Control Plane Isolation of Network Security Protocols using FPGA-SoC Trusted Execution Environment

Research output: Chapter in Book/Report/Conference proceedingArticle in proceedingsResearchpeer-review

Abstract

Current and next-generation communication infrastructures are enabling the realization of critical applications. These applications rely on operating systems such as Linux and have strict requirements for performance and security. Due to the performance limitation of general-purpose CPUs hosting the operating systems, the data plane of security protocols is offloaded to dedicated hardware, such as FPGAs and ASICs, with the control plane kept in software. The resulting system architecture introduces a new attack surface on the security protocol. Several threats have been identified that could risk the confidentiality, integrity, and availability of the control plane. A Trusted Execution Environment (TEE) is an isolated environment for executing code securely, thereby, discarding the impact of threats from the rest of a device. A TEE is achieved by partitioning the hardware and software resources of a processor. This paper analyzes the use of TEE in FPGA-SoCs for isolating the control plane of security protocols from the operating system. The data link layer security protocol MACsec was chosen as a reference use case, however, the assessment framework can be applied to other security protocols as they share a similar system architecture. This paper proposes three types of isolation and presents the architecture requirements for its implementation using OP-TEE, an open-source TEE implementation for Arm TrustZone technology inside Arm processors. The isolation can provide a significant reduction in the impact of threat events in the system with 10 out of 12 threat events being fully prevented.
Original languageEnglish
Title of host publicationProceedings of 2023 IEEE Nordic Circuits and Systems Conference
Number of pages6
PublisherIEEE
Publication date1 Nov 2023
Article number10305445
ISBN (Print)979-8-3503-3758-7
DOIs
Publication statusPublished - 1 Nov 2023
Event2023 IEEE Nordic Circuits and Systems Conference - Aalborg, Denmark, Aalborg, Denmark
Duration: 31 Oct 20231 Nov 2023

Conference

Conference2023 IEEE Nordic Circuits and Systems Conference
LocationAalborg, Denmark
Country/TerritoryDenmark
CityAalborg
Period31/10/202301/11/2023

Keywords

  • Measurement
  • Protocols
  • Linux
  • Systems architecture
  • Network security
  • Software
  • Hardware

Fingerprint

Dive into the research topics of 'Control Plane Isolation of Network Security Protocols using FPGA-SoC Trusted Execution Environment'. Together they form a unique fingerprint.

Cite this