holistic security design for the thumbpod embedded system
TRANSCRIPT
![Page 1: Holistic Security Design for the ThumbPod Embedded System](https://reader030.vdocuments.mx/reader030/viewer/2022012802/61bd110a61276e740b0f021b/html5/thumbnails/1.jpg)
Holistic Security Design for the ThumbPod Embedded System
Herwin ChanDoris ChangYi FanAlireza HodjatDavid HwangBo-Cheng Lai
Yusuke MatsuokaPatrick Schaumont Kris TiriDzi TranShenglin Yang
Prof. Ingrid VerbauwhedeEmbedded Security (EmSec) Group
http://www.ivgroup.ee.ucla.edu
![Page 2: Holistic Security Design for the ThumbPod Embedded System](https://reader030.vdocuments.mx/reader030/viewer/2022012802/61bd110a61276e740b0f021b/html5/thumbnails/2.jpg)
Outline
• Embedded Security: Research Challenges• Driver application: ThumbPod• Issues we address:
– Protocol– Algorithm– Architecture– Micro-Architecture– Circuit
• Putting it all together…• Conclusions
![Page 3: Holistic Security Design for the ThumbPod Embedded System](https://reader030.vdocuments.mx/reader030/viewer/2022012802/61bd110a61276e740b0f021b/html5/thumbnails/3.jpg)
Research Challenges
• The world is going embedded and wireless!!
• Wireless embedded security is – extremely important…– …yet unsolved!!
EmSec Mission: How to implement robust security on constrained devices?
![Page 4: Holistic Security Design for the ThumbPod Embedded System](https://reader030.vdocuments.mx/reader030/viewer/2022012802/61bd110a61276e740b0f021b/html5/thumbnails/4.jpg)
Solution: Security Pyramid
• Partition security into five abstraction levels– Each level is secure only if lower levels secure
• Our research: design security at ALL LEVELS and ensure secure TRANSITIONS between levels
Protocol
Algorithm
Architecture (Embedded SW)
Circuit
Micro-Architecture
Cipher Design,Biometrics
DQ
Vcc
CPUCrypto
MEM
JCA
Java
JVM
CLK
Identification
ConfidentialityIntegrity
SIM
DQ
Vcc
CPU
MEM
JCA
Java
KVM
CLK
Identification
ConfidentialityIntegrity
IdentificationIntegrity
SIMSIMSIM
Security dependence
![Page 5: Holistic Security Design for the ThumbPod Embedded System](https://reader030.vdocuments.mx/reader030/viewer/2022012802/61bd110a61276e740b0f021b/html5/thumbnails/5.jpg)
Driver Application: ThumbPod• Currently, most biometric
systems perform processing on server side
• Secure keychain device performs all biometrics and cryptography locally
• Components: – Microcontroller and memory– Fingerprint sensor– Biometric and cryptographic
accelerators– IR and USB
![Page 6: Holistic Security Design for the ThumbPod Embedded System](https://reader030.vdocuments.mx/reader030/viewer/2022012802/61bd110a61276e740b0f021b/html5/thumbnails/6.jpg)
Protocol
Algorithm
Architecture
Circuit
Micro-Architecture
Cipher Design,Biometrics
DQ
Vcc
CPUCrypto
MEM
JCA
Java
JVM
CLK
Identification
ConfidentialityIntegrity
SIM
DQ
Vcc
CPU
MEM
JCA
Java
KVM
CLK
Identification
ConfidentialityIntegrity
IdentificationIntegrity
SIMSIMSIM
![Page 7: Holistic Security Design for the ThumbPod Embedded System](https://reader030.vdocuments.mx/reader030/viewer/2022012802/61bd110a61276e740b0f021b/html5/thumbnails/7.jpg)
Protocol Level:Biometric Authentication Protocol
Server
WEAK
Device User
STRONG
Server
STRONG
Device User
STRONG
STRONG
• Problem: security is weak between user and credit card
• Solution: biometric authentication protocols using biometrics and cryptography
• Security-energy tradeoffs based on local or server signal processing
![Page 8: Holistic Security Design for the ThumbPod Embedded System](https://reader030.vdocuments.mx/reader030/viewer/2022012802/61bd110a61276e740b0f021b/html5/thumbnails/8.jpg)
Protocol
Algorithm
Architecture
Circuit
Micro-Architecture
Cipher Design,Biometrics
DQ
Vcc
CPUCrypto
MEM
JCA
Java
JVM
CLK
Identification
ConfidentialityIntegrity
SIM
DQ
Vcc
CPU
MEM
JCA
Java
KVM
CLK
Identification
ConfidentialityIntegrity
IdentificationIntegrity
SIMSIMSIM
![Page 9: Holistic Security Design for the ThumbPod Embedded System](https://reader030.vdocuments.mx/reader030/viewer/2022012802/61bd110a61276e740b0f021b/html5/thumbnails/9.jpg)
• Problem: How to fit floating-point fingerprint algorithm on constrained embedded devices
Quality maps
Generate maps (MAPS)
Direction maps
Binarized image
Possible minutiae
Final minutiae set
Binarization (BINAR)
Detection (DETECT)
Remove false minutiae
Fingerprint
Algorithm Level:Embedded Fingerprint Matching
![Page 10: Holistic Security Design for the ThumbPod Embedded System](https://reader030.vdocuments.mx/reader030/viewer/2022012802/61bd110a61276e740b0f021b/html5/thumbnails/10.jpg)
Algorithm Level:Embedded Fingerprint Matching
0
1,000
2,000
3,000
4,000
5,000
6,000
ORG S/W OPT H/W Accel
Ene
rgy
cons
umpt
ion
(mJ)
Reduction of the energy consumption for minutiae detection
• Floating point NIST algorithm – Fixed point code and
memory optimizations– New matching
algorithm
• 50% energy reduction with equal detection accuracy– False Accept Rate =
0.01%– False Reject Rate =
0.5%
![Page 11: Holistic Security Design for the ThumbPod Embedded System](https://reader030.vdocuments.mx/reader030/viewer/2022012802/61bd110a61276e740b0f021b/html5/thumbnails/11.jpg)
Protocol
Algorithm
Architecture
Circuit
Micro-Architecture
Cipher Design,Biometrics
DQ
Vcc
CPUCrypto
MEM
JCA
Java
JVM
CLK
Identification
ConfidentialityIntegrity
SIM
DQ
Vcc
CPU
MEM
JCA
Java
KVM
CLK
Identification
ConfidentialityIntegrity
IdentificationIntegrity
SIMSIMSIM
![Page 12: Holistic Security Design for the ThumbPod Embedded System](https://reader030.vdocuments.mx/reader030/viewer/2022012802/61bd110a61276e740b0f021b/html5/thumbnails/12.jpg)
Architecture Level: Embedded Software Design
• Problem: How do you design SW for a secure embedded system?– Secure code: Java with cryptographic libraries
and security functionality
– But constrained embedded devices running Java are slow: require secure SW and HW acceleration
![Page 13: Holistic Security Design for the ThumbPod Embedded System](https://reader030.vdocuments.mx/reader030/viewer/2022012802/61bd110a61276e740b0f021b/html5/thumbnails/13.jpg)
Architecture Level: Embedded Software Design
• Solution: GEZEL environment for design of co-processors and cycle-through accurate simulations
• Each platform corresponds to the addition of an abstraction level• Three simulation platforms of the same system
KVM
Java
KNI
C GEZEL
TSIM EmbeddedInstruction Set Sim. GEZEL
KVMPlatform
Emb. SWPlatform
FPGAPlatform VHDL
LEON IP core AUTOMATICTRANSLATION
![Page 14: Holistic Security Design for the ThumbPod Embedded System](https://reader030.vdocuments.mx/reader030/viewer/2022012802/61bd110a61276e740b0f021b/html5/thumbnails/14.jpg)
Protocol
Algorithm
Architecture
Circuit
Micro-Architecture
Cipher Design,Biometrics
DQ
Vcc
CPUCrypto
MEM
JCA
Java
JVM
CLK
Identification
ConfidentialityIntegrity
SIM
DQ
Vcc
CPU
MEM
JCA
Java
KVM
CLK
Identification
ConfidentialityIntegrity
IdentificationIntegrity
SIMSIMSIM
![Page 15: Holistic Security Design for the ThumbPod Embedded System](https://reader030.vdocuments.mx/reader030/viewer/2022012802/61bd110a61276e740b0f021b/html5/thumbnails/15.jpg)
Main Processor Core
Architecture Level: AES Crypto-processor Design
• Advanced Encryption Standard (AES) based on Rijndael Algorithm
• Symmetric key cipher using Galois Field Arithmetic
• First published IC implementation!
