 |
|
|
|
以作者查詢圖書館館藏 、以作者查詢臺灣博碩士 、以作者查詢全國書目 、勘誤回報 、線上人數:95 、訪客IP:18.116.89.187
姓名 何群毅(Chiun-Yi Ho) 查詢紙本館藏 畢業系所 資訊工程學系 論文名稱 TrustRAS: 可重構衛星之安全遠程證實系統
(TrustRAS: Secure Remote Attestation System on Reconfigurable Satellites)相關論文 檔案 [Endnote RIS 格式]
[相關文章]
[文章引用]
[完整記錄]
[館藏目錄]
至系統瀏覽論文 ( 永不開放)
摘要(中) 在低軌道(LEO)衛星上應用 FPGA 的可重構衛星,由於其效能及配置彈性優勢而被廣泛使用。為了確保可重構衛星任務的可靠性,遠程證實技術被用來確認運行中的系統狀態。然而,目前的 FPGA 遠端證實方法在衛星應用的場景下,面臨 IP 竊取和證實過程可靠性的問題。因此我們提出 TrustRAS,基於 ARM TrustZone 技術的可重構衛星之遠程證實系統,確保在軌道中衛星運行時的完整性以及提供安全的證實過程。同時,我們在系統中加入了遙測指令的認證功能,以防止惡意命令影響衛星的運作穩定性。最後,我們在 AMD Xilinx Zynq Ultrascale+ MPSoC 開發板上實作 TrustRAS 並評估安全性及其時間開銷。 摘要(英) Low Earth Orbit (LEO) satellites are rapidly developing. The utilization of reconfigurable satellites has significantly increased due to the rapid execution and reconfigurability capabilities of FPGAs. To ensure the reliability of mission execution, remote attestation is a method that can verify the integrity of the system. However, existing FPGA remote attestation methods encounter challenges related to IP piracy and the reliability of attestation process in the satellite scenario. Moreover, the communication challenges between satellites and ground stations involve the transmission of malicious commands by unauthorized ground stations, and since the communication between satellites and ground stations is not always consistent, satellites are unable to receive remote attestation requests at all times. To overcome these issues, we propose TrustRAS, an ARM TrustZone-based remote attestation system for reconfigurable satellites. Our solution ensures the runtime bitstream integrity of the satellite on orbit while also guaranteeing the security of the attestation process. Additionally, we provide telecommand authentication for satellite communication to ensure that malicious commands will not affect the stability of the satellite. Finally, we perform a security analysis of TrustRAS, implement the system on the AMD Xilinx Zynq Ultrascale+ MPSoC development board, and evaluate the performance overhead to confirm the system′s feasibility. 關鍵字(中) ★ 遠端證實
★ 可重構衛星
★ 可信執行環境
★ ARM TrustZone關鍵字(英) ★ ARM TrustZone
★ Remote Attestation
★ Reconfigurable Satellite論文目次 中文摘要 i
Abstract ii
致謝 iii
Contents iv
List of Figures vii
List of Tables viii
1 Introduction 1
2 Background 4
2.1 ARM TrustZone . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
2.2 Zynq MPSoC Architecture . . . . . . . . . . . . . . . . . . . . . . . . . 5
2.3 Remote Attestation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
3 Related Works 8
3.1 REE Bitstream Attestation . . . . . . . . . . . . . . . . . . . . . . . . . 8
3.2 FPGA-based TEE Bitstream Attestation . . . . . . . . . . . . . . . . . . 9
3.3 SoC-based TEE Bitstream Attestation . . . . . . . . . . . . . . . . . . . 9
4 System Model 11
4.1 Satellite Remote Attestation Scenario . . . . . . . . . . . . . . . . . . . 11
4.2 Threat Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
4.2.1 Internal Threats in Satellite Systems . . . . . . . . . . . . . . . . 12
4.2.2 External Ground-based Threats . . . . . . . . . . . . . . . . . . 13
5 System Design 14
5.1 System Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
5.2 Normal World . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
5.2.1 Preventing Insecure Access to Satellite Configuration Interfaces . 15
5.2.2 Protection Against Malicious Telecommands from Ground Stations 16
