Internet of Things (IoT) devices sit at the intersection of unwieldy software complexity and unprecedented attacker access. This unique position comes with a daunting security challenge: how can I protect both proprietary code and confidential data on a device that the attacker has unfettered access to? Trusted Execution Environments (TEEs) promise to solve this challenge through hardware-based separation of trusted and untrusted computation and data. While TEEs do an adequate job of protecting secrets on desktop-class devices, we reveal that trade-offs made in one of the most widely-used commercial IoT devices undermine their TEE's security. This paper uncovers two fundamental weaknesses in IP Encapsulation (IPE), the TEE deployed by Texas Instruments for MSP430 and MSP432 devices. We observe that lack of call site enforcement and residual state after unexpected TEE exits enable an attacker to reveal all proprietary code and secret data within the IPE. We design and implement an attack called RIPencapsulation, which systematically executes portions of code within the IPE and uses the partial state revealed through the register file to exfiltrate secret data and to identify gadget instructions. The attack then uses gadget instructions to reveal all proprietary code within the IPE. Our evaluation with commodity devices and a production compiler and settings shows that -- even after following all manufacturer-recommended secure coding practices -- RIPencapsultaion reveals, within minutes, both the code and keys from third-party cryptographic implementations protected by the IPE.

翻译：物联网设备处于复杂软件与攻击者无限制访问的交叉点上，这一独特地位带来了严峻的安全挑战：在攻击者可完全访问的设备上，如何同时保护专有代码和机密数据？可信执行环境（TEE）通过硬件隔离可信与不可信计算及数据的方式承诺解决这一难题。尽管TEE在桌面级设备上能有效保护秘密，但我们发现，最广泛使用的商用物联网设备之一在权衡设计时会削弱其TEE的安全性。本文揭示了德州仪器为MSP430和MSP432设备部署的TEE——IP封装（IPE）中的两个根本缺陷：调用点强制机制的缺失以及意外TEE退出后的残留状态，使攻击者能够揭露IPE内的所有专有代码和秘密数据。我们设计并实现了一种名为RIPencapsulation的攻击，通过系统执行IPE内的代码片段，利用寄存器文件泄露的部分状态提取秘密数据并识别工具指令。随后，该攻击利用这些工具指令揭露IPE内的全部专有代码。我们对商用设备、生产级编译器及设置进行的评估表明，即使遵循制造商推荐的所有安全编码实践，RIPencapsulation也能在数分钟内从IPE保护的第三方加密实现中泄露代码和密钥。