Flow of presentation:  Kind of attacks on embedded systems.  Most relevant security threats faced by NOC.  Solutions/ways suggested so far to deal.

Slides:

Advertisements

Similar presentations

Presentation of Designing Efficient Irregular Networks for Heterogeneous Systems-on-Chip by Christian Neeb and Norbert Wehn and Workload Driven Synthesis.

Advertisements

1 SECURE-PARTIAL RECONFIGURATION OF FPGAs MSc.Fisnik KRAJA Computer Engineering Department, Faculty Of Information Technology, Polytechnic University of.

REAL-TIME COMMUNICATION ANALYSIS FOR NOCS WITH WORMHOLE SWITCHING Presented by Sina Gholamian, 1 09/11/2011.

Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.

Trusted Design In FPGAs Steve Trimberger Xilinx Research Labs.

Feng-Xiang Huang 2015/5/4 International Symposium Quality Electronic Design (ISQED), th M. H Neishaburi, Zeljko Zilic, McGill University, Quebec.

CSCI 530 Lab Firewalls. Overview Firewalls Capabilities Limitations What are we limiting with a firewall? General Network Security Strategies Packet Filtering.

Title of Selected Paper: Design and Implementation of Secure Embedded Systems Based on Trustzone Authors: Yan-ling Xu, Wei Pan, Xin-guo Zhang Presented.

Extensible Networking Platform IWAN 2005 Extensible Network Configuration and Communication Framework Todd Sproull and John Lockwood

19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

Security A system is secure if its resources are used and accessed as intended under all circumstances. It is not generally possible to achieve total security.

Guy Gogniat, Jean Philippe Diguet,Romain Vaslin,Tilman Wolf, Wayne Burleson, Lilian Bossuet University of South Britanny, University of Massachusetts,

PSMC Proxy Server-based Multipath Connection CS 526 Advanced Networking - Richard White.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.

© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.

Students:Gilad Goldman Lior Kamran Supervisor:Mony Orbach Mid-Semester Presentation Spring 2005 Network Sniffer.

EE 4272Spring, 2003 Protocols & Architecture A Protocol Architecture is the layered structure of hardware & software that supports the exchange of data.

Silberschatz, Galvin and Gagne  Operating System Concepts Module 19: Security The Security Problem Authentication Program Threats System Threats.

Wireless Sensor Network Security Anuj Nagar CS 590.

Networks Evolving? Justin Champion C208 Ext:3723

Stephen S. Yau CSE , Fall Security Strategies.

The 1st European NetFPGA Developers Workshop Design Remote Reconfiguration Supported Security Protection System on NetFPGA and Virtex5 Kai Zhang, Xiaoming.

{vp, sra, Security in Differentiated Services Networks Venkatesh Prabhakar Srinivas R.

Eng. Wafaa Kanakri Second Semester 1435 CRYPTOGRAPHY & NETWORK SECURITY Chapter 1:Introduction Eng. Wafaa Kanakri UMM AL-QURA UNIVERSITY

SHAPES scalable Software Hardware Architecture Platform for Embedded Systems Hardware Architecture Atmel Roma, INFN Roma, ST Microelectronics Grenoble,

MOBILE AD-HOC NETWORK(MANET) SECURITY VAMSI KRISHNA KANURI NAGA SWETHA DASARI RESHMA ARAVAPALLI.

Vulnerabilities and Safeguards in Networks with QoS Support Dr. Sonia Fahmy CS Dept., Purdue University.

Preventing SQL Injection Attacks in Stored Procedures Alex Hertz Chris Daiello CAP6135Dr. Cliff Zou University of Central Florida March 19, 2009.

Presented by: Chaitanya K. Sambhara Paper by: Karl Mayer and Wolfgang Fritsche IABG mbH Germany - Instructor : Dr Yingshu Li.

QoS Support in High-Speed, Wormhole Routing Networks Mario Gerla, B. Kannan, Bruce Kwan, Prasasth Palanti,Simon Walton.

Security Patterns in Wireless Sensor Networks By Y. Serge Joseph October 8 th, 2009 Part I.

Firewall Technologies Prepared by: Dalia Al Dabbagh Manar Abd Al- Rhman University of Palestine

Doc.: IEEE 802 ec-12/0006r0 Submission Liaison presentation to SC6 regarding Internet Security Date: 2012-February-13 Authors: IEEE 802 LiaisonSlide 1.

