It requires a trusted platform including the root of trust of the TPM chip, and then establishes a trust chain-level extended trust relationship to the entire computer system. Realize a credible and secure computing environment to ensure the normal execution of computing operations on the entire platform.

At present, the concept of trustworthiness expands embedded and mobile terminal TPM chips are also proposed to address the growing demand for trusted computing in the field of embedded information security, such as Apostle et al. proposed an embedded system hardware architecture that can provide security and trust as well as physical attack protection Use trust zone separation.

This paper draws on the shortcomings of the trusted PC architecture, improves the original TPM, proposes an embedded system based on the embedded trusted cryptographic module (eTCM) and China's cryptographic system, and creates a prototype system for verifying the trusted architecture on the FPGA hardware platform.

Trusted Embedded System Architecture Based on Improved TPM

Since the embedded system has strict requirements on function, reliability, cost, size and energy consumption, the original TPM made by TCG has defects such as lack of main ability and complex password calculation (only RSA is used instead of symmetric password). Therefore, the original PTM is not completely suitable for embedded systems, so it is necessary to improve the TPM. Besides the original functionality, the improved TPM should provide some new features for embedded systems.

In this paper, we propose a trusted embedded computing architecture based on the improved TPM and Chinese cryptosystem, as shown in Figure 1 (a hierarchical structure).

In the architecture, we use the combination of symmetric and asymmetric encryption to form an embedded trusted encryption module (eTCM), and propose an embedded trusted platform control module (eTPCM) based on the encryption system as the root of trust, and establish an embedded The trust chain of the information system to ensure the security of applications and critical information.

The eTCM including the cryptographic system is a necessary and critical basic component in the trusted computing platform, which provides support for independent cryptographic algorithms. eTCM includes hardware and firmware, and can be integrated with eTPCM in an IP core as an improved TPM.

Trusted Platform Module for Embedded Systems

In this paper, a trusted platform module for embedded systems is designed for embedded systems by combining the original TPM and the Chinese cryptographic system. The module consisting of eTCM and eTPCM is an improvement on the original TPM. The improved TPM has active control capability, faster symmetric encryption and decryption speed, improved system reliability, supports chain and star trust measurement models, and effectively reduces attenuation and time in trust transfer.

The architecture of the improved embedded system trusted platform module is shown in Figure 2. According to China Trusted Computing Cryptography System, the elliptic curve cryptography algorithm used in asymmetric cryptography in eTCM includes three sub-algorithms: digital signature algorithm SM2-1, key exchange protocol SM2-2, public key encryption algorithm SM2-3 .

SM4 is used for symmetric cryptographic algorithms. The hashing algorithm is used for SM3. Encryption mechanisms are used to protect sensitive data in the system and user sensitive data. eTPCM is used as a root of trust to provide a series of trusted computing functions, such as integrity measurement, secure storage, trusted reporting and encryption services, etc.

In eTPCM, a combination of symmetric and asymmetric cryptography is used to improve security and efficiency, and to enable active control and measurement. The bus arbitration module is used to control the main processor in the embedded system and the improved TPM to access the external memory.

i.e. eTPCM is active due to controlling reads and writes to external memory and can authenticate each component in the system individually.

On the basis of the original TPM, a physically protected backup memory is added to store the boot program and key data of the operating system. During verification, if they are tampered, they can be easily restored to the external main memory, thereby improving the reliability of the system sex.

eTPCM Trusted Measurement Protocol

In this paper, eTPCM is used as the trust source of the embedded system, and a security trust measurement protocol is established to gradually realize trust at all levels of the entire hardware and software modules. In circuit design, eTPCM needs to be started before the embedded main processor in order to control the entire circuit system (changing the traditional thinking that the previous TPM is a passive device). The credible chain transfer process is shown in Figure 3.

Specific steps are as follows.

• Step 1: The bootloader code is read by the core Root of Trust for Measurement (RTM) code in the eTPCM and transfers the report to the eTPCM. If successful, control will transfer to the bootloader, go to step 2. Otherwise, the bootloader code is not trusted and needs to be restored from backup memory to be remeasured.