• Co-processor design of Rijndael cores
Coprocessor Top Controller
Controller
Datapath
Input Interfacing
Module
Memory Mapped Interface
32Coprocessor
Datapath
Crypto Coprocessor
Controller
Datapath
Output Interfacing
Module
32
Data Bus
Address Bus
324 328 8 4
![Page 16: Holistic Security Design for the ThumbPod Embedded System](https://reader030.vdocuments.mx/reader030/viewer/2022012802/61bd110a61276e740b0f021b/html5/thumbnails/16.jpg)
• Interface overhead for co-processor consumes cycles but still 333X improvement
• Better improvement if separate data and control flow– Currently, data flow and control flow are merged– Co-processors with direct memory access would reduc e interface overhead
Javacycles
Ccycles
AES301,034
Interface367 Interface
892AES44,063
AES11
Co-processorcycles
301, 034 44,430 903Total Cycles
acceleration
6.8X 333XImprovement
Architecture Level: AES Crypto-processor Design
![Page 17: Holistic Security Design for the ThumbPod Embedded System](https://reader030.vdocuments.mx/reader030/viewer/2022012802/61bd110a61276e740b0f021b/html5/thumbnails/17.jpg)
Protocol
Algorithm
Architecture
Circuit
Micro-Architecture
Cipher Design,Biometrics
DQ
Vcc
CPUCrypto
MEM
JCA
Java
JVM
CLK
Identification
ConfidentialityIntegrity
SIM
DQ
Vcc
CPU
MEM
JCA
Java
KVM
CLK
Identification
ConfidentialityIntegrity
IdentificationIntegrity
SIMSIMSIM
![Page 18: Holistic Security Design for the ThumbPod Embedded System](https://reader030.vdocuments.mx/reader030/viewer/2022012802/61bd110a61276e740b0f021b/html5/thumbnails/18.jpg)
• Differential Power Analysis (DPA) exploits power properties of CMOS transitions– 0�0 no power dissipation– 0�1 power dissipation
• Our sense amplifier based logic (SABL) charges constant capacitance – Minimizes transition power
variations
Circuit Level: Combating Power Analysis Attacks
![Page 19: Holistic Security Design for the ThumbPod Embedded System](https://reader030.vdocuments.mx/reader030/viewer/2022012802/61bd110a61276e740b0f021b/html5/thumbnails/19.jpg)
0
50
100
150
200
250
300
350
400
450
scCMOS
min=0.00 Max=10.42m=5.92
m-s=4.19 m+s=7.66
SABL
x5m=11.32Max=11.51
m-s=11.26
min=11.14
m+s=11.38
Number of observations
0 2 4 6 8 10 12Energy per cycle - [pJ]
Circuit Level: Combating Power Analysis Attacks
���� Reduction of power variation by 116x!
