Embedded Security

The fast reduction of structure sizes in semiconductor technology allows the fabrication of increasingly powerful, energy-saving, and low-price microprocessors. Small micro-controllers can nowadays be found in more and more devices of daily life, like cars or mobile phones. These so-called embedded systems perform various sophisticated and sometimes safety-critical tasks. Failures of these systems have an immediate impact on our real live. These systems impose high requirements on safety and reliability.

Especially the increasing connectivity among embedded systems (Internet of things) demands security functions to ensure a reliable and safe operation of embedded systems. Because of the stringent resource constraints of embedded systems (computational power, energy), these security functions have to be combined with the actual functionality of the embedded system. Integrated security functions are therefore a necessity for a safe and reliable operation of embedded systems.

Expertise

For our costumers, Fraunhofer AISEC develops hardened embedded systems, in which software security functions are complemented with matching hardware security functions. We offer an integrated hardware and software engineering process, as well as the necessary migration of functionality into hardware. Fraunhofer AISEC provides concepts, and develops and evaluates solutions for embedded systems according to different criteria, like energy consumption, computational power, and communication cost. These customized solutions range from the correct integration of hardware security elements to the development of tailored security solutions in hardware and software, according to the dedicated needs of our costumers.

Skills and services at a glance

  • side-channel analysis and attacks on embedded systems, together with the development of effective countermeasures
  • scalable techniques for the identification and authentication of components
  • efficient techniques for fault-detection and fault-tolerance in digital circuits
  • advanced virtualization concepts for embedded components
  • trusted operating system kernels for embedded systems
  • specific security modules for embedded systems based on field programmable gate arrays (FPGAs)

Publications

  • J. Horsch, M. Huber and S. Wessel. “TransCrypt: Transparent Main Memory Encryption Using a Minimal ARM Hypervisor”. In: Proceedings of the 16th International Conference on Trust, Security and Privacy in Computing and Communications. TrustCom ’17. Sydney, Australia: IEEE, Aug. 2017, pp. 152–161. DOI: 10.1109/Trustcom/BigDataSE/ICESS.2017.232.
  • J. Obermaier and S. Tatschner. “Shedding too much Light on a Microcontroller’s Firmware Protection”. In: 11th USENIX Workshop on Offensive Technologies (WOOT 17). Vancouver, BC: USENIX Association, 2017.
  • M. Huber, J. Horsch, J. Ali and S. Wessel. “Freeze & Crypt: Linux Kernel Support for Main Memory Encryption”. In: 14th International Conference on Security and Cryptography (SECRYPT 2017). INSTICC. ScitePress, 2017.
  • J. Sepúlveda, M. Gross, A. Zankl and G. Sigl. “Exploiting Bus Communication to Improve Cache Attacks on Systems-on-Chips”. In: 2017 IEEE Computer Society Annual Symposium on VLSI (ISVLSI). to appear. 2017.
  • N. Jacob, J. Heyszl, A. Zankl, C. Rolfes and G. Sigl. “How to Break Secure Boot on FPGA SoCs through Malicious Hardware”. In: Conference on Cryptographic Hardware and Embedded Systems, CHES 2017. 2017.
  • M. Huber, J. Horsch and S. Wessel. “Protecting Suspended Devices from Memory Attacks”. In: Proceedings of the 10th European Workshop on Systems Security. EuroSec’17. Belgrade, Serbia: ACM, 2017.
  • J. Sepúlveda, A. Zankl, D. Flórez and G. Sigl. “Towards Protected MPSoC Communication for Information Protection against a Malicious NoC”. In: Procedia Computer Science 108 (2017). International Conference on Computational Science, ICCS 2017, 12-14 June 2017, Zurich, Switzerland, pp. 1103 –1112.
  • N. Jacob, J. Wittmann, J. Heyszl, R. Hesselbarth, F. Wilde, M. Pehl, G. Sigl and K. Fisher. “Securing FPGA SoC Configurations Independent of Their Manufacturers”. In: 30th IEEE International System-on-Chip Conference. 2017.
  • J. Sepúlveda, A. Zankl and O. Mischke. “Cache Attacks and Countermeasures for NTRUEncrypt on MPSoCs: Post-quantum Resistance for the IoT”. In: 2017 30th IEEE International System-on-Chip Conference (SOCC). to appear. 2017.
  • N. Jacob, C. Rolfes, A. Zankl, J. Heyszl and G. Sigl. “Compromising FPGA SoCs using Malicious Hardware Blocks”. In: Design Automation and Test in Europe, DATE 2017. Lausanne, Switzerland, 2017.
  • M. Green, L. Rodrigues-Lima, A. Zankl, G. Irazoqui, J. Heyszl and T. Eisenbarth. “AutoLock: Why Cache Attacks on ARM Are Harder Than You Think”. In: 26th USENIX Security Symposium (USENIX Security 17). Vancouver, BC: USENIX Association, 2017. URL: https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/green.
  • S. Wagner and C. Eckert. "Policy-based Implicit Attestation for Microkernel-based Virtualized Systems". In: Information Security, 19th International Conference, ISC 2016.
  • M. Huber, B. Taubmann, S. Wessel, H. P. Reiser and G. Sigl. “A flexible framework for mobile device forensics based on cold boot attacks”. In: EURASIP Journal on Information Security 2016.1 (2016), pp. 1–13.