Trusted Execution Environment Hardware by Isolated Heterogeneous Architecture for Key Scheduling

A Trusted Execution Environment (TEE) sets a platform to secure applications based on the Chain-of-Trust (CoT). The starting point of the CoT is called the Root-of-Trust (RoT). However, the RoT implementation often relies on obscurity and provides little flexibility when generating keys to the syste...

Full description

Saved in:
Bibliographic Details
Published in:IEEE access Vol. 10; pp. 46014 - 46027
Main Authors: Hoang, Trong-Thuc, Duran, Ckristian, Serrano, Ronaldo, Sarmiento, Marco, Nguyen, Khai-Duy, Tsukamoto, Akira, Suzaki, Kuniyasu, Pham, Cong-Kha
Format: Journal Article
Language:English
Published: Piscataway IEEE 2022
The Institute of Electrical and Electronics Engineers, Inc. (IEEE)
Subjects:
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:A Trusted Execution Environment (TEE) sets a platform to secure applications based on the Chain-of-Trust (CoT). The starting point of the CoT is called the Root-of-Trust (RoT). However, the RoT implementation often relies on obscurity and provides little flexibility when generating keys to the system. In this paper, a TEE System-on-a-Chip (SoC) architecture is proposed based on a heterogeneous design by combining 64-bit Linux-capable processors with a 32-bit Micro-Controller Unit (MCU). The TEE is built on the 64-bit cores, while the 32-bit MCU takes care of sensitive data and activities. The MCU is isolated from the TEE side by an Isolated Bus (IBus) that sits above the conventional System Bus (SBus). Besides the 32-bit processor, the isolated sub-system contains a Random Access Memory (RAM), a Read-Only Memory (ROM) for storing the boot program, and another ROM for storing root keys. For cryptography accelerators, we have 512-bit Secure Hashing Algorithm 3 (SHA3-512), 128/256-bit Advanced Encryption Standard (AES-128/256), Ed25519, and True Random Number Generator (TRNG) attached to the Peripheral Bus (PBus). Additionally, besides the public channel, the TRNG module also has a private channel that goes directly to the IBus. With RoT implemented inside the isolated sub-system, the RoT is inaccessible from the TEE side after boot. Furthermore, the hidden MCU's secure boot program makes the key generation flexible and could be updated for many security schemes. To summarize, the proposed design features a flexible and secure boot procedure with complete isolation from the TEE domain. Moreover, exclusive secure storage for the root key and cryptographic accelerators are available for the boot process. The implementation was tested on a Virtex-7 XC7VX485T Field-Programmable-Gate-Array (FPGA). It was also synthesized in a Very Large-Scale Integrated (VLSI) circuit with the ROHM-180nm process library.
ISSN:2169-3536
2169-3536
DOI:10.1109/ACCESS.2022.3169767