Verified boot in embedded systems with hard boot time constraints

Abstract

The use of embedded systems in devices, machines, and vehicles which we interact with every day is increasing progressively. In the vehicular industry, we can see such embedded systems in the form of Electronic Control Units (ECUs) which have specific tasks in different areas of the vehicle. In order to coordinate the various embedded systems, usually, a central ECU plays the role of a hub and is equipped with an operating system. Moreover, the central ECU has expanded nowadays to have internet connectivity which raises certain security issues. In this setting, we need to assure the integrity of the operating system against any malicious modifications. According to our threat analysis, this can be done only during the boot-up process; unfortunately, the verification process is time-consuming. Therefore, the verification process poses a serious performance issue since the ECU has certain real-time constraints. In this thesis, we investigate most of the serious threats regarding the Operating System integrity and the boot process as well. Furthermore, we evaluate the state of the art techniques for a verified boot process for a Linux Kernel system. The experiment setup includes general purpose embedded devices with real-time constraints in mind. After the evaluation, we conclude that we cannot implement an adequately secure solution on an inherently non-secure hardware platform; a compromise on security is necessary to meet the real-time constraints. Therefore, we propose that we should consider the security aspect during the design phase of an embedded platform.