Presentation is loading. Please wait.

Presentation is loading. Please wait.

Secure Processing On-Chip

Published byLesley Pope Modified over 6 years ago

Similar presentations

Presentation on theme: "Secure Processing On-Chip"— Presentation transcript:

1 Secure Processing On-Chip
Hsien-Hsin “Sean” Lee School of Electrical and Computer Engineering Georgia Tech Atlanta, GA ARO Workshop on Embedded Systems and Network Security Raleigh, NC, February 22, 2007

2 Layered Secure Architecture
Exploits Solution Application software patching/amputation, de-compilation, worm, virus application signing, access control, … OS rootkit, system call tampering kernel space eavesdrop OS signing, virtualization, … Firmware/ Boot image BIOS spoof/hijack,boot image virus TPM Platform Level chip interconnect/bus snoop, eavesdrop, device spoof secure processor, memory encryption Sub Platform Power, EM emission analysis timing analysis, etc self-timed circuit, obfuscation techniques Package & Circuit Level de-packaging, micro-probing, optical reverse engineer secure packaging, private circuit

3 Secure Processor Assumption
Protected Domain Processor Core

4 Thread Model: Physical Tampering
Protected Domain Processor Core DRAM Ethernet Mouse Keyboard Disk South Bridge North Bridge

5 Secure Processors Secure Processor Tamper-proof distributed computing
(trusted end-system) Secure Processor Anti reverse engineering Processor Core Root Signature Caches MAC hash tree Crypto Engine Secure Processor Tamper-proof embedded sensor device Tamper-proof digital right protection

6 Types of HW-based Physical Attacks
Trace system bus, peripheral bus Power/Timing analysis Build fake devices, device spoof (e.g., MOD-chip) Modify RAM Replay bus signals, fake bus signal injection XBOX with MOD-chip installed. MOD-chip is a low cost bus snoop and spoof device widely used to break XBOX security.

7 Designing Secure Processors
HW-based Encryption/Authentication A common strategy to protect data confidentiality and integrity Performance, performance, performance Deficiencies ─ Side Channels Power (or current) signature Execution time distinction Instruction addresses on the bus (unprotected control flow) Potential Solutions Randomization To be effective, rethink HW design, raise the level of difficulty to break Design trade-off between power saving () execution time, RT constraint () security level ()

8 Control Flow Leakage  Example 1
Assume all code are encrypted Control Flow Graph Address Sequence B1 B2 B3

9 Control Flow Leakage  Example 1
Control Flow Graph Address Sequence B1 Addr(B1) B2 B3

10 Control Flow Leakage  Example 1
Control Flow Graph Address Sequence B1 Addr(B1), Addr(B2) B2 B3

11 Control Flow Leakage  Example 1
Control Flow Graph Address Sequence B1 Addr(B1), Addr(B2), Addr(B3) B2 B3

12 Control Flow Leakage  Example 1
Control Flow Graph Address Sequence B1 Addr(B1), Addr(B2), Addr(B3) Addr(B1) B2 B3

13 Control Flow Leakage  Example 1
Control Flow Graph Address Sequence B1 Addr(B1), Addr(B2), Addr(B3) Addr(B1), Addr(B2) B2 B3

14 Control Flow Leakage  Example 1
Control Flow Graph Address Sequence B1 Addr(B1), Addr(B2), Addr(B3) Addr(B1), Addr(B2), Addr(B3)…. B2 B3

15 Control Flow Leakage  Example 1
Control Flow Graph Address Sequence B1 Addr(B1), Addr(B2), Addr(B3) Addr(B1), Addr(B2), Addr(B3)…. B2 B3 repeated addresses loop

16 Control Flow Leakage  Example 2
Control Flow Graph Address Sequence B1 Addr(B1) B2 B3 B4

17 Control Flow Leakage  Example 2
Control Flow Graph Address Sequence B1 Addr(B1), Addr(B2) B2 B3 B4

18 Control Flow Leakage  Example 2
Control Flow Graph Address Sequence B1 Addr(B1), Addr(B2), Addr(B4) B2 B3 B4

19 Control Flow Leakage  Example 2
Control Flow Graph Address Sequence B1 Addr(B1), Addr(B2), Addr(B4) Addr(B1) B2 B3 B4

20 Control Flow Leakage  Example 2
Control Flow Graph Address Sequence B1 Addr(B1), Addr(B2), Addr(B4) Addr(B1), Addr(B3) B2 B3 B4

21 Control Flow Leakage  Example 2
Control Flow Graph Address Sequence B1 Addr(B1), Addr(B2), Addr(B4) Addr(B1), Addr(B3), Addr(B4)…. B2 B3 B4

