Guy Gogniat, Jean Philippe Diguet,Romain Vaslin,Tilman Wolf, Wayne Burleson, Lilian Bossuet University of South Britanny, University of Massachusetts,

Slides:



Advertisements
Similar presentations
TIE Extensions for Cryptographic Acceleration Charles-Henri Gros Alan Keefer Ankur Singla.
Advertisements

Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.
1 SECURE-PARTIAL RECONFIGURATION OF FPGAs MSc.Fisnik KRAJA Computer Engineering Department, Faculty Of Information Technology, Polytechnic University of.
LAB-STICC CNRS UMR 3192 – UBS – ROMAIN VASLIN – CRYPTARCHI 2008 Memory Security Management for FPGA-based Embedded system Romain Vaslin, Guy Gogniat, Jean-Philippe.
Trusted Design In FPGAs Steve Trimberger Xilinx Research Labs.
Robert Barnes Utah State University Department of Electrical and Computer Engineering Thesis Defense, November 13 th 2008.
Fundamentals of Computer Security Geetika Sharma Fall 2008.
Using Cryptographic ICs For Security and Product Management Misconceptions about security Network and system security Key Management The Business of Security.
Zheming CSCE715.  A wireless sensor network (WSN) ◦ Spatially distributed sensors to monitor physical or environmental conditions, and to cooperatively.
Preventing Piracy and Reverse Engineering of SRAM FPGAs Bitstream Lilian Bossuet 1,
Department of Electrical and Computer Engineering Configurable computing for high-security/high-performance ambient systems 1 Guy Gogniat, Lilian Bossuet,
Cyber Security and Key Management Models Smart Grid Networks The Network System Key Management and Utilization Why Hardware Security Christopher Gorog,
This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.
Configurable System-on-Chip: Xilinx EDK
Security Considerations in Adaptive Middleware Security and Mobile Agents Ajanta – Mobile Agent’s research project papers (
Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.
Applied Cryptography for Network Security
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
RRB/STS ORNL Workshop Integrated Hardware/Software Security Support R. R. BrooksSam T. Sander Associate ProfessorAssistant Professor Holcombe Department.
Juanjo Noguera Xilinx Research Labs Dublin, Ireland Ahmed Al-Wattar Irwin O. Irwin O. Kennedy Alcatel-Lucent Dublin, Ireland.
Computer performance.
Secure Embedded Processing through Hardware-assisted Run-time Monitoring Zubin Kumar.
Benefits of Partial Reconfiguration Reducing the size of the FPGA device required to implement a given function, with consequent reductions in cost and.
Security in Wireless Sensor Networks. Wireless Sensor Networks  Wireless networks consisting of a large number motes  self-organizing  highly integrated.
Introduction to the Mobile Security (MD)  Chaitanya Nettem  Rawad Habib  2015.
A Compact and Efficient FPGA Implementation of DES Algorithm Saqib, N.A et al. In:International Conference on Reconfigurable Computing and FPGAs, Sept.
Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved DISTRIBUTED SYSTEMS.
Coarse and Fine Grain Programmable Overlay Architectures for FPGAs
Presenter: Hong-Wei Zhuang On-Chip SOC Test Platform Design Based on IEEE 1500 Standard Very Large Scale Integration (VLSI) Systems, IEEE Transactions.
Architectures for mobile and wireless systems Ese 566 Report 1 Hui Zhang Preethi Karthik.
CSC8320. Outline Content from the book Recent Work Future Work.
Trusted Computing Or How I Learned to Stop Worrying and Love the MPAA.
Flow of presentation:  Kind of attacks on embedded systems.  Most relevant security threats faced by NOC.  Solutions/ways suggested so far to deal.
LOGO Hardware side of Cryptography Anestis Bechtsoudis Patra 2010.
HW/SW PARTITIONING OF FLOATING POINT SOFTWARE APPLICATIONS TO FIXED - POINTED COPROCESSOR CIRCUITS - Nalini Kumar Gaurav Chitroda Komal Kasat.
Page 1 Reconfigurable Communications Processor Principal Investigator: Chris Papachristou Task Number: NAG Electrical Engineering & Computer Science.
Reminder Lab 0 Xilinx ISE tutorial Research Send me an if interested Looking for those interested in RC with skills in compilers/languages/synthesis,
Kyushu University Koji Inoue ICECS'061 Supporting A Dynamic Program Signature: An Intrusion Detection Framework for Microprocessors Koji Inoue Department.
Embedded Runtime Reconfigurable Nodes for wireless sensor networks applications Chris Morales Kaz Onishi 1.
Advanced Computer Networks Topic 2: Characterization of Distributed Systems.
Swankoski MAPLD 2005 / B103 1 Dynamic High-Performance Multi-Mode Architectures for AES Encryption Eric Swankoski Naval Research Lab Vijay Narayanan Penn.
1 University of Palestine Information Security Principles ITGD 2202 Ms. Eman Alajrami 2 nd Semester
. 1. Computer Security Concepts 2. The OSI Security Architecture 3. Security Attacks 4. Security Services 5. Security Mechanisms 6. A Model for Network.
I/O Computer Organization II 1 Interconnecting Components Need interconnections between – CPU, memory, I/O controllers Bus: shared communication channel.
Lu Hao Profiling-Based Hardware/Software Co- Exploration for the Design of Video Coding Architectures Heiko Hübert and Benno Stabernack.
MAPLD 2005/254C. Papachristou 1 Reconfigurable and Evolvable Hardware Fabric Chris Papachristou, Frank Wolff Robert Ewing Electrical Engineering & Computer.
StrideBV: Single chip 400G+ packet classification Author: Thilan Ganegedara, Viktor K. Prasanna Publisher: HPSR 2012 Presenter: Chun-Sheng Hsueh Date:
R ECONFIGURABLE H ARDWARE FOR H IGH - SECURITY /H IGH -P ERFORMANCE E MBEDDED S YSTEMS : T HE SAFES P ERSPECTIVE Guy Gogniat, Tilman Wolf, Wayne Burleson,
R ECONFIGURABLE SECURITY SUPPORT FOR EMBEDDED SYSTEMS 1 AKSHATA VARDHARAJ.
High Performance Embedded Computing © 2007 Elsevier Chapter 7, part 3: Hardware/Software Co-Design High Performance Embedded Computing Wayne Wolf.
Wireless Security Rick Anderson Pat Demko. Wireless Medium Open medium Broadcast in every direction Anyone within range can listen in No Privacy Weak.
Reconfigurable architectures ESE 566. Outline Static and Dynamic Configurable Systems –Static SPYDER, RENCO –Dynamic FIREFLY, BIOWATCH PipeRench: Reconfigurable.
IT3002 Computer Architecture
1 Advanced Digital Design Reconfigurable Logic by A. Steininger and M. Delvai Vienna University of Technology.
Network Security Introduction
Security API discussion Group Name: SEC Source: Shingo Fujimoto, FUJITSU Meeting Date: Agenda Item: Security API.
Data and Applications Security Developments and Directions Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #25 Dependable Data Management.
Using Mobile Computers Lesson 12. Objectives Understand wireless security Configure wireless networking Use Windows mobility controls Synchronize data.
System on a Programmable Chip (System on a Reprogrammable Chip)
Runtime Reconfigurable Network-on- chips for FPGA-based systems Mugdha Puranik Department of Electrical and Computer Engineering
Chapter 1: Introduction
FPGA: Real needs and limits
Seraphim : A Security Architecture for Active Networks
Survey of Crypto CoProcessor Design
Dynamic High-Performance Multi-Mode Architectures for AES Encryption
A High Performance SoC: PkunityTM
Chapter 2: Operating-System Structures
Chapter 2: Operating-System Structures
Cryptography and Network Security
Presentation transcript:

