Performance of Secure Boot in Embedded Systems
Paper in proceeding, 2019
With the proliferation of the Internet of Things (IoT), the need to prioritize the overall system security is more imperative than ever.
The IoT will profoundly change the established usage patterns of embedded systems, where devices traditionally operate in relative isolation.
Internet connectivity brought by the IoT exposes such previously isolated internal device structures to cyber-attacks through the Internet, which opens new attack vectors and vulnerabilities.
For example, a malicious user can modify the firmware or operating system by using a remote connection, aiming to deactivate standard defenses against malware.
The criticality of applications, for example, in the Industrial IoT (IIoT) further underlines the need to ensure the integrity of the embedded software.
One common approach to ensure system integrity is to verify the operating system and application software during the boot process. However, safety-critical IoT devices have constrained boot-up times, and home IoT devices should become available quickly after being turned on. Therefore, the boot-time can affect the usability of a device.
This paper analyses performance trade-offs of secure boot for medium-scale embedded systems, such as Beaglebone and Raspberry Pi. We evaluate two secure boot techniques, one is only software-based, and the second is supported by a hardware-based cryptographic storage unit.
For the software-based method, we show that secure boot merely increases the overall boot time by 4 %.
Moreover, the additional cryptographic hardware storage increases the boot-up time by 36 %.
The IoT will profoundly change the established usage patterns of embedded systems, where devices traditionally operate in relative isolation.
Internet connectivity brought by the IoT exposes such previously isolated internal device structures to cyber-attacks through the Internet, which opens new attack vectors and vulnerabilities.
For example, a malicious user can modify the firmware or operating system by using a remote connection, aiming to deactivate standard defenses against malware.
The criticality of applications, for example, in the Industrial IoT (IIoT) further underlines the need to ensure the integrity of the embedded software.
One common approach to ensure system integrity is to verify the operating system and application software during the boot process. However, safety-critical IoT devices have constrained boot-up times, and home IoT devices should become available quickly after being turned on. Therefore, the boot-time can affect the usability of a device.
This paper analyses performance trade-offs of secure boot for medium-scale embedded systems, such as Beaglebone and Raspberry Pi. We evaluate two secure boot techniques, one is only software-based, and the second is supported by a hardware-based cryptographic storage unit.
For the software-based method, we show that secure boot merely increases the overall boot time by 4 %.
Moreover, the additional cryptographic hardware storage increases the boot-up time by 36 %.
Embedded Systems
Secure Boot
Internet of Things
System Security
Author
Christos Profentzas
Chalmers, Computer Science and Engineering (Chalmers), Networks and Systems (Chalmers)
Mirac Günes
Ericsson
Ioannis Nikolakopoulos
Chalmers, Computer Science and Engineering (Chalmers), Networks and Systems (Chalmers)
Olaf Landsiedel
Chalmers, Computer Science and Engineering (Chalmers), Networks and Systems (Chalmers)
Magnus Almgren
Chalmers, Computer Science and Engineering (Chalmers), Networks and Systems (Chalmers)
Proceedings - 15th Annual International Conference on Distributed Computing in Sensor Systems, DCOSS 2019
198-204
978-1-7281-0570-3 (ISBN)
1st International Workshop on Security and Reliability of IoT Systems (SecRIoT)
Santorini Island, Greece,
Santorini Island, Greece,
KIDSAM: Knowledge and information-sharing in digital collaborative projects
VINNOVA (2018-03966), 2018-11-01 -- 2021-11-30.
AgreeOnIT: Lightweight Consensus and Distributed Computing in the Resource-Constrained Internet of Things
Swedish Research Council (VR) (37200024), 2019-01-01 -- 2022-12-31.
RIOT: Resilient Internet of Things
Swedish Civil Contingencies Agency (MSB2018-12526), 2019-01-01 -- 2023-12-31.
Areas of Advance
Information and Communication Technology
Transport
Subject Categories
Information Science
Control Engineering
Other Electrical Engineering, Electronic Engineering, Information Engineering
DOI
10.1109/DCOSS.2019.00054