An architectural proposal integrating the SPDM standard for embedded systems attestation

Abstract

The number of embedded devices connected to the Internet of Things network grows annually. Concurrently, the necessity to protect these devices against a vast variety of attacks also grows. Especially, scenarios in which attackers have physical access to critical components along the production chain or their field operation induce a concern, an inherent characteristic of these industrial embedded devices 4.0. To answer this concern, a group formed by many hardware manufacturers recently proposed the open industrial standard named Security Protocol and Data Model (SPDM). Essentially, this solution allows single components of a computer system (e.g., memories, ethernet cards, processors, etc.) to verify mutually their authenticity and establish secure communication channels protected by cryptography. However, the SPDM still hasn't been widely implemented and tested in vast application scenarios for its recent proposal. Particularly, the proposed research project's objective consists of enabling the SPDM use in a relevant scenario that, to our best knowledge, is still not explored in the literature: building an architecture integrating the SPDM to the BIOS' Unified Extensible Firmware Interface (UEFI) to enable secure boot, components verification, and secure communication establishment among them since the moment the device is initialized. Thus, the study must evaluate the viability of this integration as well as the computational costs, comparing the benefits and limitations observed regarding the alternative methods of protection in the literature.