An Enclave-based TEE for SE-in-SoC in RISC-V Industry

TL;DR

This paper proposes an enclave-based trusted execution environment (TEE) for RISC-V SoC with embedded secure elements, enhancing security and reducing design complexity through hardware-software co-design and enclave isolation.

Contribution

It introduces a novel enclave-based TEE architecture for RISC-V SoC with SE, improving security and isolation while addressing design complexity and cost issues.

Findings

Enclaves effectively isolate applications and protect SE in RISC-V SoC.

The TEE ensures trusted execution and secure communication among applications.

The solution enhances security against side-channel attacks and malware.

Abstract

Secure Element (SE) in SoC sees an increasing adoption in industry. Many applications in IoT devices are bound to the SE because it provides strong cryptographic functions and physical protection. Though SE-in-SoC provides strong proven isolation for software programs, it also brings more design complexity and higher cost to PCB board building. More, SE-in-SoC may still have security concerns, such as malware installation and user impersonation. In this work, we employ TEE, a hardware-backed security technique, for protecting SE-in-SoC and RISCV. In particular, we construct various enclaves for isolating applications and manipulating the SE, with the inherently-secure primitives provided by RISC-V. Using hardware and software co-design, the solution ensures trusted execution and secure communication among applications. The security of SE is further protected by enforcing the SE to be controlled by a trusted enclave and making the RISC-V core resilient to side-channel attacks.