Skip to main content
SpringerLink
Log in

EVALUATING THE USE OF BOOT IMAGE ENCRYPTION ON THE TALOS II ARCHITECTURE

  • Conference paper
  • First Online:
Critical Infrastructure Protection XVI (ICCIP 2022)

Part of the book series: IFIP Advances in Information and Communication Technology ((IFIPAICT,volume 666))

Included in the following conference series:

  • 248 Accesses

Abstract

Critical infrastructure devices operating in unprotected end-node environments are vulnerable to malicious actors who conduct hardware attacks such as reverse engineering and side-channel analysis. Boot data is rarely encrypted and typically travels across an accessible bus, enabling the data to be easily intercepted during system start-up. Encrypting the firmware would make reverse engineering extremely difficult for malicious actors and competitors. It would improve the effectiveness of tamper detection methods and deter zero-day vulnerability discovery. Increasing boot security could be a fundamental part of decreasing attack surfaces across the critical infrastructure sectors.

This chapter describes a Talos II architecture implementation that encrypts a section of the boot image and decrypts it during initial program load. During power-on, the encrypted image travels across the Low Pin Count bus into a POWER9 module LevelĀ 3 cache and is decrypted in the processor. Boot image encryption is implemented using ciphers of different strengths. An analysis of their efficiency is conducted to determine the optimal algorithm.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 129.00
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 169.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 169.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. R. Beaulieu, D. Shors, J. Smith, S. Treatman-Clark, B. Weeks and L. Wingers, SIMON and SPECK: Block ciphers for the Internet of Things, presented at the NIST Lightweight Cryptography Workshop, 2015.

    Google ScholarĀ 

  2. Digi International, Image Encryption, Hopkins, Minnesota (www.digi.com/resources/documentation/digidocs/embedded/dey/2.6/cc8x/yocto-trustfence_t_image-encryption.html), 2019.

    Google ScholarĀ 

  3. A. Fournaris, Using Hardware Means to Secure Critical Infrastructure Devices, CIPSEC Project, University of Patras, Patras, Greece (www.cipsec.eu/content/using-hardware-means-secure-critical-infrastructure-devices), 2020.

    Google ScholarĀ 

  4. D. Heller and N. Sastry, OpenPower secure and trusted boot, Part 2: Protecting system firmware with OpenPOWER secure boot, IBM Developer, IBM, Armonk, New York (developer.ibm.com/articles/protect-system-firmware-openpower), 2019.

    Google ScholarĀ 

  5. IBM, Secure Initial Program Load (IPL) Process, Armonk, New York (www.ibm.com/docs/en/power9/9009-42A?topic=9009-42A/p9ia9/p9ia9_secure_ipl_proc_concept.htm), 2021.

    Google ScholarĀ 

  6. A. Jeffery, General Architecture of Hostboot (amboar.github.io/notes/2018/08/19/hostboot-architecture.html), 2018.

    Google ScholarĀ 

  7. A. Jeffery, Hacking Hostboot (amboar.github.io/notes/2018/08/19/hacking-hostboot.html), 2018.

    Google ScholarĀ 

  8. Microchip Technology, AVR231: AES Bootloader, Application Note AN2462, DS00002462A, Chandler, Arizona (ww1.microchip.com/downloads/en/AppNotes/00002462A.pdf), 2017.

    Google ScholarĀ 

  9. C. Muramoto, S. Dunlap and S. Graham, Improving hardware security on the Talos II architecture through boot image encryption, Proceedings of the Seventeenth International Conference on Cyber Warfare and Security, pp. 489ā€“496, 2022.

    Google ScholarĀ 

  10. R. Nuqui and A. Phadke, Phasor measurement unit placement techniques for complete and incomplete observability, IEEE Transactions on Power Delivery, vol. 20(4), pp. 2381ā€“2388, 2005.

    Google ScholarĀ 

  11. Raptor Computing Systems, Default PNOR Layout, Belvidere, Illinois (git.raptorcs.com/git/pnor/tree/p9Layouts/defaultPnorLayout_64.xml), 2019.

    Google ScholarĀ 

  12. Raptor Computing Systems, OpenPOWER Firmware, Belvidere, Illinois (wiki.raptorcs.com/wiki/OpenPOWER_Firmware), 2021.

    Google ScholarĀ 

  13. Silicon Labs, AN0060: Booloader with AES Encryption, Revision 1.05, Austin, Texas (www.silabs.com/documents/public/application-notes/an0060-bootloader-with-aes-encryption.pdf), 2016.

    Google ScholarĀ 

Download references

Author information

Authors and Affiliations

  1. Cyber Operations at the Air Force Institute of Technology, Wright-Patterson Air Force Base, Dayton, Ohio, USA

    Calvin Muramoto,Ā Scott GrahamĀ &Ā Stephen Dunlap

Authors
  1. Calvin Muramoto
    View author publications

    You can also search for this author in PubMedĀ Google Scholar

  2. Scott Graham
    View author publications

    You can also search for this author in PubMedĀ Google Scholar

  3. Stephen Dunlap
    View author publications

    You can also search for this author in PubMedĀ Google Scholar

Corresponding author

Correspondence to Scott Graham .

Editor information

Editors and Affiliations

  1. University of Tulsa, Tulsa, OK, USA

    Jason Staggs

  2. University of Tulsa, Tulsa, OK, USA

    Sujeet Shenoi

Rights and permissions

Reprints and permissions

Copyright information

Ā© 2022 IFIP International Federation for Information Processing

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Muramoto, C., Graham, S., Dunlap, S. (2022). EVALUATING THE USE OF BOOT IMAGE ENCRYPTION ON THE TALOS II ARCHITECTURE. In: Staggs, J., Shenoi, S. (eds) Critical Infrastructure Protection XVI. ICCIP 2022. IFIP Advances in Information and Communication Technology, vol 666. Springer, Cham. https://doi.org/10.1007/978-3-031-20137-0_10

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-20137-0_10

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-20136-3

  • Online ISBN: 978-3-031-20137-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation