PA-Boot: A Formally Verified Authentication Protocol for Multiprocessor Secure Boot

arXiv:2209.07936v2 Announce Type: replace
Abstract: Hardware supply-chain attacks are raising significant security threats to the boot process of multiprocessor systems. This paper identifies a new, prevalent hardware supply-chain attack surface that can bypass multiprocessor secure boot due to the absence of processor-authentication mechanisms. To defend against such attacks, we present PA-Boot, the first formally verified processor-authentication protocol for secure boot in multiprocessor systems. PA-Boot is proved functionally correct and is guaranteed to detect multiple adversarial behaviors, e.g., processor replacements, man-in-the-middle …

arxiv attack attacks attack surface authentication boot bypass can cs.ar cs.cr hardware prevalent process processor protocol secure boot security security threats supply systems threats verified