• Step 2: The bootloader performs trusted measurements of the embedded OS core code and reports the measurements to eTPCM. If successful, the OS will be loaded and control will be transferred to the OS, go to step 3. Otherwise, the operating system core code is not trusted and needs to be restored and remeasured.

• Step 3: Embedded OS Completes Trusted OS

In the trust measurement protocol, trust transfer chain is combined with chain and star schema. The chain-type trusted measurement model is adopted at the system level, and the star-type model is adopted at the application level, which overcomes the defect of long measurement time caused by only using the star-type model due to the usually low performance of the eTPCM processor.

The application is measured by the Trusted Service Manager in the user kernel and computed by the embedded system host processor, greatly reducing the measurement time.

6 Experimental testing and verification

6.1 Verification platform construction

In order to verify and evaluate the feasibility and security of the embedded system trustworthy computing architecture, Altera layer IV E-series EP4SE530H40 FPGA implements improved TPM function and applied to trusted PDA with ARM processor to complete the test and achieved good results. The prototype system verification platform is shown in Figure 4. At the beginning of the trusted PDA, please note the following points:

• (1) The improved TPM must run before booting, and the ARM processor must control the operation through it.
• (2) Since eTPCM needs to read external memory data for reliability verification, both the ARM processor and eTPCM need to access external memory, so the external memory bus needs to be arbitrated.
• (3) If you want to upgrade the bootloader, it must be authorized by eTPCM

In a trusted PDA, the platform acts as a slave server, and the boot process of the computer system is controlled by a modified TPM.

Before the platform starts, the startup program, the integrity of the operating system is measured by the modified TPM, and the integrity measurement results are compared with the previously stored values ​​in the modified TPM to determine whether they are trustworthy, and only programs that are determined to be trusted can run. If an error occurs during integrity verification, the improved TPM will automatically invoke the backup-restore module to restore the system.

After the system has passed the integrity verification, the improved TPM allows the ARM processor to run and the trusted PDA to start working normally.

During the execution of the system, the improved TPM is still in the monitoring state. Once an abnormality is detected, the trusted PDA can terminate the reading and writing of the external memory at any time.

Starting from the trusted boot process of PDA and the use of encryption and decryption engine, the improved TPM with bus arbitration module and backup recovery greatly improves the control ability and speeds up the speed of symmetric encryption and decryption.

6.2 Analysis of experimental results

In this experiment, eTPCM needs to conduct trust measurement on the underlying configuration at the beginning, and the measurement process cannot be too long, if it is, although the verification can be completed, the meaning of the application is lost.

• (1) Verify the embedded system boot program and operating system kernel: the size of the verified program in the experiment is about 1MB, of which the boot program is about 60KB, and the OS kernel is about 800KB. Through actual verification, the entire startup process of the experimental system takes less than 0.2s, and the verification speed is close to 10MB/s, which can meet the requirements of embedded applications.
• (2) Test the speed of symmetric encryption and decryption: The symmetric encryption and decryption engine SM4 is implemented in the improved TPM hardware, and the execution speed of the test engine is as high as 7.2MB/s. Compared with the 74.6KB/s of the SM4 algorithm implemented by software in our PDA, the result of using the hardware symmetric encryption and decryption engine has greatly improved the encryption and decryption speed.

7 Conclusion

This paper proposes a trusted architecture for embedded systems from the perspective of hardware, and proposes an embedded trusted cryptographic module (eTCM) and embedded trusted platform control module (eTPCM) based on the Chinese encryption system.

They combine with each other to complete the improvement of the original TPM.

The improved TPM not only conforms to the TCG specification, but also enhances its control over the embedded system, and is more in line with the characteristics of the embedded system.

Experimental analysis shows that the improved TPM design is very effective for embedded systems.

This paper focuses on the improvement and functional design of TPM in the embedded system environment.

The next step is to study the hardware security of the improved Trusted Platform Module.

Original paper name: A Trusted Computing Architecture of Embedded System Based on Improved TPM