Department of Electrical and Computer Engineering
Configurable computing for high-security/high-performance
ambient systems 1
Guy Gogniat, Lilian Bossuet,
LESTER Laboratory,University of South Britanny (UBS),
Lorient, [email protected]; [email protected]
1This research This work is supported by the French DGA DSP/SREA under contract no. ERE 0460 00 010
Wayne Burleson,
Department of Electrical and Computer Engineering,
University of Massachusetts, Amherst, MA 01003-9284 USA
2Department of Electrical and Computer Engineering
Outline
Attacks and countermeasures on embedded systems
Reconfigurable architectures Security and reconfigurable architectures AES case study Conclusions
3Department of Electrical and Computer Engineering
Outline
Attacks and countermeasures on embedded systems
Reconfigurable architectures Security and reconfigurable architectures AES case study Conclusions
4Department of Electrical and Computer Engineering
Security and attacks Security Objectives
• Security is required in order to guaranty:• The protection of private data
(typically key, PIN, secret or confidential data)• The protection of the design
(typically some IPs)• The protection of the system
(typically its functionality, so that nobody else can control the system)
Attack Objectives• Attacks aim to break security in order to get access
to:• Private data so that changing some values,
copying the data or destroying the data• The design so that changing some modules,
copying the design or destroying the design• The system so that changing its behavior or
destroying the system
5Department of Electrical and Computer Engineering
Promity-based Hardware attacks Power or EM analysis
Attacks on Embedded Systems
RAM
Remote software attacks
Worm, virus, Trojan horse
Reversible proximity-based attacks
Fault injection
Proximity-based hardware attacks
Tampering
RAMKEY
RSA
AES
µP
turbo code
6Department of Electrical and Computer Engineering
Countermeasures
Designers should have in mind…
Symptom-free
Security-aware
Activity-aware
Agile
Robust
Throughput
Efficiency
Latency
Area
Power
Energy
Cost
Performance issues
Security issues
High-SecurityHigh-Performance
System
7Department of Electrical and Computer Engineering
Outline
Attacks and countermeasures on embedded systems
Reconfigurable architectures Security and reconfigurable architectures AES case study Conclusions
8Department of Electrical and Computer Engineering
Why reconfigurable architectures?
Potential advantages of configurable computing for security• System Agility: switching from one protection mechanism to
another, balance protection mechanisms depending on requirements• System Upload: upgrade of the protection mechanisms
Potential advantages of configurable computing for efficiency (and particularly for the security system) • Specialization: design the system for a specific set of parameters• Resource sharing: temporal resources sharing• Throughput: high parallelism and deep pipeline implementation is
possible
Configurable computing enables Dynamic Configuration at Run Time• To react and adapt rapidly to an irregular situation
9Department of Electrical and Computer Engineering
Cryptography onto FPGA ?Energy efficiency of embedded technologies
P. Schaumont, I. Verbauwhede. Domain-Specific Codesign for Embedded Security.In IEEE Computer Society, 2003
University of California, UCLAprocessorsFPGAASIC
10Department of Electrical and Computer Engineering
Advantages of reconfigurable architectures
Active - Irreversible
Passive – Side channel
RobustnessActivity-awareness
AgilitySymptom-free
Security-awarenessActivity-awareness
Attack type Countermeasure Configurable computingadvantages
Technology/SensorsSystem agility
System agilitySystem upload
High performance
Active - ReversibleSecurity-awarenessActivity-awareness
SensorsSystem agilitySystem upload
High performance
11Department of Electrical and Computer Engineering
Outline
Attacks and countermeasures on embedded systems
Reconfigurable architectures
Security and reconfigurable architectures
AES case study Conclusions
12Department of Electrical and Computer Engineering
• Configurable Computing Security Space: This space highlights the issues that must be addressed to build secure systems
• Configurable Computing Security Hierarchy: This hierarchy highlights that security must be addressed at all layers of the systems
The security issue with configurable computing can be seen through two complementary views:
Security and reconfigurable architectures
Processor core
Mem
ory
Co-processor
Co-processor
Accelerator
Cryptography
Mem
oryConfigurable
SecurityPrimitive
ConfigurableDesign Security
Secure Configurable
System
Attacks
Technology
13Department of Electrical and Computer Engineering
Configurable Computing Security Space
Attacks
Secure Configurable System• The whole system is
configurable. The security is provided by the agility of the whole system
Attacks
Configurable Design Security• Protect the configurable
computing configuration
Attacks Configurable Security Primitive
• Use configurable computing primitive to protect a system, the module is seen as an agile hardware unit
14Department of Electrical and Computer Engineering
Configurable Security Primitive The configurable security primitive
is a part of the whole system and performs some security primitives
A system generally embeds several configurable security primitives
Its goal is to:• Speedup the computation of the
security primitive compared to a software execution
• Provide agility compared to an ASIC implementation
• Provide various tradeoffs in terms of delay, area, latency, reliability and power
• Provide various levels of configurability depending on the granularity of the underlying configurable architecture
Security primitive
Security Primitive Controller
Configurable Security Primitive
