noc-centric security of reconﬁgurable soc - lab …gogniat/papers/diguetnoc2007.pdfnoc-centric...

NOC-centric security of reconfigurable SoC

Jean-Philippe Diguet, Samuel Evain, Romain Vaslin, Guy Gogniat, Emmanuel JuinUniversité de Bretagne Sud / CNRS, LESTER lab., France

[email protected]

Abstract

This paper presents a first solution for NoC-basedcommunication security. Our proposal is based onsimple network interfaces implementing distributedsecurity rule checking and a separation between se-curity and application channels. We detail a four-step security policy and show how, with usual NOCtechniques, a designer can protect a reconfigurableSOC against attacks that result in abnormal com-munication behaviors. We introduce a new kind ofrelative and self-complemented street-sign routingadapted to path-based IP identification and recon-figurable architectures needs. Our approach is illus-trated with a synthetic Set-Top box, we also showhow to transform a real-life bus-based security so-lution to match our NOC-based architecture.

1 Introduction

As a key issue for multiprocessor chip design, alot of attention is being payed to communicationsarchitectures. With properties such as scalabil-ity, bandwidth increase and high-level formaliza-tion networks on chip have emerged as interestingalternatives to bus hierarchies. Many research ef-forts are still necessary, such as the managementof QoS in the context of chip with heterogeneousclocks implementing applications with dynamic be-haviors, however NoC could introduce new securitychallenges in future embedded systems. A multi-plication of communication links within chips alsomeans an increase of doors to program instructionsand sensitive data. In this paper we show howthis drawback can be turned into opportunities toefficiently implement security policy associated tocommunication controls. First, we introduce thecontext of our solution in the next section. In sec-tion 3, we present the main differences between re-cent work in bus-based security and our solution

to face considered attacks. In section 4, we de-scribe our architecture model for Secure NetworkInterface (SNI) and our new routing algorithms forpath-based identification and backward path com-putation. Section 5 illustrates our solution with aMultimedia/Set-top box case study, we also applyour approach to a bi-processor example from [9].Finally we conclude about security cost and per-spectives in terms of monitoring.

2 Communication security

2.1 Model of threat

Authors of embedded devices attacks have differ-ent motivations and frameworks to proceed. Endusers may try to extract, from the firmware of theirown device, information for hacking licenses or net-work accesses. Hackers aim to modify behaviorsof remote systems for different reasons and oper-ators may be interested by reading personal datafor marketing or licensing purposes. All these at-tacks can be initiated through abnormal commu-nications. Considering SOC complexity such be-haviors can also be caused by bugs (HAL errors,hazardous pointers), thus security techniques canbe used also for improving reliability and bug de-tection.

In this paper we don’t address communicationconfidentiality that can be handled with comple-mentary ciphering techniques [11]. We don’t eitherconsider physical attacks such as fault injection orside channel attacks, but our solution makes possi-ble the implementation of counter-measures basedon monitored reconfiguration. We focus our studyon entity authenticity and data integrity, both at-tacks can be identified as abnormal communicationbehaviors. These attacks may be classified in thefollowing three categories :

Hijacking Hijacking is a write access in the se-

Proceedings of the First International Symposium on Networks-on-Chip (NOCS'07)0-7695-2773-6/07 $20.00 © 2007

Authorized licensed use limited to: UNIVERSITE DE BRETAGNE SUD. Downloaded on July 28, 2009 at 08:33 from IEEE Xplore. Restrictions apply.

cure area in order to modify the behavior or theconfiguration of the system, it also includes bufferoverflow and internal registers reconfiguration.

Extraction of secret information This sec-ond aspect consists in read accesses to data storedin secure targets. The stolen information can besensitive data (e.g. encryption keys), instructionsfrom critical programs, IP configuration registersand so on.

Denial of service This kind of attacks aims tobring down the system performances. The networkover utilization downgrades the operability of thesystem. We can distinguish four kinds of attackscenarios. The last three ones are specific to NoCsand can occur if NI are programmable or in case ofmulti-NoC systems with secure and unsecure areas.

Replay: intentional repeated requests implywastes of bandwidth and cause higher latencytransfers in the system resulting in deadline missesfor instance. In the context of NoC new kinds ofdenial of service attacks may occur in order to over-crowd links with useless communications :

Incorrect path: it consists in introducing in thenetwork a packet with erroneous paths with the aimto trap it into a dead end. The body of the trappedpacket takes some channels and makes them un-available for the others valid packets.

Deadlock: it means the use of packets with pathsthat intentionally disrespect deadlock-free rules ofthe routing technique with the intent to createdeadlocks in the network. This leads to the con-tention of the channel and consequently of a partor the entire NoC.

Livelock: this is the introduction of a packet thatcan’t reach its target and stay turning infinitely inthe network, causing a waste of bandwidth, latencyand power.

2.2 Claims for reconfiguration

Security is usually considered as a software issuebased on fixed and so identified hardware targets.However we observe that needs for hardware re-configuration are rising, this evolution is mainlydriven by productivity gains. The first point is thehardware and software firmware upgrades on re-configurable SoC for improving performances andimplementing new standards and applications withdedicated hardware IP. The second point is relyingon the optimization of design costs for hardwarebug fixing as already done for software. Finally,

reconfiguration is also a convenient way for chipreuse with a specialization of a single chip for differ-ent system integrations. Thus, we have considereda solution that may be implemented on reconfig-urable SoC, our experiences are based on XilinxVirtex2pro series. Both hardware for IP and NoCand Software (SNI) partial reconfigurations can beconsidered in the context of NoC-based SoC. Oursecure reconfiguration protocol depicted in Fig.1 isdescribed in section 3.2.