Guy Gogniat, Jean Philippe Diguet,Romain Vaslin,Tilman Wolf, Wayne Burleson, Lilian Bossuet University of South Britanny, University of Massachusetts, Amherst, University of Bordeaux IEEE TRANSACTIONS ON VERY LARGE SCALE INTEGRATION (VLSI) SYSTEMS, VOL. 16, NO. 2, FEBRUARY 2008 Deepika Ranade Sharanna Chowdhury

 Security issues  Sophisticated attacks  User concerns ◦ Confidentiality and privacy ◦ Security

 Processor-based cryptography solutions ◦ Computation is costly  Cryptography Co-processor ◦ Not considered energy-efficiency  FPGA for security primitives ◦ Not considered flexibility of primitives  Hardware Monitoring ◦ Energy Monitoring  SAFES is the first approach to dynamically adapt security primitive

Classification of attacks against embedded systems  Hardware Attacks ◦ Active  Irreversible ( Invasive)  Reversible ( Non Invasive) ◦ Passive  Counter Measures ◦ Symptom-free ◦ Security-aware ◦ Activity-aware ◦ Agility ◦ Robust

Security High Performance SOLUTION ?? Reconfigurable Hardware - to deal with hardware security and performance Properties: Adaptability Dynamic Property

Battery ProcessorMemory Bus Monitor Power Monitor FPGAI/O Secure Embedded System Primitive Monitor Clock Monitor Channel Monitor Security Executive Processor Se cu rit y Pr i m iti ve Clock

 Tracks specific data of system  Detects attacks  Characterizes normal activity  Monitors authenticated in the network  Levels of reaction: ◦ reflex or global  Monitors linked by on- chip security network ◦ controlled by the security executive processor (SEP)  FPGA which contains security primitives  Dynamically reconfigurable primitives  Security Primitive ◦ Agile Hardware Accelerator ◦ Performs security Algorithm  Goals: ◦ speedup computation ◦ provide flexibility ◦ provide various tradeoffs The Monitoring SystemThe Reconfigurable Architecture

1] The security primitive datapath 2] The security primitive controller (SPC) SPC is connected to the datapath ~ for the reconfiguration of the datapath SPC is connected to the system processor ~to define the configuration of the security primitive 2] The security primitive controller (SPC) SPC is connected to the datapath ~ for the reconfiguration of the datapath SPC is connected to the system processor ~to define the configuration of the security primitive 3] The system security controller (SSC) SSC is connected to the SPC ~ to monitor the primitive ~ to detect attacks against the primitive. SSC is connected to all monitors of the system ~ to analyze the different parts of the system 3] The system security controller (SSC) SSC is connected to the SPC ~ to monitor the primitive ~ to detect attacks against the primitive. SSC is connected to all monitors of the system ~ to analyze the different parts of the system

