polito.it
Politecnico di Torino (logo)

OpenTitan Integration in a SoC: A Software Stack Development from OpenSSL to the Device Driver

Franco Volante

OpenTitan Integration in a SoC: A Software Stack Development from OpenSSL to the Device Driver.

Rel. Edoardo Patti, Emanuele Parisi, Francesco Barchi, Luca Barbierato, Andrea Acquaviva. Politecnico di Torino, Corso di laurea magistrale in Ingegneria Informatica (Computer Engineering), 2022

Abstract:

Unmanned Autonomous Systems (UAS) are used nowadays in a wide range of applications ranging from civil to military sector. These systems are characterized by a highly dynamic operation with fast response to critical environments which raises different challenges to ensure safety and security against cyber threats. For instance, Root-of-Trust (RoT) is a set of functions, reliable for the UAS, which becomes the starting point for secure operations. These secure operations normally require high computation resources to respect the real-time constraints of UAS applications. Different pure software implementation has been proposed to reduce the response time required for security operations. However, they may lead to overuse of computational capabilities that could reduce the real-time response performance of UAS during critical operations. Another possible solution could be the use of cryptographic accelerators at the cost of additional hardware. Whilst this solution may be acceptable in a normal embedded system, UAS are normally equipped with limited battery capacity that could impact their operational working time when dealing with additional hardware. This dissertation studies the implementation of cryptographic algorithm acceleration on a CVA6 UAS hardware architecture with an integrated silicon RoT solution based on OpenTitan, which tries to deal with the security and safety challenges highlighted above. OpenTitan is treated as a Trusted Platform Module (TPM) isolated from the rest of the system. It creates a secure environment where cryptographic functions can be performed without additional hardware requirements. The architecture is set up to optimize performance regarding the most common cryptographic algorithms, from hashing and signature verification (i.e. RSA) to symmetric key cryptography (i.e. AES), resulting in exploiting OpenTitan as a pseudo-cryptographic accelerator isolated from the rest of the system making these operations secure and inaccessible from untrusted applications. The implemented software stack employs both the Global Platform (GP) standard for trusted execution environment and the Trusted Computing Group (TCG) standard for trusted platform module. In particular, the GP standard deals with the communication between user space application and the driver handling OpenTitan. The TCG standard instead deals with data manipulation between the driver and OpenTitan. The use of both standards guarantees the authenticity, isolation, and correctness of all data and operations that flow in the software stack, creating not only a secure environment but also a secure channel that performs cryptographic operations. In conclusion, this dissertation demonstrates how safety and isolation can be achieved by exploiting the proposed hardware architecture and the application of security standards (i.e. GP and TCG), thus succeeding in achieving valid cryptographic performance with low-power consumption requirements.

Relatori: Edoardo Patti, Emanuele Parisi, Francesco Barchi, Luca Barbierato, Andrea Acquaviva
Anno accademico: 2022/23
Tipo di pubblicazione: Elettronica
Numero di pagine: 68
Informazioni aggiuntive: Tesi secretata. Fulltext non presente
Soggetti:
Corso di laurea: Corso di laurea magistrale in Ingegneria Informatica (Computer Engineering)
Classe di laurea: Nuovo ordinamento > Laurea magistrale > LM-32 - INGEGNERIA INFORMATICA
Aziende collaboratrici: NON SPECIFICATO
URI: http://webthesis.biblio.polito.it/id/eprint/25474
Modifica (riservato agli operatori) Modifica (riservato agli operatori)