RECONFIGURABLE HARDWARE FOR HIGH-SECURITY/HIGH-PERFORMANCE EMBEDDED

SYSTEMS: THE SAFES PERSPECTIVE

Guy Gogniat, Tilman Wolf, Wayne Burleson, Jean-Philippe Diguet, Lilian Bossuet and Roman Baslin

Presented by:Wei ZangXin GuanMar. 03, 2010

THE TOPIC(RECONFIGURABLE HARDWARE FOR HIGH-SECURITY/HIGH-PERFORMANCE EMBEDDED SYSTEMS: THE SAFES

PERSPECTIVE)

SAFES? –SecuritySecurity architecture for embedded systems

Purpose? Provide high-Security and high-performance

for a system Built on reconfigurable hardware - FPGA

2

OUTLINE

Attacks and countermeasures on embedded systems

SAFES Architecture

RC6 Architecture Monitoring for Performance Policy

AES Datapath Implementation Comparison

3

OUTLINE

Attacks and countermeasures on embedded systems

SAFES Architecture

RC6 Architecture Monitoring for Performance Policy

AES Datapath Implementation Comparison

4

SECURITY AND ATTACKS

Security objective Protection of private data, design and the system

Attacks objectives Break security in order to

Access, change or destroy private data Change some module, copy or destroy design Change behavior or destroy the system

Challenges ( attack point ) Tamper resistance

Facing increasing number of attacks from physical to software

Assurance Continue to operate reliably despite attacks

5

ATTACKS AGAINST EMBEDDED SYSTEMS

6

Software attacks

Worm, virus, Trojan horse

Hardware

Physical irreversible attacks (Active)

Chip cutting, chemical attack etc.

Physical reversible attacks (Active)

Glitch clock, Fault injection,

Variation of V or T

Side-channel (Passive)

Timing, power or EM analysis

to extrate of secrets

WHY RECONFIGURABLE ARCHITECTURES? Potential advantages of configurable computing for

efficiency Specialization: design the system for a specific set of

parameters Resource sharing: temporal resources sharing Throughput: high parallelism and deep pipeline

implementation is possible

Potential advantages of configurable computing for security System Agility: switching from one protection mechanism

to another, balance protection mechanisms depending on requirements

System Upgrade: upgrade of the protection mechanisms

Configurable computing enables Dynamic Configuration at Run Time To react and adapt rapidly to an irregular situation

7

OUTLINE

Attacks and countermeasures on embedded systems

SAFES Architecture

RC6 Architecture Monitoring for Performance Policy

AES Datapath Implementation Comparison

8

SAFES ARCHITECTURE

9 Verification and protection are not inside the application Can be updated dynamically depending on the application

running on the system

RECONFIGURABLE ARCHITECTURE Security primitive

Performs a security algorithms (Cryptograph, key management)

Goals Speedup the computation of security algorithm Provide flexibility to be able to update the primitive or to switch

from one primitive to another Provide various tradeoffs: throughput, area, latency, reliability,

power, energy and real time constraints

10

OPERATION OF THE PRIMITIVE

11

011001

101101

Battery levelChannel quality

Parameter spaceKey sizeThroughput Pipe stage

Key sizeThroughput Pipe stage

ready

normal

Changes comes from: Attacks

SSC manage Interrupt SPC when irregular activity detected (hijacking,

denial of service, secret information extraction) Response: reconfigure with a trusted configuration, enhance

fault tolerance to guarantee functionality, stall I/O of the primitive

Performance requirement SPC manage flexibility Performance tradeoff (throughput versus energy)

Better energy-efficiency: when low battery level or decreased channel quality, SPC reconfigure primitive with lower throughput

Guarantee throughput: SPC keeps the same parameters

12

OUTLINE

Attacks and countermeasures on embedded systems

SAFES Architecture

RC6 Architecture Monitoring for Performance Policy

AES Datapath Implementation Comparison

13

RC6 Case Study

RC6 and AES are two major cryptography algorithms in secure private communication over the Internet.

Process a block of data with block size 128 bit. Different Key Sizes, 128 bit, 192 bit, and 256

bit. Primitive operation, includes data-dependent

rotations, modular addition and XOR operations, 32 bit multiplication.

14

RC6 Introduction

Key Schedule

Key Expansion

Key Transmission

15

Plaintext Input

Divide

Save

RC6 Introduction

16

Encryption

RC6 Introduction

17

1st Round

Repeat 10 Rounds

A B C D

A B C D

final

RC6 Introduction

Encryption

18

2-stage

Reconfigurable RC6 architecture-Pipelining

19

Pipeline Stage 1

Pipeline Stage 2

3-stage

Reconfigurable RC6 architecture-Pipelining

20

Pipeline Stage 1

Pipeline Stage 2

Pipeline Stage 3

4-stage

Reconfigurable RC6 architecture-Pipelining

21

PS1

PS2

PS3

PS4

Architecture Comparison

22

Closed Loop Control

Observer Averaging Decision Making

23

Closed Loop Control

24

OUTLINE

Attacks and countermeasures on embedded systems

SAFES Architecture

RC6 Architecture Monitoring for Performance Policy

AES Datapath Implementation Comparison

25

An encryption standard adopted by the U.S. government.

Each AES cipher has a 128-bit block size, with key sizes of 128, 192 and 256 bits

AES operates on a 4×4 array of bytes, termed the state.

AES cipher is specified as a number of repetitions of transformation rounds that convert the input plaintext into the final output of ciphertext.

AES Case Study

26

Key Schedule 128 bits User Supplied Key

is used to generate 10 sets of Round Key

b11 b12 b13 b14

b21 b22 b23 b24

b31 b32 b33 b34

b41 b42 b43 b44

8 bit

32 bit

AES Introduction

27

Plaintext Input

A 128 bits Input data block is fit into the 4*4 Byte matrix, called state

AES Introduction

28

Round Operation SubBytes ShiftRows MixColumns AddRoundKey

AES Introduction

29

Dataflow

Initial Round

Repeated Round

Output

AES Introduction

30

Fault Detection Architecture

Expected Parity Computation

Parity Check

Reconfigurable AES Architecture

31

Fault Tolerant Architecture

TMR (Triple Modular Redundancy)

High overhead

Reconfigurable AES Architecture

32

With small overhead and improved reliability, fault detection system can be set as default design. Due to the high overhead, fault tolerant system can be used cautiously.

Architecture Comparison

33

Architecture Comparison

34

Reconfiguration Time The dynamic reconfiguration is accomplished by ICAP

interface. The clock of ICAP interface of our FPGA is 50 MHz. Assume write one Byte Configuration data for one cycle. For AES encryption, the partial bit-streams required by fault detection system is 356 kB, which leads to the reconfiguration time nearly 7 ms.

SAFES

35

3560.7

50 /

Data Size kBT ms

Data Rate MB s

CONCLUSIONS

SAFES Based on reconfigurable hardware to provide high

performance and flexibility and relies on hardware monitors to build instruction detection systems

Includes: Reconfigurable security primitives Reconfigurable hardware monitors Hierarchy of secure controllers at the primitive, system and

executive level

Cases on RC6 and AES The flexibility of our solution enables the realization of

an energy-efficient system while addressing the security issue. 36