Low Power Embedded Security: Thumbpod embedded biometrics project

1. U C L A Low Power Embedded Security:Thumbpod embedded biometrics project Ingrid Verbauwhede University of California, Los Angeles Acknowledgements: D. Hwang, S. Yang, P. Schaumont, K. Tiri and all other IVGroup members Funded by: NSF, SRC, UC-Micro www.emsec.ee.ucla.edu

2. Motivation • Embedded biometrics • PDA’s, cell phones, smart cards, gadgets.. • Distributed, communicating, devices • Secure ? • Low Energy ? • Distributed security ? New York Times (1/24/05): “A Virus Writer Tests the Limits in Cell phones” Informationsdienst Wissenschaft (1/28/05): Siemens eröffnet Labor für Seitenkanalattacken

3. Confidentiality Integrity Identification SIM SIM Embedded Security Pyramid • Security is as strong as the weakest link! Confidentiality Protocol: Wireless authentication protocol design Integrity Integrity Identification Identification SIM SIM Cipher Design, Algorithm: Embedded fingerprint matching algorithms, crypto algorithms Biometrics Java Java JCA JCA Architecture: Co-design, HW/SW, SOC JVM KVM CPU CPU Crypto Micro-Architecture: co-processor design MEM MEM Vcc Vcc D D Circuit: Circuit techniques to combat side channel analysis attacks Q Q CLK CLK

4. Driver Application: ThumbPod • Intelligent secure keychain device that recognizes owner biometrically • Components: • Microcontroller with memory • Fingerprint sensor • Biometric signal processing • Security processing • Communication: IR and USB • Applications: • Secure credit cards, secure memory, access control, etc. LOW POWER, LOW COST AND SECURE!

5. Application JAM Native Native KVM Security Biometrics Embedded Software Architecture Thumbpod-I (FPGA) Processor & co-processors • Xilinx Virtex-II FPGA • Embedded LEON 32-b Sparc processor • Memory-mapped co-processors on the AMBA APB bus • Two UARTs • Communication with server • Authentec CMOS fingerprint sensor 32 MB SRAM Xilinx Virtex-II FPGA Mem. Controller Boot PROM AMBA AHB Server APB Bridge LEON32- SparcProc. UART APB AESCo-Proc. DFTCo-Proc. DAC student design contest 2003 winner AuthentecAF-2

6. Protocol- Motivation • Security – communication – computation trade-off • Traditional model: multiple storage of template!

7. Security – communication - computation • 4 tasks – distribute between device and server • DC: Data collection (from sensor) • FE: Feature extraction (signal processing) • MD: Matching & Decision • TS: Storage

8. Security Partitioning DEVICE FUNCTIONS F1 Protocol F2 F3 Algorithm F4 F5 INSTRUCTIONS SECUREFUNCTIONS INSECUREFUNCTIONS Architecture BUSES INSECURERISC PROCESSOR ARCHITECTURE SECURECO-PROCESSOR ARCHITECTURE Micro- Architecture PHYSICAL PROTECTION MECHANISMS NO PHYSICAL PROTECTION WIRES Circuit

9. RINGS: energy – flexibility - security Software NetworkingMedium accessBaseband Proc mArchitecture Circuit StandardAlgorithmArchitecturemArchitectureCircuit ProtocolAlgorithmArchitecturemArchitectureCircuit Domain-SpecificHardware Networking Video Security Application Model: System = Software-integrated domains RF MEMORY VideoEngine Crypto BasebandProcessing CPU Reconfigurable Interconnect Architecture Model: System = Flex. connected processors

10. Side-channel attacks Characteristics of encryption module may expose the key Differential Power Analysis(DPA) • Statistical analysis extract secret key • Quick with relatively cheap setup

11. ASIC NON ASIC NON ASIC NON ASIC NON - - - - DPA DPA DPA DPA LEON Processor LEON Processor LEON Processor LEON Processor Cache D Cache I - Cache Integer Unit AHB I/F 2KB - - 2KB AHB Controller Memory Controller Boot Boot Boot ROM PROM I/F PROM I/F 2MB SRAM ASIC DPA ASIC DPA ASIC DPA ASIC DPA 32bits Memory Bus 32bits Memory Bus AHB/APB Bridge AES Coprocessor UART1 RS232 Comparator Comparator AMBA AMBA Peripheral Peripheral Fingerprint UART2 Bus Bus Template Sensor Storage Security partitioning Thumbpod-II • Processor & co-processor • Security partitioning • Secure ASIC • Regular processor

12. DPA attack set-up Here is a picture of a Differential Power attack set-up. It is however to big to upload on the Server. See www.emsec.ucla.edu for More information.

13. STD CELL WDDL WDDL vs. STD CELL: AES Power Traces Encryption startpulse Power supply current Standard cells WDDL

14. Confidentiality Integrity Identification SIM SIM Conclusion • Embedded Security is NOT a point solution Confidentiality Protocol: Security – Communication – Computation trade-off Integrity Integrity Identification Identification SIM SIM Cipher Design, Algorithm: Security partitioning Biometrics Java Java JCA JCA Architecture: RINGS & Gezel KVM JVM CPU CPU Crypto Micro-Architecture: co-processor design MEM MEM Vcc Vcc D D Circuit: WDDL & Diff routing Q Q CLK CLK Systematic cross layer design techniques and optimizations

15. Discussion • Our goal (NSF): provide ENABLING TECHNOLOGIES • Secure storage to avoid identity theft of biometrics! • Single storage instead of multiple storage • Storage with the user/customer • Privacy - social impact • If one TP stolen, only biometrics of one person is gone • Store in “hashed” version: • mathematical/crypto/embedded design issue • Multi mode biometrics • Ultra low power Trusted compute platforms • Architectures, HW/SW co-design techniques • For Smart-cards, RF-ID tags, sensor nodes, etc.

16. Throughput – Energy numbers AES 128bit key128bit data Throughput Power Figure of Merit(Gb/s/W) 0.18mm CMOS 2 Gbits/sec 56 mW 35.7 (1/1) FPGA [1] 1.32 Gbit/sec 490 mW 2.7 (1/11) 648 Mbits/sec 41.4 W 0.015 (1/1900) AsmPentium III [2] 120 mW CEmb. Sparc [3] 133 Kbits/sec 0.0011 (1/33000) Java [4]Emb. Sparc 450 bits/sec 120 mW 0.0000037 (1/9600000) [1] Amphion CS5230 on Virtex2 + Xilinx Virtex2 Power Estimator [2] Helger Lipmaa PIII assembly handcoded + Intel Pentium III (1.13 GHz) Datasheet [3] gcc, 1 mW/MHz @ 120 Mhz Sparc – assumes 0.25 um CMOS [4] Java on KVM (Sun J2ME, non-JIT) on 1 mW/MHz @ 120 MHz Sparc – assumes 0.25 um CMOS