Presentation is loading. Please wait.

Presentation is loading. Please wait.

Department of Electrical and Computer Engineering Configurable computing for high-security/high-performance ambient systems 1 Guy Gogniat, Lilian Bossuet,

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Department of Electrical and Computer Engineering Configurable computing for high-security/high-performance ambient systems 1 Guy Gogniat, Lilian Bossuet,"— Presentation transcript:

1 Department of Electrical and Computer Engineering Configurable computing for high-security/high-performance ambient systems 1 Guy Gogniat, Lilian Bossuet, LESTER Laboratory, University of South Britanny (UBS), Lorient, France guy.gogniat@univ-ubs.fr; lilian.bossuet@univ-ubs.fr 1 This research This work is supported by the French DGA DSP/SREA under contract no. ERE 0460 00 010 Wayne Burleson, Department of Electrical and Computer Engineering, University of Massachusetts, Amherst, MA 01003-9284 USA burleson@ecs.umass.edu

2 2 Department of Electrical and Computer Engineering Outline  Attacks and countermeasures on embedded systems  Reconfigurable architectures  Security and reconfigurable architectures  AES case study  Conclusions

3 3 Department of Electrical and Computer Engineering Outline  Attacks and countermeasures on embedded systems  Reconfigurable architectures  Security and reconfigurable architectures  AES case study  Conclusions

4 4 Department of Electrical and Computer Engineering Security and attacks  Security Objectives Security is required in order to guaranty: The protection of private data (typically key, PIN, secret or confidential data) The protection of the design (typically some IPs) The protection of the system (typically its functionality, so that nobody else can control the system)  Attack Objectives Attacks aim to break security in order to get access to: Private data so that changing some values, copying the data or destroying the data The design so that changing some modules, copying the design or destroying the design The system so that changing its behavior or destroying the system

5 5 Department of Electrical and Computer Engineering Promity-based Hardware attacks Power or EM analysis Attacks on Embedded Systems RAM Remote software attacks Worm, virus, Trojan horse Reversible proximity-based attacks Fault injection Proximity-based hardware attacks Tampering RAM KEY RSA AES µP turbo code

6 6 Department of Electrical and Computer Engineering Countermeasures  Designers should have in mind…

7 7 Department of Electrical and Computer Engineering Outline  Attacks and countermeasures on embedded systems  Reconfigurable architectures  Security and reconfigurable architectures  AES case study  Conclusions

8 8 Department of Electrical and Computer Engineering Why reconfigurable architectures?  Potential advantages of configurable computing for security System Agility: switching from one protection mechanism to another, balance protection mechanisms depending on requirements System Upload: upgrade of the protection mechanisms  Potential advantages of configurable computing for efficiency (and particularly for the security system) Specialization: design the system for a specific set of parameters Resource sharing: temporal resources sharing Throughput: high parallelism and deep pipeline implementation is possible  Configurable computing enables Dynamic Configuration at Run Time To react and adapt rapidly to an irregular situation

9 9 Department of Electrical and Computer Engineering Cryptography onto FPGA ? Energy efficiency of embedded technologies P. Schaumont, I. Verbauwhede. Domain-Specific Codesign for Embedded Security. In IEEE Computer Society, 2003 University of California, UCLA processorsFPGA ASIC

10 10 Department of Electrical and Computer Engineering Advantages of reconfigurable architectures Active - Irreversible Passive – Side channel Robustness Activity-awareness Agility Symptom-free Security-awareness Activity-awareness Attack typeCountermeasureConfigurable computing advantages Technology/Sensors System agility System upload High performance Active - Reversible Security-awareness Activity-awareness Sensors System agility System upload High performance

11 11 Department of Electrical and Computer Engineering Outline  Attacks and countermeasures on embedded systems  Reconfigurable architectures  Security and reconfigurable architectures  AES case study  Conclusions

12 12 Department of Electrical and Computer Engineering Configurable Computing Security Space: This space highlights the issues that must be addressed to build secure systems Configurable Computing Security Hierarchy: This hierarchy highlights that security must be addressed at all layers of the systems  The security issue with configurable computing can be seen through two complementary views: Security and reconfigurable architectures

13 13 Department of Electrical and Computer Engineering Configurable Computing Security Space Attacks  Secure Configurable System The whole system is configurable. The security is provided by the agility of the whole system Attacks  Configurable Design Security Protect the configurable computing configuration Attacks  Configurable Security Primitive Use configurable computing primitive to protect a system, the module is seen as an agile hardware unit

14 14 Department of Electrical and Computer Engineering Configurable Security Primitive  The configurable security primitive is a part of the whole system and performs some security primitives  A system generally embeds several configurable security primitives  Its goal is to: Speedup the computation of the security primitive compared to a software execution Provide agility compared to an ASIC implementation Provide various tradeoffs in terms of delay, area, latency, reliability and power Provide various levels of configurability depending on the granularity of the underlying configurable architecture

15 15 Department of Electrical and Computer Engineering Secure Configurable System  To build Secure Configurable System three main points must be addressed: Security-awareness Activity-awareness Agility  Distributed agents (System Security Controllers) can work independently or together. They monitor the system activity and take the decision to reconfigure a part or the whole system  Different levels of reaction can be considered depending of the type of attack : reflex (performed by a single SSC) global (performed after a system level analysis). Reaction time can be critical, in that case reflex reconfiguration must be performed

16 16 Department of Electrical and Computer Engineering Configurable Design Security  Configurable computing module/system is defined through configuration data Each hardware execution context is defined through a specific configuration data  The configuration data represents the design of the module/system The configuration data may contain private information and needs to be protected  The design security is provided through cryptography (Confidentiality, Data integrity, Authentication) It needs a configurable security module Source : Altera, Design Security in Stratix II Devices http://www.altera.com/products/devices/stratix2/features/security/st2-security.html

17 17 Department of Electrical and Computer Engineering Outline  Attacks on embedded systems  Countermeasures  Reconfigurable architectures  Security and reconfigurable architectures  AES case study  Conclusions

18 18 Department of Electrical and Computer Engineering Agility leverages security  At the system and architectural level (Secure Configurable System and Configurable security module) agility is provided through reconfiguration  How can it be performed? Need to deal with these points: Self-reconfiguration or Remote-reconfiguration Partial or full reconfiguration, Dynamic or static reconfiguration Predefined configuration data or dynamic configuration data Reconfiguration time Configuration memory Communication links Configuration controller (what is the policy?)

19 19 Department of Electrical and Computer Engineering AES (Rijndael) Security Primitive agility case study  To illustrate the concepts related to agility we propose in the following slides an analysis of a Security Primitive (SP)  All the implementations have been performed on Xilinx Virtex FPGA  Various area/throughput/reliability tradeoffs: AES cryptographic core SP with BRAMs on non-feedback mode AES cryptographic core SP without BRAMs on feedback and non- feedback modes AES cryptographic core SP with and without concurrent error detection mechanism on feedback mode AES cryptographic core and key setup SP using or not partial configuration

20 20 Department of Electrical and Computer Engineering AES cryptographic core SP with BRAMs on non-feedback mode  Key setup management is not considered  Static and full configuration  Predefined configuration data  Remote-configuration  Various area/throughput tradeoffs × × × Throughput (Gbits/s) # of slices [15] 80 BRAMs 100 BRAMs × 84 BRAMs × [16] 12600 2222 2784 5177 5810 21.5411.77 12.16.9520.3 [14] [13] [17]

21 21 Department of Electrical and Computer Engineering AES cryptographic core SP without BRAMs on feedback and non-feedback modes  Key setup management is not considered  Static and full configuration  Predefined configuration data  Remote-configuration  Various area/throughput tradeoffs × × Throughput (Gbits/s) # of slices [18] [13] × [17] × [19] × [8] × [9] × [8] 21.54 17.8 18.56 15112 12450 10992 10750 1.94 2507 3528 5673 0.414 0.3530.294 non-feedback mode feedback mode

22 22 Department of Electrical and Computer Engineering AES cryptographic core SP with and without concurrent error detection mechanism on feedback mode  Key setup management is not considered  Performance/reliability tradeoffs  Finer granularity enables reduced fault detection latency and then promotes fast reaction against an attack  Efficiency is at the price of area overhead × × × × Throughput (Mbits/s) # of slices no Concurrent Error Detection Round level Operation level Algorithm level 100.3 101.4 53.1 136.5 5486 3973 4724 4806 [20] Concurrent Error Detection

23 23 Department of Electrical and Computer Engineering AES cryptographic core and key setup SP using or not partial configuration  Key setup management is considered  Dynamic configuration  Partial and full configuration  Predefined configuration data or dynamic configuration data  Remote-configuration × × × Throughput (Mbits/s) # of slices Speed efficient 32 BRAMs [9] area efficient 8 BRAMs 353250300 4312 250 288 no partial configuration [21] partial configuration

24 24 Department of Electrical and Computer Engineering Outline  Attacks on embedded systems  Countermeasures  Reconfigurable architectures  Security and reconfigurable architectures  AES case study  Conclusions

25 25 Department of Electrical and Computer Engineering Conclusions  Configurable computing presents significant features to target high-security/high performance ambient systems  It is time to extend the vision of security using configurable computing (Configurable computing is not just hardware accelerators for security primitives)  Two complementary views to guide the designer when facing with the difficult problem of system security  Key aspects related to agility are presented and illustrated through the AES security primitive  There are still many issues to make security commonplace dealing with configurable computing and to define the overhead costs that imply security mechanisms at the hardware level

Download ppt "Department of Electrical and Computer Engineering Configurable computing for high-security/high-performance ambient systems 1 Guy Gogniat, Lilian Bossuet,"

Similar presentations

Distributed Systems Major Design Issues Presented by: Christopher Hector CS8320 – Advanced Operating Systems Spring 2007 – Section 2.6 Presentation Dr.

Distributed Systems Major Design Issues Presented by: Christopher Hector CS8320 – Advanced Operating Systems Spring 2007 – Section 2.6 Presentation Dr.
System Area Network Abhiram Shandilya 12/06/01. Overview Introduction to System Area Networks SAN Design and Examples SAN Applications.

System Area Network Abhiram Shandilya 12/06/01. Overview Introduction to System Area Networks SAN Design and Examples SAN Applications.
TIE Extensions for Cryptographic Acceleration Charles-Henri Gros Alan Keefer Ankur Singla.

TIE Extensions for Cryptographic Acceleration Charles-Henri Gros Alan Keefer Ankur Singla.
1 SECURE-PARTIAL RECONFIGURATION OF FPGAs MSc.Fisnik KRAJA Computer Engineering Department, Faculty Of Information Technology, Polytechnic University of.

1 SECURE-PARTIAL RECONFIGURATION OF FPGAs MSc.Fisnik KRAJA Computer Engineering Department, Faculty Of Information Technology, Polytechnic University of.
1 Reconfigurable Hardware Thomas Polzer 0325077. 2 Overview Definition Definition Methods Methods Devices Devices Applications Applications Problems Problems.

1 Reconfigurable Hardware Thomas Polzer Overview Definition Definition Methods Methods Devices Devices Applications Applications Problems Problems.
LAB-STICC CNRS UMR 3192 – UBS – ROMAIN VASLIN – CRYPTARCHI 2008 Memory Security Management for FPGA-based Embedded system Romain Vaslin, Guy Gogniat, Jean-Philippe.

LAB-STICC CNRS UMR 3192 – UBS – ROMAIN VASLIN – CRYPTARCHI 2008 Memory Security Management for FPGA-based Embedded system Romain Vaslin, Guy Gogniat, Jean-Philippe.
Device Tradeoffs Greg Stitt ECE Department University of Florida.

Device Tradeoffs Greg Stitt ECE Department University of Florida.
Implementation methodology for Emerging Reconfigurable Systems With minimum optimization an appreciable speedup of 3x is achievable for this program with.

Implementation methodology for Emerging Reconfigurable Systems With minimum optimization an appreciable speedup of 3x is achievable for this program with.
FPGA Implementation of Closed-Loop Control System for Small-Scale Robot.

FPGA Implementation of Closed-Loop Control System for Small-Scale Robot.
The road to reliable, autonomous distributed systems

The road to reliable, autonomous distributed systems
Chapter 13 Embedded Systems

Chapter 13 Embedded Systems
Zheming CSCE715.  A wireless sensor network (WSN) ◦ Spatially distributed sensors to monitor physical or environmental conditions, and to cooperatively.

Zheming CSCE715.  A wireless sensor network (WSN) ◦ Spatially distributed sensors to monitor physical or environmental conditions, and to cooperatively.
Preventing Piracy and Reverse Engineering of SRAM FPGAs Bitstream Lilian Bossuet 1,

Preventing Piracy and Reverse Engineering of SRAM FPGAs Bitstream Lilian Bossuet 1,
Guy Gogniat, Jean Philippe Diguet,Romain Vaslin,Tilman Wolf, Wayne Burleson, Lilian Bossuet University of South Britanny, University of Massachusetts,

Guy Gogniat, Jean Philippe Diguet,Romain Vaslin,Tilman Wolf, Wayne Burleson, Lilian Bossuet University of South Britanny, University of Massachusetts,
Data Partitioning for Reconfigurable Architectures with Distributed Block RAM Wenrui Gong Gang Wang Ryan Kastner Department of Electrical and Computer.

Data Partitioning for Reconfigurable Architectures with Distributed Block RAM Wenrui Gong Gang Wang Ryan Kastner Department of Electrical and Computer.
Storage Assignment during High-level Synthesis for Configurable Architectures Wenrui Gong Gang Wang Ryan Kastner Department of Electrical and Computer.

Storage Assignment during High-level Synthesis for Configurable Architectures Wenrui Gong Gang Wang Ryan Kastner Department of Electrical and Computer.
GallagherP188/MAPLD20041 Accelerating DSP Algorithms Using FPGAs Sean Gallagher DSP Specialist Xilinx Inc.

GallagherP188/MAPLD20041 Accelerating DSP Algorithms Using FPGAs Sean Gallagher DSP Specialist Xilinx Inc.
Project supported by YESS 2009 Young Engineering Scientist Symposium « Identity Management » Cryptography for the Security of Embedded Systems Ambient.

Project supported by YESS 2009 Young Engineering Scientist Symposium « Identity Management » Cryptography for the Security of Embedded Systems Ambient.
RRB/STS ORNL Workshop Integrated Hardware/Software Security Support R. R. BrooksSam T. Sander Associate ProfessorAssistant Professor Holcombe Department.

RRB/STS ORNL Workshop Integrated Hardware/Software Security Support R. R. BrooksSam T. Sander Associate ProfessorAssistant Professor Holcombe Department.
Juanjo Noguera Xilinx Research Labs Dublin, Ireland Ahmed Al-Wattar Irwin O. Irwin O. Kennedy Alcatel-Lucent Dublin, Ireland.

Juanjo Noguera Xilinx Research Labs Dublin, Ireland Ahmed Al-Wattar Irwin O. Irwin O. Kennedy Alcatel-Lucent Dublin, Ireland.

Similar presentations

Ads by Google