skip to main content
10.1145/2557547.2557569acmconferencesArticle/Chapter ViewAbstractPublication PagescodaspyConference Proceedingsconference-collections
short-paper

SobTrA: a software-based trust anchor for ARM cortex application processors

Published: 03 March 2014 Publication History

Abstract

In this paper, we present SobTrA, a Software-based Trust Anchor for ARM Cortex-A processors to protect systems against software-based attacks. SobTrA enables the implementation of a software-based secure boot controlled by a third party independent from the manufacturer. Compared to hardware-based trust anchors, our concept provides some other advantages like being updateable and also usable on legacy hardware. The presented software-based trust anchor involves a trusted third party device, the verifier, locally connected to the untrusted device, e.g., via the microSD card slot of a smartphone. The verifier is verifying the integrity of the untrusted device by making sure that a piece of code is executed untampered on it using a timing-based approach. This code can then act as an anchor for a chain of trust similar to a hardware-based secure boot. Tests on our prototype showed that tampered and untampered execution of SobTrA can be clearly and reliably distinguished.

References

[1]
W. Arbaugh, D. Farber, and J. Smith. A secure and reliable bootstrap architecture. In Proceedings of the 1997 IEEE Symposium on Security and Privacy, May 1997.
[2]
ARM Limited. ARM Cortex-A8 Technical Reference Manual, May 2010.
[3]
ARM Limited. ARM Architecture Reference Manual - ARMv7-A and ARMv7-R edition, July 2011.4
[4]
C. Castelluccia, A. Francillon, D. Perito, and C. Soriente. On the difficulty of software-based attestation of embedded devices. In Proceedings of the 16th ACM conference on Computer and communications security, CCS '09, 2009.
[5]
R. W. Gardner, S. Garera, and A. D. Rubin. Detecting code alteration by creating a temporary memory bottleneck. Trans. Info. For. Sec., 4:638--650, December 2009.
[6]
J. T. Giffin, M. Christodorescu, and L. Kruger. Strengthening software self-checksumming via self-modifying code. In Proceedings of the 21st Annual Computer Security Applications Conference, pages 23--32, 2005.
[7]
M. Jakobsson and K.-A. Johansson. Practical and secure software-based attestation. In Workshop on Lightweight Security Privacy: Devices, Protocols and Applications (LightSec), pages 1--9, March 2011.
[8]
R. Joshi, G. Nelson, and K. Randall. Denali: a goal-directed superoptimizer. In Proceedings of the ACM SIGPLAN 2002 Conference on Programming language design and implementation, PLDI '02, pages 304--314, 2002.
[9]
R. Kennell and L. H. Jamieson. Establishing the genuinity of remote computer systems. In Proceedings of the 12th conference on USENIX Security Symposium, 2003.
[10]
A. Klimov and A. Shamir. New cryptographic primitives based on multiword T-Functions. In B. Roy and W. Meier, editors, Fast Software Encryption, volume 3017 of Lecture Notes in Computer Science, pages 1--15. 2004.
[11]
L. Martignoni, R. Paleari, and D. Bruschi. Conqueror: Tamper-proof code execution on legacy systems. In Proceedings of the 7th international conference on Detection of intrusions and malware, and vulnerability assessment, DIMVA'10, 2010.
[12]
A. Perrig and L. V. Doorn. Refutation of ''On the difficulty of software-based attestation of embedded devices''.
[13]
A. Seshadri. A software primitive for externally-verifiable untampered execution and its applications to securing computing systems. PhD thesis, Carnegie Mellon University, 2009.
[14]
A. Seshadri, M. Luk, A. Perrig, L. van Doorn, and P. Khosla. SCUBA: Secure code update by attestation in sensor networks. In Proceedings of the 5th ACM workshop on Wireless security, WiSe '06, pages 85--94, 2006.
[15]
A. Seshadri, M. Luk, E. Shi, A. Perrig, L. van Doorn, and P. Khosla. Pioneer: Verifying code integrity and enforcing untampered code execution on legacy systems. In Proceedings of the twentieth ACM symposium on Operating systems principles, SOSP '05, pages 1--16, 2005.
[16]
A. Seshadri, A. Perrig, L. van Doorn, and P. Khosla. SWATT: Software-based attestation for embedded devices. In Proceedings of the 2004 IEEE Symposium on Security and Privacy, pages 272--282, 2004.
[17]
U. Shankar, M. Chew, and J. D. Tygar. Side effects are not sufficient to authenticate software. In Proceedings of the 13th conference on USENIX Security Symposium, SSYM'04, 2004.
[18]
G. Wurster, P. C. v. Oorschot, and A. Somayaji. A generic attack on checksumming-based software tamper resistance. In Proceedings of the 2005 IEEE Symposium on Security and Privacy, pages 127--138, 2005.
[19]
Q. Yan, J. Han, Y. Li, R. H. Deng, and T. Li. A software-based root-of-trust primitive on multicore platforms. In Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security, ASIACCS '11, 2011.

