Download Trusted embedded System Operating System (TeSOS)

•
Memory performance (access speed of volatile storage and caches)
•
Processor speed for operations such as hashing, encryption, or decryption
•
Availability of cryptographic co-processors
•
Network performance
•
Storage performance (speed of persistent storage such as Electrically Erasable Programmable
Read-Only Memory (EEPROM))
5.1.4 Security Extensions
Very often, hardware-based security extensions provide a higher degree of security than security
mechanisms only based on software.
Moreover, hardware-based security extensions are often
more ecient in terms of speed and resource consumption. Therefore, it is analysed, whether
the hardware platforms provide hardware-based security extensions, such as:
Security domains / Isolation:
Security domains are used to segment existing IT infrastruc-
ture into logical zones with a common trust level. A security domain could be an isolated subset
of a network or hardware/software system combined with the computing resources attached to
that subset. Isolation is provided through software or hardware conguration (e.g., Virtual Local
Area Networks (VLANs)), internal rewalls, or virtualisation. The level of security results from
implementation of the policies, processes, and security technology deployed within a domain, as
well as the isolation boundary that denes the domain edges. The most important techniques
that help to secure WSNs are listed below:
•
Virtual address spaces
•
TrustZone (see Section 5.2.1)
•
Protection Rings
•
Other realisations of security domains
Secure or authenticated boot:
As described in Section 4.2.2, secure or authenticated boot
gives the possibility to ensure that a platform only loads allowed components during bootstrapping.
We focus on the the following techniques, to ensure the unchanged software state of a
sensor node.
•
Texas-Instruments M-Shield: M-Shield is a security extension [JA] designed by Texas Instruments to provide a high-security solution inside mobile platforms.
Key benets of
M-Shield are on-chip cryptographic keys, secure execution environment, secure storage,
secure chip-interconnects, Standard API to connect with TrustZone, Tampering detection,
and high-performance hardware-based cryptographic accelerators.
•
TPM: A hardware device, protected against manipulation and designated for opt-in usage, providing protected capabilities and shielded locations. The Trusted Platform Module (TPM) is a passive component and contains engines for random number generation,
calculation of hash values and RSA key generation. A TPM generates and stores keys, signs
or binds data to the platform and provides secure storage of measurement information of
the platform's current state. The TPM is available in two versions: The new version 1.2
specied in [TCG05a] and the deprecated version 1.1b specied in [TCG02]
42