SIPP - Secure IoT Processor Platform with Remote Attestation

SIPP - 具有远程认证的安全物联网处理器平台

• 批准号: EP/S030867/1
• 负责人: Máire O'Neill
• 金额: $ 164.99万
• 依托单位: Queen's University Belfast
• 依托单位国家: 英国
• 项目类别: Research Grant
• 财政年份: 2019
• 资助国家: 英国
• 起止时间: 2019 至 无数据
• 项目状态: 已结题
• 来源: https://gtr.ukri.org/projects?ref=EP%2FS030867%2F1
• 关键词: SIPP; Secure; IoT; Processor; Platform

As the world becomes ever more connected, the vast number of Internet of things (IoT) devices necessitates the use of smart, autonomous machine-to-machine communications; however, this poses serious security and privacy issues as we will no longer have direct control over with what or whom our devices communicate. Counterfeit, hacked, or cloned devices acting on a network can have significant consequences: for individuals through the leakage of confidential and personal information, in terms of monetary costs (for e.g. the loss of access to web services - Mirai attack on Dyn took down Twitter, Spotify, Reddit); or for critical national infrastructure, through the loss of control of safety-critical industrial and cyber-physical IoT systems. In addition, IoT devices are often low-cost, low power devices that are restricted in both memory and computing power. A major challenge is how to address the need for security in such resource-constrained devices. As companies race to get IoT devices to market, many do not consider security or, all too often, security is an afterthought. As such, a common theme in all realms of IoT is the need for dependability and security. The SIPP project aims to rethink how security is built into IoT processor platforms. Firstly, the architectural fundamentals of a processor design need to be re-engineered to assure the security of individual on-chip components. This has become increasingly evident with the recent Spectre and Meltdown attacks. On the upper layer of systems-on-chip (SoCs), hardware authentication of chip sub-systems and the entire chip is crucial to detect malicious hardware modification. Then, at the systems layer (i.e., multiple chips on a common printed circuit board), innovative approaches for remote attestation will be investigated to determine the integrity at board level. Finally, the security achieved at all hierarchical layers will be assessed by investigating physical-level vulnerabilities to ensure there is no physical leakage of the secrets on which each layer relies. The proposed project brings together the core partners of the NCSC/EPSRC-funded Research Institute in Secure Hardware and Embedded Systems (RISE), that is, Queen's University Belfast and the Universities of Cambridge, Bristol and Birmingham, with the leading academics in the field of hardware security and security architecture design from the National University of Singapore and Nanyang Technological University, to develop a novel secure IoT processor platform with remote attestation implemented on the RISC-V architecture.

随着世界变得越来越紧密，大量的物联网（IoT）设备需要使用智能，自主的机器对机器通信;然而，这带来了严重的安全和隐私问题，因为我们将不再直接控制我们的设备与什么或谁通信。在网络上运行的假冒、黑客攻击或克隆设备可能会产生严重后果：对于个人而言，会导致机密和个人信息的泄露（例如，无法访问Web服务--米拉伊对Dyn的攻击导致Twitter、Spotify、Reddit瘫痪）;对于关键的国家基础设施而言，会导致对安全关键的工业和网络物理物联网系统的控制权丧失。此外，物联网设备通常是低成本、低功耗的设备，在存储器和计算能力方面都受到限制。一个主要的挑战是如何解决这种资源受限设备的安全需求。随着公司竞相将物联网设备推向市场，许多公司并不考虑安全性，或者通常安全性是事后的想法。因此，物联网所有领域的一个共同主题是对可靠性和安全性的需求。SIPP项目旨在重新思考如何将安全性构建到物联网处理器平台中。首先，处理器设计的架构基础需要重新设计，以确保单个片上组件的安全性。这在最近的Spectre和Meltdown攻击中变得越来越明显。在片上系统（SoC）的上层，芯片子系统和整个芯片的硬件认证是检测恶意硬件修改的关键。然后，在系统层（即，多个芯片在一个共同的印刷电路板），创新的远程认证方法将进行研究，以确定在板级的完整性。最后，将通过调查物理级别的漏洞来评估在所有层次上实现的安全性，以确保每一层所依赖的秘密没有物理泄漏。拟议的项目汇集了NCSC/EPSRC资助的安全硬件和嵌入式系统研究所的核心合作伙伴，即贝尔法斯特女王大学和剑桥大学、布里斯托大学和伯明翰大学，以及新加坡国立大学和南洋理工大学在硬件安全和安全架构设计领域的领先学者，开发一种新型的安全物联网处理器平台，并在RISC-V架构上实现远程认证。

项目成果

Faulty Point Unit: ABI Poisoning Attacks on Trusted Execution Environments

• DOI: 10.1145/3491264
• 发表时间: 2021-10
• 期刊: Digital Threats: Research and Practice (DTRAP)
• 作者: F. Alder;Jo Van Bulck;Jesse Spielman;David F. Oswald;Frank Piessens

An Efficient Ring Oscillator PUF Using Programmable Delay Units on FPGA

• DOI: 10.1145/3593807
• 发表时间: 2023-05
• 期刊: ACM Transactions on Design Automation of Electronic Systems
• 影响因子: 1.4
• 作者: Yijun Cui;Jiang Li;Yunpeng Chen;Chenghua Wang;Chongyan Gu;Máire O’Neill;Weiqiang Liu

Faulty Point Unit: ABI Poisoning Attacks on Intel SGX

• DOI: 10.1145/3427228.3427270
• 发表时间: 2020-12
• 期刊: Proceedings of the 36th Annual Computer Security Applications Conference
• 作者: F. Alder;Jo Van Bulck;David F. Oswald;Frank Piessens

RISC-V Instruction Set Extensions for Lightweight Symmetric Cryptography

用于轻量级对称密码学的 RISC-V 指令集扩展

• DOI: 10.46586/tches.v2023.i1.193-237
• 发表时间: 2022
• 期刊: IACR Transactions on Cryptographic Hardware and Embedded Systems
• 作者: Cheng H

Thunderclap: Exploring Vulnerabilities in Operating System IOMMU Protection via DMA from Untrustworthy Peripherals

Thunderclap：通过来自不可信外设的 DMA 探索操作系统 IOMMU 保护中的漏洞

• DOI: 10.14722/ndss.2019.23194
• 发表时间: 2019
• 作者: Markettos A