SPC FSM SPC FSM Init Security Run Stop Config Algorithm Parameters modification for security Restart Security Primitive Checking of Algorithm Parameters done Security Primitive Ready Security Primitive Terminated Algorithm Parameters modification for performance INITIALIZATION SPC polls system state Battery level Comm. channel quality Defines implementation feasible within the primitive Provides info. to processor

SPC FSM SPC FSM Init Security Run Stop Config Algorithm Parameters modification for security Restart Security Primitive Checking of Algorithm Parameters done Security Primitive Ready Security Primitive Terminated Algorithm Parameters modification for performance CONFIGURATION After Processor selects algorithm parameters SPC selects configuration data Begins configuring datapath

SPC FSM SPC FSM Init Security Run Stop Config Algorithm Parameters modification for security Restart Security Primitive Checking of Algorithm Parameters done Security Primitive Ready Security Primitive Terminated Algorithm Parameters modification for performance RUN Security Primitive is ready to run SPC checks system through SSC to define if primitive needs reconfiguration

SPC FSM SPC FSM Init Security Run Idle/ Stop Config Algorithm Parameters modification for security Restart Security Primitive Checking of Algorithm Parameters done Security Primitive Ready Security Primitive Terminated Algorithm Parameters modification for performance IDLE/ STOP Computation performed. Security Primitive can be stopped (Idle)/ removed from Reconfigurable hardware(Stop)

SPC FSM SPC FSM Init Security Run Stop Config Algorithm Parameters modification for security Restart Security Primitive Checking of Algorithm Parameters done Security Primitive Ready Security Primitive Terminated Algorithm Parameters modification for performance SECURITY Always active. Driven by SSC to indicate requirement of reconfig. Enforces activation of Config state

AttackSSC’s action  Irregular activity in primitive/ system  Hijack  Denial of service attack  Extraction of secret information attack  SSC indicates the configuration to SPC  Reconfigure Security primitive  Enhance fault tolerance of primitive  Stall I/O of primitive

 SPC defines new configuration ◦ Power limitation ◦ Evolving environment  Protected modes require more area, power ◦ Kick in only when required  For best effort performance policy ◦ Throughput Vs energy ◦ Energy-efficient architecture with lower throughput  Battery low  Channel quality < threshold

CauseEffect  Primitive/ System evolves  New configuration needs to be downloaded

AttackSolution  Replace correct configuration  All trusted configurations replaced  Encrypt Bitstream  Download bitstream to system only after integrity check  Store all bitstreams in attack-proof memory

 Xilinx Virtex-II Pro device  Xilinx ISE, Xilinx Xpower  AES and RC6 algorithms MemoryFPGA Processor Architectural Modes Fault Detection/ Tolerance Throughput, Area, Energy Algorithm parameters Execution modes Key/ data sizes

 Performance analysis  2 steps ◦ Offline exploration of architectures ◦ Online select parameters  Application-wise bandwidth requirement  Adapt area, power

ParametersArchitectures  # pipeline stages ◦ Data (i) & key (j) ◦ Data (i+1) & key (j+1)  # of key generators ◦ insignificant area  Period for computation  Pipeline stages ◦ 1, 2, 4, 8  Key generators ◦ 1,2  If 2 KG ◦ Parallel Encryption and Decrytion  If 1 KG ◦ Alternate Encryption and Decrytion

ResultsThroughput Vs Area  ID0-3: 1 KG ◦ Depth of pipeline doubled  Throughput doubles  ID4-7: 2 KG ◦ Parallel Computation ◦ Double throughput w.r.t 1 KG

ResultsEnergy  Energy Efficiency = Throughput / energy  Parallel Computations provide better energy-efficiency PipePower (W)Energy Efficiency (Gbit/J) KG=1KG=2KG=

 Performance analysis  2 steps ◦ Offline exploration of architectures ◦ Online parameters selection  Application-wise bandwidth requirement  Compare Required Throughput Vs Maximum Throughput with current parameters  Is reconfiguration needed?  Select slower/ faster configuration  Adapt area, power

 Feedback mode without security  Feedback mode + fault detection ◦ Parity-based  Feedback mode + fault tolerant architecture ◦ TMR technique

 Feedback mode  FB + fault detection ◦ Only +2.1 % area, -2.7 % power  FB + fault tolerant architecture ◦ High energy (GB/J), area overhead  Bus monitoring ◦ Regular access to key memory address ◦ Counter for non-key n key access

 Reconfigurable hardware in Embedded Systems ◦ Adaptability ◦ Dynamic Reconfiguration  SAFES ◦ Energy-efficient + Secure ◦ Protection + Performance ◦ Reconfigurable Security Primitives ◦ Continuous monitoring to detect abnormal behaviour  Future work ◦ Control flow monitor within Embedded Processor ◦ Attack detection

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.