Univ. of TehranAdv. topics in Computer Network1 Advanced topics in Computer Networks University of Tehran Dept. of EE and Computer Engineering By: Dr.

Information Security What is Information Security?

TASHKENT UNIVERSITY OF INFORMATION TECHNOLOGIES Lesson №18 Telecommunication software design for analyzing and control packets on the networks by using.

StrideBV: Single chip 400G+ packet classification Author: Thilan Ganegedara, Viktor K. Prasanna Publisher: HPSR 2012 Presenter: Chun-Sheng Hsueh Date:

1 Chapter 1 – Background Computer Security T/ Tyseer Alsamany - Computer Security.

Topic 1 – Introduction Huiqun Yu Information Security Principles & Applications.

R ECONFIGURABLE H ARDWARE FOR H IGH - SECURITY /H IGH -P ERFORMANCE E MBEDDED S YSTEMS : T HE SAFES P ERSPECTIVE Guy Gogniat, Tilman Wolf, Wayne Burleson,

IT Security. What is Information Security? Information security describes efforts to protect computer and non computer equipment, facilities, data, and.

Denial of Service DoS attacks try to deny legimate users access to services, networks, systems or to other resources. There are DoS tools available, thus.

R ECONFIGURABLE SECURITY SUPPORT FOR EMBEDDED SYSTEMS 1 AKSHATA VARDHARAJ.

Security Patterns for Web Services 02/03/05 Nelly A. Delessy.

1 Protecting Network Quality of Service against Denial of Service Attacks Douglas S. Reeves S. Felix Wu Chandru Sargor N. C. State University / MCNC October.

Selective Packet Inspection to Detect DoS Flooding Using Software Defined Networking Author : Tommy Chin Jr., Xenia Mountrouidou, Xiangyang Li and Kaiqi.

Multi-objective Topology Synthesis and FPGA Prototyping Framework of Application Specific Network-on-Chip m Akram Ben Ahmed Xinyu LI, Omar Hammami.

Student Name USN NO Guide Name H.O.D Name Name Of The College & Dept.

Joe Budzyn Jeff Goeke-Smith Jeff Utter. Risk Analysis  Match the technologies used with the security need  Spend time and resources covering the most.

Technion – Israel Institute of Technology Faculty of Electrical Engineering NOC Seminar Error Handling in Wormhole Networks Author: Amit Berman Mentor:

Lect 8 Tahani al jehain. Types of attack Remote code execution: occurs when an attacker exploits a software and runs a program that the user does not.

Writing Secure Programs. Program Security CSCE Farkas/Eastman - Fall Program Flaws Taxonomy of flaws: how (genesis) when (time) where (location)

Network On Chip Cache Coherency Final presentation – Part A Students: Zemer Tzach Kalifon Ethan Kalifon Ethan Instructor: Walter Isaschar Instructor: Walter.

Unit 2 Personal Cyber Security and Social Engineering Part 2.

A Classification for Access Control List To Speed Up Packet-Filtering Firewall CHEN FAN, LONG TAN, RAWAD FELIMBAN and ABDELSHAKOUR ABUZNEID Department.

Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.

Mobile Ad Hoc Networking By Shaena Price. What is it? Autonomous system of routers and hosts connected by wireless links Can work flawlessly in a standalone.

Network Anti-Spoofing with SDN Data plane Authors:Yehuda Afek et al.

Protect Your Hardware from Hacking and Theft

Firewall – Survey Purpose of a Firewall Characteristic of a firewall

Seraphim : A Security Architecture for Active Networks

Secure Processing On-Chip

Protect Your Hardware from Hacking and Theft

Faculty of Science IT Department By Raz Dara MA.

Computer Security By: Muhammed Anwar.

Autonomous Network Alerting Systems and Programmable Networks

Operating System Concepts

Presentation transcript:

Flow of presentation:  Kind of attacks on embedded systems.  Most relevant security threats faced by NOC.  Solutions/ways suggested so far to deal with these threats.  Proposed work that can be done.

Kind of Attacks Classified basically in three major forms  Software Attacks- Viruses, Trojan etc basically aiming at the pit falls in the code.  Physical Attacks- Intrusion in embedded systems. Microprobing techniques.  Side Channel Attacks- Based on physical implementation of the system. Waves, sound or heat produced during time of execution used to detect flow path of data.

