ShieLD: Shielding Cross-zone Communication within Limited-resourced IoT Devices running Vulnerable Software Stack
2023 (engelsk)Inngår i: IEEE Transactions on Dependable and Secure Computing, ISSN 1545-5971, E-ISSN 1941-0018, Vol. 20, nr 2, s. 1031-Artikkel i tidsskrift (Fagfellevurdert) Published
Abstract [en]
Securing IoT devices is gaining attention as the security risks associated with these devices increase rapidly. TrustZone-M, a Trusted Execution Environment (TEE) for Cortex-M processors, ensures stronger security within an IoT device by allowing isolated execution of security-critical operations, without trusting the entire software stack. However, TrustZone-M does not guarantee secure cross-world communication between applications in the Normal and Secure worlds. The cryptographic protection of the communication channel is an obvious solution; however, within a low-power IoT device, it incurs high overhead if applied to each cross-world message exchange. We present ShieLD, a framework that enables a secure communication channel between the two TrustZone-M worlds by leveraging the Memory Protection Unit (MPU). ShieLD guarantees confidentiality, integrity and authentication services without requiring any cryptographic operations. We implement and evaluate ShieLD using a Musca-A test chip board with Cortex-M33 that supports TrustZone-M. Our empirical evaluation shows, among other gains, the cross-zone communication protected with ShieLD is 5 times faster than the conventional crypto-based communication.
sted, utgiver, år, opplag, sider
Institute of Electrical and Electronics Engineers Inc. , 2023. Vol. 20, nr 2, s. 1031-
Emneord [en]
Codes, Communication channels, Computer architecture, Cortex-M, IoT, IoT Security, Memory management, Program processors, Software, TEE, Trusted Execution Environments, TrustZone, TrustZone-M, Virtualization, Communication channels (information theory), Cryptography, Memory architecture, Code, Communications channels, Cortexes, Memory-management, Virtualizations, Internet of things
HSV kategori
Identifikatorer
URN: urn:nbn:se:ri:diva-59089DOI: 10.1109/TDSC.2022.3147262Scopus ID: 2-s2.0-85124184486OAI: oai:DiVA.org:ri-59089DiVA, id: diva2:1651956
2022-04-142022-04-142023-07-03bibliografisk kontrollert