Configurable computing for highsecurityhighperformance ambient systems 1

1
Configurable computing for high-security/high-per
formance ambient systems 1

• Wayne Burleson,
• Department of Electrical and Computer
  Engineering,
• University of Massachusetts, Amherst, MA
  01003-9284 USA
• burleson_at_ecs.umass.edu

• Guy Gogniat, Lilian Bossuet,
• LESTER Laboratory,
• University of South Britanny (UBS), Lorient,
  France
• guy.gogniat_at_univ-ubs.fr lilian.bossuet_at_univ-ubs.f
  r

1This research This work is supported by the
French DGA DSP/SREA under contract no. ERE 0460
00 010
2
Outline

• Attacks and countermeasures on embedded systems
• Reconfigurable architectures
• Security and reconfigurable architectures
• AES case study
• Conclusions

3
Outline

• Attacks and countermeasures on embedded systems
• Reconfigurable architectures
• Security and reconfigurable architectures
• AES case study
• Conclusions

4
Security and attacks

• Security Objectives
• Security is required in order to guaranty
• The protection of private data (typically key,
  PIN, secret or confidential data)
• The protection of the design (typically some
  IPs)
• The protection of the system (typically its
  functionality, so that nobody else can control
  the system)
• Attack Objectives
• Attacks aim to break security in order to get
  access to
• Private data so that changing some values,
  copying the data or destroying the data
• The design so that changing some modules, copying
  the design or destroying the design
• The system so that changing its behavior or
  destroying the system

5
Attacks on Embedded Systems
Promity-based Hardware attacks Power or EM
analysis
Remote software attacks Worm, virus, Trojan horse
Reversible proximity-based attacks Fault
injection
AES
turbo code
KEY
RAM
µP
RAM
Proximity-based hardware attacks Tampering
RSA
6
Countermeasures

• Designers should have in mind

7
Outline

• Attacks and countermeasures on embedded systems
• Reconfigurable architectures
• Security and reconfigurable architectures
• AES case study
• Conclusions

8
Why reconfigurable architectures?

• Potential advantages of configurable computing
  for security
• System Agility switching from one protection
  mechanism to another, balance protection
  mechanisms depending on requirements
• System Upload upgrade of the protection
  mechanisms
• Potential advantages of configurable computing
  for efficiency (and particularly for the security
  system)
• Specialization design the system for a specific
  set of parameters
• Resource sharing temporal resources sharing
• Throughput high parallelism and deep pipeline
  implementation is possible
• Configurable computing enables Dynamic
  Configuration at Run Time
• To react and adapt rapidly to an irregular
  situation

9
Cryptography onto FPGA ?
Energy efficiency of embedded technologies
University of California, UCLA
processors
FPGA
ASIC
P. Schaumont, I. Verbauwhede. Domain-Specific
Codesign for Embedded Security. In IEEE Computer
Society, 2003
10
Advantages of reconfigurable architectures
Attack type
Countermeasure
Configurable computing advantages
Robustness Activity-awareness
Technology/Sensors System agility
Active - Irreversible
Sensors System agility System upload High
performance
Security-awareness Activity-awareness
Active - Reversible
Agility Symptom-free Security-awareness Activity-a
wareness
System agility System upload High performance
Passive Side channel
11
Outline

• Attacks and countermeasures on embedded systems
• Reconfigurable architectures
• Security and reconfigurable architectures
• AES case study
• Conclusions

12
Security and reconfigurable architectures

• Configurable Computing Security Space This space
  highlights the issues that must be addressed to
  build secure systems

• Configurable Computing Security Hierarchy This
  hierarchy highlights that security must be
  addressed at all layers of the systems

• The security issue with configurable computing
  can be seen through two complementary views

13
Configurable Computing Security Space

• Configurable Security Primitive
• Use configurable computing primitive to protect a
  system, the module is seen as an agile hardware
  unit

Attacks

• Secure Configurable System
• The whole system is configurable. The security is
  provided by the agility of the whole system

Attacks

• Configurable Design Security
• Protect the configurable computing configuration

Attacks
14
Configurable Security Primitive

• The configurable security primitive is a part of
  the whole system and performs some security
  primitives
• A system generally embeds several configurable
  security primitives
• Its goal is to
• Speedup the computation of the security primitive
  compared to a software execution
• Provide agility compared to an ASIC
  implementation
• Provide various tradeoffs in terms of delay,
  area, latency, reliability and power
• Provide various levels of configurability
  depending on the granularity of the underlying
  configurable architecture

