Building a Secure Bootloader: Considerations and Recommendations

Stefan Ilić, Mario Münzer
2019 Zenodo  
As the number of so-called Internet-of-Things is continuously rising and the urge for regular hardware updates has never been higher, the security of our smart objects all around us is often skipped due to lack of development time. By default, these devices are equipped with a primitive bootloader, which is executing code located at a designated address. Within this document, we are describing a simple but worthwhile validation mechanism, which is realized by using digital signature algorithm
more » ... gnature algorithm included in the bootloader. As a result, we are making sure that no malicious code or malware can be executed and the running application is originating from a trusted and known developer. Nevertheless, even the strongest cryptographic system cannot ensure the highest possible security, if the device itself is prone to fault injection attacks. A simple alteration of the voltage or clock speed is sufficient in order to unsettle the device's usual and intended behaviour and cause instruction skipping among others. At worst, this could result in bypassing of authentication mechanisms, one of the most common targets of an attack. With the aid of randomly-chosen delays in instruction processing as well as multiple use of authentication mechanisms, we are describing straightforward mechanisms in order to decrease the level of success of common fault injections. Moreover, a list of recommendations is given in this document suitable for situations, where resources are limited and no additional hardware can be added.
doi:10.5281/zenodo.3611062 fatcat:bgei3m4ocjhytd5xehlhnawe4m