hardware support for trustworthy systems

Hardware Support for Trustworthy Systems

Ted HuffmireACACES 2012Fiuggi, Italy

Disclaimer

• The views presented in this course are those of the speaker and do not necessarily reflect the views of the United States Department of Defense.

Lecture 2 Overview

• Reconfigurable Security• Reconfigurable hardware is widely used due to

growing non-recurring engineering (NRE) cost for ASICs

Field Programmable Gate Arrays

• Design of high-performance systems• ASIC chips have been used traditionally• Need something in between CPU and ASIC

Field Programmable Gate Arrays

• Raises interesting security questions• Set of security primitives• Examples of FPGA systems

FPGA Chip

Reconfigurable Hardware

SDRAM (off-chip)

DRAM

DRAM

DRAM

DRAM

DRAM

DRAM

DRAM

DRAM

DRAM

DRAM

DRAM

DRAM

ReferenceM

onitor

Crypto Core

CPU Core

CPU Core

AES

μP

μP

Tradeoffs

• Software vs. Hardware• ASIC performance comes at a high NRE cost

• Design, Verification• Fabrication, Packaging, Test

• Security

CPU ASICFPGA

General-Purpose Application-Specific

Motivation

• Ideal: Performance approaching ASIC, cost approaching CPU

• Problem: Embedded systems designers need security primitives

• Opportunities:– Spatial mapping of apps to device– Build primitives in reconfigurable hardware

Outline

• Motivation and Background• Security Primitives for FPGAs– Logical isolation– Interconnect tracing– Secure communication architecture– Configuration scrubbing

Motivation and Background

• Motivation and Background• Security Primitives for FPGAs– Logical isolation– Interconnect tracing– Secure communication architecture– Configuration scrubbing

Protection on Embedded Systems

Separation Kernels

DRAM

DRAM

DRAM

DRAM

DRAM

DRAM

app1 app3app2

kernel

Separate Processors DR

AM

DRAM

DRAM

DRAM

DRAM

DRAM

gatekeeper

DRAM

DRAM

DRAM

DRAM

DRAM

DRAM

gatekeeper

DRAM

DRAM

DRAM

DRAM

DRAM

DRAM

gatekeeper

app1app3 app2

Reconfigurable Protection

DRAM

DRAM

DRAM

DRAM

DRAM

DRAM app1

app2

app3

ReferenceM

onitor

Physical Software

Spatial Temporal

FPGA Systems

SDRAM (off-chip)

DRAM

DRAM

DRAM

DRAM

DRAM

DRAM

DRAM

DRAM

DRAM

DRAM

DRAM

DRAM

FPGA chip

μP

μP

μP

μP

SRAM

Blo

ck

BRAM

BRAM

BRAM

BRAM

BRAM

BRAM

BRAM

BRAM

FPGA Fabric

FPGA Applications

Mem

FPGA

App1

App2

FPGA FabricSwitchbox

CLB

A B Out

0 0 0

0 1 0

1 0 0

1 1 1

Mixed Trust Cores

• Multiple cores on one chip• Cores are provided by third parties• Sophisticated software tools developed by

third parties

Mixed Trust Cores

• Entanglement

Mixed Trust Tool Chains

Logical Isolation

• Motivation• Security Primitives for FPGAs– Logical isolation– Interconnect tracing– Secure communication architecture– Configuration scrubbing

Moats

• Goal: Physical isolation of cores • Opportunity: Divide computation spatially• Exploit spatial nature of FPGAs to provide

isolation

FPGA Chip

Moats

SDRAM (off-chip)

DRAM

DRAM

DRAM

DRAM

DRAM

DRAM

DRAM

DRAM

DRAM

DRAM

DRAM

DRAM

ReferenceM

onitor

Crypto Core

CPU Core

CPU Core

AESAES

Moats

Methodology

• Tradeoff between area and performance• Use VPR to synthesize 20 largest MCNC

benchmark circuits on different routing configurations

Effective UtilizationA

Dead areas for moats(Depends on # Cores)

B Inflation due to restricted routing (~10%)

C

Useful logic with no inflation (unrestricted routing)

UEff=C/(A+B+C)

100%

Moat Tradeoffs

DeadSpace

Inflation

UsefulLogic

Moat Size = 2

DeadSpace

Inflation

UsefulLogic

Moat Size = 1

DeadSpace

UsefulLogic

Moat Size = 6

Inflation

Effective Utilization

Interconnect Tracing

• Motivation• Security Primitives for FPGAs– Logical isolation– Interconnect tracing– Secure communication architecture– Configuration scrubbing

Drawbridges

• Goal: Ensure that only specified communication is established between cores

• Opportunity: Spatial isolation• Specify legal connections• Statically verify these connections

FPGA Chip

Interconnect Tracing

SDRAM (off-chip)

DRAM

DRAM

DRAM

DRAM

DRAM

DRAM

DRAM

DRAM

DRAM

DRAM

DRAM

DRAM

ReferenceM

onitor

Crypto Core

CPU Core

CPU Core

AES

μP

μP

XX

Jbits Interface

• Jbits is a java software interface from Xilinx• It provides abstract methods for– Reading bitstreams– Modifying bitstreams– Creating bitstreams

• Allows us to obtain the information we need to trace the routes from the actual bitstream

How Route Tracer Works

• Initialization– Parse Input file to get all modules, pins, and

connections– Obtain list of search pins for incoming and

outgoing connections– Trace all connections from input pins– Trace all connections leaving modules– Reverse Trace to ensure that there are no invalid

connections entering the modules

Route Tracing AlgorithmRouteTree trace(pin, module) {add pin to routeTreefor all sinks of wire this pin is on {if sink is connected to pinif sink has already been searchreturnif sink is in another modulecheck if connection is validreturnadd sink to list of searched pinstrace(sink, module)}}