Attacks Specific to NOC  Denial of Service  Draining or Sleep Deprivation  Extraction of Information  Hijacking  Reverse Engineering

1. Denial of service  Incorrect Path: Introducing in the network a packet with erroneous path.  Deadlock: Adding a packet with paths that intentionally disrespect deadlock free rules.  Livelock: Packet that can revolve in the network for infinite amount of time, wasting bandwidth, latency and power.

2. Draining or Sleep Deprivation  Frequently performing power hungry activities to generate heat in specific paths to either burn the system or detect the flow of path using heat detection and reverse engineering.  This kind of attack in mild form can result in faster battery drain.

3. Extraction of Information  Mainly buffer overflow techniques are used to extract information.  Header of the data contain access rights.  Buffer Overflow will result in the lose of access rights.

4. Hijacking  Altering the execution or in some case configuration of the system in order to make system work other than normal duties.  Can be done if malicious IP cores or input/output ports get read/write access to different parts of the system.

5. Reverse Engineering  Detect the working of system and thus the architecture.  Used by people involved in piracy.  Special technologies are devised and used.  Done by analysis of physical parameters like waves sound or heat produced during execution.  Micro Probing.

Suggested Frameworks  Not many frameworks for the security has been discussed in this field.  The work till now is only an overview, discussion.  We will be discussing two different papers written by Jean-Phillippe Diguet and colleagues (CNRS France).

 Whole System can be divided in two parts – Secured and Unsecured ASIC (Secured) FPGA (Unsecured)

 On the basis of this three kind of implementations are possible. a. b. c. ASIC FPGA

 ASIC  Enjoys chip intrinsic protection  Only thing to protect is chip interfaces  FPGA  Reconfiguration opens new problem  Bit stream encryption can be used fully or partially. Cryptographic keys are distributed in the system and Security wrappers can be used.  ASIC and FPGA  NOC functionality after FPGA reconfigured  Control access between ASIC and FPGA.

Basic Concept of security  The whole idea is based on the fact that all the attacks are done either by input/output ports or some malicious IP core  Malicious IP cores are supposed to be the FPGA part of the system which can be reconfigured and hence hacked easily.

Reference: From NoC security analysis to design solutions

CCM  Central Configuration Module  This is the block which is responsible for providing memory authorizations to NI’s.  It also takes care of any kind of attack, if detected by the NI’s.  NI’s if get packets with abnormality reports to CCM, if reported sender frequently produce erroneous packets its disconnected by CCM.

CASE 1.  All the NI’s and some or all IP cores are in secure zone. Reference: From NoC security analysis to design solutions

Details of NI in this case: Reference: From NoC security analysis to design solutions

CASE 2.  Some NI’s outside of the secure areas.  Whole NOC not safe.  Boundary has to be safe guarded. Reference: From NoC security analysis to design solutions

Self Complimented Path Coding  The shown factors do not consider the fact that receiver should be aware of the sender. Since the sender id can be fake the only way to detect the original sender we have to incorporate the path through which these packets route.

Cont.  Proposed solution is to include the route in the packet in self complimented way in terms of routers.

Cont. Reference: From NoC security analysis to design solutions

Reverse Engineering Attack  Path taken by data from one IP block to other can be reconfigured by programming CCM accordingly. This provides sufficient safety barriers against such kind of attacks.

Encrypted Bit stream  All the IP cores vulnerable to attack are protected by encrypted keys.  CCM is especially suggested to be implemented on ASIC and protected by strong encryption.

Denial of Service  To take care of such kind of attack two kinds of channels are proposed to carry data.  Best Effort : All the communications in unsecured area and between secured and unsecured area is done on this channel  Priority Best Effort : Communication in secure area and between CCM and NI’s takes place at this channel. Guaranteed throughput is also thus achieved in some cases.

To Conclude: Reference: From NoC security analysis to design solutions

 In the recently published paper by the same author emphasis on the design of NI is done.  In future the implementation of the prescribed work can be carried out.

REFERENCES [1 ] J. P. Diguet, S. Evain, R. Vaslin, G. Gogniat, and E. Juin. NoC-centric security of reconfigurable soc. In Proceedings of the First International Symposium on Networks-on-Chip(NOCS’07), May [2] S. Evainand J. Diguet. From NoC security analysis to design solutions. In IEEE Workshop on Signal Processing Systems Design and Implementation, pages , [3] L.Fiorin, C. Silvano and M.Sami. Security Aspect in NoC: Overview and Proposal for Secure implementations. 10 th Euromicro Conference on Digital System Design architectures, Methods and Tools. (DSD 2007)

THANK YOU Anurag Jain B. Tech 2005