Abstract
Current and next-generation communication infrastructures are enabling the realization of critical applications. These applications rely on operating systems such as Linux and have strict requirements for performance and security. Due to the performance limitation of general-purpose CPUs hosting the operating systems, the data plane of security protocols is offloaded to dedicated hardware, such as FPGAs and ASICs, with the control plane kept in software. The resulting system architecture introduces a new attack surface on the security protocol. Several threats have been identified that could risk the confidentiality, integrity, and availability of the control plane. A Trusted Execution Environment (TEE) is an isolated environment for executing code securely, thereby, discarding the impact of threats from the rest of a device. A TEE is achieved by partitioning the hardware and software resources of a processor. This paper analyzes the use of TEE in FPGA-SoCs for isolating the control plane of security protocols from the operating system. The data link layer security protocol MACsec was chosen as a reference use case, however, the assessment framework can be applied to other security protocols as they share a similar system architecture. This paper proposes three types of isolation and presents the architecture requirements for its implementation using OP-TEE, an open-source TEE implementation for Arm TrustZone technology inside Arm processors. The isolation can provide a significant reduction in the impact of threat events in the system with 10 out of 12 threat events being fully prevented.
Original language | English |
---|---|
Title of host publication | Proceedings of 2023 IEEE Nordic Circuits and Systems Conference |
Number of pages | 6 |
Publisher | IEEE |
Publication date | 1 Nov 2023 |
Article number | 10305445 |
ISBN (Print) | 979-8-3503-3758-7 |
DOIs | |
Publication status | Published - 1 Nov 2023 |
Event | 2023 IEEE Nordic Circuits and Systems Conference - Aalborg, Denmark, Aalborg, Denmark Duration: 31 Oct 2023 → 1 Nov 2023 |
Conference
Conference | 2023 IEEE Nordic Circuits and Systems Conference |
---|---|
Location | Aalborg, Denmark |
Country/Territory | Denmark |
City | Aalborg |
Period | 31/10/2023 → 01/11/2023 |
Keywords
- Measurement
- Protocols
- Linux
- Systems architecture
- Network security
- Software
- Hardware