Security and Privacy in Communication Networks. 11th International Conference, SecureComm 2015, Dallas, TX, USA, October 26-29, 2015, Revised Selected Papers

Research Article

Intrinsic Code Attestation by Instruction Chaining for Embedded Devices

  • @INPROCEEDINGS{10.1007/978-3-319-28865-9_6,
        author={Oliver Stecklina and Peter Langend\o{}rfer and Frank Vater and Thorsten Kranz and Gregor Leander},
        title={Intrinsic Code Attestation by Instruction Chaining for Embedded Devices},
        proceedings={Security and Privacy in Communication Networks. 11th International Conference, SecureComm 2015, Dallas, TX, USA, October 26-29, 2015, Revised Selected Papers},
        proceedings_a={SECURECOMM},
        year={2016},
        month={2},
        keywords={},
        doi={10.1007/978-3-319-28865-9_6}
    }
    
  • Oliver Stecklina
    Peter Langendörfer
    Frank Vater
    Thorsten Kranz
    Gregor Leander
    Year: 2016
    Intrinsic Code Attestation by Instruction Chaining for Embedded Devices
    SECURECOMM
    Springer
    DOI: 10.1007/978-3-319-28865-9_6
Oliver Stecklina1,*, Peter Langendörfer1,*, Frank Vater1,*, Thorsten Kranz2,*, Gregor Leander2,*
  • 1: IHP
  • 2: Ruhr-University Bochum
*Contact email: stecklina@ihp-microelectronics.com, langend@ihp-microelectronics.com, vater@ihp-microelectronics.com, thorsten.kranz@rub.de, gregor.leander@rub.de

Abstract

In this paper we present a novel approach to ensure that no malicious code can be executed on resource constraint devices such as sensor nodes or embedded devices. The core idea is to encrypt the code and to decrypt it after reading it from the memory. Thus, if the code is not encrypted with the correct key it cannot be executed due the incorrect result of the decryption operation. A side effect of this is that the code is protected from being copied. In addition we propose to bind instructions to their predecessors by cryptographic approaches. This helps us to prevent attacks that reorder authorized code such as return-oriented programming attacks. We present a thorough security analysis of our approach as well as simulation results that prove the feasibility of our approach. The performance penalty as well as the area penalty depend mainly on the cipher algorithm used. The former can be as small as a single clock cycle if Prince a latency optimized block cipher is used, while the area overhead is 45 per cent for a commodity micro controller unit (MCU).