Reconfigurable Hardware for High-security/High-Performance Embedded Systems: The SAFES Perspective

1
Reconfigurable Hardware for High-security/High-Per
formance Embedded Systems The SAFES Perspective

• Guy Gogniat, Tilman Wolf, Wayne Burleson,
  Jean-Philippe Diguet, Lilian Bossuet and Roman
  Baslin
• Presented by
• Wei Zang
• Xin Guan
• Mar. 03, 2010

2
The topic(Reconfigurable Hardware for
High-security/High-Performance Embedded Systems
The SAFES Perspective)

• SAFES? Security
• Security architecture for embedded systems
• Purpose?
• Provide high-Security and high-performance for
  a system
• Built on reconfigurable hardware - FPGA

3
Outline

• Attacks and countermeasures on embedded systems
• SAFES Architecture
• RC6 Architecture Monitoring for Performance
  Policy
• AES Datapath Implementation Comparison

4
Outline

• Attacks and countermeasures on embedded systems
• SAFES Architecture
• RC6 Architecture Monitoring for Performance
  Policy
• AES Datapath Implementation Comparison

5
Security and Attacks

• Security objective
• Protection of private data, design and the system
• Attacks objectives
• Break security in order to
• Access, change or destroy private data
• Change some module, copy or destroy design
• Change behavior or destroy the system
• Challenges ( attack point )
• Tamper resistance
• Facing increasing number of attacks from physical
  to software
• Assurance
• Continue to operate reliably despite attacks

6
Attacks against embedded systems
Physical reversible attacks (Active) Glitch
clock, Fault injection, Variation of V or T
Hardware
Side-channel (Passive) Timing, power or EM
analysis to extrate of secrets
Physical irreversible attacks (Active) Chip
cutting, chemical attack etc.
7
Why Reconfigurable architectures?

• Potential advantages of configurable computing
  for efficiency
• Specialization design the system for a specific
  set of parameters
• Resource sharing temporal resources sharing
• Throughput high parallelism and deep pipeline
  implementation is possible
• Potential advantages of configurable computing
  for security
• System Agility switching from one protection
  mechanism to another, balance protection
  mechanisms depending on requirements
• System Upgrade upgrade of the protection
  mechanisms
• Configurable computing enables Dynamic
  Configuration at Run Time
• To react and adapt rapidly to an irregular
  situation

8
Outline

• Attacks and countermeasures on embedded systems
• SAFES Architecture
• RC6 Architecture Monitoring for Performance
  Policy
• AES Datapath Implementation Comparison

9
SAFES Architecture

• Verification and protection are not inside the
  application
• Can be updated dynamically depending on the
  application running on the system

10
Reconfigurable Architecture

• Security primitive
• Performs a security algorithms (Cryptograph, key
  management)
• Goals
• Speedup the computation of security algorithm
• Provide flexibility to be able to update the
  primitive or to switch from one primitive to
  another
• Provide various tradeoffs throughput, area,
  latency, reliability, power, energy and real time
  constraints

11
Operation of the Primitive
Key size Throughput Pipe stage
011001
101101
ready
Parameter space Key size Throughput Pipe stage
normal
Battery level Channel quality
12

• Changes comes from
• Attacks
• SSC manage
• Interrupt SPC when irregular activity detected
  (hijacking, denial of service, secret information
  extraction)
• Response reconfigure with a trusted
  configuration, enhance fault tolerance to
  guarantee functionality, stall I/O of the
  primitive
• Performance requirement
• SPC manage flexibility
• Performance tradeoff (throughput versus energy)
• Better energy-efficiency when low battery level
  or decreased channel quality, SPC reconfigure
  primitive with lower throughput
• Guarantee throughput SPC keeps the same
  parameters

13
Outline

• Attacks and countermeasures on embedded systems
• SAFES Architecture
• RC6 Architecture Monitoring for Performance
  Policy
• AES Datapath Implementation Comparison

14
RC6 Case Study

• RC6 and AES are two major cryptography algorithms
  in secure private communication over the
  Internet.
• Process a block of data with block size 128 bit.
• Different Key Sizes, 128 bit, 192 bit, and 256
  bit.
• Primitive operation, includes data-dependent
  rotations, modular addition and XOR operations,
  32 bit multiplication.

15
RC6 Introduction

• Key Schedule
• Key Expansion
• Key Transmission

16
RC6 Introduction

• Plaintext Input
• Divide
• Save

17
RC6 Introduction

• Encryption

18
RC6 Introduction
1st Round

• Encryption

A B C D
Repeat 10 Rounds
A B C D
final
19
Reconfigurable RC6 architecture-Pipelining

• 2-stage

Pipeline Stage 1
Pipeline Stage 2
20
Reconfigurable RC6 architecture-Pipelining

• 3-stage

Pipeline Stage 1
Pipeline Stage 2
Pipeline Stage 3
20
21
Reconfigurable RC6 architecture-Pipelining

• 4-stage

PS1
PS2
PS3
PS4
21
22
Architecture Comparison
23
Closed Loop Control

• Observer
• Averaging
• Decision Making

24
Closed Loop Control
25
Outline

• Attacks and countermeasures on embedded systems
• SAFES Architecture
• RC6 Architecture Monitoring for Performance
  Policy
• AES Datapath Implementation Comparison

26
AES Case Study

• An encryption standard adopted by the U.S.
  government.
• Each AES cipher has a 128-bit block size, with
  key sizes of 128, 192 and 256 bits
• AES operates on a 44 array of bytes, termed the
  state.
• AES cipher is specified as a number of
  repetitions of transformation rounds that convert
  the input plaintext into the final output of
  ciphertext.

27
AES Introduction

• Key Schedule
• 128 bits User Supplied Key is used to
  generate 10 sets of Round Key

28
AES Introduction

• Plaintext Input
• A 128 bits Input data block is fit into the
  44 Byte matrix, called state

29
AES Introduction

• Round Operation
• SubBytes
• ShiftRows
• MixColumns
• AddRoundKey

30
AES Introduction

• Dataflow
• Initial Round
• Repeated Round
• Output

31
Reconfigurable AES Architecture

• Fault Detection Architecture
• Expected Parity Computation
• Parity Check

32
Reconfigurable AES Architecture

• Fault Tolerant Architecture
• TMR (Triple Modular Redundancy)
• High overhead

33
Architecture Comparison
With small overhead and improved reliability,
fault detection system can be set as default
design. Due to the high overhead, fault tolerant
system can be used cautiously.
34
Architecture Comparison
35
SAFES

• Reconfiguration Time
• The dynamic reconfiguration is accomplished by
  ICAP interface. The clock of ICAP interface of
  our FPGA is 50 MHz. Assume write one Byte
  Configuration data for one cycle. For AES
  encryption, the partial bit-streams required by
  fault detection system is 356 kB, which leads to
  the reconfiguration time nearly 7 ms.

36
Conclusions

• SAFES
• Based on reconfigurable hardware to provide high
  performance and flexibility and relies on
  hardware monitors to build instruction detection
  systems
• Includes
• Reconfigurable security primitives
• Reconfigurable hardware monitors
• Hierarchy of secure controllers at the primitive,
  system and executive level
• Cases on RC6 and AES
• The flexibility of our solution enables the
  realization of an energy-efficient system while
  addressing the security issue.