Accelerated Secure Boot for Real-Time Embedded Safety Systems

Features
Authors Abstract
Content
Secure boot is a fundamental security primitive for establishing trust in computer systems. For real-time safety applications, the time taken to perform the boot measurement conflicts with the need for near instant availability. To speed up the boot measurement while establishing an acceptable degree of trust, we propose a dual-phase secure boot algorithm that balances the strong requirement for data tamper detection with the strong requirement for real-time availability. A probabilistic boot measurement is executed in the first phase to allow the system to be quickly booted. This is followed by a full boot measurement to verify the first-phase results and generate the new sampled space for the next boot cycle. The dual-phase approach allows the system to be operational within a fraction of the time needed for a full boot measurement while producing a high detection probability of data tampering. We propose two efficient schemes of the dual-phase approach along with calibratable parameters to achieve the desired tamper detection probability. We evaluate the tampering detection accuracy within a simulation environment. Then we build a real system to evaluate the real-time performance using an automotive embedded microcontroller with a built-in Hardware Security Module (HSM).
Meta TagsDetails
DOI
https://doi.org/10.4271/11-02-01-0003
Pages
11
Citation
Nasser, A., Gumise, W., and Ma, D., "Accelerated Secure Boot for Real-Time Embedded Safety Systems," SAE Int. J. Transp. Cyber. & Privacy 2(1):35-48, 2019, https://doi.org/10.4271/11-02-01-0003.
Additional Details
Publisher
Published
Jul 8, 2019
Product Code
11-02-01-0003
Content Type
Journal Article
Language
English