5.2.3 Periodic Triggering of the Measurement Process . . . . . . . . . 16
5.3 Secure World . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
5.3.1 Protection Against Unauthorized Telecommands from Ground Sta-
tions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
5.3.2 Attestation Process . . . . . . . . . . . . . . . . . . . . . . . . . 17
5.3.3 Utilizing Hardware Resource . . . . . . . . . . . . . . . . . . . . 19
5.3.4 Secure Driver Programs for Hardware Manipulation . . . . . . . 19
5.4 Workflow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
5.4.1 Measurement Process . . . . . . . . . . . . . . . . . . . . . . . . 20
5.4.2 Measurement Scheduling . . . . . . . . . . . . . . . . . . . . . . 20
5.4.3 Obtaining Measurement Evidence . . . . . . . . . . . . . . . . . 21
6 Implementation 23
6.1 Telecommand Verifier . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
6.2 Measurement Handler . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
6.3 Attest Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
6.3.1 Evidence Process . . . . . . . . . . . . . . . . . . . . . . . . . . 25
6.3.2 Evidence Retrieve . . . . . . . . . . . . . . . . . . . . . . . . . 26
6.4 Secure Driver . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
6.4.1 PCAP Driver . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
6.4.2 Watchdog Timer Driver . . . . . . . . . . . . . . . . . . . . . . 27
7 Evaluation 28
7.1 Security Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
7.1.1 Malicious Telecommand Prevention . . . . . . . . . . . . . . . . 28
7.1.2 Telecommand Replay Attack Prevention . . . . . . . . . . . . . . 28
7.1.3 IP Piracy Prevention . . . . . . . . . . . . . . . . . . . . . . . . 29
7.1.4 Confidentiality of Attestation Evidence . . . . . . . . . . . . . . 29
7.1.5 Attestation Replay Attack Prevention . . . . . . . . . . . . . . . 29
7.2 Performance Evaluation . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
7.2.1 Execution Time of Telecommand Verify . . . . . . . . . . . . . . 30
7.2.2 Execution Time of Attestation . . . . . . . . . . . . . . . . . . . 30
8 Conclusion 32
Bibliography 33參考文獻 [1] D. van Wyk and V. Balyan, “Low-Cost FPGA-Based On-board Computer,” in Communication and Intelligent Systems, H. Sharma, M. K. Gupta, G. S. Tomar, and W. Lipo, Eds. Springer Singapore, 2021, pp. 21–30.
[2] A. Hofmann, R. Glein, L. Frank, R. Wansch, and A. Heuberger, “Reconfigurable on-board processing for flexible satellite communication systems using FPGAs,” in 2017 Topical Workshop on Internet of Space (TWIOS), 2017, pp. 1–4.
[3] J. Fowers, G. Brown, P. Cooke, and G. Stitt, “A performance and energy comparison of FPGAs, GPUs, and multicores for sliding-window applications,” in Proceedings of the ACM/SIGDA International Symposium on Field Programmable Gate Arrays, ser. FPGA ’12. New York, NY, USA: Association for Computing Machinery, 2012, p. 47–56. [Online]. Available: https://doi.org/10.1145/2145694.2145704
[4] X. Jia, T. Lv, F. He, and H. Huang, “Collaborative Data Downloading by Using Inter-Satellite Links in LEO Satellite Networks,” IEEE Transactions on Wireless Communications, vol. 16, no. 3, pp. 1523–1532, 2017.
[5] J. Willbold, M. Schloegel, M. Vögele, M. Gerhardt, T. Holz, and A. Abbasi, “Space Odyssey: An Experimental Software Security Analysis of Satellites,” in 2023 IEEE Symposium on Security and Privacy (SP), 2023, pp. 1–19.
