Department of Electrical and Computer Engineering

Configurable computing for high-security/high-performance

ambient systems 1

Guy Gogniat, Lilian Bossuet,

LESTER Laboratory,University of South Britanny (UBS),

Lorient, Franceguy.gogniat@univ-ubs.fr; lilian.bossuet@univ-ubs.fr

1This research This work is supported by the French DGA DSP/SREA under contract no. ERE 0460 00 010

Wayne Burleson,

Department of Electrical and Computer Engineering,

University of Massachusetts, Amherst, MA 01003-9284 USA

burleson@ecs.umass.edu

2Department of Electrical and Computer Engineering

Outline

Attacks and countermeasures on embedded systems

Reconfigurable architectures Security and reconfigurable architectures AES case study Conclusions

3Department of Electrical and Computer Engineering

Outline

Attacks and countermeasures on embedded systems

Reconfigurable architectures Security and reconfigurable architectures AES case study Conclusions

4Department of Electrical and Computer Engineering

Security and attacks Security Objectives

• Security is required in order to guaranty:• The protection of private data

(typically key, PIN, secret or confidential data)• The protection of the design

(typically some IPs)• The protection of the system

(typically its functionality, so that nobody else can control the system)

Attack Objectives• Attacks aim to break security in order to get access

to:• Private data so that changing some values,

copying the data or destroying the data• The design so that changing some modules,

copying the design or destroying the design• The system so that changing its behavior or

destroying the system

5Department of Electrical and Computer Engineering

Promity-based Hardware attacks Power or EM analysis

Attacks on Embedded Systems

RAM

Remote software attacks

Worm, virus, Trojan horse

Reversible proximity-based attacks

Fault injection

Proximity-based hardware attacks

Tampering

RAMKEY

RSA

AES

µP

turbo code

6Department of Electrical and Computer Engineering

Countermeasures

Designers should have in mind…

Symptom-free

Security-aware

Activity-aware

Agile

Robust

Throughput

Efficiency

Latency

Area

Power

Energy

Cost

Performance issues

Security issues

High-SecurityHigh-Performance

System

7Department of Electrical and Computer Engineering

Outline

Attacks and countermeasures on embedded systems

Reconfigurable architectures Security and reconfigurable architectures AES case study Conclusions

8Department of Electrical and Computer Engineering

Why reconfigurable architectures?

Potential advantages of configurable computing for security• System Agility: switching from one protection mechanism to

another, balance protection mechanisms depending on requirements• System Upload: upgrade of the protection mechanisms

Potential advantages of configurable computing for efficiency (and particularly for the security system) • Specialization: design the system for a specific set of parameters• Resource sharing: temporal resources sharing• Throughput: high parallelism and deep pipeline implementation is

possible

Configurable computing enables Dynamic Configuration at Run Time• To react and adapt rapidly to an irregular situation

9Department of Electrical and Computer Engineering

Cryptography onto FPGA ?Energy efficiency of embedded technologies

P. Schaumont, I. Verbauwhede. Domain-Specific Codesign for Embedded Security.In IEEE Computer Society, 2003

University of California, UCLAprocessorsFPGAASIC

10Department of Electrical and Computer Engineering

Advantages of reconfigurable architectures

Active - Irreversible

Passive – Side channel

RobustnessActivity-awareness

AgilitySymptom-free

Security-awarenessActivity-awareness

Attack type Countermeasure Configurable computingadvantages

Technology/SensorsSystem agility

System agilitySystem upload

High performance

Active - ReversibleSecurity-awarenessActivity-awareness

SensorsSystem agilitySystem upload

High performance

11Department of Electrical and Computer Engineering

Outline

Attacks and countermeasures on embedded systems

Reconfigurable architectures

Security and reconfigurable architectures

AES case study Conclusions

12Department of Electrical and Computer Engineering

• Configurable Computing Security Space: This space highlights the issues that must be addressed to build secure systems

• Configurable Computing Security Hierarchy: This hierarchy highlights that security must be addressed at all layers of the systems

The security issue with configurable computing can be seen through two complementary views:

Security and reconfigurable architectures

Processor core

Mem

ory

Co-processor

Co-processor

Accelerator

Cryptography

Mem

oryConfigurable

SecurityPrimitive

ConfigurableDesign Security

Secure Configurable

System

Attacks

Technology

13Department of Electrical and Computer Engineering

Configurable Computing Security Space

Attacks

Secure Configurable System• The whole system is

configurable. The security is provided by the agility of the whole system

Attacks

Configurable Design Security• Protect the configurable

computing configuration

Attacks Configurable Security Primitive

• Use configurable computing primitive to protect a system, the module is seen as an agile hardware unit

14Department of Electrical and Computer Engineering

Configurable Security Primitive The configurable security primitive

is a part of the whole system and performs some security primitives

A system generally embeds several configurable security primitives

Its goal is to:• Speedup the computation of the

security primitive compared to a software execution

• Provide agility compared to an ASIC implementation

• Provide various tradeoffs in terms of delay, area, latency, reliability and power

• Provide various levels of configurability depending on the granularity of the underlying configurable architecture

