Skip to main content
Springer Nature Link
Log in

External Authenticated Non-volatile Memory with Lifecycle Management for State Protection in Trusted Computing

  • Conference paper
Trusted Systems (INTRUST 2009)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 6163))

Included in the following conference series:

  • 649 Accesses

Abstract

Contemporary processor ASICs for embedded devices often include a trusted execution environment (TrEE) typically realized using a secure, isolated processing mode. TrEEs are used for implementing security services. The isolation can be complete with on-board RAM and ROM reserved for the exclusive use of these environments, but ASICs that also include non-volatile memory (NVM) are not readily available or cost-effective. This makes it difficult to deploy security services where persistent storage of state is critical to security. One solution is to use external authenticated non-volatile memory (EANVM), e.g. in a different ASIC. This introduces the need for a key management scheme for pairing and secure communication between the processor and the EANVM unit. Design of such a key management scheme needs to allow for lifecycle management requirements such as field-replacement of EANVM units and testability, both of newly fabricated as well as field-returned units.

In this paper we identify the requirements for lifecycle management of an EANVM which can be used by a TrEE for securing its state persistently. We then present a hardware design that meets both the usual security requirements as well as the lifecycle management requirements simultaneously. Although the design can constitute its own chip, it is intended to be added to a secondary ASIC on the device, one that already has NVM for other reasons (e.g. to store configuration parameters persistently), but has a few tens of NVM cells to spare for this design. Consequently, our design offers an inexpensive way for state protection for TrEEs.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

We’re sorry, something doesn't seem to be working properly.

Please try refreshing the page. If that doesn't work, please contact support so we can address the problem.

References

  1. Alves, T., Rudeli, J.: ARM Security Solutions and Intel Authenticated Flash – How to integrate Intel Authenticated Flash with ARM TrustZone for maximum system protection. Design Reuse (October 2007), http://www.design-reuse.com/articles/16975/arm-security-solutions-and-intel-authenticated-flash-how-to-integrate-intel-authenticated-flash-with-arm-trustzone-for-maximum-system-protection.html

  2. ARM. Trustzone-enabled processor, http://www.arm.com/pdfs/DDI0301D_arm1176jzfs_r0p2_trm.pdf

  3. Badrignans, B., Elbaz, R., Torres, L.: Secure update mechanism for remote update of fpga-based system. In: International Symposium on Industrial Embedded Systems, SIES 2008, June 2008, pp. 221–224 (2008)

    Google Scholar 

  4. Ekberg, J.-E., Kylanpaa, M.: Mobile trusted module. Technical Report NRC-TR-2007-015, Nokia Research Center (November 2007), http://research.nokia.com/files/NRCTR2007015.pdf

  5. Schellekens, D., Tuyls, P., Preneel, B.: Embedded trusted computing with authenticated non-volatile memory. In: Lipp, P., Sadeghi, A.-R., Koch, K.-M. (eds.) Trust 2008. LNCS, vol. 4968, pp. 60–74. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  6. Srage, J., Azema, J.: M-Shield mobile security technology, TI White paper (2005), http://focus.ti.com/pdfs/wtbu/ti_mshield_whitepaper.pdf

  7. Trusted Platform Module (TPM) Specifications, https://www.trustedcomputinggroup.org/specs/TPM/

  8. Wu, C.-H., Kuo, T.-W., Li Chang, P.: An efficient b-tree layer implementation for flash-memory storage systems. ACM Trans. Embed. Comput. Syst. 6(3), 19 (2007)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Nokia Research Center, Helsinki

    Jan-Erik Ekberg & N. Asokan

Authors
  1. Jan-Erik Ekberg
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. N. Asokan
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Hewlett Packard Labs, Long Down Avenue, Stoke Gifford, BS34 8QZ, Bristol, UK

    Liqun Chen

  2. Computer Science Department, Google Inc. and Columbia University, Room 464, S.W. Mudd Building, 10027, New York, NY, USA

    Moti Yung

Rights and permissions

Reprints and permissions

Copyright information

© 2010 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Ekberg, JE., Asokan, N. (2010). External Authenticated Non-volatile Memory with Lifecycle Management for State Protection in Trusted Computing. In: Chen, L., Yung, M. (eds) Trusted Systems. INTRUST 2009. Lecture Notes in Computer Science, vol 6163. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-14597-1_2

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-14597-1_2

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-14596-4

  • Online ISBN: 978-3-642-14597-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics