ABSTRACT
The number of Internet of Things (IoT) devices is increasing since they can solve many problems, such as those found in healthcare or power grid. Since they are susceptible to be attacked, solutions must be explored to make them more trustworthy and, thus, increment the confidence of their users. It is common that trusted devices use secret keys to achieve confidentiality of data stored in non-volatile memory, data in transit, and to authenticate themselves to other parties. However, these keys can be compromised if an attacker takes control of the platform by exploiting some vulnerability. In this work, we propose to seal the secret keys to the platform and to a specific state, mainly associated with the memory content and determined in a development stage. The secret keys are encrypted with a Sealing Secret Key that is not stored in the device, but obfuscated with an SRAM PUF, making it more secure. When a secret key has to be sealed or unsealed, functions called seal() and unseal() are employed. They have atomic execution and are stored in a ROM memory. Their goal is to measure the state of the platform and recuperate the sealing secret key only if the measurement matches a valid one signed by the application developer. As quantum computers are emerging and future IoT devices must be resistant to attacks performed by them, we choose Dilithium and Saturnin as cryptographic primitives. Benchmarking results taken in an ESP32 microcontroller show the suitability of the proposal for an IoT device.
- Abhishek Khanna and Sanmeet Kaur, 2020. Internet of Things (IoT), Applications and Challenges: A Comprehensive Review. Wireless Pers Commun 114, 1687–1762. DOI: https://doi.org/10.1007/s11277-020-07446-4.Google Scholar
- Ravi Pratap Singh, Mohd Javaid, Abid Haleem, and Rajiv Suman, 2020. Internet of things (IoT) applications to fight against COVID-19 pandemic. Diabetes & Metabolic Syndrome: Clinical Research & Reviews, 14, 4, 521-524. DOI: https://doi.org/10.1016/j.dsx.2020.04.04.Google ScholarCross Ref
- Muhammad Asim Mukhtar, Muhammad Khurram Bhatti, and Guy Gogniat, 2019. Architectures for Security: A comparative analysis of hardware security features in Intel SGX and ARM TrustZone. In Proceedings of 2nd International Conference on Communication, Computing and Digital systems (C-CODE), 299-304. DOI: https://doi.org/10.1109/C-CODE.2019.8680982.Google ScholarCross Ref
- Shijun Zhao, Qianying Zhang, Guangyao Hu, Yu Qin, and Dengguo Feng. 2014. Providing Root of Trust for ARM TrustZone using On-Chip SRAM. In Proceedings of the 4th International Workshop on Trustworthy Embedded Devices (TrustED '14). Association for Computing Machinery, New York, NY, USA, 25–36. DOI: https://doi.org/10.1145/2666141.2666145.Google ScholarDigital Library
- Najwa Aaraj, Anand Raghunathan, and Niraj K. Jha, 2009. Analysis and design of a hardware/software trusted platform module for embedded systems. ACM Trans. Embed. Comput. Syst. 8, 1, Article 8 (December 2008), 31 pages. DOI: https://doi.org/10.1145/1457246.1457254.Google ScholarDigital Library
- Manos Antonakakis 2009. Understanding the Mirai Botnet. In Proceedings of 26th USENIX Security Symposium. Vancouver, BC, Canada, 1093-1110.Google Scholar
- Jean-Philippe Aumasson, 2017. The impact of quantum computing on cryptography. Computer Fraud & Security, 2017, 6, 8-11. DOI: https://doi.org/10.1016/S1361-3723(17)30051-9.Google ScholarCross Ref
- Léo Ducas, Eike Kiltz, Tancrède Lepoint, Vadim Lyubashevsky, Peter Schwabe, Gregor Seiler, and Damien Stehlé, 2018. CRYSTALS-Dilithium: A Lattice-Based Digital Signature Scheme. IACR Transactions on Cryptographic Hardware and Embedded Systems. 2018, 1 (Feb. 2018), 238-268. DOI: https://doi.org/10.13154/tches.v2018.i1.238-268.Google Scholar
- Anne Canteaut, Sébastien Duval, Gaëtan Leurent, María Naya-Plasencia, Léo Perrin, Thomas Pornin, André Schrottenloher, 2020. Saturnin: a suite of lightweight symmetric algorithms for post-quantum security. IACR Transactions on Symmetric Cryptology. 2020, S1 (Jun. 2020), 160-207. DOI: https://doi.org/10.13154/tosc.v2020.iS1.160-207.Google Scholar
- Rosario Arjona, Miguel Ángel Prada-Delgado, Javier Arcenegui, Iluminada Baturone. 2018. Trusted Cameras on Mobile Devices Based on SRAM Physically Unclonable Functions. Sensors. 18, 10, 3352. DOI: https://doi.org/10.3390/s18103352.Google ScholarCross Ref
- Roberto Román, Rosario Arjona, Javier Arcenegui, and Iluminada Baturone, 2020. Hardware Security for eXtended Merkle Signature Scheme Using SRAM-based PUFs and TRNGs. In 32nd International Conference on Microelectronics (ICM). DOI: https://doi.org/10.1109/ICM50269.2020.9331821.Google ScholarCross Ref
- NIST. Post-Quantum Cryptography Standardization. Retrieved from: https://csrc.nist.gov/projects/post-quantum-cryptography/post-quantum-cryptography-sandarization.Google Scholar
- NIST. Lightweight Cryptography. Retrieved from: https://csrc.nist.gov/projects/lightweight-cryptography.Google Scholar
- Thomas Santoli and Christian Schaffner, 2016. Using Simon's Algorithm to Attack Symmetric-Key Cryptographic Primitives. Arxiv.org, arXiv:1603.07856.Google Scholar
- Karim El Defrawy, Aurélien Francillon, Daniele Perito, and Gene Tsudik. 2012. SMART: Secure and minimal architecture for (establishing a dynamic) root of trust. In Network and Distributed System Security Symposium (NDSS), 2012.Google Scholar
- Javier Arcenegui, Rosario Arjona, Roberto Román, Iluminada Baturone, 2021. Secure Combination of IoT and Blockchain by Physically Binding IoT Devices to Smart Non-Fungible Tokens Using PUFs. Sensors. 21, 9, 3119. DOI: https://doi.org/10.3390/s21093119.Google ScholarCross Ref
Index Terms
- Sealed Storage for Low-Cost IoT Devices: an Approach Using SRAM PUFs and Post-Quantum Cryptography
Recommendations
Lattice-based cryptosystems for the security of resource-constrained IoT devices in post-quantum world: a survey
AbstractThe concept of the Internet of Things (IoT) arises due to the change in the characteristics and numbers of smart devices. Communication of things makes it important to ensure security in this interactive architecture. One of the developments that ...
A lightweight remote attestation using PUFs and hash-based signatures for low-end IoT devices
AbstractRemote attestation is a powerful mechanism that allows a verifier to know if the hardware of an IoT (Internet-of-Thing) device (acting as a prover) has been counterfeited or tampered with and if its firmware has been altered. Remote attestation ...
Highlights- Establishing a RoT for Measuring and Reporting using an Attestation ROM with a PUF.
- Combining OTS and MTS hash-based signatures in a remote attestation protocol.
- Evaluating in an ESP32 microcontroller the use of WOTS+ and SDS-OTS ...
An IND-CCA2 secure post-quantum encryption scheme and a secure cloud storage use case
AbstractCode-based public key encryption (PKE) is a popular choice to achieve post-quantum security, partly due to its capability to achieve fast encryption/decryption. However, code-based PKE has larger ciphertext and public key sizes in comparison to ...
Comments