How to trust the Snake: Extending the Chain of Trust to Interpreted Languages on Highly Embedded Systems

Micropython is an embedded Python interpreter, which runs on many embedded boards and processors. This allows developers to rapidly build and prototype new embedded devices. The interpreter and the PyBoard (a prototype board running Micropython) are already in use by the hacker community and Python enthusiasts.

Hackers have shown time and time again, that they are able to execute arbitrary code on "well-secured" devices (like many gaming consoles, IoT-devices, etc). Most of the times the hackers tried to execute Linux on their devices.

It is not always wanted to allow arbitrary code execution, for example when the licensing scheme does not allow homebrew games or to secure against attackers. Especially for Internet-of-Things devices and other embedded devices it is important to only accept code and updates from the manufacturer, so an attacker cannot sell devices, with a malicious firmware on them. Selling the devices means that an attacker has access to all of the hardware and in theory could also read and write to arbitrary memory locations.

Assume Micropython is stored securely in ROM and cannot be changed by anyone. Then the task in this thesis is to develop a system, which ensures that the loaded and about-to-be executed code has not been tampered with, since the device come out of the factory. Every code part (modules as well as user-code), which is loaded off a secondary storage device, needs to be checked. Bit flips and memory fuzzing by an attacker needs to be detected.

The thesis is split into two parts, first encryption and certification-algorithms need to be researched. Secondly, a method of these is implemented. The overhead needs to be assessed and the integrity properties checked.