Fraunhofer-Gesellschaft

Publica

Hier finden Sie wissenschaftliche Publikationen aus den Fraunhofer-Instituten.

SobTra - A software-based trust anchor for ARM cortex application processors

 
: Horsch, Julian; Wessel, Sascha; Stumpf, Frederic; Eckert, Claudia

:
Volltext urn:nbn:de:0011-n-3039365 (744 KByte PDF)
MD5 Fingerprint: ed8de249bf254241c1715ae57440dab1
© ACM This is the author's version of the work. It is posted here by permission of ACM for your personal use. Not for redistribution.
Erstellt am: 9.7.2020


CODASPY 2014, 4th ACM Conference on Data and Application Security and Privacy. Proceedings : March 3-5, 2014. San Antonio, Texas
New York: ACM, 2014
ISBN: 978-1-4503-2278-2
S.273-280
Conference on Data and Application Security and Privacy (CODASPY) <4, 2014, San Antonio/Tex.>
Bundesministerium für Bildung und Forschung BMBF (Deutschland)
01BY1200A; HIVE
Englisch
Konferenzbeitrag, Elektronische Publikation
Fraunhofer AISEC ()
Software-based Trust Anchor; self-checksumming code; Smartphone; mobile security; ARM architecture; secure boot

Abstract
In this paper, we present SobTrA, a Software-based Trust Anchor for ARM Cortex-A processors to protect systems against software-based attacks. SobTrA enables the implementation of a software-based secure boot controlled by a third party independent from the manufacturer. Compared to hardware-based trust anchors, our concept provides some other advantages like being updateable and also usable on legacy hardware. The presented software-based trust anchor involves a trusted third party device, the verifier, locally connected to the untrusted device, e.g., via the microSD card slot of a smartphone. The verifier is verifying the integrity of the untrusted device by making sure that a piece of code is executed untampered on it using a timing-based approach. This code can then act as an anchor for a chain of trust similar to a hardware-based secure boot. Tests on our prototype showed that tampered and untampered execution of SobTrA can be clearly and reliably distinguished.

: http://publica.fraunhofer.de/dokumente/N-303936.html