250 likes | 365 Views
Configurable computing for high-security/high-performance ambient systems 1. Guy Gogniat, Lilian Bossuet, LESTER Laboratory, University of South Britanny (UBS), Lorient, France guy.gogniat@univ-ubs.fr; lilian.bossuet@univ-ubs.fr. Wayne Burleson,
E N D
Configurable computing for high-security/high-performance ambient systems 1 Guy Gogniat, Lilian Bossuet, LESTER Laboratory, University of South Britanny (UBS), Lorient, France guy.gogniat@univ-ubs.fr; lilian.bossuet@univ-ubs.fr Wayne Burleson, • Department of Electrical and Computer Engineering, • University of Massachusetts, Amherst, MA 01003-9284 USA • burleson@ecs.umass.edu 1This research This work is supported by the French DGA DSP/SREA under contract no. ERE 0460 00 010
Outline • Attacks and countermeasures on embedded systems • Reconfigurable architectures • Security and reconfigurable architectures • AES case study • Conclusions
Outline • Attacks and countermeasures on embedded systems • Reconfigurable architectures • Security and reconfigurable architectures • AES case study • Conclusions
Security and attacks • Security Objectives • Security is required in order to guaranty: • The protection of private data(typically key, PIN, secret or confidential data) • The protection of the design(typically some IPs) • The protection of the system(typically its functionality, so that nobody else can control the system) • Attack Objectives • Attacks aim to break security in order to get access to: • Private data so that changing some values, copying the data or destroying the data • The design so that changing some modules, copying the design or destroying the design • The system so that changing its behavior or destroying the system
Attacks on Embedded Systems Promity-based Hardware attacks Power or EM analysis Remote software attacks Worm, virus, Trojan horse Reversible proximity-based attacks Fault injection turbo code AES KEY RAM µP RAM Proximity-based hardware attacks Tampering RSA
Countermeasures • Designers should have in mind…
Outline • Attacks and countermeasures on embedded systems • Reconfigurable architectures • Security and reconfigurable architectures • AES case study • Conclusions
Why reconfigurable architectures? • Potential advantages of configurable computing for security • System Agility: switching from one protection mechanism to another, balance protection mechanisms depending on requirements • System Upload: upgrade of the protection mechanisms • Potential advantages of configurable computing for efficiency (and particularly for the security system) • Specialization: design the system for a specific set of parameters • Resource sharing: temporal resources sharing • Throughput: high parallelism and deep pipeline implementation is possible • Configurable computing enables Dynamic Configuration at Run Time • To react and adapt rapidly to an irregular situation
Cryptography onto FPGA ? Energy efficiency of embedded technologies University of California, UCLA FPGA processors ASIC P. Schaumont, I. Verbauwhede. Domain-Specific Codesign for Embedded Security. In IEEE Computer Society, 2003
Advantages of reconfigurable architectures Attack type Countermeasure Configurable computing advantages Robustness Activity-awareness Technology/Sensors System agility Active - Irreversible Sensors System agility System upload High performance Security-awareness Activity-awareness Active - Reversible Agility Symptom-free Security-awareness Activity-awareness System agility System upload High performance Passive – Side channel
Outline • Attacks and countermeasures on embedded systems • Reconfigurable architectures • Security and reconfigurable architectures • AES case study • Conclusions
Configurable Computing Security Space: This space highlights the issues that must be addressed to build secure systems Configurable Computing Security Hierarchy: This hierarchy highlights that security must be addressed at all layers of the systems Security and reconfigurable architectures • The security issue with configurable computing can be seen through two complementary views:
Configurable Computing Security Space • Configurable Security Primitive • Use configurable computing primitive to protect a system, the module is seen as an agile hardware unit Attacks • Secure Configurable System • The whole system is configurable. The security is provided by the agility of the whole system Attacks • Configurable Design Security • Protect the configurable computing configuration Attacks
Configurable Security Primitive • The configurable security primitive is a part of the whole system and performs some security primitives • A system generally embeds several configurable security primitives • Its goal is to: • Speedup the computation of the security primitive compared to a software execution • Provide agility compared to an ASIC implementation • Provide various tradeoffs in terms of delay, area, latency, reliability and power • Provide various levels of configurability depending on the granularity of the underlying configurable architecture
