Sealed Storage for Low-Cost IoT Devices: an Approach Using SRAM PUFs and Post-Quantum Cryptography
Pages 54 - 59
Abstract
The number of Internet of Things (IoT) devices is increasing since they can solve many problems, such as those found in healthcare or power grid. Since they are susceptible to be attacked, solutions must be explored to make them more trustworthy and, thus, increment the confidence of their users. It is common that trusted devices use secret keys to achieve confidentiality of data stored in non-volatile memory, data in transit, and to authenticate themselves to other parties. However, these keys can be compromised if an attacker takes control of the platform by exploiting some vulnerability. In this work, we propose to seal the secret keys to the platform and to a specific state, mainly associated with the memory content and determined in a development stage. The secret keys are encrypted with a Sealing Secret Key that is not stored in the device, but obfuscated with an SRAM PUF, making it more secure. When a secret key has to be sealed or unsealed, functions called seal() and unseal() are employed. They have atomic execution and are stored in a ROM memory. Their goal is to measure the state of the platform and recuperate the sealing secret key only if the measurement matches a valid one signed by the application developer. As quantum computers are emerging and future IoT devices must be resistant to attacks performed by them, we choose Dilithium and Saturnin as cryptographic primitives. Benchmarking results taken in an ESP32 microcontroller show the suitability of the proposal for an IoT device.
References
[1]
Abhishek Khanna and Sanmeet Kaur, 2020. Internet of Things (IoT), Applications and Challenges: A Comprehensive Review. Wireless Pers Commun 114, 1687–1762.
[2]
Ravi Pratap Singh, Mohd Javaid, Abid Haleem, and Rajiv Suman, 2020. Internet of things (IoT) applications to fight against COVID-19 pandemic. Diabetes & Metabolic Syndrome: Clinical Research & Reviews, 14, 4, 521-524.
[3]
Muhammad Asim Mukhtar, Muhammad Khurram Bhatti, and Guy Gogniat, 2019. Architectures for Security: A comparative analysis of hardware security features in Intel SGX and ARM TrustZone. In Proceedings of 2nd International Conference on Communication, Computing and Digital systems (C-CODE), 299-304.
[4]
Shijun Zhao, Qianying Zhang, Guangyao Hu, Yu Qin, and Dengguo Feng. 2014. Providing Root of Trust for ARM TrustZone using On-Chip SRAM. In Proceedings of the 4th International Workshop on Trustworthy Embedded Devices (TrustED '14). Association for Computing Machinery, New York, NY, USA, 25–36.
[5]
Najwa Aaraj, Anand Raghunathan, and Niraj K. Jha, 2009. Analysis and design of a hardware/software trusted platform module for embedded systems. ACM Trans. Embed. Comput. Syst. 8, 1, Article 8 (December 2008), 31 pages.
[6]
Manos Antonakakis 2009. Understanding the Mirai Botnet. In Proceedings of 26th USENIX Security Symposium. Vancouver, BC, Canada, 1093-1110.
[7]
Jean-Philippe Aumasson, 2017. The impact of quantum computing on cryptography. Computer Fraud & Security, 2017, 6, 8-11.
[8]
Léo Ducas, Eike Kiltz, Tancrède Lepoint, Vadim Lyubashevsky, Peter Schwabe, Gregor Seiler, and Damien Stehlé, 2018. CRYSTALS-Dilithium: A Lattice-Based Digital Signature Scheme. IACR Transactions on Cryptographic Hardware and Embedded Systems. 2018, 1 (Feb. 2018), 238-268.
[9]
Anne Canteaut, Sébastien Duval, Gaëtan Leurent, María Naya-Plasencia, Léo Perrin, Thomas Pornin, André Schrottenloher, 2020. Saturnin: a suite of lightweight symmetric algorithms for post-quantum security. IACR Transactions on Symmetric Cryptology. 2020, S1 (Jun. 2020), 160-207.
[10]
Rosario Arjona, Miguel Ángel Prada-Delgado, Javier Arcenegui, Iluminada Baturone. 2018. Trusted Cameras on Mobile Devices Based on SRAM Physically Unclonable Functions. Sensors. 18, 10, 3352.
[11]
Roberto Román, Rosario Arjona, Javier Arcenegui, and Iluminada Baturone, 2020. Hardware Security for eXtended Merkle Signature Scheme Using SRAM-based PUFs and TRNGs. In 32nd International Conference on Microelectronics (ICM).
[12]
NIST. Post-Quantum Cryptography Standardization. Retrieved from: https://csrc.nist.gov/projects/post-quantum-cryptography/post-quantum-cryptography-sandarization.
[13]
NIST. Lightweight Cryptography. Retrieved from: https://csrc.nist.gov/projects/lightweight-cryptography.
[14]
Thomas Santoli and Christian Schaffner, 2016. Using Simon's Algorithm to Attack Symmetric-Key Cryptographic Primitives. Arxiv.org, arXiv:1603.07856.
[15]
Karim El Defrawy, Aurélien Francillon, Daniele Perito, and Gene Tsudik. 2012. SMART: Secure and minimal architecture for (establishing a dynamic) root of trust. In Network and Distributed System Security Symposium (NDSS), 2012.
[16]
Javier Arcenegui, Rosario Arjona, Roberto Román, Iluminada Baturone, 2021. Secure Combination of IoT and Blockchain by Physically Binding IoT Devices to Smart Non-Fungible Tokens Using PUFs. Sensors. 21, 9, 3119.
Index Terms
- Sealed Storage for Low-Cost IoT Devices: an Approach Using SRAM PUFs and Post-Quantum Cryptography
Index terms have been assigned to the content through auto-classification.
Recommendations
Lattice-based cryptosystems for the security of resource-constrained IoT devices in post-quantum world: a survey
AbstractThe concept of the Internet of Things (IoT) arises due to the change in the characteristics and numbers of smart devices. Communication of things makes it important to ensure security in this interactive architecture. One of the developments that ...
A lightweight remote attestation using PUFs and hash-based signatures for low-end IoT devices
AbstractRemote attestation is a powerful mechanism that allows a verifier to know if the hardware of an IoT (Internet-of-Thing) device (acting as a prover) has been counterfeited or tampered with and if its firmware has been altered. Remote attestation ...
Highlights- Establishing a RoT for Measuring and Reporting using an Attestation ROM with a PUF.
- Combining OTS and MTS hash-based signatures in a remote attestation protocol.
- Evaluating in an ESP32 microcontroller the use of WOTS+ and SDS-OTS ...
An IND-CCA2 secure post-quantum encryption scheme and a secure cloud storage use case
AbstractCode-based public key encryption (PKE) is a popular choice to achieve post-quantum security, partly due to its capability to achieve fast encryption/decryption. However, code-based PKE has larger ciphertext and public key sizes in comparison to ...
Comments
Please enable JavaScript to view thecomments powered by Disqus.Information & Contributors
Information
Published In
November 2021
97 pages
Copyright © 2021 ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 22 November 2021
Check for updates
Author Tags
Qualifiers
- Research-article
- Research
- Refereed limited
Funding Sources
- Junta de Andalucía (Spain)
- Agencia Estatal de Investigación (Spain)
Conference
EICC '21
EICC '21: European Interdisciplinary Cybersecurity Conference
November 10 - 11, 2021
Virtual Event, Romania
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 87Total Downloads
- Downloads (Last 12 months)31
- Downloads (Last 6 weeks)1
Reflects downloads up to 22 Sep 2024
Other Metrics
Citations
View Options
Get Access
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign inFull Access
View options
View or Download as a PDF file.
PDFeReader
View online with eReader.
eReaderHTML Format
View this article in HTML Format.
HTML Format