15
Secure Configurable System

• To build Secure Configurable System three main
  points must be addressed
• Security-awareness
• Activity-awareness
• Agility
• Distributed agents (System Security Controllers)
  can work independently or together. They monitor
  the system activity and take the decision to
  reconfigure a part or the whole system
• Different levels of reaction can be considered
  depending of the type of attack
• reflex (performed by a single SSC)
• global (performed after a system level analysis).
  Reaction time can be critical, in that case
  reflex reconfiguration must be performed

16
Configurable Design Security

• Configurable computing module/system is defined
  through configuration data
• Each hardware execution context is defined
  through a specific configuration data
• The configuration data represents the design of
  the module/system
• The configuration data may contain private
  information and needs to be protected
• The design security is provided through
  cryptography (Confidentiality, Data integrity,
  Authentication)
• It needs a configurable security module

Source Altera, Design Security in Stratix II
Devices http//www.altera.com/products/devices/str
atix2/features/security/st2-security.html
17
Outline

• Attacks on embedded systems
• Countermeasures
• Reconfigurable architectures
• Security and reconfigurable architectures
• AES case study
• Conclusions

18
Agility leverages security

• At the system and architectural level (Secure
  Configurable System and Configurable security
  module) agility is provided through
  reconfiguration
• How can it be performed? Need to deal with these
  points
• Self-reconfiguration or Remote-reconfiguration
• Partial or full reconfiguration, Dynamic or
  static reconfiguration
• Predefined configuration data or dynamic
  configuration data
• Reconfiguration time
• Configuration memory
• Communication links
• Configuration controller (what is the policy?)

19
AES (Rijndael) Security Primitive agility case
study

• To illustrate the concepts related to agility we
  propose in the following slides an analysis of a
  Security Primitive (SP)
• All the implementations have been performed on
  Xilinx Virtex FPGA
• Various area/throughput/reliability tradeoffs
• AES cryptographic core SP with BRAMs on
  non-feedback mode
• AES cryptographic core SP without BRAMs on
  feedback and non-feedback modes
• AES cryptographic core SP with and without
  concurrent error detection mechanism on feedback
  mode
• AES cryptographic core and key setup SP using or
  not partial configuration

20
AES cryptographic core SP with BRAMs on
non-feedback mode

• Key setup management is not considered
• Static and full configuration
• Predefined configuration data
• Remote-configuration
• Various area/throughput tradeoffs

of slices
13

12600
80 BRAMs
16

5810
17
100 BRAMs

5177
15
84 BRAMs

2784
14

2222
Throughput (Gbits/s)
12.1
6.95
20.3
21.54
11.77
21
AES cryptographic core SP without BRAMs on
feedback and non-feedback modes

• Key setup management is not considered
• Static and full configuration
• Predefined configuration data
• Remote-configuration
• Various area/throughput tradeoffs

of slices
18

15112
17

12450
8

19
10992

10750
non-feedback mode
9

5673
8
feedback mode

3528
13

2507
Throughput (Gbits/s)
17.8
1.94
0.414
21.54
18.56
0.353
0.294
22
AES cryptographic core SP with and without
concurrent error detection mechanism on feedback
mode

• Key setup management is not considered
• Performance/reliability tradeoffs
• Finer granularity enables reduced fault detection
  latency and then promotes fast reaction against
  an attack
• Efficiency is at the price of area overhead

of slices
20

Operation level
5486
20
Algorithm level

4806
20

Round level
4724
Concurrent Error Detection
20

3973
no Concurrent Error Detection
Throughput (Mbits/s)
101.4
136.5
53.1
100.3
23
AES cryptographic core and key setup SP using or
not partial configuration

• Key setup management is considered
• Dynamic configuration
• Partial and full configuration
• Predefined configuration data or dynamic
  configuration data
• Remote-configuration

of slices
9

4312
no partial configuration
partial configuration
21
Speed efficient 32 BRAMs

288
21
area efficient 8 BRAMs

250
Throughput (Mbits/s)
353
250
300
24
Outline

• Attacks on embedded systems
• Countermeasures
• Reconfigurable architectures
• Security and reconfigurable architectures
• AES case study
• Conclusions

25
Conclusions

• Configurable computing presents significant
  features to target high-security/high performance
  ambient systems
• It is time to extend the vision of security using
  configurable computing (Configurable computing is
  not just hardware accelerators for security
  primitives)
• Two complementary views to guide the designer
  when facing with the difficult problem of system
  security
• Key aspects related to agility are presented and
  illustrated through the AES security primitive
• There are still many issues to make security
  commonplace dealing with configurable computing
  and to define the overhead costs that imply
  security mechanisms at the hardware level