[6] “Trusted Execution Environments: Properties, Applications, and Challenges,” IEEE Security & Privacy, vol. 18, no. 2, pp. 56–60, 2020.
[7] ARM.org, “TrustZone for Cortex-A,” 2023, [Online; accessed 27-May-2024]. [Online]. Available: https://developer.arm.com/Processors/TrustZone%20for%20Cortex-A
[8] AMD, “Zynq™ UltraScale+™ MPSoC,” 2024, [Online; accessed 27-May-2024]. [Online]. Available: https://www.xilinx.com/products/silicon-devices/soc/zynq-ultrascale-mpsoc.html
[9] ——, “UG908 Vivado Design Suite User Guide: Programming and Debugging,”2023, [Online; accessed 26-May-2024]. [Online]. Available: https://docs.amd.com/r/2023.1-English/ug908-vivado-programming-debugging/Readback-and-Verify
[10] ——, “UG1137 Zynq UltraScale+ MPSoC Software Developer Guide,” 2023, [Online; accessed 26-May-2024]. [Online]. Available: https://docs.amd.com/r/en-US/ug1137-zynq-ultrascale-mpsoc-swdev
[11] J. Vliegen, M. M. Rabbani, M. Conti, and N. Mentens, “SACHa: Self-Attestation of Configurable Hardware,” pp. 746–751, 2019.
[12] Y.-C. Lin and G.-Y. Chang, “TrustFADE: An Anti-theft Attestation Design for Programmable Logic,” pp. 1–14, 2023.
[13] N. H. Crisp, S. Livadiotti, and P. C. E. Roberts, “A Semi-Analytical Method for Calculating Revisit Time for Satellite Constellations with Discontinuous Coverage,”CoRR, vol. abs/1807.02021, 2018. [Online]. Available: http://arxiv.org/abs/1807.02021
[14] AMD, “Vivado Design Suite User Guide: Dynamic Function eXchange,” 2024, [Online; accessed 26-May-2024]. [Online].Available: https://docs.amd.com/r/en-US/ug909-vivado-partial-reconfiguration/Dynamic-Function-eXchange-through-ICAP-for-Zynq-Devices
[15] ARM, “Learn the architecture - AArch64 Exception Model,” 2024, [Online; accessed 26-May-2024]. [Online]. Available: https://developer.arm.com/documentation/102412/0103/Privilege-and-Exception-levels/Exception-levels
[16] D. H. Krawczyk, M. Bellare, and R. Canetti, “HMAC: Keyed-Hashing for Message
Authentication,” RFC 2104, Feb. 1997. [Online]. Available: https://www.rfc-editor.org/info/rfc2104
[17] T. Zhou, Y. Zhu, N. Jing, T. Nan, W. Li, and B. Peng, “Reliable SoC Design and Implementation of SHA-3-HMAC Algorithm with Attack Protection,” in 2020 IEEE International Conference on Smart Cloud (SmartCloud), 2020, pp. 88–93.
[18] S. Sandosh, R. Saxena, S. Shah, and S. S. Rachiraju, “State-of-the-Art of Voice Assistance Technology, Mitigating Replay Attacks: A Comprehensive Discussion,” in 2024 5th International Conference on Intelligent Communication Technologies and Virtual Mobile Networks (ICICV), 2024, pp. 594–601.
[19] TEE Internal Core API Specification, GlobalPlatform Technology, 6 2018, version 1.1.2.50.
[20] M. R. Yaswinski, M. M. Chowdhury, and M. Jochen, “Linux Security: A Survey,”in 2019 IEEE International Conference on Electro Information Technology (EIT), 2019, pp. 357–362.指導教授 張貴雲(Guey-Yun Chang) 審核日期 2024-7-26 推文 plurk
funp
live
udn
HD
myshare
netvibes
friend
youpush
delicious
baidu
網路書籤 Google bookmarks
del.icio.us
hemidemi
facebook
twitter
google
reddit