hardware support for trustworthy systems
DESCRIPTION
Hardware Support for Trustworthy Systems. Ted Huffmire ACACES 2012 Fiuggi , Italy. Disclaimer. The views presented in this course are those of the speaker and do not necessarily reflect the views of the United States Department of Defense. Lecture 2 Overview. Reconfigurable Security - PowerPoint PPT PresentationTRANSCRIPT
Hardware Support for Trustworthy Systems
Ted HuffmireACACES 2012Fiuggi, Italy
Disclaimer
• The views presented in this course are those of the speaker and do not necessarily reflect the views of the United States Department of Defense.
Lecture 2 Overview
• Reconfigurable Security• Reconfigurable hardware is widely used due to
growing non-recurring engineering (NRE) cost for ASICs
Field Programmable Gate Arrays
• Design of high-performance systems• ASIC chips have been used traditionally• Need something in between CPU and ASIC
Field Programmable Gate Arrays
• Raises interesting security questions• Set of security primitives• Examples of FPGA systems
FPGA Chip
Reconfigurable Hardware
SDRAM (off-chip)
DRAM
DRAM
DRAM
DRAM
DRAM
DRAM
DRAM
DRAM
DRAM
DRAM
DRAM
DRAM
ReferenceM
onitor
Crypto Core
CPU Core
CPU Core
AES
μP
μP
Tradeoffs
• Software vs. Hardware• ASIC performance comes at a high NRE cost
• Design, Verification• Fabrication, Packaging, Test
• Security
CPU ASICFPGA
General-Purpose Application-Specific
Motivation
• Ideal: Performance approaching ASIC, cost approaching CPU
• Problem: Embedded systems designers need security primitives
• Opportunities:– Spatial mapping of apps to device– Build primitives in reconfigurable hardware
Outline
• Motivation and Background• Security Primitives for FPGAs– Logical isolation– Interconnect tracing– Secure communication architecture– Configuration scrubbing
Motivation and Background
• Motivation and Background• Security Primitives for FPGAs– Logical isolation– Interconnect tracing– Secure communication architecture– Configuration scrubbing
Protection on Embedded Systems
Separation Kernels
DRAM
DRAM
DRAM
DRAM
DRAM
DRAM
app1 app3app2
kernel
Separate Processors DR
AM
DRAM
DRAM
DRAM
DRAM
DRAM
gatekeeper
DRAM
DRAM
DRAM
DRAM
DRAM
DRAM
gatekeeper
DRAM
DRAM
DRAM
DRAM
DRAM
DRAM
gatekeeper
app1app3 app2
Reconfigurable Protection
DRAM
DRAM
DRAM
DRAM
DRAM
DRAM app1
app2
app3
ReferenceM
onitor
Physical Software
Spatial Temporal
FPGA Systems
SDRAM (off-chip)
DRAM
DRAM
DRAM
DRAM
DRAM
DRAM
DRAM
DRAM
DRAM
DRAM
DRAM
DRAM
FPGA chip
μP
μP
μP
μP
SRAM
Blo
ck
BRAM
BRAM
BRAM
BRAM
BRAM
BRAM
BRAM
BRAM
FPGA Fabric
FPGA Applications
Mem
FPGA
App1
App2
FPGA FabricSwitchbox
CLB
A B Out
0 0 0
0 1 0
1 0 0
1 1 1
Mixed Trust Cores
• Multiple cores on one chip• Cores are provided by third parties• Sophisticated software tools developed by
third parties
Mixed Trust Cores
• Entanglement
Mixed Trust Tool Chains
Logical Isolation
• Motivation• Security Primitives for FPGAs– Logical isolation– Interconnect tracing– Secure communication architecture– Configuration scrubbing
Moats
• Goal: Physical isolation of cores • Opportunity: Divide computation spatially• Exploit spatial nature of FPGAs to provide
isolation
FPGA Chip
Moats
SDRAM (off-chip)
DRAM
DRAM
DRAM
DRAM
DRAM
DRAM
