This content is not included in
your SAE MOBILUS subscription, or you are not logged in.
Mechanism for Secure Storage without a Trusted Execution Environment for Low/Mid Automotive Segments
Technical Paper
2021-01-0145
ISSN: 0148-7191, e-ISSN: 2688-3627
This content contains downloadable datasets
Annotation ability available
Sector:
Event:
SAE WCX Digital Summit
Language:
English
Abstract
Increasing adoption of connected vehicles has led the vehicle manufacturers to deal with security issues in a vehicle-embedded system. In order to secure the security critical instructions/operations such as security functions, cryptographic credentials in a connected embedded system Arm Trustzone Technology is widely used in automotive embedded system across Cockpit, ADAS, V2X, etc. The Arm Trustzone technology protects the security critical operations by executing them in a trusted execution environment (TEE) parallelly by isolating them through hardware from classic rich execution environment (REE) using the shared hardware resources by protecting the confidentiality and integrity of the system. The Arm Trustzone technology uses secure configuration register (SCR) to switch between secure and non-secure worlds by providing two execution environments with different privileges through secure monitor call (SMC) and arm trusted firmware (ATF) across the resources e.g., memory, interrupts, peripherals etc. with different exception levels (EL). The enhanced security provided by Arm Trustzone technology is biased by resource constraints to the operations running in the REE when the resource isolation switches to the TEE through SCR. Hence, for the limited resource embedded automotive cockpits the driver assisting functions such as navigation system, which are running, in the REE gets void of resources due to the TEE, which in turn affects the functional safety of the overall driving system. Here, in order to eliminate the ambiguity between security and safety for the limited resource automotive cockpits where the addition of TEE is cannot be done, an efficient secure storage system is proposed without TEE in Arm Trustzone technology. The proposed approach stores the RPMB (Replay Protected Memory Block) key in the specialized memory of Arm Trustzone Technology during the vehicle provisioning with its encrypted version stored in the RPMB block of MMC. During the Harman secured boot loader based booting of the cockpit system, the derived key is generated from this key after decryption, and the application data based operations are executed in kernel space through an introduced secure storage kernel module in kernel, thereby providing the secured storage of the security critical operations in the Arm Trustzone Technology without TEE.
Recommended Content
Authors
Topic
Citation
Ansari, A., Thekkumbadan, S., Das, S., JOSE, J. et al., "Mechanism for Secure Storage without a Trusted Execution Environment for Low/Mid Automotive Segments," SAE Technical Paper 2021-01-0145, 2021, https://doi.org/10.4271/2021-01-0145.Data Sets - Support Documents
Title | Description | Download |
---|---|---|
Unnamed Dataset 1 |
Also In
References
- Reddy , A.K. , Paramasivam , P. , Vemula , P.B. Mobile Secure Data Protection Using eMMC RPMB Partition 2015 International Conference on Computing and Network Communications (CoCoNet) 2015
- Miller , C. and Valasek , C. Remote Exploitation of an Unaltered Passenger Vehicle Black Hat USA 2015
- Siegel , J.E. , Erb , D.C. , and Sarma , S.E. A Survey of the Connected Vehicle Landscape—Architectures, Enabling Technologies, Applications, and Development Areas IEEE Transactions on Intelligent Transportation Systems 19 8 2391 2406 Aug. 2018
- ARM http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.prd29-genc-009492c/index.html 2009
- Arthur , W. , Challener , D. , and Goldman , K. 2015 Platform Security Technologies that Use TPM 2.0 A Practical Guide to TPM 2.0 Apress Berkeley, CA https://doi.org/10.1007/978-1-4302-6584-9_22
- Großschadl , J. Reassessing the TCG Specifications for Trusted Computing in Mobile and Embedded Systems IEEE International Workshop on Hardware-Oriented Security and Trust 84 90 IEEE Computer Society 2008