Cited By

View all
  • (2023)Firmware Integrity Protection: A SurveyIEEE Access10.1109/ACCESS.2023.329883311(77952-77979)Online publication date: 2023
  • (2019)A Systematic Literature Review of Authentication in Internet of Things for Heterogeneous DevicesJournal of Computer Networks and Communications10.1155/2019/57471362019Online publication date: 1-Jan-2019
  • (2018)Secure Code Updates for Smart Embedded Devices Based on PUFsCryptology and Network Security10.1007/978-3-030-02641-7_15(325-346)Online publication date: 10-Nov-2018
  • Show More Cited By

Index Terms

  1. SobTrA: a software-based trust anchor for ARM cortex application processors

    Recommendations

    Comments

    Information & Contributors

    Information

    Published In

    cover image ACM Conferences
    CODASPY '14: Proceedings of the 4th ACM conference on Data and application security and privacy
    March 2014
    368 pages
    ISBN:9781450322782
    DOI:10.1145/2557547
    Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

    Sponsors

    Publisher

    Association for Computing Machinery

    New York, NY, United States

    Publication History

    Published: 03 March 2014

    Permissions

    Request permissions for this article.

    Check for updates

    Author Tags

    1. arm architecture
    2. mobile security
    3. secure boot
    4. self-checksumming code
    5. smartphone
    6. software-based trust anchor

    Qualifiers

    • Short-paper

    Conference

    CODASPY'14
    Sponsor:

    Acceptance Rates

    CODASPY '14 Paper Acceptance Rate 19 of 119 submissions, 16%;
    Overall Acceptance Rate 149 of 789 submissions, 19%

    Contributors

    Other Metrics

    Bibliometrics & Citations

    Bibliometrics

    Article Metrics

    • Downloads (Last 12 months)7
    • Downloads (Last 6 weeks)0
    Reflects downloads up to 13 Jan 2025

    Other Metrics

    Citations

    Cited By

    View all
    • (2023)Firmware Integrity Protection: A SurveyIEEE Access10.1109/ACCESS.2023.329883311(77952-77979)Online publication date: 2023
    • (2019)A Systematic Literature Review of Authentication in Internet of Things for Heterogeneous DevicesJournal of Computer Networks and Communications10.1155/2019/57471362019Online publication date: 1-Jan-2019
    • (2018)Secure Code Updates for Smart Embedded Devices Based on PUFsCryptology and Network Security10.1007/978-3-030-02641-7_15(325-346)Online publication date: 10-Nov-2018
    • (2016)Software control and intellectual property protection in cyber-physical systemsEURASIP Journal on Information Security10.1186/s13635-016-0032-52016:1(1-14)Online publication date: 1-Dec-2016

    View Options

    Login options

    View options

    PDF

    View or Download as a PDF file.

    PDF

    eReader

    View online with eReader.

    eReader

    Media

    Figures

    Other

    Tables

    Share

    Share

    Share this Publication link

    Share on social media