Presented at
Black Hat Asia 2020 Virtual,
Oct. 2, 2020, 2:20 p.m.
(40 minutes).
Over the last decade, Arm TrustZone has been pivotal for securing hundreds of millions of mobile devices. Within the realm of the Internet of Things (IoT), Arm has recently introduced TrustZone on its new generation of microcontrollers (a.k.a. TrustZone-M). Although TrustZone has been used as a key enabling technology to implement trusted execution environments (TEEs), the sad reality is that, over the past years, TrustZone-assisted TEEs have been successfully attacked hundreds of times, causing highly damaging consequences across different sectors and platforms. One of the root causes of the prevailing vulnerabilities is motivated by the classic dual-world security model, which "imposes" the software needs to be split among a secure and non-secure environment. This dual-world architecture has intrinsic limitations and is falling short to address the increasing complexity and requirements of modern devices. In the future, where trillions of small TrustZone-enabled IoT devices are expected worldwide, this problem can extrapolate, imposing a significant threat for the security of our infrastructures.<br />
<br />
In this talk, we start by examining TrustZone(-M) technology and explaining why the intrinsic traditional dual-world security model is becoming impractical and inherently insecure. We then share our experience in designing and implementing the first multi-world TEE for modern TrustZone-M devices. Existing operating systems (e.g. Zephyr, FreeRTOS), micro-TEEs (e.g. Kinibi-M), and lightweight hypervisors for TrustZone-M microcontrollers are limited to a dual-world architecture; our solution provides an unlimited number of equally-secure execution environments. We demonstrate that the bedrock of the system relies on a lightweight and small TEE kernel that has a minimal impact on the performance and the trusted computing base (TCB) of the system. To close our talk, we will present a live demo of a fully-functional secure IoT stack for Industrial IoT applications running on a real TrustZone-M hardware platform.
Presenters:
-
Sandro Pinto
- Research Scientist and Invited Professor, Universidade do Minho
Sandro Pinto is a Research Scientist and Invited Professor at the University of Minho, Portugal. He holds a PhD in Electronics and Computer Engineering. During his PhD, Sandro was a visiting researcher at the Asian Institute of Technology (Thailand), University of Wurzburg (Germany), and Jilin University (China). Sandro has a deep academic background and several years of industry collaboration focusing on operating systems, virtualization, and security for embedded, cyber-physical, and IoT-based systems. He has published several scientific papers in top-tier conferences/journals and is a skilled presenter with speaking experience in several academic and industrial conferences. Sandro is a long-term supporter of open source projects and is currently helping Hex-Five to make security practical at scale.
-
Daniel Oliveira
- PhD Student, Universidade do Minho
Daniel Oliveira is a PhD candidate and an R&D fellow at Centro ALGORITMI at the University of Minho. Daniel obtained both his Bachelors and Masters in Electronic and Computer Engineering at the University of Minho (Portugal). Having specialized in the field of embedded systems, he carried out his Master's Thesis under the supervision of assistant professor Dr. Sandro Pinto, focusing on top-of-the-line security extensions for Arm microprocessors, namely Arm TrustZone technology. After finishing his Master, Daniel was invited to enrol in two major R&D projects – HMIExcell Project and InnovCar Program, partnerships between University of Minho and Bosch Car Multimedia Portugal, focusing on the leading edge of the autonomous driving and HMI technologies. He started as a developer and system designer, and later he was invited to be head of development. His research interests include operating systems, computer architectures, real-time systems, embedded security for cyber-physical and IoT-based systems, and automotive front-end systems. Nowadays his work relies on finishing his PhD program, which proposes a novel mixed-criticality architecture for low-end IoT devices.
Links:
Similar Presentations: