Accelerated Secure Boot for Real-Time Embedded Safety Systems

Secure boot is a fundamental security primitive for establishing trust in computer systems. For real-time safety applications, the time taken to perform the boot measurement conflicts with the need for near instant availability. To speed up the boot measurement while establishing an acceptable degree of trust, the authors propose a dual-phase secure boot algorithm that balances the strong requirement for data tamper detection with the strong requirement for real-time availability. A probabilistic boot measurement is executed in the first phase to allow the system to be quickly booted. This is followed by a full boot measurement to verify the first-phase results and generate the new sampled space for the next boot cycle. The dual-phase approach allows the system to be operational within a fraction of the time needed for a full boot measurement while producing a high detection probability of data tampering. The authors propose two efficient schemes of the dual-phase approach along with calibratable parameters to achieve the desired tamper detection probability. The authors evaluate the tampering detection accuracy within a simulation environment. Then the authors build a real system to evaluate the real-time performance using an automotive embedded microcontroller with a built-in Hardware Security Module (HSM).

Language

  • English

Media Info

Subject/Index Terms

Filing Info

  • Accession Number: 01715450
  • Record Type: Publication
  • Source Agency: SAE International
  • Report/Paper Numbers: 11-02-01-0003
  • Files: TRIS, SAE
  • Created Date: Jul 16 2019 11:01AM