Hier finden Sie wissenschaftliche Publikationen aus den Fraunhofer-Instituten.

An embedded key management system for PUF-based security enclosures

: Obermaier, J.; Hauschild, F.; Hiller, M.; Sigl, G.


Stojanović, R. ; Institute of Electrical and Electronics Engineers -IEEE-; European Organisation for Information Technology and Microelectronics -EUROMICRO-:
7th Mediterranean Conference on Embedded Computing, MECO 2018: Including ECYPS 2018. Proceedings, Research Monograph : Budva, Montenegro, June 10th-14th, 2018
Piscataway, NJ: IEEE, 2018
ISBN: 978-1-5386-5683-9
ISBN: 978-1-5386-5682-2
Mediterranean Conference on Embedded Computing (MECO) <7, 2018, Budva>
Workshop on Embedded and Cyber-Physical Systems (ECYPS) <6, 2018, Budva>
Fraunhofer AISEC ()

Hardware Security Modules (HSMs) are embedded systems which provide a physically secured environment for data storage and handling. The device is protected by an enclosure against adversaries. A supervisor circuit monitors the enclosure's integrity and deletes all Critical Security Parameters (CSPs), such as keys, upon a tamper event. While current solutions store CSPs in battery-backed memory, our novel batteryless solution exploits the Physical Unclonable Function (PUF) of the enclosure to derive a key encryption key (KEK). However, such a PUF-based solution requires a more complex Embedded Key Management System (EKMS) for integrity verification, PUF usage, and key management. In this paper, we address this issue by discussing an adversary model, deriving design requirements, and presenting a hardened firmware architecture for PUF-based security enclosures. We present the complementing security extensions for FreeRTOS that enhance the operating system's security. To verify the concept's feasibility, we implement the proposed system and evaluate its performance. Our results show that this security architecture for an EKMS can serve as a firmware basis for novel PUF-based HSMs.