TY - GEN
T1 - A Hardware Root-of-Trust Design for Low-Power SoC Edge Devices
AU - Ehret, Alan
AU - Del Rosario, Eliakin
AU - Gettings, Karen
AU - Kinsy, Michel A.
N1 - Funding Information:
DISTRIBUTION STATEMENT A. Approved for public release. Distribution is unlimited. This material is based upon work supported by the Under Secretary of Defense for Research and Engineering under Air Force Contract No. FA8702-15-D-0001. Any opinions, findings, conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the Under Secretary of Defense for Research and Engineering.
Publisher Copyright:
© 2020 IEEE.
PY - 2020/9/22
Y1 - 2020/9/22
N2 - In this work, we introduce a hardware root-of-trust architecture for low-power edge devices. An accelerator-based SoC design that includes the hardware root-of-trust architecture is developed. An example application for the device is presented. We examine attacks based on physical access given the significant threat they pose to unattended edge systems. The hardware root-of-trust provides security features to ensure the integrity of the SoC execution environment when deployed in uncontrolled, unattended locations. E-fused boot memory ensures the boot code and other security critical software is not compromised after deployment. Digitally signed programmable instruction memory prevents execution of code from untrusted sources. A programmable finite state machine is used to enforce access policies to device resources even if the application software on the device is compromised. Access policies isolate the execution states of application and security-critical software. The hardware root-of-trust architecture saves energy with a lower hardware overhead than a separate secure enclave while eliminating software attack surfaces for access control policies.
AB - In this work, we introduce a hardware root-of-trust architecture for low-power edge devices. An accelerator-based SoC design that includes the hardware root-of-trust architecture is developed. An example application for the device is presented. We examine attacks based on physical access given the significant threat they pose to unattended edge systems. The hardware root-of-trust provides security features to ensure the integrity of the SoC execution environment when deployed in uncontrolled, unattended locations. E-fused boot memory ensures the boot code and other security critical software is not compromised after deployment. Digitally signed programmable instruction memory prevents execution of code from untrusted sources. A programmable finite state machine is used to enforce access policies to device resources even if the application software on the device is compromised. Access policies isolate the execution states of application and security-critical software. The hardware root-of-trust architecture saves energy with a lower hardware overhead than a separate secure enclave while eliminating software attack surfaces for access control policies.
KW - Hardware Security
KW - Low-Power
KW - System-on-Chip
UR - http://www.scopus.com/inward/record.url?scp=85099389680&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85099389680&partnerID=8YFLogxK
U2 - 10.1109/HPEC43674.2020.9286164
DO - 10.1109/HPEC43674.2020.9286164
M3 - Conference contribution
AN - SCOPUS:85099389680
T3 - 2020 IEEE High Performance Extreme Computing Conference, HPEC 2020
BT - 2020 IEEE High Performance Extreme Computing Conference, HPEC 2020
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 2020 IEEE High Performance Extreme Computing Conference, HPEC 2020
Y2 - 21 September 2020 through 25 September 2020
ER -