Route TracingSM CLB SM CLB

SM CLBSM CLB

SM CLB CLB

CLBSM CLB

SM CLB SM CLB

SM CLBSM CLB

SM

SM

SM CLB SM CLB

SM CLBSM CLB

SM CLB CLB

CLBSM CLB

SM CLB SM CLB

SM CLBSM CLB

SM

SM

Example Input file# denotes a comment# first declare the device type#D deviceD XC2V6000 FF1517

#N moudules pins connectionsN 4 5 12

#M modulename xmin xmax # ymin ymaxM MB1 11 35 57 80 M MB2 11 35 13 35M MB3 54 78 57 80M MB4 54 78 13 35

#P pinname in/outP B25 rst #ResetP C36 in #rs_232_rx_pinP J30 out #rs_232_tx_pinP C8 in #rs_232_rx2_pinP C9 out #rs_232_tx2_pin

#C source destination widthC B25 MB1 1C C36 MB1 1C MB1 J30 1C B25 MB2 1C MB1 MB2 32C MB2 MB1 32C B25 MB3 1C MB3 C9 1C C8 MB3 1C B25 MB4 1C MB4 MB3 32C MB3 MB4 32

Output from Route Tracer...Found Valid connection:MB1 to MB2CLB.S6BEG5[57][33]. [CLB.S6END5[51][33]]. . CLB.S6BEG5[51][33]. . . [CLB.S6END5[45][33]]. . . . CLB.S6BEG3[45][33]. . . . . [CLB.S6END3[39][33]]. . . . . . CLB.S2BEG3[39][33]. . . . . . . [CLB.S2END3[37][33]]. . . . . . . . CLB.S2BEG1[37][33]. . . . . . . . . [CLB.S2END_S1[34][33]]Found Valid connection:MB3 to MB4CLB.OMUX0[58][58]. CLB.LV12[58][58]. . [CLB.LV18[28][58]]Found Valid connection:MB3 to C9...Design Successfully verified!

Partial Reconfiguration Route TracingSM CLB SM CLB

SM CLBSM CLB

SM CLB CLB

CLBSM CLB

SM CLB SM CLB

SM CLBSM CLB

SM

SM

SM CLB SM CLB

SM CLBSM CLB

SM CLB CLB

CLBSM CLB

SM CLB SM CLB

SM CLBSM CLB

SM

SM

This is our partially reconfigurable area

Input Pin

Output Pin

Moats 1.0

• Example four-core design, moat size = 2

Moats 2.0

• Subset of connections that must be traced

Secure Communication Architecture

• Motivation• Security Primitives for FPGAs– Logical isolation– Interconnect tracing– Secure communication architecture– Configuration scrubbing

Secure Communication Architecture

• Goal: Secure communication between cores on shared bus

• Opportunity: Programmability of FPGAs• Shared memory bus with time division access

MnM3M2M1

Communication ArchitectureM1 M2 M3 Mn

Arbiter

BRAM Block

. . .

FPGA Chip

Communication Architecture

SDRAM (off-chip)

DRAM

DRAM

DRAM

DRAM

DRAM

DRAM

DRAM

DRAM

DRAM

DRAM

DRAM

DRAM Arbiter/Reference Monitor

Crypto Core

CPU Core

CPU Core

AES

μP

μP

Configuration Scrubbing

• Motivation• Security Primitives for FPGAs– Logical isolation– Interconnect tracing– Secure communication architecture– Configuration scrubbing

Configuration Scrubbing

• Goal: Allow FPGA to change its configuration securely at run-time

• Opportunity: Use partial reconfiguration to properly erase prior core’s logic

• Use ICAP interface with an embedded core• Bitstream decryption is prohibited when using

partial reconfiguration

CPU CoreμP

AESCrypto Core

Scrubbing Example

SDRAM (off-chip)

DRAM

DRAM

DRAM

DRAM

DRAM

DRAM

DRAM

DRAM

DRAM

DRAM

DRAM

DRAM

FPGA Chip

CPU CoreμP

CPU CoreμP

Lecture 2 Reading

• [Conference Version] Moats and Drawbridges: An Isolation Primitive for Reconfigurable Hardware Based Systems– http://ieeexplore.ieee.org/xpls/abs_all.jsp?

arnumber=4223233• [Journal Version] Security Primitives for

Reconfigurable Hardware-Based Systems– http://dl.acm.org/citation.cfm?id=1754391

Lecture 2 Reading

• Reconfigurable Hardware Security– Trusted Design in FPGAs• http://dl.acm.org/citation.cfm?id=1278483

– Security on FPGAs: State-of-the-Art Implementations and Attacks• http://dl.acm.org/citation.cfm?id=1015052

– Security for Volatile FPGAs• http://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-

763.pdf

Lecture 2 Reading

• Reconfigurable Hardware Security– Reconfigurable Computing: The Theory and Practice of

FPGA-Based Computing• http://store.elsevier.com/Reconfigurable-Computing/Scott-

Hauck/isbn-9780123705228/– FPGA-Based Single Chip Cryptographic Solution

• http://mil-embedded.com/pdfs/NSA.Mar07.pdf• http://www.xilinx.com/applications/security/index.htm

– Of Gates and Wires• http://ieeexplore.ieee.org/xpl/articleDetails.jsp?

tp=&arnumber=1303100

Lecture 2 Reading

• Handbook of FPGA Design Security– http://springer.com/978-90-481-9156-7

• Security Trends for FPGAs– http://springer.com/978-94-007-1337-6