R ECONFIGURABLE H ARDWARE FOR H IGH - SECURITY /H IGH -P ERFORMANCE E MBEDDED S YSTEMS : T HE SAFES...
-
Upload
chloe-norton -
Category
Documents
-
view
236 -
download
0
Transcript of R ECONFIGURABLE H ARDWARE FOR H IGH - SECURITY /H IGH -P ERFORMANCE E MBEDDED S YSTEMS : T HE SAFES...
![Page 1: R ECONFIGURABLE H ARDWARE FOR H IGH - SECURITY /H IGH -P ERFORMANCE E MBEDDED S YSTEMS : T HE SAFES P ERSPECTIVE Guy Gogniat, Tilman Wolf, Wayne Burleson,](https://reader031.fdocuments.us/reader031/viewer/2022012406/56649f525503460f94c76ae9/html5/thumbnails/1.jpg)
RECONFIGURABLE HARDWARE FOR HIGH-SECURITY/HIGH-PERFORMANCE EMBEDDED
SYSTEMS: THE SAFES PERSPECTIVE
Guy Gogniat, Tilman Wolf, Wayne Burleson, Jean-Philippe Diguet, Lilian Bossuet and Roman Baslin
Presented by:Wei ZangXin GuanMar. 03, 2010
![Page 2: R ECONFIGURABLE H ARDWARE FOR H IGH - SECURITY /H IGH -P ERFORMANCE E MBEDDED S YSTEMS : T HE SAFES P ERSPECTIVE Guy Gogniat, Tilman Wolf, Wayne Burleson,](https://reader031.fdocuments.us/reader031/viewer/2022012406/56649f525503460f94c76ae9/html5/thumbnails/2.jpg)
THE TOPIC(RECONFIGURABLE HARDWARE FOR HIGH-SECURITY/HIGH-PERFORMANCE EMBEDDED SYSTEMS: THE SAFES
PERSPECTIVE)
SAFES? –SecuritySecurity architecture for embedded systems
Purpose? Provide high-Security and high-performance
for a system Built on reconfigurable hardware - FPGA
2
![Page 3: R ECONFIGURABLE H ARDWARE FOR H IGH - SECURITY /H IGH -P ERFORMANCE E MBEDDED S YSTEMS : T HE SAFES P ERSPECTIVE Guy Gogniat, Tilman Wolf, Wayne Burleson,](https://reader031.fdocuments.us/reader031/viewer/2022012406/56649f525503460f94c76ae9/html5/thumbnails/3.jpg)
OUTLINE
Attacks and countermeasures on embedded systems
SAFES Architecture
RC6 Architecture Monitoring for Performance Policy
AES Datapath Implementation Comparison
3
![Page 4: R ECONFIGURABLE H ARDWARE FOR H IGH - SECURITY /H IGH -P ERFORMANCE E MBEDDED S YSTEMS : T HE SAFES P ERSPECTIVE Guy Gogniat, Tilman Wolf, Wayne Burleson,](https://reader031.fdocuments.us/reader031/viewer/2022012406/56649f525503460f94c76ae9/html5/thumbnails/4.jpg)
OUTLINE
Attacks and countermeasures on embedded systems
SAFES Architecture
RC6 Architecture Monitoring for Performance Policy
AES Datapath Implementation Comparison
4
![Page 5: R ECONFIGURABLE H ARDWARE FOR H IGH - SECURITY /H IGH -P ERFORMANCE E MBEDDED S YSTEMS : T HE SAFES P ERSPECTIVE Guy Gogniat, Tilman Wolf, Wayne Burleson,](https://reader031.fdocuments.us/reader031/viewer/2022012406/56649f525503460f94c76ae9/html5/thumbnails/5.jpg)
SECURITY AND ATTACKS
Security objective Protection of private data, design and the system
Attacks objectives Break security in order to
Access, change or destroy private data Change some module, copy or destroy design Change behavior or destroy the system
Challenges ( attack point ) Tamper resistance
Facing increasing number of attacks from physical to software
Assurance Continue to operate reliably despite attacks
5
![Page 6: R ECONFIGURABLE H ARDWARE FOR H IGH - SECURITY /H IGH -P ERFORMANCE E MBEDDED S YSTEMS : T HE SAFES P ERSPECTIVE Guy Gogniat, Tilman Wolf, Wayne Burleson,](https://reader031.fdocuments.us/reader031/viewer/2022012406/56649f525503460f94c76ae9/html5/thumbnails/6.jpg)
ATTACKS AGAINST EMBEDDED SYSTEMS
6
Software attacks
Worm, virus, Trojan horse
Hardware
Physical irreversible attacks (Active)
Chip cutting, chemical attack etc.
Physical reversible attacks (Active)
Glitch clock, Fault injection,
Variation of V or T
Side-channel (Passive)
Timing, power or EM analysis
to extrate of secrets
![Page 7: R ECONFIGURABLE H ARDWARE FOR H IGH - SECURITY /H IGH -P ERFORMANCE E MBEDDED S YSTEMS : T HE SAFES P ERSPECTIVE Guy Gogniat, Tilman Wolf, Wayne Burleson,](https://reader031.fdocuments.us/reader031/viewer/2022012406/56649f525503460f94c76ae9/html5/thumbnails/7.jpg)
WHY RECONFIGURABLE ARCHITECTURES? Potential advantages of configurable computing for
efficiency Specialization: design the system for a specific set of
parameters Resource sharing: temporal resources sharing Throughput: high parallelism and deep pipeline
implementation is possible
Potential advantages of configurable computing for security System Agility: switching from one protection mechanism
to another, balance protection mechanisms depending on requirements
System Upgrade: upgrade of the protection mechanisms
Configurable computing enables Dynamic Configuration at Run Time To react and adapt rapidly to an irregular situation
7
![Page 8: R ECONFIGURABLE H ARDWARE FOR H IGH - SECURITY /H IGH -P ERFORMANCE E MBEDDED S YSTEMS : T HE SAFES P ERSPECTIVE Guy Gogniat, Tilman Wolf, Wayne Burleson,](https://reader031.fdocuments.us/reader031/viewer/2022012406/56649f525503460f94c76ae9/html5/thumbnails/8.jpg)
OUTLINE
Attacks and countermeasures on embedded systems
SAFES Architecture
RC6 Architecture Monitoring for Performance Policy
AES Datapath Implementation Comparison
8
![Page 9: R ECONFIGURABLE H ARDWARE FOR H IGH - SECURITY /H IGH -P ERFORMANCE E MBEDDED S YSTEMS : T HE SAFES P ERSPECTIVE Guy Gogniat, Tilman Wolf, Wayne Burleson,](https://reader031.fdocuments.us/reader031/viewer/2022012406/56649f525503460f94c76ae9/html5/thumbnails/9.jpg)
SAFES ARCHITECTURE
9 Verification and protection are not inside the application Can be updated dynamically depending on the application
running on the system
![Page 10: R ECONFIGURABLE H ARDWARE FOR H IGH - SECURITY /H IGH -P ERFORMANCE E MBEDDED S YSTEMS : T HE SAFES P ERSPECTIVE Guy Gogniat, Tilman Wolf, Wayne Burleson,](https://reader031.fdocuments.us/reader031/viewer/2022012406/56649f525503460f94c76ae9/html5/thumbnails/10.jpg)
RECONFIGURABLE ARCHITECTURE Security primitive
Performs a security algorithms (Cryptograph, key management)
Goals Speedup the computation of security algorithm Provide flexibility to be able to update the primitive or to switch
from one primitive to another Provide various tradeoffs: throughput, area, latency, reliability,
power, energy and real time constraints
10
![Page 11: R ECONFIGURABLE H ARDWARE FOR H IGH - SECURITY /H IGH -P ERFORMANCE E MBEDDED S YSTEMS : T HE SAFES P ERSPECTIVE Guy Gogniat, Tilman Wolf, Wayne Burleson,](https://reader031.fdocuments.us/reader031/viewer/2022012406/56649f525503460f94c76ae9/html5/thumbnails/11.jpg)
OPERATION OF THE PRIMITIVE
11
011001
101101
Battery levelChannel quality
Parameter spaceKey sizeThroughput Pipe stage
Key sizeThroughput Pipe stage
ready
normal
![Page 12: R ECONFIGURABLE H ARDWARE FOR H IGH - SECURITY /H IGH -P ERFORMANCE E MBEDDED S YSTEMS : T HE SAFES P ERSPECTIVE Guy Gogniat, Tilman Wolf, Wayne Burleson,](https://reader031.fdocuments.us/reader031/viewer/2022012406/56649f525503460f94c76ae9/html5/thumbnails/12.jpg)
Changes comes from: Attacks
SSC manage Interrupt SPC when irregular activity detected (hijacking,
denial of service, secret information extraction) Response: reconfigure with a trusted configuration, enhance
fault tolerance to guarantee functionality, stall I/O of the primitive
Performance requirement SPC manage flexibility Performance tradeoff (throughput versus energy)
Better energy-efficiency: when low battery level or decreased channel quality, SPC reconfigure primitive with lower throughput
Guarantee throughput: SPC keeps the same parameters
12
![Page 13: R ECONFIGURABLE H ARDWARE FOR H IGH - SECURITY /H IGH -P ERFORMANCE E MBEDDED S YSTEMS : T HE SAFES P ERSPECTIVE Guy Gogniat, Tilman Wolf, Wayne Burleson,](https://reader031.fdocuments.us/reader031/viewer/2022012406/56649f525503460f94c76ae9/html5/thumbnails/13.jpg)
OUTLINE
Attacks and countermeasures on embedded systems
SAFES Architecture
RC6 Architecture Monitoring for Performance Policy
AES Datapath Implementation Comparison
13
![Page 14: R ECONFIGURABLE H ARDWARE FOR H IGH - SECURITY /H IGH -P ERFORMANCE E MBEDDED S YSTEMS : T HE SAFES P ERSPECTIVE Guy Gogniat, Tilman Wolf, Wayne Burleson,](https://reader031.fdocuments.us/reader031/viewer/2022012406/56649f525503460f94c76ae9/html5/thumbnails/14.jpg)
RC6 Case Study
RC6 and AES are two major cryptography algorithms in secure private communication over the Internet.
Process a block of data with block size 128 bit. Different Key Sizes, 128 bit, 192 bit, and 256
bit. Primitive operation, includes data-dependent
rotations, modular addition and XOR operations, 32 bit multiplication.
14
![Page 15: R ECONFIGURABLE H ARDWARE FOR H IGH - SECURITY /H IGH -P ERFORMANCE E MBEDDED S YSTEMS : T HE SAFES P ERSPECTIVE Guy Gogniat, Tilman Wolf, Wayne Burleson,](https://reader031.fdocuments.us/reader031/viewer/2022012406/56649f525503460f94c76ae9/html5/thumbnails/15.jpg)
RC6 Introduction
Key Schedule
Key Expansion
Key Transmission
15
![Page 16: R ECONFIGURABLE H ARDWARE FOR H IGH - SECURITY /H IGH -P ERFORMANCE E MBEDDED S YSTEMS : T HE SAFES P ERSPECTIVE Guy Gogniat, Tilman Wolf, Wayne Burleson,](https://reader031.fdocuments.us/reader031/viewer/2022012406/56649f525503460f94c76ae9/html5/thumbnails/16.jpg)
Plaintext Input
Divide
Save
RC6 Introduction
16
![Page 17: R ECONFIGURABLE H ARDWARE FOR H IGH - SECURITY /H IGH -P ERFORMANCE E MBEDDED S YSTEMS : T HE SAFES P ERSPECTIVE Guy Gogniat, Tilman Wolf, Wayne Burleson,](https://reader031.fdocuments.us/reader031/viewer/2022012406/56649f525503460f94c76ae9/html5/thumbnails/17.jpg)
Encryption
RC6 Introduction
17
![Page 18: R ECONFIGURABLE H ARDWARE FOR H IGH - SECURITY /H IGH -P ERFORMANCE E MBEDDED S YSTEMS : T HE SAFES P ERSPECTIVE Guy Gogniat, Tilman Wolf, Wayne Burleson,](https://reader031.fdocuments.us/reader031/viewer/2022012406/56649f525503460f94c76ae9/html5/thumbnails/18.jpg)
1st Round
Repeat 10 Rounds
A B C D
A B C D
final
RC6 Introduction
Encryption
18
![Page 19: R ECONFIGURABLE H ARDWARE FOR H IGH - SECURITY /H IGH -P ERFORMANCE E MBEDDED S YSTEMS : T HE SAFES P ERSPECTIVE Guy Gogniat, Tilman Wolf, Wayne Burleson,](https://reader031.fdocuments.us/reader031/viewer/2022012406/56649f525503460f94c76ae9/html5/thumbnails/19.jpg)
2-stage
Reconfigurable RC6 architecture-Pipelining
19
Pipeline Stage 1
Pipeline Stage 2
![Page 20: R ECONFIGURABLE H ARDWARE FOR H IGH - SECURITY /H IGH -P ERFORMANCE E MBEDDED S YSTEMS : T HE SAFES P ERSPECTIVE Guy Gogniat, Tilman Wolf, Wayne Burleson,](https://reader031.fdocuments.us/reader031/viewer/2022012406/56649f525503460f94c76ae9/html5/thumbnails/20.jpg)
3-stage
Reconfigurable RC6 architecture-Pipelining
20
Pipeline Stage 1
Pipeline Stage 2
Pipeline Stage 3
![Page 21: R ECONFIGURABLE H ARDWARE FOR H IGH - SECURITY /H IGH -P ERFORMANCE E MBEDDED S YSTEMS : T HE SAFES P ERSPECTIVE Guy Gogniat, Tilman Wolf, Wayne Burleson,](https://reader031.fdocuments.us/reader031/viewer/2022012406/56649f525503460f94c76ae9/html5/thumbnails/21.jpg)
4-stage
Reconfigurable RC6 architecture-Pipelining
21
PS1
PS2
PS3
PS4
![Page 22: R ECONFIGURABLE H ARDWARE FOR H IGH - SECURITY /H IGH -P ERFORMANCE E MBEDDED S YSTEMS : T HE SAFES P ERSPECTIVE Guy Gogniat, Tilman Wolf, Wayne Burleson,](https://reader031.fdocuments.us/reader031/viewer/2022012406/56649f525503460f94c76ae9/html5/thumbnails/22.jpg)
Architecture Comparison
22
![Page 23: R ECONFIGURABLE H ARDWARE FOR H IGH - SECURITY /H IGH -P ERFORMANCE E MBEDDED S YSTEMS : T HE SAFES P ERSPECTIVE Guy Gogniat, Tilman Wolf, Wayne Burleson,](https://reader031.fdocuments.us/reader031/viewer/2022012406/56649f525503460f94c76ae9/html5/thumbnails/23.jpg)
Closed Loop Control
Observer Averaging Decision Making
23
![Page 24: R ECONFIGURABLE H ARDWARE FOR H IGH - SECURITY /H IGH -P ERFORMANCE E MBEDDED S YSTEMS : T HE SAFES P ERSPECTIVE Guy Gogniat, Tilman Wolf, Wayne Burleson,](https://reader031.fdocuments.us/reader031/viewer/2022012406/56649f525503460f94c76ae9/html5/thumbnails/24.jpg)
Closed Loop Control
24
![Page 25: R ECONFIGURABLE H ARDWARE FOR H IGH - SECURITY /H IGH -P ERFORMANCE E MBEDDED S YSTEMS : T HE SAFES P ERSPECTIVE Guy Gogniat, Tilman Wolf, Wayne Burleson,](https://reader031.fdocuments.us/reader031/viewer/2022012406/56649f525503460f94c76ae9/html5/thumbnails/25.jpg)
OUTLINE
Attacks and countermeasures on embedded systems
SAFES Architecture
RC6 Architecture Monitoring for Performance Policy
AES Datapath Implementation Comparison
25
![Page 26: R ECONFIGURABLE H ARDWARE FOR H IGH - SECURITY /H IGH -P ERFORMANCE E MBEDDED S YSTEMS : T HE SAFES P ERSPECTIVE Guy Gogniat, Tilman Wolf, Wayne Burleson,](https://reader031.fdocuments.us/reader031/viewer/2022012406/56649f525503460f94c76ae9/html5/thumbnails/26.jpg)
An encryption standard adopted by the U.S. government.
Each AES cipher has a 128-bit block size, with key sizes of 128, 192 and 256 bits
AES operates on a 4×4 array of bytes, termed the state.
AES cipher is specified as a number of repetitions of transformation rounds that convert the input plaintext into the final output of ciphertext.
AES Case Study
26
![Page 27: R ECONFIGURABLE H ARDWARE FOR H IGH - SECURITY /H IGH -P ERFORMANCE E MBEDDED S YSTEMS : T HE SAFES P ERSPECTIVE Guy Gogniat, Tilman Wolf, Wayne Burleson,](https://reader031.fdocuments.us/reader031/viewer/2022012406/56649f525503460f94c76ae9/html5/thumbnails/27.jpg)
Key Schedule 128 bits User Supplied Key
is used to generate 10 sets of Round Key
b11 b12 b13 b14
b21 b22 b23 b24
b31 b32 b33 b34
b41 b42 b43 b44
8 bit
32 bit
AES Introduction
27
![Page 28: R ECONFIGURABLE H ARDWARE FOR H IGH - SECURITY /H IGH -P ERFORMANCE E MBEDDED S YSTEMS : T HE SAFES P ERSPECTIVE Guy Gogniat, Tilman Wolf, Wayne Burleson,](https://reader031.fdocuments.us/reader031/viewer/2022012406/56649f525503460f94c76ae9/html5/thumbnails/28.jpg)
Plaintext Input
A 128 bits Input data block is fit into the 4*4 Byte matrix, called state
AES Introduction
28
![Page 29: R ECONFIGURABLE H ARDWARE FOR H IGH - SECURITY /H IGH -P ERFORMANCE E MBEDDED S YSTEMS : T HE SAFES P ERSPECTIVE Guy Gogniat, Tilman Wolf, Wayne Burleson,](https://reader031.fdocuments.us/reader031/viewer/2022012406/56649f525503460f94c76ae9/html5/thumbnails/29.jpg)
Round Operation SubBytes ShiftRows MixColumns AddRoundKey
AES Introduction
29
![Page 30: R ECONFIGURABLE H ARDWARE FOR H IGH - SECURITY /H IGH -P ERFORMANCE E MBEDDED S YSTEMS : T HE SAFES P ERSPECTIVE Guy Gogniat, Tilman Wolf, Wayne Burleson,](https://reader031.fdocuments.us/reader031/viewer/2022012406/56649f525503460f94c76ae9/html5/thumbnails/30.jpg)
Dataflow
Initial Round
Repeated Round
Output
AES Introduction
30
![Page 31: R ECONFIGURABLE H ARDWARE FOR H IGH - SECURITY /H IGH -P ERFORMANCE E MBEDDED S YSTEMS : T HE SAFES P ERSPECTIVE Guy Gogniat, Tilman Wolf, Wayne Burleson,](https://reader031.fdocuments.us/reader031/viewer/2022012406/56649f525503460f94c76ae9/html5/thumbnails/31.jpg)
Fault Detection Architecture
Expected Parity Computation
Parity Check
Reconfigurable AES Architecture
31
![Page 32: R ECONFIGURABLE H ARDWARE FOR H IGH - SECURITY /H IGH -P ERFORMANCE E MBEDDED S YSTEMS : T HE SAFES P ERSPECTIVE Guy Gogniat, Tilman Wolf, Wayne Burleson,](https://reader031.fdocuments.us/reader031/viewer/2022012406/56649f525503460f94c76ae9/html5/thumbnails/32.jpg)
Fault Tolerant Architecture
TMR (Triple Modular Redundancy)
High overhead
Reconfigurable AES Architecture
32
![Page 33: R ECONFIGURABLE H ARDWARE FOR H IGH - SECURITY /H IGH -P ERFORMANCE E MBEDDED S YSTEMS : T HE SAFES P ERSPECTIVE Guy Gogniat, Tilman Wolf, Wayne Burleson,](https://reader031.fdocuments.us/reader031/viewer/2022012406/56649f525503460f94c76ae9/html5/thumbnails/33.jpg)
With small overhead and improved reliability, fault detection system can be set as default design. Due to the high overhead, fault tolerant system can be used cautiously.
Architecture Comparison
33
![Page 34: R ECONFIGURABLE H ARDWARE FOR H IGH - SECURITY /H IGH -P ERFORMANCE E MBEDDED S YSTEMS : T HE SAFES P ERSPECTIVE Guy Gogniat, Tilman Wolf, Wayne Burleson,](https://reader031.fdocuments.us/reader031/viewer/2022012406/56649f525503460f94c76ae9/html5/thumbnails/34.jpg)
Architecture Comparison
34
![Page 35: R ECONFIGURABLE H ARDWARE FOR H IGH - SECURITY /H IGH -P ERFORMANCE E MBEDDED S YSTEMS : T HE SAFES P ERSPECTIVE Guy Gogniat, Tilman Wolf, Wayne Burleson,](https://reader031.fdocuments.us/reader031/viewer/2022012406/56649f525503460f94c76ae9/html5/thumbnails/35.jpg)
Reconfiguration Time The dynamic reconfiguration is accomplished by ICAP
interface. The clock of ICAP interface of our FPGA is 50 MHz. Assume write one Byte Configuration data for one cycle. For AES encryption, the partial bit-streams required by fault detection system is 356 kB, which leads to the reconfiguration time nearly 7 ms.
SAFES
35
3560.7
50 /
Data Size kBT ms
Data Rate MB s
![Page 36: R ECONFIGURABLE H ARDWARE FOR H IGH - SECURITY /H IGH -P ERFORMANCE E MBEDDED S YSTEMS : T HE SAFES P ERSPECTIVE Guy Gogniat, Tilman Wolf, Wayne Burleson,](https://reader031.fdocuments.us/reader031/viewer/2022012406/56649f525503460f94c76ae9/html5/thumbnails/36.jpg)
CONCLUSIONS
SAFES Based on reconfigurable hardware to provide high
performance and flexibility and relies on hardware monitors to build instruction detection systems
Includes: Reconfigurable security primitives Reconfigurable hardware monitors Hierarchy of secure controllers at the primitive, system and
executive level
Cases on RC6 and AES The flexibility of our solution enables the realization of
an energy-efficient system while addressing the security issue. 36