R ECONFIGURABLE H ARDWARE FOR H IGH - SECURITY /H IGH -P ERFORMANCE E MBEDDED S YSTEMS : T HE SAFES P ERSPECTIVE Guy Gogniat, Tilman Wolf, Wayne Burleson,

Slides:

Advertisements

Similar presentations

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.

Advertisements

TIE Extensions for Cryptographic Acceleration Charles-Henri Gros Alan Keefer Ankur Singla.

1 Lecture 3: Secret Key Cryptography Outline concepts DES IDEA AES.

1 CIS 5371 Cryptography 5b. Pseudorandom Objects in Practice Block Ciphers.

1 SECURE-PARTIAL RECONFIGURATION OF FPGAs MSc.Fisnik KRAJA Computer Engineering Department, Faculty Of Information Technology, Polytechnic University of.

LAB-STICC CNRS UMR 3192 – UBS – ROMAIN VASLIN – CRYPTARCHI 2008 Memory Security Management for FPGA-based Embedded system Romain Vaslin, Guy Gogniat, Jean-Philippe.

Trusted Design In FPGAs Steve Trimberger Xilinx Research Labs.

Cryptography and Network Security Chapter 3

The Advanced Encryption Standard (AES) Simplified.

Cryptographic Algorithms and their Implementations Discussion of how to map different algorithms to our architecture  Public-Key Algorithms (Modular Exponentiation)

Zheming CSCE715.  A wireless sensor network (WSN) ◦ Spatially distributed sensors to monitor physical or environmental conditions, and to cooperatively.

Department of Electrical and Computer Engineering Configurable computing for high-security/high-performance ambient systems 1 Guy Gogniat, Lilian Bossuet,

Guy Gogniat, Jean Philippe Diguet,Romain Vaslin,Tilman Wolf, Wayne Burleson, Lilian Bossuet University of South Britanny, University of Massachusetts,

Advanced Encryption Standard. This Lecture Why AES? NIST Criteria for potential candidates The AES Cipher AES Functions and Inverse Functions AES Key.

Design of a Reconfigurable Hardware For Efficient Implementation of Secret Key and Public Key Cryptography.

Temporal Key Integrity Protocol (TKIP) Presented By: Laxmi Nissanka Rao Kim Sang Soo.

Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.

Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.

The Design of Improved Dynamic AES and Hardware Implementation Using FPGA 游精允.

TinySec: Link Layer Security Chris Karlof, Naveen Sastry, David Wagner University of California, Berkeley Presenter: Todd Fielder.

Dr Alejandra Flores-Mosri Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the.

Radu Muresan CODES+ISSS'04, September 8-10, 2004, Stockholm, Sweden1 Current Flattening in Software and Hardware for Security Applications Authors: R.

Decryption Algorithms Characterization Project ECE 526 spring 2007 Ravimohan Boggula,Rajesh reddy Bandala Southern Illinois University Carbondale.

Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.

RRB/STS ORNL Workshop Integrated Hardware/Software Security Support R. R. BrooksSam T. Sander Associate ProfessorAssistant Professor Holcombe Department.

Final presentation Encryption/Decryption on embedded system Supervisor: Ina Rivkin students: Chen Ponchek Liel Shoshan Winter 2013 Part A.

Secure Embedded Processing through Hardware-assisted Run-time Monitoring Zubin Kumar.

Cryptography and Network Security

A Compact and Efficient FPGA Implementation of DES Algorithm Saqib, N.A et al. In:International Conference on Reconfigurable Computing and FPGAs, Sept.

Three fundamental concepts in computer security: Reference Monitors: An access control concept that refers to an abstract machine that mediates all accesses.

Advance Encryption Standard. Topics  Origin of AES  Basic AES  Inside Algorithm  Final Notes.

Flow of presentation:  Kind of attacks on embedded systems.  Most relevant security threats faced by NOC.  Solutions/ways suggested so far to deal.

LOGO Hardware side of Cryptography Anestis Bechtsoudis Patra 2010.

Cracking DES Cryptosystem A cryptosystem is made of these parts: Two parties who want to communicate over an insecure channel An encryption algorithm that.

1 Digitally Controlled Converter with Dynamic Change of Control Law and Power Throughput Carsten Nesgaard Michael A. E. Andersen Nils Nielsen Technical.

Swankoski MAPLD 2005 / B103 1 Dynamic High-Performance Multi-Mode Architectures for AES Encryption Eric Swankoski Naval Research Lab Vijay Narayanan Penn.

“Implementation of a RC5 block cipher algorithm and implementing an attack on it” Cryptography Team Presentation 1.

AES Advanced Encryption Standard. Requirements for AES AES had to be a private key algorithm. It had to use a shared secret key. It had to support the.

 Cryptography is the science of using mathematics to encrypt and decrypt data.  Cryptography enables you to store sensitive.

TinySec: A Link Layer Security Architecture for Wireless Sensor Networks Chris Karlof :: Naveen Sastry :: David Wagner Presented by Roh, Yohan October.

1 University of Palestine Information Security Principles ITGD 2202 Ms. Eman Alajrami 2 nd Semester

R ECONFIGURABLE SECURITY SUPPORT FOR EMBEDDED SYSTEMS 1 AKSHATA VARDHARAJ.

Fifth Edition by William Stallings

Chapter 2 Symmetric Encryption.

RTL Design Methodology Transition from Pseudocode & Interface

Final Presentation Encryption on Embedded System Supervisor: Ina Rivkin students: Chen Ponchek Liel Shoshan Spring 2014 Part B.

Creating Security using Software and Hardware Bradley Herrup CS297- Security and Programming Languages.

1 Advanced Digital Design Reconfigurable Logic by A. Steininger and M. Delvai Vienna University of Technology.

Processor Memory Processor-memory bus I/O Device Bus Adapter I/O Device I/O Device Bus Adapter I/O Device I/O Device Expansion bus I/O Bus.

WARP PROCESSORS ROMAN LYSECKY GREG STITT FRANK VAHID Presented by: Xin Guan Mar. 17, 2010.

Encryption / Decryption on FPGA Final Presentation Written by: Daniel Farcovich ID Saar Vigodskey ID Advisor: Mony Orbach Summer.

Network Security Lecture 3 Secret Key Cryptography

1 Device Controller I/O units typically consist of A mechanical component: the device itself An electronic component: the device controller or adapter.

Encryption / Decryption on FPGA Midterm Presentation Written by: Daniel Farcovich ID Saar Vigodskey ID Advisor: Mony Orbach Summer.

Zong-Cing Lin 2007/10/31.  Algorithm Description  Why chose Rijndael  Reference.

The RC6 Block Cipher: A simple fast secure. Design Philosophy u Leverage our experience with RC5: use data-dependent rotations to achieve a high level.

Overview on Hardware Security

Provides Confidentiality

Xin Fang, Pei Luo, Yunsi Fei, and Miriam Leeser

Cache Memory Presentation I

Implementation of IDEA on a Reconfigurable Computer

Security Of Wireless Sensor Networks

Dynamic High-Performance Multi-Mode Architectures for AES Encryption

RECONFIGURABLE NETWORK ON CHIP ARCHITECTURE FOR AEROSPACE APPLICATIONS

SYMMETRIC ENCRYPTION.

Advanced Encryption Standard

Presentation transcript:

R ECONFIGURABLE H ARDWARE FOR H IGH - SECURITY /H IGH -P ERFORMANCE E MBEDDED S YSTEMS : T HE SAFES P ERSPECTIVE Guy Gogniat, Tilman Wolf, Wayne Burleson, Jean- Philippe Diguet, Lilian Bossuet and Roman Baslin Presented by: Wei Zang Xin Guan Mar. 03, 2010

T HE TOPIC ( R ECONFIGURABLE H ARDWARE FOR H IGH - SECURITY /H IGH - P ERFORMANCE E MBEDDED S YSTEMS : T HE SAFES P ERSPECTIVE ) SAFES? –Security Security architecture for embedded systems Purpose? Provide high-Security and high-performance for a system Built on reconfigurable hardware - FPGA 2

O UTLINE Attacks and countermeasures on embedded systems SAFES Architecture RC6 Architecture Monitoring for Performance Policy AES Datapath Implementation Comparison 3

O UTLINE Attacks and countermeasures on embedded systems SAFES Architecture RC6 Architecture Monitoring for Performance Policy AES Datapath Implementation Comparison 4

S ECURITY AND A TTACKS Security objective Protection of private data, design and the system Attacks objectives Break security in order to Access, change or destroy private data Change some module, copy or destroy design Change behavior or destroy the system Challenges ( attack point ) Tamper resistance Facing increasing number of attacks from physical to software Assurance Continue to operate reliably despite attacks 5

A TTACKS AGAINST EMBEDDED SYSTEMS 6 Software attacks Worm, virus, Trojan horse Hardware Physical irreversible attacks (Active) Chip cutting, chemical attack etc. Physical reversible attacks (Active) Glitch clock, Fault injection, Variation of V or T Side-channel (Passive) Timing, power or EM analysis to extrate of secrets