![Page 20: Holistic Security Design for the ThumbPod Embedded System](https://reader030.vdocuments.mx/reader030/viewer/2022012802/61bd110a61276e740b0f021b/html5/thumbnails/20.jpg)
Protocol
Algorithm
Architecture
Circuit
Micro-Architecture
Cipher Design,Biometrics
DQ
Vcc
CPUCrypto
MEM
JCA
Java
JVM
CLK
Identification
ConfidentialityIntegrity
SIM
DQ
Vcc
CPU
MEM
JCA
Java
KVM
CLK
Identification
ConfidentialityIntegrity
IdentificationIntegrity
SIMSIMSIM
Putting it together…FPGA
![Page 21: Holistic Security Design for the ThumbPod Embedded System](https://reader030.vdocuments.mx/reader030/viewer/2022012802/61bd110a61276e740b0f021b/html5/thumbnails/21.jpg)
Putting it together…FPGA• Xilinx Virtex-II
FPGA– Embedded LEON
32-b Sparc processor
– Memory-mapped co-processors
Xilinx Virtex-II FPGA
DFTCo-Proc.
AMBA AHB
APB Bridge
UARTLEON
32- SparcProc.
AESCo-Proc.
APB
Mem. Controller Boot PROM
32 MB SRAM
KVM
Application
NativeBiometrics
NativeSecurity
JAM
Embedded Software Architecture
Server
AuthentecAF-2
![Page 22: Holistic Security Design for the ThumbPod Embedded System](https://reader030.vdocuments.mx/reader030/viewer/2022012802/61bd110a61276e740b0f021b/html5/thumbnails/22.jpg)
Putting it together…FPGA
• Working demo on an FPGA board (two ThumbPods shown) and PC connected over RS-232
• Demonstration at DAC 2003 and today!!
![Page 23: Holistic Security Design for the ThumbPod Embedded System](https://reader030.vdocuments.mx/reader030/viewer/2022012802/61bd110a61276e740b0f021b/html5/thumbnails/23.jpg)
Protocol
Algorithm
Architecture
Circuit
Micro-Architecture
Cipher Design,Biometrics
DQ
Vcc
CPUCrypto
MEM
JCA
Java
JVM
CLK
Identification
ConfidentialityIntegrity
SIM
DQ
Vcc
CPU
MEM
JCA
Java
KVM
CLK
Identification
ConfidentialityIntegrity
IdentificationIntegrity
SIMSIMSIM
Putting it together…ASIC
![Page 24: Holistic Security Design for the ThumbPod Embedded System](https://reader030.vdocuments.mx/reader030/viewer/2022012802/61bd110a61276e740b0f021b/html5/thumbnails/24.jpg)
Putting it together…ASIC
• Secure ASIC Design• Unprotected
– LEON processor– Memory and buses
• Protected by SABL– AES crypto-processor– Matching oracle for
secure matching decisions
– Secure storage
LEON Processor
AHB/APB Bridge
Boot PROM I/F Boot ROM
Memory Controller
Integer UnitAHB I/F
Cache
D-Cache 2KB
I-Cache2KB
AMBA Peripheral
Bus
AHB Controller
ASIC NON-DPA
Fingerprint Sensor
RS232
2MB SRAM
UART1
UART2
AES Coprocessor
ASIC DPA
Comparator
Template/ HG Storage
32 b Memory Bus
LEON Processor
AHB/APB Bridge
Boot PROM I/F Boot ROM
Memory Controller
Integer UnitAHB I/F
Cache
D-Cache 2KB
I-Cache2KB
AMBA Peripheral
Bus
AHB Controller
ASIC NON-DPA
Fingerprint Sensor
RS232
2MB SRAM
UART1
UART2
AES Coprocessor
ASIC DPA
Comparator
Template/ HG Storage
32 b Memory Bus
![Page 25: Holistic Security Design for the ThumbPod Embedded System](https://reader030.vdocuments.mx/reader030/viewer/2022012802/61bd110a61276e740b0f021b/html5/thumbnails/25.jpg)
Conclusion
• EmSec researches on all levels of the embedded security pyramid– Example driver: ThumbPod
• Other projects: – GEZEL for multi/co-processor simulation
– Optical CDMA cryptography– Wireless sensor network security
![Page 26: Holistic Security Design for the ThumbPod Embedded System](https://reader030.vdocuments.mx/reader030/viewer/2022012802/61bd110a61276e740b0f021b/html5/thumbnails/26.jpg)
Thank You