Security is becoming a must-have feature for modern embedded and IoT systems. Many approaches are proposed and implemented to combat with various attacks. For example, Trustzone was proposed by ARM to its CPU architecture to provide resource access control and memory isolation for sensitive data protection. In this short article I just shortly review two approaches to implement a security system.
First approach is to implement a secure processor. Here is youtube video.
It starts with processor vulnerabilities which can be exploited by attackers.
Both instruction and data are encrypted and authenticated. When a security processor fetches data or instruction from memory, it needs to decrypt and authenticate it before use. When data is written back to memory, data needs to be encryted and MAC, Message Authentication Code, needs to be calculated before written into memory. Therefore what is stored in memory is not only encrypted but also authenticated. Obviously instruction needs to be encrypted and authenticated before processor starts execution.
4 bytes of data or instruction are encryted and authenticated as a bundle. This is to improve efficiency and throughput. This approach comes with power penalty due to cryptography calculations, memory size penalty due to MAC and meta data, and throughput or processor speed penalty.
A software-based memory protection approach is proposed in SoftME: A Software-Based Memory Protection Approach for TEE System to Resist Physical Attacks
This approach adopts ARM TrustZone technology. It allocates the on-chip memory space to the secure world and execute TEE OS on the on-chip memory. It assumes on-chip memory is safe and is free from sniff and hack. The system vulnerability is due to data and instruction could be saved in off-chip memory. it uses data encryption to protect the security of data transmission and storage off-chip. Data is encrypted on the on-chip memory before being written back to the off-chip memory. This is to ensure that the data is always in the form of ciphertext when transmitted off-chip.
This approach only protects off-chip memory. On-chip space, including memory and registers, are assumed to be safe. This can be a valid assumption for certain systems but likely not true for others. An embedded SoC likely has other ports such as PCIe, USB, JTAG, UART, etc. to talk to outside worlds which allows attackers to inject malicious code to or sniff existing content from on-chip memory.