Configurable System
Environment input data
From system input data
Environment output data
To system output data
15Department of Electrical and Computer Engineering
SSC
Configurable System
SSC
SSCSSC
SSCConfigurable
Security Primitive
Configurable Security Primitive
Configurable Security Primitive
Configurable Security Primitive
Secure Configurable System To build Secure Configurable System
three main points must be addressed:• Security-awareness• Activity-awareness• Agility
Distributed agents (System Security Controllers) can work independently or together. They monitor the system activity and take the decision to reconfigure a part or the whole system
Different levels of reaction can be considered depending of the type of attack : • reflex (performed by a single SSC)• global (performed after a system level
analysis). Reaction time can be critical, in that case reflex reconfiguration must be performed
16Department of Electrical and Computer Engineering
Configurable Design Security Configurable computing
module/system is defined through configuration data• Each hardware execution context
is defined through a specific configuration data
The configuration data represents the design of the module/system• The configuration data may
contain private information and needs to be protected
The design security is provided through cryptography (Confidentiality, Data integrity, Authentication)• It needs a configurable security
moduleSource : Altera, Design Security in Stratix II Deviceshttp://www.altera.com/products/devices/stratix2/features/security/st2-security.html
17Department of Electrical and Computer Engineering
Outline
Attacks on embedded systems Countermeasures Reconfigurable architectures Security and reconfigurable architectures
AES case study Conclusions
18Department of Electrical and Computer Engineering
Agility leverages security
At the system and architectural level (Secure Configurable System and Configurable security module) agility is provided through reconfiguration
How can it be performed? Need to deal with these points:• Self-reconfiguration or Remote-reconfiguration• Partial or full reconfiguration, Dynamic or static reconfiguration• Predefined configuration data or dynamic configuration data• Reconfiguration time• Configuration memory• Communication links• Configuration controller (what is the policy?)
19Department of Electrical and Computer Engineering
AES (Rijndael) Security Primitive agility case study To illustrate the concepts related to agility we propose in the
following slides an analysis of a Security Primitive (SP)
All the implementations have been performed on Xilinx Virtex FPGA
Various area/throughput/reliability tradeoffs:• AES cryptographic core SP with BRAMs on non-feedback mode• AES cryptographic core SP without BRAMs on feedback and non-
feedback modes• AES cryptographic core SP with and without concurrent error
detection mechanism on feedback mode• AES cryptographic core and key setup SP using or not partial
configuration
20Department of Electrical and Computer Engineering
AES cryptographic core SP with BRAMs on non-feedback mode
Key setup management is not considered
Static and full configuration Predefined configuration data Remote-configuration Various area/throughput
tradeoffs
××
×
Throughput (Gbits/s)
# of slices
[15]
80 BRAMs
100 BRAMs ×84 BRAMs
× [16]
12600
22222784
5177
5810
21.54
11.77
12.1
6.95
20.3
[14]
[13]
[17]
21Department of Electrical and Computer Engineering
AES cryptographic core SP without BRAMs on feedback and non-feedback modes
Key setup management is not considered
Static and full configuration Predefined configuration data Remote-configuration Various area/throughput tradeoffs
×
×
Throughput (Gbits/s)
# of slices
[18]
[13]
×[17]
×[19]
×[8]
×[9]
×[8]
21.54
17.8
18.56
1511212450
1099210750
1.94
2507
3528
5673
0.414
0.353
0.294
non-feedback mode
feedback mode
22Department of Electrical and Computer Engineering
AES cryptographic core SP with and without concurrent error detection mechanism on feedback mode
Key setup management is not considered
Performance/reliability tradeoffs Finer granularity enables reduced
fault detection latency and then promotes fast reaction against an attack
Efficiency is at the price of area overhead
××
×
×
Throughput (Mbits/s)
# of slices
no Concurrent ErrorDetection
Round level
Operation level
Algorithm level
100.3
101.4
53.1
136.5
5486
3973
47244806
[20]
[20][20]
[20]Concurrent Error
Detection
23Department of Electrical and Computer Engineering
AES cryptographic core and key setup SP using or not partial configuration
Key setup management is considered
Dynamic configuration Partial and full configuration Predefined configuration data
or dynamic configuration data Remote-configuration
××
×
Throughput (Mbits/s)
# of slices
Speed efficient32 BRAMs
[9]
area efficient8 BRAMs
353
250
300
4312
250
288
no partial configuration
[21]
[21]
partial configuration
24Department of Electrical and Computer Engineering
Outline
Attacks on embedded systems Countermeasures Reconfigurable architectures Security and reconfigurable architectures AES case study
Conclusions
25Department of Electrical and Computer Engineering
Conclusions Configurable computing presents significant features to target
high-security/high performance ambient systems
It is time to extend the vision of security using configurable computing (Configurable computing is not just hardware accelerators for security primitives)
Two complementary views to guide the designer when facing with the difficult problem of system security
Key aspects related to agility are presented and illustrated through the AES security primitive
There are still many issues to make security commonplace dealing with configurable computing and to define the overhead costs that imply security mechanisms at the hardware level