Embedded System Security: A Configurable Approach

Embedded System Security:A Configurable Approach

Wayne Burleson (VLSI), Tilman Wolf (Network Processors),

Russ Tessier (Configurable Computing),Weibo Gong (Intrusion Detection),

Guy Gogniat (Configurable Security), on leave from Université de Bretagne Sud, FRANCE

University of Massachusetts [email protected]

mailto:[email protected]

2

Attacks on Embedded Systems

RAM

Remote software attacksWorm, virus, Trojan horse

Promity-based Passive Hardware attacks

Power or EM analysis

Reversible active proximity-based attacks

Fault injection

Irreversible hardware attacks

Tampering

RAMKEY

RSA

AES

µP

turbo code

3

Embedded System design

objectives

• What is the cost of security?

Symptom free

Security aware

Activity aware Agile

Robust

Throughput

Efficiency

Latency

Area

Power

Energy

Cost

Performance issues

Security issues

High SecurityHigh Performance

System

4

Recent related work

• System level security,• Formal models of attacks,• Architectural support for security,• Implementation of security primitives, • Architectural monitors, and • Secure network-on-a-chip.

5

Configurable Computing Security Space

ConfigurableSecurityModule

ConfigurableDesign Security

Protect the configurable computing configuration

The whole system is configurable. The security is provided by the agility of the whole system

Use a configurable computing module to protect a system, the module is seen as an agile hardware dedicated unit

Secure Configurable

System

Attacks

Technology

6

Advantages of configurable computing against attacks

Active - Irreversible

Passive – Side channel

RobustnessActivity-awareness

AgilitySymptom-freeSecurity-awarenessActivity-awareness

Attack type Counter-measure Configurable computingadvantages

Technology/SensorsSystem agility

System agilitySystem uploadHigh performance

Active - Reversible Security-awarenessActivity-awareness

SensorsSystem agilitySystem uploadHigh performance

7

Embedded System with Continuous Monitoring and Verification System

- -System on chip hardware

Continuous monitoring security and verification

subsystem

Compiler

Application

Profiling

Characteristics of normal behavior

Hardware defense mechanisms

offline

online

General purpose processing subsystem

System I / O

8

On-Chip Surveillance with Configurable Monitors

RISC core

SRAM

Power Management

Analog

Video encoder

System on Chip

CM

CM

CM

CM

CM

CM

CM

CM

CM

Secure gateway

CM = Configurable Monitor

OCIN = On-Chip Intelligence NetworkCM

On-Chip Intelligence Network

I/O

FPGA

9

A reconfigurable architectureadapted for security

Red ZoneIP Function(cryptoIP)

Green ZoneIP Function 1

Green ZoneIP Function 1

Reconfigurable zone

Decrytion &Authentification

Private Keymemory

Secret Keymemory

TRNG

CPUData

Data

Prog

ram

mem

ory

I/O

Externalprogrammemory

Externalconfig

memory

Configcontroller

disable

Switch

Switch

DnodeDnode

DnodeDnode

Switch

Switch

Switch

DnodeDnode

DnodeDnode

Switch

Switch

Dnode

Dnode

Dnode

Dnode

SwitchDnode

Dnode

Dnode

Dnode

FL(5 MHz)

PLL1

PLL2

D Q

Externalclock

(50 MHz)

(1 GHz)FH

Randombit

(5 Mbits/s)

10

PowerPC 405 core

PLB (32 bits)PLB/OPBbridge

AES security primitive

Bit-streamsmemory

int

Data_in (128 bits)

Key (128 bits)

AES core

Data_out (128 bits)

OPB (32 bits)

AlP_

Regi

ster

ArP_

Regi

ster

Inpu

t FSM

Outp

ut F

SM

Star

tRe

set

Done

SPC FSM SSC FSM

Faul

t

Battery level

Communication Channel QualityAttacks

System_state

OPB (32 bits)

Req

ICAP

WE

Data

AES Platform

11

Processor core Program/DataMemory

ConfigurationMemory

SecurityExecutiveProcessor

Security Primitive

Security Primitive

SPC

Data I/O Data I/O Data I/O Data I/O

SPC

SSC SSC

Security I/O Security I/O Security I/O Security I/O

Reconfigurable Hardware

I/OModule

ConfigurationMemory

SSC SSC

Security-Aware Networked Embedded Systems

12Processor core Program/Data

Memory

ConfigurationMemory


SPC


SSC SSC



I/OModule

ConfigurationMemory

SSC SSC

Security primitive Initialization

13Processor core Program/Data

Memory

ConfigurationMemory


Security Primitive

SPC


SSC SSC



I/OModule

ConfigurationMemory

SSC SSC

Security primitive Evolution

14

Four implementations are considered for the AES algorithm:

• Non feedback mode without security (N_FB)• Pipeline

• Feedback mode without security (FB)• Iterative

• Feedback mode with fault detection (FB_FD)• Parity-based error detection

• Feedback mode with fault tolerance (FB_FT)• Triple module redundancy technique

AES implementations

Perf

orm

ance

Secu

rity

15

AES implementations resultsAES

VersionSlices

(% of the total

amount)

Period (ns)

Frequency(MHz)

Power(mW)

Energy(nJ)

Throughput(Mbits/s)

Energy efficiency(Gbits/J)

FB 2192(16%)

26.4 37.8 996 316 403.7 0.4

FB_FD 2240(16%)

25.3 39.4 970 295 420.9 0.4

FB_FT 6302(46%)

25.2 39.6 1673 507 422.2 0.25

N_FB 13689(99%)

40.6 24.6 1724 70 3151.1 1.8

16

Energy efficiency of AES implementations

10-6

10-5

10-4

10-3

10-2

10-1

100

101

102

0.18 micron CMOS

Virtex-II Pro FPGA

Feedback

Virtex-II Pro FPGA

FeedbackFault

detection

Virtex-II Pro FPGA

FeedbackFault

tolerance

Virtex-II Pro FPGA

Non Feedback

Hand-optimizedAssembly codeOn Pentium II

CSparc

JavaK virtual machine

Sparc

Gigabits per joule

ASIC

FPGA

Processor

17

Conclusions and Ongoing Work We have shown:

• A Configurable Approach• An approach to on-chip attack detection• An architecture for on-chip monitoring• SANES• AES implementations in FPGA

Ongoing work • Compilation thrust• Architecture thrust• Quantify the feasibility of on-chip attack detection• Monitor design including silicon prototyping

18

References Bossuet, L., Gogniat, G., Burleson, W., “Dynamically Configurable Security

for SRAM FPGA Bitstreams”, Reconfigurable Architectures Workshop, 2004 Gogniat G., Burleson W., and Bossuet L., "Configurable computing for high-

security/high-performance ambient systems" to appear in the proceedings of the Embedded Computer Systems: Architectures, MOdeling, and Simulation Conference, Samos, Greece, July 18-20, 2005.

Gogniat G., Wolf T., and Burleson W., "Configurable Security Architecture for Networked Embedded Systems", Technical Report, ECE Department, University of Massachusetts - Amherst, December 2004.

K. Wu, R. Karri, G. Kuznetsov, and M. Goessel, “Low Cost Concurrent Error Detection for the Advanced Encryption Standard”, ITC 2004.

C. Carmichael, “Triple Module Redundancy Design Techniques for Virtex FPGAs”, Xilinx Application Note (XAPP197), November 2001.

P. Schaumont and I. Verbauwhede, ”Domain-Speci.c Codesign for Embedded Security”, IEEE Computer, April 2003

Documents

Embedded System Security: A Configurable Approach