Outside software cannot read or write a protected module's runtime state. A module can only be called through one of its designated entry points.
A minimalist cryptographic hardware unit enables low-overhead symmetric key derivation, authenticated encryption, and hashing.
Remote or local parties can verify at runtime that a particular software module has been isolated on a specific node without having been tampered with.
Sancus safeguards the authenticity, integrity, and freshness of all traffic between a protected module and its remote provider.
Secure driver modules have exclusive ownership over memory-mapped I/O peripheral devices, and can implement software-defined access control policies.
Legacy applications continue to function as expected; critical components can be migrated gradually into Sancus-protected modules.
The Sancus security architecture for networked embedded devices was proposed in 2013 at the USENIX Security conference. It supports remote (even third-party) software installation on devices while maintaining strong security guarantees. More specifically, Sancus can remotely attest to a software provider that a specific software module is running uncompromised, and can provide a secure communication channel between software modules and software providers. Software modules can securely maintain local state, and can securely interact with other software modules that they choose to trust.
Over the past three years, significant experience has been gained with applications of Sancus, and several extensions of the architecture have been investigated – both by the original designers as well as by independent researchers. Informed by these additional research results, this journal version of the Sancus paper describes an improved design and implementation, supporting additional security guarantees (such as confidential deployment) and a more efficient cryptographic core.
We describe the design of Sancus 2.0 (without relying on any prior knowledge of Sancus), and develop and evaluate a prototype FPGA implementation. The prototype extends an MSP430 processor with hardware support for the memory access control and cryptographic functionality required to run Sancus. We report on our experience with using Sancus in a variety of application scenarios, and discuss some important avenues of ongoing and future work.
Job Noorman, Jo Van Bulck, Jan Tobias Mühlberg, Frank Piessens, Pieter Maene, Bart Preneel, Ingrid Verbauwhede, Johannes Götzfried, Tilo Müller, Felix Freiling. Sancus 2.0: A Low-Cost Security Architecture for IoT Devices. ACM Transactions on Privacy and Security (TOPS), 2017.