Fraunhofer-Institut für Angewandte und Integrierte Sicherheit AISEC

Filters

3
Reset filters

Settings
Now showing 1 - 3 of 3
  • Publication
    Secure Physical Enclosures from Coverswith Tamper-Resistance
    ( 2019)
    Immler, V.
    ;
    Obermaier, J.
    ;
    Ng, K.K.
    ;
    Ke, F.X.
    ;
    Lee, J.
    ;
    Lim, Y.P.
    ;
    Oh, W.K.
    ;
    Wee, K.H.
    ;
    Sigl, G.
    Ensuring physical security of multiple-chip embedded systems on a PCB is challenging, since the attacker can control the device in a hostile environment. To detect physical intruders as part of a layered approach to security, it is common to create a physical security boundary that is difficult to penetrate or remove, e.g., enclosures created from tamper-respondent envelopes or covers. Their physical integrity is usually checked by active sensing, i.e., a battery-backed circuit continuously monitors the enclosure. However, adoption is often hampered by the disadvantages of a battery and due to specialized equipment which is required to create the enclosure. In contrast, we present a batteryless tamper-resistant cover made from standard flexPCB technology, i.e., a commercially widespread, scalable, and proven technology. The cover comprises a fine mesh of electrodes and an evaluation unit underneath the cover checks their integrity by detecting short and open circuits. Additionally, it measures the capacitances between the electrodes of the mesh. Once its preliminary integrity is confirmed, a cryptographic key is derived from the capacitive measurements representing a PUF, to decrypt and authenticate sensitive data of the enclosed system. We demonstrate the feasibility of our concept, provide details on the layout, electrical properties of the cover, and explain the underlying security architecture. Practical results including statistics over a set of 115 flexPCB covers, physical attacks, and environmental testing support our design rationale. Hence, our work opens up a new direction of counteracting physical tampering without the need of batteries, while aiming at a physical security level comparable to FIPS 140-2 level 3.
  • Publication
    Efficient security zones implementation through hierarchical group key management at NoC-based MPSoCs
    ( 2017)
    Sepulveda, J.
    ;
    Flórez, D.
    ;
    Immler, V.
    ;
    Gogniat, G.
    ;
    Sigl, G.
    Sensitive applications are split into the IP cores of the Multi-Processors System-on-Chip (MPSoCs). In order to isolate the sensitive communication among such IP cores, security zones based on conference keys agreement can be built. However, the flexibility and dynamic nature of MPSoCs force reshaping the security zones at runtime. It is still a challenge to achieve efficient computation and distribution of new conference keys in MPSoC environments. In order to solve this problem, in this work we propose the combination of two techniques: i) high performance NoC, able to efficiently communicate data and control packets in the system; and ii) hierarchical group-key management for efficient security zone modification. We implement three hierarchical protocols and we show that by decentralizing the security management of the rekeying process and using a two-level NoC, it is possible to achieve an improvement of the performance compared to the previous flat approaches.
  • Publication
    Hierarchical group-key management for NoC-based MPSoCs protection
    ( 2016)
    Sepulveda, J.
    ;
    Flórez, D.
    ;
    Immler, V.
    ;
    Gogniat, G.
    ;
    Sigl, G.
    Group keys can be used in order to communicate secretly sensitive data among IP cores. However, the flexibility and dynamic nature of MPSoCs force reshaping the security zones at runtime. Members of a zone must be able to efficiently compute the new group key while former members must be prevented for data disclosure. Efficiently creating security zones for achieving sensitive traffic isolation in MPSoC environments is a challenging problem. In this work we present the implementation of hierarchical group-key management for NoC-based systems in order to efficiently perform the rekeying process. We implement three hierarchical protocols and we show that by decentralizing the security management of the rekeying process, it is possible to achieve an improvement of the performance when compared to the previous flat approaches.