Presentation is loading. Please wait.

Presentation is loading. Please wait.

LAB-STICC CNRS UMR 3192 – UBS – ROMAIN VASLIN – CRYPTARCHI 2008 Memory Security Management for FPGA-based Embedded system Romain Vaslin, Guy Gogniat, Jean-Philippe.

Published byEden Brickett Modified over 9 years ago

Similar presentations

Presentation on theme: "LAB-STICC CNRS UMR 3192 – UBS – ROMAIN VASLIN – CRYPTARCHI 2008 Memory Security Management for FPGA-based Embedded system Romain Vaslin, Guy Gogniat, Jean-Philippe."— Presentation transcript:

1 LAB-STICC CNRS UMR 3192 – UBS – ROMAIN VASLIN – CRYPTARCHI 2008 Memory Security Management for FPGA-based Embedded system Romain Vaslin, Guy Gogniat, Jean-Philippe Diguet Lab-STICC CRNS UMR 3192 – UBS Lorient, France vaslin@univ-ubs.fr Russell Tessier, Deepak Unnikrishnan Reconfigurable Computing Group, UMass Amherst, USA tessier@ecs.umass.edu

2 LAB-STICC CNRS UMR 3192 – UBS – ROMAIN VASLIN – CRYPTARCHI 2008 2 INTRODUCTION Cost of security: Memory Performance Energy No architectural trick to solve these issues New way of building application relying on specific security hardware

3 LAB-STICC CNRS UMR 3192 – UBS – ROMAIN VASLIN – CRYPTARCHI 2008 3 OUTLINE OTP core overview Security memory management Experimental approach Experimental results Conclusion & future work

4 LAB-STICC CNRS UMR 3192 – UBS – ROMAIN VASLIN – CRYPTARCHI 2008 4 OUTLINE OTP core overview Security memory management Experimental approach Experimental results Conclusion & future work

5 LAB-STICC CNRS UMR 3192 – UBS – ROMAIN VASLIN – CRYPTARCHI 2008 5 OTP core overview (1/4) Main idea: use the memory acces time to overlap the security computation (OTP generation and integrity checking) OTP generation: AES core Integrity checking: CRC OTP core principle

6 LAB-STICC CNRS UMR 3192 – UBS – ROMAIN VASLIN – CRYPTARCHI 2008 6 OTP core overview (2/4) Data request OTP generation (AES) xor (a) (b) crc Memory answer Data request Memory answer OTP generation (AES) Sending data to core xorcrc xor crc xorcrc xorcrc xorcrc xorcrc xorcrc Data request (c) Memory answer OTP generation (AES) xorcrcxorcrc Data 5-8 d2 d3 d4 d5 d6 d7 d8 crc d1 Data 1-4 OTP core latency

7 LAB-STICC CNRS UMR 3192 – UBS – ROMAIN VASLIN – CRYPTARCHI 2008 7 OTP core overview (3/4) OTP core architecture – Write request TRUSTED ZONEUNTRUSTED ZONE OTP CORE : Write request of a cache line AES core Data cache Instruction cache Processor core External memory Time Stamp computation Time Stamp memory Padding value AES key AES inputAES output XOR @ of Cache line AES core Ciphered cache line Clear cache line CRC generator CRC memory Original OTP coreExtended OTP core

8 LAB-STICC CNRS UMR 3192 – UBS – ROMAIN VASLIN – CRYPTARCHI 2008 8 OTP core overview (4/4) External memory TRUSTED ZONEUNTRUSTED ZONE @ of Cache line Processor core OTP CORE : Read request of a cache line Instruction cache Data cache Time Stamp memory Padding value AES key AES input AES output AES core XOR Time Stamp computation Clear cache line Ciphered cache line CRC generator CRC memory validation = ? Original OTP coreExtended OTP core OTP core architecture – Read request

9 LAB-STICC CNRS UMR 3192 – UBS – ROMAIN VASLIN – CRYPTARCHI 2008 9 OUTLINE OTP core overview Security memory management Experimental approach Experimental results Conclusion & future work

10 LAB-STICC CNRS UMR 3192 – UBS – ROMAIN VASLIN – CRYPTARCHI 2008 10 Security memory management (1/4) Security management based on memory mapping of the code & data Adapted for application running with an Operating System Task 1 code Task 2 code Task n code OS code R/W data OS data Task 1 stack Task 2 stack Task n stack Non protected Confidentiality Confidentiality / Integrity Uniform protection Advantages: Reduction of security memory overhead Reduction of software execution losses Reduction of power consumption due to security Principle

11 LAB-STICC CNRS UMR 3192 – UBS – ROMAIN VASLIN – CRYPTARCHI 2008 11 Security memory management (2/4) External memory TRUSTED ZONEUNTRUSTED ZONE @ of Cache line Processor core OTP CORE : Read request of a cache line Instruction cache Data cache Time Stamp memory Padding value AES key AES inputAES output AES core XOR Time Stamp computation Clear cache line Ciphered cache line CRC generator CRC memory validation = ? Original OTP coreExtended OTP core Address filtering Data filtering

12 LAB-STICC CNRS UMR 3192 – UBS – ROMAIN VASLIN – CRYPTARCHI 2008 12 Security memory management (3/4) TRUSTED ZONEUNTRUSTED ZONE OTP CORE : Write request of a cache line AES core Data cache Instruction cache Processor core External memory Time Stamp computation Time Stamp memory Task ID AES key AES inputAES output @ of Cache line AES core Ciphered cache line Clear cache line CRC generator CRC memory XOR = ? validation Core control Security Memory Mapping Architecture – Write request

13 LAB-STICC CNRS UMR 3192 – UBS – ROMAIN VASLIN – CRYPTARCHI 2008 13 Security memory management (4/4) External memory TRUSTED ZONEUNTRUSTED ZONE @ of Cache line Processor core OTP CORE : Read request of a cache line Instruction cache Data cache Time Stamp memory Task ID AES key AES inputAES output AES core Time Stamp computation Clear cache line Ciphered cache line CRC generator CRC memory validation = ? Core control Security Memory Mapping = ? Core control validation XOR Architecture – Read request

14 LAB-STICC CNRS UMR 3192 – UBS – ROMAIN VASLIN – CRYPTARCHI 2008 14 OUTLINE OTP core overview Security memory management Experimental approach Experimental results Conclusion & future work

15 LAB-STICC CNRS UMR 3192 – UBS – ROMAIN VASLIN – CRYPTARCHI 2008 15 Experimental approach (1/2) Global view of the architecture: NIOS 2 High resolution timer Flash bridge DDR sdram bridge JTAG 4 applications running with MicroC/OS-II: Image processing (morphological image processing) Video On Demand (RS, AES, MPEG-2) Communication (RSd, AES,RSc) Multi hash (MD5, SHA-1, SHA-2 ) Architecture & Applications

16 LAB-STICC CNRS UMR 3192 – UBS – ROMAIN VASLIN – CRYPTARCHI 2008 16 Experimental approach (2/2) 3 security levels: No protection Uniform protection (Confidentiality & integrity or confidentiality only for the whole memory) Programmable protection (memory segment & policy decided by the software designer) App.TasksMem Segs. Total mem (kB) Code / Data Image5128059 VOD710152431 Comm647168 Hash529255 Applications partitioning Confidentiality & integrityConfidentialityNo protection Appcodedatacodedatacodedata kBTS TS TS TS TS TS Image25253323721102138111611 VOD2653113645811000681131811 Comm716128020004061000000 Hash00000092510000005551

17 LAB-STICC CNRS UMR 3192 – UBS – ROMAIN VASLIN – CRYPTARCHI 2008 17 OUTLINE OTP core overview Security memory management Experimental approach Experimental results Conclusion & future work

18 LAB-STICC CNRS UMR 3192 – UBS – ROMAIN VASLIN – CRYPTARCHI 2008 18 Experimental result (1/5) Programmable security applied has a direct impact on the size of the design Area overhead Uniform protectionProgrammable protection NIOS II + HSCHSCNIOS II + HSCHSC ALUTsFFsALUTsFFsALUTsFFsALUTsFFs Image81474662332511138342471435051159 VOD83014674344111268335470334891153 Comm.81504670331611168289467734501135 Hash732644052553854708643972295848 ~65 % for UP, ~70% for PP ~50 % for UP, ~45% for PP Area overhead

19 LAB-STICC CNRS UMR 3192 – UBS – ROMAIN VASLIN – CRYPTARCHI 2008 19 20.5 %13.75 % Experimental result (2/5) Software performances losses compared with NP Performances No Protection Uniform ProtectionProgrammable Protection (ms) Image 51279.8103.8-23%92.9-14% Image 2k56.068.7-18%62.8-11% VOD 5126997.08810.0-21%8039.0-13% VOD 2k4589.05459.0-14%5194.0-12% Comm 51236.645.4-20%42.0-13% Comm 2k22.625.2-10%24.6-8% Hash 5124.55.5-18%5.3-15% Hash 2k3.33.8-15%3.7-14% 14.25 %8.75%

20 LAB-STICC CNRS UMR 3192 – UBS – ROMAIN VASLIN – CRYPTARCHI 2008 20 Experimental result (3/5) Memory overhead is fully dependant of the designer choice for security policy Memory has a double cost (space & energy) Memory overhead Uniform Protection Programmable Protection Image (kB) 42.22052% VOD (kB) 199.648.875% Comm (kB) 43.233.223% Hash (kB) 6.80100% 42.2 20 199.6 48.8 6.8 33.2 TS data CRC data CRC code kbytes 43.2

21 LAB-STICC CNRS UMR 3192 – UBS – ROMAIN VASLIN – CRYPTARCHI 2008 21 Experimental result (4/5) Energy consumption Programmable protectionUniform protectionNo protection 33% 26% ~15% saved compared with UP~30% saved compared with UP 38% 28%

22 LAB-STICC CNRS UMR 3192 – UBS – ROMAIN VASLIN – CRYPTARCHI 2008 22 Experimental result (5/5) Programmable protectionUniform protectionNo protection 58% 42% ~14% saved compared with UP~8% saved compared with UP 33% 42% Energy consumption

23 LAB-STICC CNRS UMR 3192 – UBS – ROMAIN VASLIN – CRYPTARCHI 2008 23 OUTLINE OTP core overview Security memory management Experimental approach Experimental results Conclusion & future work

24 LAB-STICC CNRS UMR 3192 – UBS – ROMAIN VASLIN – CRYPTARCHI 2008 24 Conclusion & future work Security mapping can help to make some save (area, performance, memory, energy) Fully done in hardware, no OS modification Dynamic addition of new secured zone Download of new tasks Application update/patch Important difficulties : identification of the entity which is writing in the hardware security core

Download ppt "LAB-STICC CNRS UMR 3192 – UBS – ROMAIN VASLIN – CRYPTARCHI 2008 Memory Security Management for FPGA-based Embedded system Romain Vaslin, Guy Gogniat, Jean-Philippe."

Similar presentations

Vassal: Loadable Scheduler Support for Multi-Policy Scheduling George M. Candea, Oracle Corporation Michael B. Jones, Microsoft Research.

Vassal: Loadable Scheduler Support for Multi-Policy Scheduling George M. Candea, Oracle Corporation Michael B. Jones, Microsoft Research.
Interactive lesson about operating system

Interactive lesson about operating system
Exploiting Access Semantics and Program Behavior to Reduce Snoop Power in Chip Multiprocessors Chinnakrishnan S. Ballapuram Ahmad Sharif Hsien-Hsin S.

Exploiting Access Semantics and Program Behavior to Reduce Snoop Power in Chip Multiprocessors Chinnakrishnan S. Ballapuram Ahmad Sharif Hsien-Hsin S.
A SOFTWARE-ONLY SOLUTION TO STACK DATA MANAGEMENT ON SYSTEMS WITH SCRATCH PAD MEMORY Arizona State University Arun Kannan 14 th October 2008 Compiler and.

A SOFTWARE-ONLY SOLUTION TO STACK DATA MANAGEMENT ON SYSTEMS WITH SCRATCH PAD MEMORY Arizona State University Arun Kannan 14 th October 2008 Compiler and.
Zhiguo Ge, Weng-Fai Wong, and Hock-Beng Lim Proceedings of the Design, Automation, and Test in Europe Conference, 2007 (DATE’07) April 2007 2015/4/17.

Zhiguo Ge, Weng-Fai Wong, and Hock-Beng Lim Proceedings of the Design, Automation, and Test in Europe Conference, 2007 (DATE’07) April /4/17.
Operating Systems Lecture 10 Issues in Paging and Virtual Memory Adapted from Operating Systems Lecture Notes, Copyright 1997 Martin C. Rinard. Zhiqing.

Operating Systems Lecture 10 Issues in Paging and Virtual Memory Adapted from Operating Systems Lecture Notes, Copyright 1997 Martin C. Rinard. Zhiqing.
1 Implementing an Untrusted Operating System on Trusted Hardware David Lie Chandramohan A. Thekkath Mark Horowitz University of Toronto, Microsoft Research,

1 Implementing an Untrusted Operating System on Trusted Hardware David Lie Chandramohan A. Thekkath Mark Horowitz University of Toronto, Microsoft Research,
Virtual Memory Chapter 18 S. Dandamudi. 2003 To be used with S. Dandamudi, “Fundamentals of Computer Organization and Design,” Springer, 2003.  S. Dandamudi.

Virtual Memory Chapter 18 S. Dandamudi To be used with S. Dandamudi, “Fundamentals of Computer Organization and Design,” Springer,  S. Dandamudi.
Title of Selected Paper: Design and Implementation of Secure Embedded Systems Based on Trustzone Authors: Yan-ling Xu, Wei Pan, Xin-guo Zhang Presented.

Title of Selected Paper: Design and Implementation of Secure Embedded Systems Based on Trustzone Authors: Yan-ling Xu, Wei Pan, Xin-guo Zhang Presented.
Customizing Virtual Networks with Partial FPGA Reconfiguration

Customizing Virtual Networks with Partial FPGA Reconfiguration
Preventing Piracy and Reverse Engineering of SRAM FPGAs Bitstream Lilian Bossuet 1,

Preventing Piracy and Reverse Engineering of SRAM FPGAs Bitstream Lilian Bossuet 1,
Figure 2.8 Compiler phases. 2.8.1 Compiling. Figure 2.9 Object module. 2.8.2 Linking.

Figure 2.8 Compiler phases Compiling. Figure 2.9 Object module Linking.
Guy Gogniat, Jean Philippe Diguet,Romain Vaslin,Tilman Wolf, Wayne Burleson, Lilian Bossuet University of South Britanny, University of Massachusetts,

Guy Gogniat, Jean Philippe Diguet,Romain Vaslin,Tilman Wolf, Wayne Burleson, Lilian Bossuet University of South Britanny, University of Massachusetts,
NIOS II Ethernet Communication Final Presentation

NIOS II Ethernet Communication Final Presentation
Memory Management 2010.

Memory Management 2010.
Active Messages: a Mechanism for Integrated Communication and Computation von Eicken et. al. Brian Kazian CS258 Spring 2008.

Active Messages: a Mechanism for Integrated Communication and Computation von Eicken et. al. Brian Kazian CS258 Spring 2008.
Dynamically Reconfigurable Architectures: An Overview Juanjo Noguera Dept. Computer Architecture (DAC-UPC)

Dynamically Reconfigurable Architectures: An Overview Juanjo Noguera Dept. Computer Architecture (DAC-UPC)
Virtual Memory and Paging J. Nelson Amaral. Large Data Sets Size of address space: – 32-bit machines: 2 32 = 4 GB – 64-bit machines: 2 64 = a huge number.

Virtual Memory and Paging J. Nelson Amaral. Large Data Sets Size of address space: – 32-bit machines: 2 32 = 4 GB – 64-bit machines: 2 64 = a huge number.
CSCE 313: Embedded Systems Multiprocessor Systems

CSCE 313: Embedded Systems Multiprocessor Systems
Ethernet Bomber Ethernet Packet Generator for network analysis Oren Novitzky & Rony Setter Advisor: Mony Orbach Started: Spring 2008 Part A final Presentation.

Ethernet Bomber Ethernet Packet Generator for network analysis Oren Novitzky & Rony Setter Advisor: Mony Orbach Started: Spring 2008 Part A final Presentation.

Similar presentations

Ads by Google