IRIS: An embedded secure boot for IoT devices

This study proposes a hardware secure boot solution, an instant retrieval information system (IRIS) that is suitable for integrating Internet of Things (IoT) devices. IRIS can boot a Linux kernel image pre-stores in removable media and comprises a data verifier securing the authenticity, integrity,...

Descripción completa

Detalles Bibliográficos
Autores: Cano Quiveu, Germán, Ruiz de Clavijo Vázquez, Paulino, Bellido Díaz, Manuel Jesús, Juan Chico, Jorge, Viejo Cortés, Julián
Tipo de recurso: artículo
Estado:Versión publicada
Fecha de publicación:2023
País:España
Institución:Universidad de Sevilla (US)
Repositorio:idUS. Depósito de Investigación de la Universidad de Sevilla
OAI Identifier:oai:idus.us.es:11441/148844
Acceso en línea:https://hdl.handle.net/11441/148844
https://doi.org/10.1016/j.iot.2023.100874
Access Level:acceso abierto
Palabra clave:Field programmable gate array
Secure boot
Internet of Things (IoT)
Bootloader
Hardware
Embedded device
Descripción
Sumario:This study proposes a hardware secure boot solution, an instant retrieval information system (IRIS) that is suitable for integrating Internet of Things (IoT) devices. IRIS can boot a Linux kernel image pre-stores in removable media and comprises a data verifier securing the authenticity, integrity, and confidentiality of the boot process. IRIS is fully developed as a hardware module and the results reveal short boot-up times and a small hardware footprint when implemented on field programmable gate array chips. In addition, IRIS is an open-source generic solution that can be adapted to multiple architectures and includes a crypto-core called E-LUKS that can be used outside the boot-loading process to add confidentiality, integrity, and authenticity to data stored on off-chip storage like a flash device. IRIS shows a reduction in lookup tables footprint when compared to other IoT solutions consuming from 90% to 750% less resources and only slightly greater, around 30%, with solutions that only cover authentication and integrity.