22 Control Flow Leakage  Example 2
Control Flow Graph Address Sequence B1 Addr(B1), Addr(B2), Addr(B4) Addr(B1), Addr(B3), Addr(B4)…. B2 B3 B4 either B2 or B3 follows B1 conditional branch

23 Critical Data Leakage via Value-Dependent Conditional Branches
Modular Exponentiation Algorithm (Diffie-Hellman, RSA) Initialize Let S0 = 1 For i = 0 to w-1 Do If (bit i of k) is 1 then Let Ti = (Si*C) mod N Else Let Ti = Si Let Si+1 = T2i mod N EndFor Return (Rw-1) i=0 to w-1 bit i of k = 1? Y N If-branch Else-branch Loop End T = Ck mod N Return Hacker’s interest : to find K (the secret) Only 2 possibilities: key K or K

24 Consequences of Control Flow Side-channel
Leak critical information of the application By graph matching the CFG, reused code can be ID-ed Critical data can be leaked as well Even partial knowledge can help competitors

25 Side-Channel Countermeasure
Randomization Design trade-off between power saving execution time (RT constraint) security level

26 Solution Example: Dynamic Control Flow Obfuscation
A Hardware Approach To map address differently every time it appears on the bus Relocate blocks to new location each time it is evicted from the processor Should not write out immediately after access to avoid correlation being exposed Refer to section 4.4

27 Dynamic Obfuscation Example
Security Boundary accesses shuffle buffer memory 1 2 3 4 5 6 7 8 9 1 2 3 4 5 6 7 8 9 Start—after fill up the buffer 5 1 3 4 2 6 7 8 9 Random Replacement Algorithm

28 Dynamic Obfuscation Example
accesses shuffle buffer memory 1 2 3 4 5 6 7 8 9 1 2 3 4 5 6 7 8 9 Start—after fill up the buffer 5 1 3 4 2 6 7 8 9 Shuffle buffer Memory Addr1 map(Addr1) Addr2 map(Addr2) Addr3 map(Addr3) AddrX map(AddrX) Block Address Table

29 Dynamic Obfuscation Example
accesses shuffle buffer memory 1 2 3 4 5 6 7 8 9 1 2 3 4 5 6 7 8 9 Start—after fill up the buffer 5 1 3 4 2 6 7 8 9 8 5 3 4 2 6 7 1 9 6 8 3 4 2 5 7 1 9 8 6 3 4 2 5 7 1 9 finish 8 6 3 4 2 5 7 1 9 Addr1 map(Addr1) Addr2 map(Addr2) Addr3 map(Addr3) AddrX map(AddrX) Block Address Table

30 Challenges in Embedded Design
From a processor architect’s perspective How to design a tamper-proof embedded processor Software solutions may be slow and limited Encryption/decryption A natural given But is insufficient due to side-channel attacks Need to educate next-gen processor designers Need a well-thought-out Security-aware hardware design

31 Challenges in Embedded Design
Physical Tampering Tamper-resistance and tamper-evidence Side-channel attacks Digital Right Management Protect Virtual properties with encryption and right licenses Need a DRM-enabled graphics processor Implications on FPGA platform Use FPGA for cryptographic algorithms Protect FPGA-based IP Vulnerabilities yet to be understood

32 Thank You!

Download ppt "Secure Processing On-Chip"

Similar presentations

Hardware Assisted Control Flow Obfuscation for Embedded Processors Xiaotong Zhuang Tao Zhang Hsien-Hsin (Sean) Lee Santosh Pande Georgia Institute of Technology.

Hardware Assisted Control Flow Obfuscation for Embedded Processors Xiaotong Zhuang Tao Zhang Hsien-Hsin (Sean) Lee Santosh Pande Georgia Institute of Technology.
1 SECURE-PARTIAL RECONFIGURATION OF FPGAs MSc.Fisnik KRAJA Computer Engineering Department, Faculty Of Information Technology, Polytechnic University of.

1 SECURE-PARTIAL RECONFIGURATION OF FPGAs MSc.Fisnik KRAJA Computer Engineering Department, Faculty Of Information Technology, Polytechnic University of.
Information Security and Cloud Computing Naresh K. Sehgal, Sohum Sohoni, Ying Xiong, David Fritz, Wira Mulia, and John M. Acken 1 NKS.

Information Security and Cloud Computing Naresh K. Sehgal, Sohum Sohoni, Ying Xiong, David Fritz, Wira Mulia, and John M. Acken 1 NKS.
Physical Unclonable Functions and Applications

Physical Unclonable Functions and Applications
Implementing an Untrusted Operating System on Trusted Hardware.

