Presentation is loading. Please wait.

Presentation is loading. Please wait.

Ingrid Verbauwhede 1March 2005 Low Power Embedded Security: Thumbpod embedded biometrics project Ingrid Verbauwhede University of California, Los Angeles.

Similar presentations


Presentation on theme: "Ingrid Verbauwhede 1March 2005 Low Power Embedded Security: Thumbpod embedded biometrics project Ingrid Verbauwhede University of California, Los Angeles."— Presentation transcript:

1 Ingrid Verbauwhede 1March 2005 Low Power Embedded Security: Thumbpod embedded biometrics project Ingrid Verbauwhede University of California, Los Angeles Acknowledgements: D. Hwang, S. Yang, P. Schaumont, K. Tiri and all other IVGroup members Funded by: NSF, SRC, UC-Micro www.emsec.ee.ucla.edu

2 Ingrid Verbauwhede 2March 2005 Motivation Embedded biometrics PDA’s, cell phones, smart cards, gadgets.. Distributed, communicating, devices Secure ? Low Energy ? Distributed security ? New York Times (1/24/05): “A Virus Writer Tests the Limits in Cell phones” Informationsdienst Wissenschaft (1/28/05): Siemens eröffnet Labor für Seitenkanalattacken

3 Ingrid Verbauwhede 3March 2005 Embedded Security Pyramid Cipher Design, Biometrics Security is as strong as the weakest link! D Q Vcc CPU Crypto MEM JCA Java JVM CLK Identification Confidentiality Integrity SIM D Q Vcc CPU MEM JCA Java KVM CLK Protocol: Wireless authentication protocol design Algorithm: Embedded fingerprint matching algorithms, crypto algorithms Architecture: Co-design, HW/SW, SOC Circuit: Circuit techniques to combat side channel analysis attacks Micro-Architecture: co-processor design Identification Confidentiality Integrity Identification Integrity SIM

4 Ingrid Verbauwhede 4March 2005 Driver Application: ThumbPod Intelligent secure keychain device that recognizes owner biometrically Components: –Microcontroller with memory –Fingerprint sensor –Biometric signal processing –Security processing Communication: IR and USB Applications: –Secure credit cards, secure memory, access control, etc. LOW POWER, LOW COST AND SECURE!

5 Ingrid Verbauwhede 5March 2005 Thumbpod-I (FPGA) Processor & co-processors Xilinx Virtex-II FPGA Embedded LEON 32-b Sparc processor Memory-mapped co- processors on the AMBA APB bus Two UARTs –Communication with server –Authentec CMOS fingerprint sensor Xilinx Virtex-II FPGA DFT Co-Proc. AMBA AHB APB Bridge UART LEON 32- Sparc Proc. AES Co-Proc. APB Mem. ControllerBoot PROM 32 MB SRAM KVM Application Native Biometrics Native Security JAM Embedded Software Architecture Server Authentec AF-2 DAC student design contest 2003 winner

6 Ingrid Verbauwhede 6March 2005 Protocol- Motivation Security – communication – computation trade-off Traditional model: multiple storage of template!

7 Ingrid Verbauwhede 7March 2005 Security – communication - computation 4 tasks – distribute between device and server –DC: Data collection (from sensor) –FE: Feature extraction (signal processing) –MD: Matching & Decision –TS: Storage

8 Ingrid Verbauwhede 8March 2005 Security Partitioning Architecture Micro- Architecture Circuit Protocol Algorithm F1 F2 F3 F4 F5 INSECURE FUNCTIONS SECURE FUNCTIONS SECURE CO-PROCESSOR ARCHITECTURE INSECURE RISC PROCESSOR ARCHITECTURE PHYSICAL PROTECTION MECHANISMS NO PHYSICAL PROTECTION INSTRUCTIONS BUSES WIRES DEVICE FUNCTIONS

9 Ingrid Verbauwhede 9March 2005 RINGS: energy – flexibility - security NetworkingVideo Standard Algorithm Architecture  Architecture Circuit Application Model: System = Software-integrated domains Domain- Specific Hardware Software Networking Medium access Baseband Proc  Architecture Circuit Security Protocol Algorithm Architecture  Architecture Circuit MEMORY Reconfigurable Interconnect CPU RF Baseband Processing Video Engine Crypto Architecture Model: System = Flex. connected processors

10 Ingrid Verbauwhede 10March 2005 Side-channel attacks Characteristics of encryption module may expose the key Differential Power Analysis (DPA)  Statistical analysis extract secret key  Quick with relatively cheap setup

11 Ingrid Verbauwhede 11March 2005 Security partitioning Thumbpod-II Processor & co- processor Security partitioning –Secure ASIC –Regular processor

12 Ingrid Verbauwhede 12March 2005 DPA attack set-up Here is a picture of a Differential Power attack set-up. It is however to big to upload on the Server. See www.emsec.ucla.edu forwww.emsec.ucla.edu More information.

13 Ingrid Verbauwhede 13March 2005 WDDL vs. STD CELL: AES Power Traces STD CELLWDDL Encryption startpulse Power supply current Standard cellsWDDL

14 Ingrid Verbauwhede 14March 2005 Conclusion Cipher Design, Biometrics Embedded Security is NOT a point solution D Q Vcc CPU Crypto MEM JCA Java JVM CLK Identification Confidentiality Integrity SIM D Q Vcc CPU MEM JCA Java KVM CLK Protocol: Security – Communication – Computation trade-off Algorithm: Security partitioning Architecture: RINGS & Gezel Circuit: WDDL & Diff routing Micro-Architecture: co-processor design Identification Confidentiality Integrity Identification Integrity SIM Systematic cross layer design techniques and optimizations

15 Ingrid Verbauwhede 15March 2005 Discussion Our goal (NSF): provide ENABLING TECHNOLOGIES Secure storage to avoid identity theft of biometrics! –Single storage instead of multiple storage –Storage with the user/customer Privacy - social impact If one TP stolen, only biometrics of one person is gone –Store in “hashed” version: mathematical/crypto/embedded design issue –Multi mode biometrics Ultra low power Trusted compute platforms –Architectures, HW/SW co-design techniques –For Smart-cards, RF-ID tags, sensor nodes, etc.

16 Ingrid Verbauwhede 16March 2005 [ 1] Amphion CS5230 on Virtex2 + Xilinx Virtex2 Power Estimator [2] Helger Lipmaa PIII assembly handcoded + Intel Pentium III (1.13 GHz) Datasheet [3] gcc, 1 mW/MHz @ 120 Mhz Sparc – assumes 0.25 um CMOS [4] Java on KVM (Sun J2ME, non-JIT) on 1 mW/MHz @ 120 MHz Sparc – assumes 0.25 um CMOS 648 Mbits/sec Asm Pentium III [2] 41.4 W0.015 (1/1900) Java [4] Emb. Sparc 450 bits/sec120 mW0.0000037 (1/9600000) C Emb. Sparc [3] 133 Kbits/sec0.0011 (1/33000) 56 mW Power 1.32 Gbit/sec FPGA [1] 35.7 (1/1)2 Gbits/sec 0.18  m CMOS Figure of Merit (Gb/s/W) ThroughputAES 128bit key 128bit data 490 mW2.7 (1/11) 120 mW Throughput – Energy numbers


Download ppt "Ingrid Verbauwhede 1March 2005 Low Power Embedded Security: Thumbpod embedded biometrics project Ingrid Verbauwhede University of California, Los Angeles."

Similar presentations


Ads by Google