AI Bibliography |
Muramoto, C., Graham, S., & Dunlap, S. 2022, Evaluating the use of boot image encryption on the talos ii architecture. Paper presented at Critical Infrastructure Protection XVI: 16th IFIP WG 11.10 International Conference, ICCIP 2022, Virtual Event, March 14--15, 2022, Revised Selected Papers. |
Resource type: Proceedings Article BibTeX citation key: Muramoto2022 View all bibliographic details |
Categories: Computer Science, Engineering, General, Military Science Subcategories: Cognitive Electronic Warfare, Drones, Military research Creators: Dunlap, Graham, Muramoto Publisher: Collection: Critical Infrastructure Protection XVI: 16th IFIP WG 11.10 International Conference, ICCIP 2022, Virtual Event, March 14--15, 2022, Revised Selected Papers |
Attachments |
Abstract |
Critical infrastructure devices operating in unprotected end-node environments are vulnerable to malicious actors who conduct hardware attacks such as reverse engineering and side-channel analysis. Boot data is rarely encrypted and typically travels across an accessible bus, enabling the data to be easily intercepted during system start-up. Encrypting the firmware would make reverse engineering extremely difficult for malicious actors and competitors. It would improve the effectiveness of tamper detection methods and deter zero-day vulnerability discovery. Increasing boot security could be a fundamental part of decreasing attack surfaces across the critical infrastructure sectors.
This chapter describes a Talos II architecture implementation that encrypts a section of the boot image and decrypts it during initial program load. During power-on, the encrypted image travels across the Low Pin Count bus into a POWER9 module Level 3 cache and is decrypted in the processor. Boot image encryption is implemented using ciphers of different strengths. An analysis of their efficiency is conducted to determine the optimal algorithm.
|