Secure Configurable System • To build Secure Configurable System three main points must be addressed: • Security-awareness • Activity-awareness • Agility • Distributed agents (System Security Controllers) can work independently or together. They monitor the system activity and take the decision to reconfigure a part or the whole system • Different levels of reaction can be considered depending of the type of attack : • reflex (performed by a single SSC) • global (performed after a system level analysis). Reaction time can be critical, in that case reflex reconfiguration must be performed
Configurable Design Security • Configurable computing module/system is defined through configuration data • Each hardware execution context is defined through a specific configuration data • The configuration data represents the design of the module/system • The configuration data may contain private information and needs to be protected • The design security is provided through cryptography (Confidentiality, Data integrity, Authentication) • It needs a configurable security module Source : Altera, Design Security in Stratix II Devices http://www.altera.com/products/devices/stratix2/features/security/st2-security.html
Outline • Attacks on embedded systems • Countermeasures • Reconfigurable architectures • Security and reconfigurable architectures • AES case study • Conclusions
Agility leverages security • At the system and architectural level (Secure Configurable System and Configurable security module) agility is provided through reconfiguration • How can it be performed? Need to deal with these points: • Self-reconfiguration or Remote-reconfiguration • Partial or full reconfiguration, Dynamic or static reconfiguration • Predefined configuration data or dynamic configuration data • Reconfiguration time • Configuration memory • Communication links • Configuration controller (what is the policy?)
AES (Rijndael) Security Primitive agility case study • To illustrate the concepts related to agility we propose in the following slides an analysis of a Security Primitive (SP) • All the implementations have been performed on Xilinx Virtex FPGA • Various area/throughput/reliability tradeoffs: • AES cryptographic core SP with BRAMs on non-feedback mode • AES cryptographic core SP without BRAMs on feedback and non-feedback modes • AES cryptographic core SP with and without concurrent error detection mechanism on feedback mode • AES cryptographic core and key setup SP using or not partial configuration
Key setup management is not considered Static and full configuration Predefined configuration data Remote-configuration Various area/throughput tradeoffs AES cryptographic core SP with BRAMs on non-feedback mode # of slices [13] × 12600 80 BRAMs [16] × 5810 [17] 100 BRAMs × 5177 [15] 84 BRAMs × 2784 [14] × 2222 Throughput (Gbits/s) 6.95 12.1 20.3 11.77 21.54
AES cryptographic core SP without BRAMs on feedback and non-feedback modes • Key setup management is not considered • Static and full configuration • Predefined configuration data • Remote-configuration • Various area/throughput tradeoffs # of slices [18] × 15112 [17] × 12450 [8] × 10992 [19] × 10750 non-feedback mode [9] × 5673 [8] feedback mode × 3528 [13] × 2507 Throughput (Gbits/s) 1.94 17.8 0.414 0.294 0.353 18.56 21.54
AES cryptographic core SP with and without concurrent error detection mechanism on feedback mode • Key setup management is not considered • Performance/reliability tradeoffs • Finer granularity enables reduced fault detection latency and then promotes fast reaction against an attack • Efficiency is at the price of area overhead # of slices [20] × Operation level 5486 [20] Algorithm level × 4806 [20] × 4724 Round level Concurrent Error Detection [20] × 3973 no Concurrent Error Detection Throughput (Mbits/s) 101.4 136.5 53.1 100.3
AES cryptographic core and key setup SP using or not partial configuration • Key setup management is considered • Dynamic configuration • Partial and full configuration • Predefined configuration data or dynamic configuration data • Remote-configuration # of slices [9] × 4312 no partial configuration partial configuration [21] Speed efficient 32 BRAMs × 288 [21] area efficient 8 BRAMs × 250 Throughput (Mbits/s) 250 300 353
Outline • Attacks on embedded systems • Countermeasures • Reconfigurable architectures • Security and reconfigurable architectures • AES case study • Conclusions
Conclusions • Configurable computing presents significant features to target high-security/high performance ambient systems • It is time to extend the vision of security using configurable computing (Configurable computing is not just hardware accelerators for security primitives) • Two complementary views to guide the designer when facing with the difficult problem of system security • Key aspects related to agility are presented and illustrated through the AES security primitive • There are still many issues to make security commonplace dealing with configurable computing and to define the overhead costs that imply security mechanisms at the hardware level