Securing Boot of an Embedded Linux on FPGA

Abstract : The growing complexity of embedded systems makes reconfiguration and embedded OSs (Operating Systems) more and more interesting. FPGAs (Field-Programmable Gate Arrays) are able to perform such a feature with success. With most of the FPGAs, the OS is stored into an external memory (usually Flash) and running on a processor embedded into the FPGA. We consider that FPGA embedded processor is able to process the OS update through, for instance, an insecure network. However, these features may give rise to security flaws affecting the system integrity or freshness. Integrity can be altered by spoofing or modifying data in order to introduce malicious code. In the same way, freshness can be affected by replaying an old configuration in order to downgrade the system. This work proposes a trusted computing mechanism taking into account the whole security chain from bit stream-to-kernel-boot ensuring, both hardware and software, integrity while preventing replay attacks. This paper summarizes the current counter-measures ensuring integrity, confidentiality and freshness of the bit stream. Then we propose a solution to protect OS kernel against malicious modifications thanks to already trusted bit stream power-up. We also evaluate the area and performance overhead of the proposed architecture and its improvement using asymmetric cryptography. Adding security and increasing performances, this solution generates between 0 and 40% of area overhead depending on the re-usability consideration.
Type de document :
Communication dans un congrès
IPDPS: International Parallel and Distributed Processing Symposium, May 2011, Anchorage, Antarctica. IEEE International Symposium on Parallel and Distributed Processing Workshops and Phd Forum, pp.189-195, 2011, 〈http://www.ipdps.org/ipdps2011/2011_workshops.html〉. 〈10.1109/IPDPS.2011.141〉
Liste complète des métadonnées

https://hal-lirmm.ccsd.cnrs.fr/lirmm-00818742
Contributeur : Lionel Torres <>
Soumis le : lundi 29 avril 2013 - 09:11:39
Dernière modification le : jeudi 11 octobre 2018 - 01:20:15

Identifiants

Collections

Citation

Florian Devic, Lionel Torres, Benoit Badrignans. Securing Boot of an Embedded Linux on FPGA. IPDPS: International Parallel and Distributed Processing Symposium, May 2011, Anchorage, Antarctica. IEEE International Symposium on Parallel and Distributed Processing Workshops and Phd Forum, pp.189-195, 2011, 〈http://www.ipdps.org/ipdps2011/2011_workshops.html〉. 〈10.1109/IPDPS.2011.141〉. 〈lirmm-00818742〉

Partager

Métriques

Consultations de la notice

92