TinyTPM: A lightweight module aimed to IP protection and trusted embedded platforms

Feller, Thomas; Malipatlolla, Sunil; Meister, David; Huss, Sorin A.

doi:10.1109/hst.2011.5954987

Cited by 14 publications

(10 citation statements)

References 16 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Thus, attacking the Dynamic Context Manager will not yield any useful information to the attacker. Additionally, the approaches in [14], [15] provide means to protect both static and dynamic regions of the FPGA, which contain both the Dynamic Context Manager and the Trust Compartments. Thus, the proposed architecture complies to the security standards as required by the TCG.…”

Section: B Security Assumptionsmentioning

confidence: 99%

“…To protect the partial bitstreams representing different Trust Compartments they are stored inside a secure memory location. Such a memory can be provided by known approaches, e.g., [14], [15]. Before loading these bitstreams into the allocated region they are checked for their integrity using one of the aforementioned approaches, as these approaches cover the Dolev-Yao [16] assumptions.…”

Section: B Security Assumptionsmentioning

confidence: 99%

See 1 more Smart Citation

dcTPM: A Generic Architecture for Dynamic Context Management

Feller

Malipatlolla

Kasper

et al. 2011

2011 International Conference on Reconfigurable Computing and FPGAs

Self Cite

View full text Add to dashboard Cite

With the emergence of new technologies the requirements for trusted platforms are constantly changing. Thus, the current Trusted Platform Modules (TPMs) have to cope with issues they have not been designed for. One such deficit of current TPMs is the inability to support multiple stakeholders as in mobile computing, virtualization, and cloud computing applications. In such scenarios, a TPM has to attest the state of their applications on the platform to each stakeholder and to additionally protect their individual assets. Therefore, we present a novel architecture, called Dynamic-Context TPM (dcTPM), to satisfy the needs of each participant in multiple stakeholder applications. Though there exist related approaches in literature [1]-[3], they address only software-based TPM instances. In contrast, the architecture proposed in this paper supports not only software-based TPMs, but also dedicated hardware TPMs or a combination of both for each stakeholder. As an additional asset, the dcTPM architecture enables a dynamic exchange of contexts (TPM instances) without any modification of the underlying architecture. This architecture has been implemented as a proof-of-concept on top of a Xilinx Virtex-5 FPGA platform, demonstrating a test case with off-the-shelf hardware and software TPMs.

show abstract

Section: B Security Assumptionsmentioning

confidence: 99%

Section: B Security Assumptionsmentioning

confidence: 99%

dcTPM: A Generic Architecture for Dynamic Context Management

Feller

Malipatlolla

Kasper

et al. 2011

2011 International Conference on Reconfigurable Computing and FPGAs

Self Cite

View full text Add to dashboard Cite

show abstract

“…The cryptographic hardware engineering field includes a wide range of works: side-channel countermeasure design [Popp et al 2007], efficient hardware implementation of new cryptographic algorithms such as homomorphic encryption [Gentry and Halevi 2011;Naehrig et al 2011], lightweight device security (such as RIFD, smart cards) [Rolfes et al 2008;Lin et al 2010;Feller et al 2011], TRNG (True Random Number Generator) design and characterization [Valtchanov et al 2010], chip identification circuits in new CMOS technologies, passive and active IC metering [Maes et al 2009;Baumgarten et al 2010], etc.…”

Section: Secure By Designmentioning

confidence: 99%

Architectures of flexible symmetric key crypto engines—a survey

et al. 2013

View full text Add to dashboard Cite

Throughput, flexibility, and security form the design trilogy of reconfigurable crypto engines; they must be carefully considered without reducing the major role of classical design constraints, such as surface, power consumption, dependability, and cost. Applications such as network security, Virtual Private Networks (VPN), Digital Rights Management (DRM), and pay per view have drawn attention to these three constraints. For more than ten years, many studies in the field of cryptographic engineering have focused on the design of optimized high-throughput hardware cryptographic cores (e.g., symmetric and asymmetric key block ciphers, stream ciphers, and hash functions). The flexibility of cryptographic systems plays a very important role in their practical application. Reconfigurable hardware systems can evolve with algorithms, face up to new types of attacks, and guarantee interoperability between countries and institutions. The flexibility of reconfigurable crypto processors and crypto coprocessors has reached new levels with the emergence of dynamically reconfigurable hardware architectures and tools. Last but not least, the security of systems that handle confidential information needs to be thoroughly evaluated at the design stage in order to meet security objectives that depend on the importance of the information to be protected and on the cost of protection. Usually, designers tackle security problems at the same time as other design constraints and in many cases target only one security objective, for example, a side-channel attack countermeasures, fault tolerance capability, or the monitoring of the device environment. Only a few authors have addressed all three design constraints at the same time. In particular, key management security (e.g., secure key generation and transmission, the use of a hierarchical key structure composed of session keys and master keys) has frequently been neglected to the benefit of performance and/or flexibility. Nevertheless, a few authors propose original processor architectures based on multi-crypto-processor structures and reconfigurable cryptographic arrays. In this article, we review published works on symmetric key crypto engines and present current trends and design challenges.

show abstract

“…Simpson and Schaumont describe an off-line authentication scheme for embedded software IP modules in FPGAs [16]. Besides this software-oriented approach, a number of hardware solutions were proposed [5][6][7]9]. In [6], a proof-of-concept implementation is presented to reconfigure the majority of the FPGA such that it has a design, containing a specific IP core.…”

Section: Introduction and Previous Workmentioning

confidence: 99%

“…Besides this software-oriented approach, a number of hardware solutions were proposed [5][6][7]9]. In [6], a proof-of-concept implementation is presented to reconfigure the majority of the FPGA such that it has a design, containing a specific IP core. However, this does not provide a flexible way of obtaining and implementing one or more IP cores.…”

Section: Introduction and Previous Workmentioning

confidence: 99%

Practical feasibility evaluation and improvement of a pay-per-use licensing scheme for hardware IP cores in Xilinx FPGAs

et al. 2014

View full text Add to dashboard Cite

In earlier published work, Maes et al. present a pay-per-use licensing scheme for hardware Intellectual Property (IP) cores. This scheme focuses on the use of IP cores on static random access memory-based field programmable gate arrays (FPGAs) and is mainly based on the partial reconfigurability property of this type of FPGA. Our work evaluates the practical feasibility of the scheme and the accompanying architecture. As already (partly) indicated by Maes et al., their solution introduces some security and usability issues. Therefore, we present improvements to the scheme and the architecture together with an additional method for decreasing the area overhead. The overall result is the first practical implementation of the pay-per-use licensing scheme occupying 841 slices on a Xilinx XC6S-LX45 FPGA. The small area overhead is mainly achieved by moving the storage of keys from slice flip-flops to configuration memory. Moreover, the implementation would not have been feasible with commercially available tools. We use an academic tool that allows nested partial reconfiguration and flexible IP core placement.

show abstract

TinyTPM: A lightweight module aimed to IP protection and trusted embedded platforms

Cited by 14 publications

References 16 publications

dcTPM: A Generic Architecture for Dynamic Context Management

dcTPM: A Generic Architecture for Dynamic Context Management

Architectures of flexible symmetric key crypto engines—a survey

Practical feasibility evaluation and improvement of a pay-per-use licensing scheme for hardware IP cores in Xilinx FPGAs

Contact Info

Product

Resources

About