W HY R ECONFIGURABLE ARCHITECTURES ? Potential advantages of configurable computing for efficiency Specialization : design the system for a specific set of parameters Resource sharing : temporal resources sharing Throughput : high parallelism and deep pipeline implementation is possible Potential advantages of configurable computing for security System Agility : switching from one protection mechanism to another, balance protection mechanisms depending on requirements System Upgrade : upgrade of the protection mechanisms Configurable computing enables Dynamic Configuration at Run Time To react and adapt rapidly to an irregular situation 7

O UTLINE Attacks and countermeasures on embedded systems SAFES Architecture RC6 Architecture Monitoring for Performance Policy AES Datapath Implementation Comparison 8

SAFES A RCHITECTURE 9 Verification and protection are not inside the application Can be updated dynamically depending on the application running on the system

R ECONFIGURABLE A RCHITECTURE Security primitive Performs a security algorithms (Cryptograph, key management) Goals Speedup the computation of security algorithm Provide flexibility to be able to update the primitive or to switch from one primitive to another Provide various tradeoffs: throughput, area, latency, reliability, power, energy and real time constraints 10

O PERATION OF THE P RIMITIVE Battery level Channel quality Parameter space Key size Throughput Pipe stage Key size Throughput Pipe stage ready normal

Changes comes from: Attacks SSC manage Interrupt SPC when irregular activity detected (hijacking, denial of service, secret information extraction) Response: reconfigure with a trusted configuration, enhance fault tolerance to guarantee functionality, stall I/O of the primitive Performance requirement SPC manage flexibility Performance tradeoff (throughput versus energy) Better energy-efficiency: when low battery level or decreased channel quality, SPC reconfigure primitive with lower throughput Guarantee throughput: SPC keeps the same parameters 12

O UTLINE Attacks and countermeasures on embedded systems SAFES Architecture RC6 Architecture Monitoring for Performance Policy AES Datapath Implementation Comparison 13

RC6 Case Study RC6 and AES are two major cryptography algorithms in secure private communication over the Internet. Process a block of data with block size 128 bit. Different Key Sizes, 128 bit, 192 bit, and 256 bit. Primitive operation, includes data-dependent rotations, modular addition and XOR operations, 32 bit multiplication. 14

RC6 Introduction Key Schedule Key Expansion Key Transmission 15

Plaintext Input Divide Save RC6 Introduction 16

Encryption RC6 Introduction 17

1st Round Repeat 10 Rounds A B C D final RC6 Introduction Encryption 18

2-stage Reconfigurable RC6 architecture- Pipelining 19 Pipeline Stage 1 Pipeline Stage 2

3-stage Reconfigurable RC6 architecture- Pipelining 20 Pipeline Stage 1 Pipeline Stage 2 Pipeline Stage 3

4-stage Reconfigurable RC6 architecture- Pipelining 21 PS1 PS2 PS3 PS4

Architecture Comparison 22

Closed Loop Control Observer Averaging Decision Making 23

Closed Loop Control 24

O UTLINE Attacks and countermeasures on embedded systems SAFES Architecture RC6 Architecture Monitoring for Performance Policy AES Datapath Implementation Comparison 25

An encryption standard adopted by the U.S. government. Each AES cipher has a 128-bit block size, with key sizes of 128, 192 and 256 bits AES operates on a 4×4 array of bytes, termed the state. AES cipher is specified as a number of repetitions of transformation rounds that convert the input plaintext into the final output of ciphertext. AES Case Study 26

Key Schedule 128 bits User Supplied Key is used to generate 10 sets of Round Key AES Introduction 27

Plaintext Input A 128 bits Input data block is fit into the 4*4 Byte matrix, called state AES Introduction 28

Round Operation SubBytes ShiftRows MixColumns AddRoundKey AES Introduction 29

Dataflow Initial Round Repeated Round Output AES Introduction 30

Fault Detection Architecture Expected Parity Computation Parity Check Reconfigurable AES Architecture 31

Fault Tolerant Architecture TMR (Triple Modular Redundancy) High overhead Reconfigurable AES Architecture 32

With small overhead and improved reliability, fault detection system can be set as default design. Due to the high overhead, fault tolerant system can be used cautiously. Architecture Comparison 33

Architecture Comparison 34

Reconfiguration Time The dynamic reconfiguration is accomplished by ICAP interface. The clock of ICAP interface of our FPGA is 50 MHz. Assume write one Byte Configuration data for one cycle. For AES encryption, the partial bit-streams required by fault detection system is 356 kB, which leads to the reconfiguration time nearly 7 ms. SAFES 35

C ONCLUSIONS SAFES Based on reconfigurable hardware to provide high performance and flexibility and relies on hardware monitors to build instruction detection systems Includes: Reconfigurable security primitives Reconfigurable hardware monitors Hierarchy of secure controllers at the primitive, system and executive level Cases on RC6 and AES The flexibility of our solution enables the realization of an energy-efficient system while addressing the security issue. 36