Security primitive

Security Primitive Controller

Configurable Security Primitive

Configurable System

Environment input data

From system input data

Environment output data

To system output data

15Department of Electrical and Computer Engineering

SSC

Configurable System

SSC

SSCSSC

SSCConfigurable

Security Primitive

Configurable Security Primitive

Configurable Security Primitive

Configurable Security Primitive

Secure Configurable System To build Secure Configurable System

three main points must be addressed:• Security-awareness• Activity-awareness• Agility

Distributed agents (System Security Controllers) can work independently or together. They monitor the system activity and take the decision to reconfigure a part or the whole system

Different levels of reaction can be considered depending of the type of attack : • reflex (performed by a single SSC)• global (performed after a system level

analysis). Reaction time can be critical, in that case reflex reconfiguration must be performed

16Department of Electrical and Computer Engineering

Configurable Design Security Configurable computing

module/system is defined through configuration data• Each hardware execution context

is defined through a specific configuration data

The configuration data represents the design of the module/system• The configuration data may

contain private information and needs to be protected

The design security is provided through cryptography (Confidentiality, Data integrity, Authentication)• It needs a configurable security

moduleSource : Altera, Design Security in Stratix II Deviceshttp://www.altera.com/products/devices/stratix2/features/security/st2-security.html

17Department of Electrical and Computer Engineering

Outline

Attacks on embedded systems Countermeasures Reconfigurable architectures Security and reconfigurable architectures

AES case study Conclusions

18Department of Electrical and Computer Engineering

Agility leverages security

At the system and architectural level (Secure Configurable System and Configurable security module) agility is provided through reconfiguration

How can it be performed? Need to deal with these points:• Self-reconfiguration or Remote-reconfiguration• Partial or full reconfiguration, Dynamic or static reconfiguration• Predefined configuration data or dynamic configuration data• Reconfiguration time• Configuration memory• Communication links• Configuration controller (what is the policy?)

19Department of Electrical and Computer Engineering

AES (Rijndael) Security Primitive agility case study To illustrate the concepts related to agility we propose in the

following slides an analysis of a Security Primitive (SP)

All the implementations have been performed on Xilinx Virtex FPGA

Various area/throughput/reliability tradeoffs:• AES cryptographic core SP with BRAMs on non-feedback mode• AES cryptographic core SP without BRAMs on feedback and non-

feedback modes• AES cryptographic core SP with and without concurrent error

detection mechanism on feedback mode• AES cryptographic core and key setup SP using or not partial

configuration

20Department of Electrical and Computer Engineering

AES cryptographic core SP with BRAMs on non-feedback mode

Key setup management is not considered

Static and full configuration Predefined configuration data Remote-configuration Various area/throughput

tradeoffs

××

×

Throughput (Gbits/s)

# of slices

[15]

80 BRAMs

100 BRAMs ×84 BRAMs

× [16]

12600

22222784

5177

5810

21.54

11.77

12.1

6.95

20.3

[14]

[13]

[17]

21Department of Electrical and Computer Engineering

AES cryptographic core SP without BRAMs on feedback and non-feedback modes

Key setup management is not considered

Static and full configuration Predefined configuration data Remote-configuration Various area/throughput tradeoffs

×

×

Throughput (Gbits/s)

# of slices

[18]

[13]

×[17]

×[19]

×[8]

×[9]

×[8]

21.54

17.8

18.56

1511212450

1099210750

1.94

2507

3528

5673

0.414

0.353

0.294

non-feedback mode

feedback mode

22Department of Electrical and Computer Engineering

AES cryptographic core SP with and without concurrent error detection mechanism on feedback mode

Key setup management is not considered

Performance/reliability tradeoffs Finer granularity enables reduced

fault detection latency and then promotes fast reaction against an attack

Efficiency is at the price of area overhead

××

×

×

Throughput (Mbits/s)

# of slices

no Concurrent ErrorDetection

Round level

Operation level

Algorithm level

100.3

101.4

53.1

136.5

5486

3973

47244806

[20]

[20][20]

[20]Concurrent Error

Detection

23Department of Electrical and Computer Engineering

AES cryptographic core and key setup SP using or not partial configuration

Key setup management is considered

Dynamic configuration Partial and full configuration Predefined configuration data

or dynamic configuration data Remote-configuration

××

×

Throughput (Mbits/s)

# of slices

Speed efficient32 BRAMs

[9]

area efficient8 BRAMs

353

250

300

4312

250

288

no partial configuration

[21]

[21]

partial configuration

24Department of Electrical and Computer Engineering

Outline

Attacks on embedded systems Countermeasures Reconfigurable architectures Security and reconfigurable architectures AES case study

Conclusions

25Department of Electrical and Computer Engineering

Conclusions Configurable computing presents significant features to target

high-security/high performance ambient systems

It is time to extend the vision of security using configurable computing (Configurable computing is not just hardware accelerators for security primitives)

Two complementary views to guide the designer when facing with the difficult problem of system security

Key aspects related to agility are presented and illustrated through the AES security primitive

There are still many issues to make security commonplace dealing with configurable computing and to define the overhead costs that imply security mechanisms at the hardware level