DRAM
DRAM
DRAM
DRAM
DRAM
DRAM
ReferenceM
onitor
Crypto Core
CPU Core
CPU Core
AESAES
Moats
Methodology
• Tradeoff between area and performance• Use VPR to synthesize 20 largest MCNC
benchmark circuits on different routing configurations
Effective UtilizationA
Dead areas for moats(Depends on # Cores)
B Inflation due to restricted routing (~10%)
C
Useful logic with no inflation (unrestricted routing)
UEff=C/(A+B+C)
100%
Moat Tradeoffs
DeadSpace
Inflation
UsefulLogic
Moat Size = 2
DeadSpace
Inflation
UsefulLogic
Moat Size = 1
DeadSpace
UsefulLogic
Moat Size = 6
Inflation
Effective Utilization
Interconnect Tracing
• Motivation• Security Primitives for FPGAs– Logical isolation– Interconnect tracing– Secure communication architecture– Configuration scrubbing
Drawbridges
• Goal: Ensure that only specified communication is established between cores
• Opportunity: Spatial isolation• Specify legal connections• Statically verify these connections
FPGA Chip
Interconnect Tracing
SDRAM (off-chip)
DRAM
DRAM
DRAM
DRAM
DRAM
DRAM
DRAM
DRAM
DRAM
DRAM
DRAM
DRAM
ReferenceM
onitor
Crypto Core
CPU Core
CPU Core
AES
μP
μP
XX
Jbits Interface
• Jbits is a java software interface from Xilinx• It provides abstract methods for– Reading bitstreams– Modifying bitstreams– Creating bitstreams
• Allows us to obtain the information we need to trace the routes from the actual bitstream
How Route Tracer Works
• Initialization– Parse Input file to get all modules, pins, and
connections– Obtain list of search pins for incoming and
outgoing connections– Trace all connections from input pins– Trace all connections leaving modules– Reverse Trace to ensure that there are no invalid
connections entering the modules
Route Tracing AlgorithmRouteTree trace(pin, module) {add pin to routeTreefor all sinks of wire this pin is on {if sink is connected to pinif sink has already been searchreturnif sink is in another modulecheck if connection is validreturnadd sink to list of searched pinstrace(sink, module)}}
Route TracingSM CLB SM CLB
SM CLBSM CLB
SM CLB CLB
CLBSM CLB
SM CLB SM CLB
SM CLBSM CLB
SM
SM
SM CLB SM CLB
SM CLBSM CLB
SM CLB CLB
CLBSM CLB
SM CLB SM CLB
SM CLBSM CLB
SM
SM
Example Input file# denotes a comment# first declare the device type#D deviceD XC2V6000 FF1517
#N moudules pins connectionsN 4 5 12
#M modulename xmin xmax # ymin ymaxM MB1 11 35 57 80 M MB2 11 35 13 35M MB3 54 78 57 80M MB4 54 78 13 35
#P pinname in/outP B25 rst #ResetP C36 in #rs_232_rx_pinP J30 out #rs_232_tx_pinP C8 in #rs_232_rx2_pinP C9 out #rs_232_tx2_pin
#C source destination widthC B25 MB1 1C C36 MB1 1C MB1 J30 1C B25 MB2 1C MB1 MB2 32C MB2 MB1 32C B25 MB3 1C MB3 C9 1C C8 MB3 1C B25 MB4 1C MB4 MB3 32C MB3 MB4 32
Output from Route Tracer...Found Valid connection:MB1 to MB2CLB.S6BEG5[57][33]. [CLB.S6END5[51][33]]. . CLB.S6BEG5[51][33]. . . [CLB.S6END5[45][33]]. . . . CLB.S6BEG3[45][33]. . . . . [CLB.S6END3[39][33]]. . . . . . CLB.S2BEG3[39][33]. . . . . . . [CLB.S2END3[37][33]]. . . . . . . . CLB.S2BEG1[37][33]. . . . . . . . . [CLB.S2END_S1[34][33]]Found Valid connection:MB3 to MB4CLB.OMUX0[58][58]. CLB.LV12[58][58]. . [CLB.LV18[28][58]]Found Valid connection:MB3 to C9...Design Successfully verified!
