Deploying a physically unclonable trusted anchor is required for securing software running on embedded systems. Common mechanisms combine secure boot with either stored secret keys or keys extracted from a Physical Unclonable Function (PUF). We propose a new secure boot mechanism that is hardware-based, individual to each device, and keyless to prohibit any unauthorized alteration of the software running on a particular device. Our solution is based on the so-called Secret Unknown Hash (SUH), a self-created random secret unknown hardwired hash function residing as a permanent digital hardware-module in the device’s physical layout. It is initiated in the device in a post-manufacturing, unpredictable single event process in self-reconfigurable non-volatile SoC FPGAs. In this work, we explain the SUH creation process and its integration for a device-specific secure boot. The SUH is shown to be lightweight when implemented in a sample scenario as a DM-PRESENT-based hash function. A security analysis is also presented, highlighting the different proposed sample SUH-class entropies.
|Title of host publication||Applied Reconfigurable Computing. Architectures, Tools, and Applications|
|Editors||Steven Derrien, Frank Hannig, Pedro C. Diniz, Daniel Chillet|
|Publication status||Published - 2021|
|Event||17th International Symposium on Applied Reconfigurable Computing 2021 - Virtual Event|
Duration: 29.06.2021 → 30.06.2021