Publications

Acceleration of DICE Key Generation using Key Caching

AuthorLorych, Dominik; Jäger, Lukas; Fuchs, Andreas
Date2024
TypeConference Paper
AbstractDICE is a Trusted Computing standard intended to secure resource-constrained off-the-shelf hardware. It implements a Root of Trust that can be used to construct a Chain of Trust boot system, with symmetric keys representing firmware integrity and device identity. Based on this, asymmetric keys can be generated, but this slows down the boot process significantly as the keys need to be generated on every boot. Asymmetric keys provide multiple advantages when compared to symmetric ones, especially for updateable systems. This prevents the adoption of DICE in fields with strict boot time requirements, for example in the automotive context. Boot times can be accelerated if keys can be cached in flash memory. However, keys must not be accessible if the state of the system changes, as otherwise the keys would not represent the state anymore. We implement two approaches for this and evaluate them on three MCUs regarding automotive requirements, with representatives for low-level, mid-level and hardware-accelerated controllers.
ConferenceInternational Conference on Availability, Reliability and Security 2024
Urlhttps://publica.fraunhofer.de/handle/publica/472806