Presentation is loading. Please wait.

Presentation is loading. Please wait.

R ECONFIGURABLE H ARDWARE FOR H IGH - SECURITY /H IGH -P ERFORMANCE E MBEDDED S YSTEMS : T HE SAFES P ERSPECTIVE Guy Gogniat, Tilman Wolf, Wayne Burleson,

Similar presentations


Presentation on theme: "R ECONFIGURABLE H ARDWARE FOR H IGH - SECURITY /H IGH -P ERFORMANCE E MBEDDED S YSTEMS : T HE SAFES P ERSPECTIVE Guy Gogniat, Tilman Wolf, Wayne Burleson,"— Presentation transcript:

1 R ECONFIGURABLE H ARDWARE FOR H IGH - SECURITY /H IGH -P ERFORMANCE E MBEDDED S YSTEMS : T HE SAFES P ERSPECTIVE Guy Gogniat, Tilman Wolf, Wayne Burleson, Jean- Philippe Diguet, Lilian Bossuet and Roman Baslin Presented by: Wei Zang Xin Guan Mar. 03, 2010

2 T HE TOPIC ( R ECONFIGURABLE H ARDWARE FOR H IGH - SECURITY /H IGH - P ERFORMANCE E MBEDDED S YSTEMS : T HE SAFES P ERSPECTIVE ) SAFES? –Security Security architecture for embedded systems Purpose? Provide high-Security and high-performance for a system Built on reconfigurable hardware - FPGA 2

3 O UTLINE Attacks and countermeasures on embedded systems SAFES Architecture RC6 Architecture Monitoring for Performance Policy AES Datapath Implementation Comparison 3

4 O UTLINE Attacks and countermeasures on embedded systems SAFES Architecture RC6 Architecture Monitoring for Performance Policy AES Datapath Implementation Comparison 4

5 S ECURITY AND A TTACKS Security objective Protection of private data, design and the system Attacks objectives Break security in order to Access, change or destroy private data Change some module, copy or destroy design Change behavior or destroy the system Challenges ( attack point ) Tamper resistance Facing increasing number of attacks from physical to software Assurance Continue to operate reliably despite attacks 5

6 A TTACKS AGAINST EMBEDDED SYSTEMS 6 Software attacks Worm, virus, Trojan horse Hardware Physical irreversible attacks (Active) Chip cutting, chemical attack etc. Physical reversible attacks (Active) Glitch clock, Fault injection, Variation of V or T Side-channel (Passive) Timing, power or EM analysis to extrate of secrets

7 W HY R ECONFIGURABLE ARCHITECTURES ? Potential advantages of configurable computing for efficiency Specialization : design the system for a specific set of parameters Resource sharing : temporal resources sharing Throughput : high parallelism and deep pipeline implementation is possible Potential advantages of configurable computing for security System Agility : switching from one protection mechanism to another, balance protection mechanisms depending on requirements System Upgrade : upgrade of the protection mechanisms Configurable computing enables Dynamic Configuration at Run Time To react and adapt rapidly to an irregular situation 7

8 O UTLINE Attacks and countermeasures on embedded systems SAFES Architecture RC6 Architecture Monitoring for Performance Policy AES Datapath Implementation Comparison 8

9 SAFES A RCHITECTURE 9 Verification and protection are not inside the application Can be updated dynamically depending on the application running on the system

10 R ECONFIGURABLE A RCHITECTURE Security primitive Performs a security algorithms (Cryptograph, key management) Goals Speedup the computation of security algorithm Provide flexibility to be able to update the primitive or to switch from one primitive to another Provide various tradeoffs: throughput, area, latency, reliability, power, energy and real time constraints 10

11 O PERATION OF THE P RIMITIVE 11 011001101101 Battery level Channel quality Parameter space Key size Throughput Pipe stage Key size Throughput Pipe stage ready normal

12 Changes comes from: Attacks SSC manage Interrupt SPC when irregular activity detected (hijacking, denial of service, secret information extraction) Response: reconfigure with a trusted configuration, enhance fault tolerance to guarantee functionality, stall I/O of the primitive Performance requirement SPC manage flexibility Performance tradeoff (throughput versus energy) Better energy-efficiency: when low battery level or decreased channel quality, SPC reconfigure primitive with lower throughput Guarantee throughput: SPC keeps the same parameters 12

13 O UTLINE Attacks and countermeasures on embedded systems SAFES Architecture RC6 Architecture Monitoring for Performance Policy AES Datapath Implementation Comparison 13

14 RC6 Case Study RC6 and AES are two major cryptography algorithms in secure private communication over the Internet. Process a block of data with block size 128 bit. Different Key Sizes, 128 bit, 192 bit, and 256 bit. Primitive operation, includes data-dependent rotations, modular addition and XOR operations, 32 bit multiplication. 14

15 RC6 Introduction Key Schedule Key Expansion Key Transmission 15

16 Plaintext Input Divide Save RC6 Introduction 16

17 Encryption RC6 Introduction 17

18 1st Round Repeat 10 Rounds A B C D final RC6 Introduction Encryption 18

19 2-stage Reconfigurable RC6 architecture- Pipelining 19 Pipeline Stage 1 Pipeline Stage 2

20 3-stage Reconfigurable RC6 architecture- Pipelining 20 Pipeline Stage 1 Pipeline Stage 2 Pipeline Stage 3

21 4-stage Reconfigurable RC6 architecture- Pipelining 21 PS1 PS2 PS3 PS4

22 Architecture Comparison 22

23 Closed Loop Control Observer Averaging Decision Making 23

24 Closed Loop Control 24

25 O UTLINE Attacks and countermeasures on embedded systems SAFES Architecture RC6 Architecture Monitoring for Performance Policy AES Datapath Implementation Comparison 25

26 An encryption standard adopted by the U.S. government. Each AES cipher has a 128-bit block size, with key sizes of 128, 192 and 256 bits AES operates on a 4×4 array of bytes, termed the state. AES cipher is specified as a number of repetitions of transformation rounds that convert the input plaintext into the final output of ciphertext. AES Case Study 26

27 Key Schedule 128 bits User Supplied Key is used to generate 10 sets of Round Key AES Introduction 27

28 Plaintext Input A 128 bits Input data block is fit into the 4*4 Byte matrix, called state AES Introduction 28

29 Round Operation SubBytes ShiftRows MixColumns AddRoundKey AES Introduction 29

30 Dataflow Initial Round Repeated Round Output AES Introduction 30

31 Fault Detection Architecture Expected Parity Computation Parity Check Reconfigurable AES Architecture 31

32 Fault Tolerant Architecture TMR (Triple Modular Redundancy) High overhead Reconfigurable AES Architecture 32

33 With small overhead and improved reliability, fault detection system can be set as default design. Due to the high overhead, fault tolerant system can be used cautiously. Architecture Comparison 33

34 Architecture Comparison 34

35 Reconfiguration Time The dynamic reconfiguration is accomplished by ICAP interface. The clock of ICAP interface of our FPGA is 50 MHz. Assume write one Byte Configuration data for one cycle. For AES encryption, the partial bit-streams required by fault detection system is 356 kB, which leads to the reconfiguration time nearly 7 ms. SAFES 35

36 C ONCLUSIONS SAFES Based on reconfigurable hardware to provide high performance and flexibility and relies on hardware monitors to build instruction detection systems Includes: Reconfigurable security primitives Reconfigurable hardware monitors Hierarchy of secure controllers at the primitive, system and executive level Cases on RC6 and AES The flexibility of our solution enables the realization of an energy-efficient system while addressing the security issue. 36


Download ppt "R ECONFIGURABLE H ARDWARE FOR H IGH - SECURITY /H IGH -P ERFORMANCE E MBEDDED S YSTEMS : T HE SAFES P ERSPECTIVE Guy Gogniat, Tilman Wolf, Wayne Burleson,"

Similar presentations


Ads by Google