Partial Reconfiguration Route TracingSM CLB SM CLB
SM CLBSM CLB
SM CLB CLB
CLBSM CLB
SM CLB SM CLB
SM CLBSM CLB
SM
SM
SM CLB SM CLB
SM CLBSM CLB
SM CLB CLB
CLBSM CLB
SM CLB SM CLB
SM CLBSM CLB
SM
SM
This is our partially reconfigurable area
Input Pin
Output Pin
Moats 1.0
• Example four-core design, moat size = 2
Moats 2.0
• Subset of connections that must be traced
Secure Communication Architecture
• Motivation• Security Primitives for FPGAs– Logical isolation– Interconnect tracing– Secure communication architecture– Configuration scrubbing
Secure Communication Architecture
• Goal: Secure communication between cores on shared bus
• Opportunity: Programmability of FPGAs• Shared memory bus with time division access
MnM3M2M1
Communication ArchitectureM1 M2 M3 Mn
Arbiter
BRAM Block
. . .
FPGA Chip
Communication Architecture
SDRAM (off-chip)
DRAM
DRAM
DRAM
DRAM
DRAM
DRAM
DRAM
DRAM
DRAM
DRAM
DRAM
DRAM Arbiter/Reference Monitor
Crypto Core
CPU Core
CPU Core
AES
μP
μP
Configuration Scrubbing
• Motivation• Security Primitives for FPGAs– Logical isolation– Interconnect tracing– Secure communication architecture– Configuration scrubbing
Configuration Scrubbing
• Goal: Allow FPGA to change its configuration securely at run-time
• Opportunity: Use partial reconfiguration to properly erase prior core’s logic
• Use ICAP interface with an embedded core• Bitstream decryption is prohibited when using
partial reconfiguration
CPU CoreμP
AESCrypto Core
Scrubbing Example
SDRAM (off-chip)
DRAM
DRAM
DRAM
DRAM
DRAM
DRAM
DRAM
DRAM
DRAM
DRAM
DRAM
DRAM
FPGA Chip
CPU CoreμP
CPU CoreμP
Lecture 2 Reading
• [Conference Version] Moats and Drawbridges: An Isolation Primitive for Reconfigurable Hardware Based Systems– http://ieeexplore.ieee.org/xpls/abs_all.jsp?
arnumber=4223233• [Journal Version] Security Primitives for
Reconfigurable Hardware-Based Systems– http://dl.acm.org/citation.cfm?id=1754391
Lecture 2 Reading
• Reconfigurable Hardware Security– Trusted Design in FPGAs• http://dl.acm.org/citation.cfm?id=1278483
– Security on FPGAs: State-of-the-Art Implementations and Attacks• http://dl.acm.org/citation.cfm?id=1015052
– Security for Volatile FPGAs• http://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-
763.pdf
Lecture 2 Reading
• Reconfigurable Hardware Security– Reconfigurable Computing: The Theory and Practice of
FPGA-Based Computing• http://store.elsevier.com/Reconfigurable-Computing/Scott-
Hauck/isbn-9780123705228/– FPGA-Based Single Chip Cryptographic Solution
• http://mil-embedded.com/pdfs/NSA.Mar07.pdf• http://www.xilinx.com/applications/security/index.htm
– Of Gates and Wires• http://ieeexplore.ieee.org/xpl/articleDetails.jsp?
tp=&arnumber=1303100
Lecture 2 Reading
• Handbook of FPGA Design Security– http://springer.com/978-90-481-9156-7
• Security Trends for FPGAs– http://springer.com/978-94-007-1337-6