1 / 16

Low Power Embedded Security: Thumbpod embedded biometrics project

U. C. L. A. Low Power Embedded Security: Thumbpod embedded biometrics project. Ingrid Verbauwhede University of California, Los Angeles. Acknowledgements: D. Hwang, S. Yang, P. Schaumont, K. Tiri and all other IVGroup members Funded by: NSF, SRC, UC-Micro www.emsec.ee.ucla.edu.

haile
Download Presentation

Low Power Embedded Security: Thumbpod embedded biometrics project

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. U C L A Low Power Embedded Security:Thumbpod embedded biometrics project Ingrid Verbauwhede University of California, Los Angeles Acknowledgements: D. Hwang, S. Yang, P. Schaumont, K. Tiri and all other IVGroup members Funded by: NSF, SRC, UC-Micro www.emsec.ee.ucla.edu

  2. Motivation • Embedded biometrics • PDA’s, cell phones, smart cards, gadgets.. • Distributed, communicating, devices • Secure ? • Low Energy ? • Distributed security ? New York Times (1/24/05): “A Virus Writer Tests the Limits in Cell phones” Informationsdienst Wissenschaft (1/28/05): Siemens eröffnet Labor für Seitenkanalattacken

  3. Confidentiality Integrity Identification SIM SIM Embedded Security Pyramid • Security is as strong as the weakest link! Confidentiality Protocol: Wireless authentication protocol design Integrity Integrity Identification Identification SIM SIM Cipher Design, Algorithm: Embedded fingerprint matching algorithms, crypto algorithms Biometrics Java Java JCA JCA Architecture: Co-design, HW/SW, SOC JVM KVM CPU CPU Crypto Micro-Architecture: co-processor design MEM MEM Vcc Vcc D D Circuit: Circuit techniques to combat side channel analysis attacks Q Q CLK CLK

  4. Driver Application: ThumbPod • Intelligent secure keychain device that recognizes owner biometrically • Components: • Microcontroller with memory • Fingerprint sensor • Biometric signal processing • Security processing • Communication: IR and USB • Applications: • Secure credit cards, secure memory, access control, etc. LOW POWER, LOW COST AND SECURE!

  5. Application JAM Native Native KVM Security Biometrics Embedded Software Architecture Thumbpod-I (FPGA) Processor & co-processors • Xilinx Virtex-II FPGA • Embedded LEON 32-b Sparc processor • Memory-mapped co-processors on the AMBA APB bus • Two UARTs • Communication with server • Authentec CMOS fingerprint sensor 32 MB SRAM Xilinx Virtex-II FPGA Mem. Controller Boot PROM AMBA AHB Server APB Bridge LEON32- SparcProc. UART APB AESCo-Proc. DFTCo-Proc. DAC student design contest 2003 winner AuthentecAF-2

  6. Protocol- Motivation • Security – communication – computation trade-off • Traditional model: multiple storage of template!

  7. Security – communication - computation • 4 tasks – distribute between device and server • DC: Data collection (from sensor) • FE: Feature extraction (signal processing) • MD: Matching & Decision • TS: Storage

  8. Security Partitioning DEVICE FUNCTIONS F1 Protocol F2 F3 Algorithm F4 F5 INSTRUCTIONS SECUREFUNCTIONS INSECUREFUNCTIONS Architecture BUSES INSECURERISC PROCESSOR ARCHITECTURE SECURECO-PROCESSOR ARCHITECTURE Micro- Architecture PHYSICAL PROTECTION MECHANISMS NO PHYSICAL PROTECTION WIRES Circuit

  9. RINGS: energy – flexibility - security Software NetworkingMedium accessBaseband Proc mArchitecture Circuit StandardAlgorithmArchitecturemArchitectureCircuit ProtocolAlgorithmArchitecturemArchitectureCircuit Domain-SpecificHardware Networking Video Security Application Model: System = Software-integrated domains RF MEMORY VideoEngine Crypto BasebandProcessing CPU Reconfigurable Interconnect Architecture Model: System = Flex. connected processors

  10. Side-channel attacks Characteristics of encryption module may expose the key Differential Power Analysis(DPA) • Statistical analysis extract secret key • Quick with relatively cheap setup

  11. ASIC NON ASIC NON ASIC NON ASIC NON - - - - DPA DPA DPA DPA LEON Processor LEON Processor LEON Processor LEON Processor Cache D Cache I - Cache Integer Unit AHB I/F 2KB - - 2KB AHB Controller Memory Controller Boot Boot Boot ROM PROM I/F PROM I/F 2MB SRAM ASIC DPA ASIC DPA ASIC DPA ASIC DPA 32bits Memory Bus 32bits Memory Bus AHB/APB Bridge AES Coprocessor UART1 RS232 Comparator Comparator AMBA AMBA Peripheral Peripheral Fingerprint UART2 Bus Bus Template Sensor Storage Security partitioning Thumbpod-II • Processor & co-processor • Security partitioning • Secure ASIC • Regular processor

  12. DPA attack set-up Here is a picture of a Differential Power attack set-up. It is however to big to upload on the Server. See www.emsec.ucla.edu for More information.

  13. STD CELL WDDL WDDL vs. STD CELL: AES Power Traces Encryption startpulse Power supply current Standard cells WDDL

  14. Confidentiality Integrity Identification SIM SIM Conclusion • Embedded Security is NOT a point solution Confidentiality Protocol: Security – Communication – Computation trade-off Integrity Integrity Identification Identification SIM SIM Cipher Design, Algorithm: Security partitioning Biometrics Java Java JCA JCA Architecture: RINGS & Gezel KVM JVM CPU CPU Crypto Micro-Architecture: co-processor design MEM MEM Vcc Vcc D D Circuit: WDDL & Diff routing Q Q CLK CLK Systematic cross layer design techniques and optimizations

  15. Discussion • Our goal (NSF): provide ENABLING TECHNOLOGIES • Secure storage to avoid identity theft of biometrics! • Single storage instead of multiple storage • Storage with the user/customer • Privacy - social impact • If one TP stolen, only biometrics of one person is gone • Store in “hashed” version: • mathematical/crypto/embedded design issue • Multi mode biometrics • Ultra low power Trusted compute platforms • Architectures, HW/SW co-design techniques • For Smart-cards, RF-ID tags, sensor nodes, etc.

  16. Throughput – Energy numbers AES 128bit key128bit data Throughput Power Figure of Merit(Gb/s/W) 0.18mm CMOS 2 Gbits/sec 56 mW 35.7 (1/1) FPGA [1] 1.32 Gbit/sec 490 mW 2.7 (1/11) 648 Mbits/sec 41.4 W 0.015 (1/1900) AsmPentium III [2] 120 mW CEmb. Sparc [3] 133 Kbits/sec 0.0011 (1/33000) Java [4]Emb. Sparc 450 bits/sec 120 mW 0.0000037 (1/9600000) [1] Amphion CS5230 on Virtex2 + Xilinx Virtex2 Power Estimator [2] Helger Lipmaa PIII assembly handcoded + Intel Pentium III (1.13 GHz) Datasheet [3] gcc, 1 mW/MHz @ 120 Mhz Sparc – assumes 0.25 um CMOS [4] Java on KVM (Sun J2ME, non-JIT) on 1 mW/MHz @ 120 MHz Sparc – assumes 0.25 um CMOS

More Related