Implementing an Untrusted Operating System on Trusted Hardware.
Jeff Bilger - CSE P 590TU - Winter 2006 The Role of Cryptography in Combating Software Piracy.

Jeff Bilger - CSE P 590TU - Winter 2006 The Role of Cryptography in Combating Software Piracy.
Building Secure, DRM-Enabled Devices Avni Rambhia Program Manager John C. Simmons Program Manager Strategic Relations & Policy Windows Client Division.

Building Secure, DRM-Enabled Devices Avni Rambhia Program Manager John C. Simmons Program Manager Strategic Relations & Policy Windows Client Division.
Accountability in Hosted Virtual Networks Eric Keller, Ruby B. Lee, Jennifer Rexford Princeton University VISA 2009.

Accountability in Hosted Virtual Networks Eric Keller, Ruby B. Lee, Jennifer Rexford Princeton University VISA 2009.
1 Architectural Support for High Speed Protection of Memory Integrity and Confidentiality in Multiprocessor Systems Georgia Institute of Technology Atlanta,

1 Architectural Support for High Speed Protection of Memory Integrity and Confidentiality in Multiprocessor Systems Georgia Institute of Technology Atlanta,
Cyber Security and Key Management Models Smart Grid Networks The Network System Key Management and Utilization Why Hardware Security Christopher Gorog,

Cyber Security and Key Management Models Smart Grid Networks The Network System Key Management and Utilization Why Hardware Security Christopher Gorog,
Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 21 “Public-Key Cryptography.

Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 21 “Public-Key Cryptography.
Secure Embedded Processing through Hardware-assisted Run-time Monitoring Zubin Kumar.

Secure Embedded Processing through Hardware-assisted Run-time Monitoring Zubin Kumar.
1 Towards the Issues in Architectural Support for Protection of Software Execution Weidong Shi Hsien-Hsin (Sean) Lee Mrinmoy Ghosh Chenghuai Lu School.

1 Towards the Issues in Architectural Support for Protection of Software Execution Weidong Shi Hsien-Hsin (Sean) Lee Mrinmoy Ghosh Chenghuai Lu School.
A Novel Cache Architecture with Enhanced Performance and Security Zhenghong Wang and Ruby B. Lee.

A Novel Cache Architecture with Enhanced Performance and Security Zhenghong Wang and Ruby B. Lee.
Kenichi Kourai (Kyushu Institute of Technology) Takuya Nagata (Kyushu Institute of Technology) A Secure Framework for Monitoring Operating Systems Using.

Kenichi Kourai (Kyushu Institute of Technology) Takuya Nagata (Kyushu Institute of Technology) A Secure Framework for Monitoring Operating Systems Using.
Architecture for Protecting Critical Secrets in Microprocessors Ruby Lee Peter Kwan Patrick McGregor Jeffrey Dwoskin Zhenghong Wang Princeton Architecture.

Architecture for Protecting Critical Secrets in Microprocessors Ruby Lee Peter Kwan Patrick McGregor Jeffrey Dwoskin Zhenghong Wang Princeton Architecture.
Computer Science Open Research Questions Adversary models –Define/Formalize adversary models Need to incorporate characteristics of new technologies and.

Computer Science Open Research Questions Adversary models –Define/Formalize adversary models Need to incorporate characteristics of new technologies and.
1 Architectural Support for Copy and Tamper Resistant Software David Lie, Chandu Thekkath, Mark Mitchell, Patrick Lincoln, Dan Boneh, John Mitchell and.

1 Architectural Support for Copy and Tamper Resistant Software David Lie, Chandu Thekkath, Mark Mitchell, Patrick Lincoln, Dan Boneh, John Mitchell and.
Flow of presentation:  Kind of attacks on embedded systems.  Most relevant security threats faced by NOC.  Solutions/ways suggested so far to deal.

Flow of presentation:  Kind of attacks on embedded systems.  Most relevant security threats faced by NOC.  Solutions/ways suggested so far to deal.
Hardware Assisted Control Flow Obfuscation for Embedded Processors Xiaoton Zhuang, Tao Zhang, Hsien-Hsin S. Lee, Santosh Pande HIDE: An Infrastructure.

Hardware Assisted Control Flow Obfuscation for Embedded Processors Xiaoton Zhuang, Tao Zhang, Hsien-Hsin S. Lee, Santosh Pande HIDE: An Infrastructure.

Similar presentations

Ads by Google