Date of Award

3-2022

Document Type

Thesis

Degree Name

Master of Science

Department

Department of Electrical and Computer Engineering

First Advisor

Scott R. Graham, PhD

Abstract

Sensitive devices operating in unprotected environments are vulnerable to hardware attacks like reverse engineering and side channel analysis. This represents a security concern because the root of trust can be invalidated through boot firmware manipulation. For example, boot data is rarely encrypted and typically travels across an accessible bus like the LPC bus, allowing data to be easily intercepted and possibly manipulated during system startup. The ash chip storing the boot data can also be removed from these devices and examined to reveal detailed boot information. This paper details an implementation of encrypting a section of the boot image and decrypting it during the IPL of the Talos II. During power-on, the encrypted image travels across the LPC bus into the POWER9 Level3 cache and is decrypted in the processor. This proves that it is possible to prevent adversaries from interfering with the IPL ow or obtaining details on firmware from the ash chip. The boot image encryption method is implemented with multiple levels of encryption and an evaluation of their efficiency is conducted to determine the performance impact for each algorithm.

AFIT Designator

AFIT-ENG-MS-22-M-049

DTIC Accession Number

AD1166905

Share

COinS