2022 | OriginalPaper | Buchkapitel
EVALUATING THE USE OF BOOT IMAGE ENCRYPTION ON THE TALOS II ARCHITECTURE
verfasst von : Calvin Muramoto, Scott Graham, Stephen Dunlap
Erschienen in: Critical Infrastructure Protection XVI
Verlag: Springer Nature Switzerland
Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.
Wählen Sie Textabschnitte aus um mit Künstlicher Intelligenz passenden Patente zu finden. powered by
Markieren Sie Textabschnitte, um KI-gestützt weitere passende Inhalte zu finden. powered by
Critical infrastructure devices operating in unprotected end-node environments are vulnerable to malicious actors who conduct hardware attacks such as reverse engineering and side-channel analysis. Boot data is rarely encrypted and typically travels across an accessible bus, enabling the data to be easily intercepted during system start-up. Encrypting the firmware would make reverse engineering extremely difficult for malicious actors and competitors. It would improve the effectiveness of tamper detection methods and deter zero-day vulnerability discovery. Increasing boot security could be a fundamental part of decreasing attack surfaces across the critical infrastructure sectors.This chapter describes a Talos II architecture implementation that encrypts a section of the boot image and decrypts it during initial program load. During power-on, the encrypted image travels across the Low Pin Count bus into a POWER9 module Level 3 cache and is decrypted in the processor. Boot image encryption is implemented using ciphers of different strengths. An analysis of their efficiency is conducted to determine the optimal algorithm.