3 From Bus to enhanced NoC-

based solution

3.1 Relative work

Few work exist in the domain of communication-based security for SoC out of specific secure proces-sor cores such as ARM/Trustzone [2] or Stan-ford/XOM [5]. Design of security-aware commu-nication architectures has been introduced by [9].Their solution named SECA relies on both a sin-gle Security Enforcement Module (SEM) and a Se-curity Enforcement Interface (SEI) for each slavedevice connected to the bus. Their solution whichhas been demonstrated through the AMBA bus canbe used to implement features such as (a) address-based protection, (b) data-based protection and (c)sequence-based protection. Such a solution is inter-esting since it can detect a large number of attacksfrom access control violation up to slave device con-figuration corruptions. However there are still somelimitations that should be considered when dealingwith multiprocessor systems where a large numberof resources will have to exchange data in paral-lel. Even if some security features, such as pe-ripheral register write protection, are distributedwithin the SEI most of the monitoring is centralizedand performed by the SEM especially the address-based protection which is based on a ternary contentaddressable memory (TCAM). Such an approachleads to an exponential increase of the cost whenadding new slave devices on the bus and stronglylimits the scalability. When one device is added tothe bus, the whole TCAM needs to be modified.A NoC based solution mitigates this cost since theaddress-based protection can be performed withinnetwork interfaces (NI) that are intrinsic to NoCimplementations. Thus, Address-based protectioncan be distributed and so performed in parallel like



data transfers. In the domain of NoC, ARTERIS[3] proposes the introduction of Firewall relying onfixed communications schemes and software secu-rity based on a secure boot configuration. In [12] wepresent an overview of NoC security issues. Gebo-tys, in [6], extends classical key exchange protocolsfor IP identification within NoC.

3.2 NoC-centric proposal

We consider reconfigurable architectures based on2.2 motivations. Then our objective is not exactlyto secure NoC-based communications, but rather toselect a NoC in order to implement secure commu-nications based on the range of opportunities it of-fers. They are mainly: spatial parallelism enablingpath-based identification and distributed and dedi-cated implementation of security functions. Our so-lution for a secured NoC regarding abnormal trafficdetection is based on the following five points:

I. Single, centralized, dedicated and secured mas-ter IP. The Security and Configuration Man-ager (SCM) is in charge of safe hardware andcommunication configurations and counter-attacksmonitoring. This is the most sensitive resource, soits configuration must be based on an initial bootand secured network communications for online up-dates. The SCM can be for instance a usual proces-sor core dedicated to this task.

II. Enhanced Network Interface for access con-trol. Secure Network Interface (SNI) handlesin a distributed and dedicated way the followingattack symptoms: (i) Denial of service, (ii) Unau-thorized Read Access (information extraction) andUnauthorized Write Access (Hijacking). The mainpoints are firstly the use of NoC scalability, basi-cally the large number of I/Os that offer NoC en-ables to personalize and dedicate access control tospecific and small memory areas (memory parti-tions and peripheral configuration registers). More-over NI proceeding delays can be usefully exploitedfor implementing security control in parallel withdata-flow. The second point is that we don’t needcostly probes in router [4] since all NoC traffics canbe analyzed thought Secured NI. As a consequenceto scalability use, the NI cost may be minimized.

III. Two distinct (virtual) networks for a sepa-ration between application and security data. Twovirtual channels (VC) are implemented, the firstone is dedicated to elementary best-effort commu-nications (BE) for inter IP transactions and the

second one is a priority best-effort (PBE) channeldedicated to SNI / SCM communications (securitymonitoring and configuration). For deadlock pro-tection, the transport layer implements connexion-oriented transactions with end to end flow controland the network layer implements source-routingpreventing from the introduction of incorrect paths.Note that security messages are very short, typi-cally one flit is enough to transmit a denial of ser-vice alert or an unauthorized access attempt. Ini-tially our intention was to use PBE channels forEnd-To-End flow controls, namely for credits ex-changes which correspond to inter-SNI communi-cations but this idea has been left out in order notto create potentially malicious PBE traffic besidesSCM communications.

IV. Four steps access control. The verification ofaccess rights and the detection of denial of servicecan be simplified compared to bus solution thanksto scalability NoC property. Basically a NoC pro-vides a distributed address control that enables toseparate IP identification (i.e. path) and local shortaddress checking while bus-based approaches arecentralized and lead an exponential cost.

1. Overflow checking. On the emitter SNIside, the first packet contains the message size,namely the number of words to be transmittedwithin the upcoming transaction. If the bound isreached and the FIFO is not empty then the FIFOis flushed and the transaction ended. Moreover thepacket length is limited to the input FIFO size andthe network layer control bits of the last flit areautomatically set by the NI controller.

2. Path Based Identification. An IP iden-tification can be based on tags inserted in thepacket header or payload, this tag can be fixed ifan ASIC solution is considered. However intrinsicNOC properties provide a simpler solution, basi-cally paths can be used to identify request and re-sponse communications. Our solution is based onthis property that enables hardware reconfigurationand does not need extra-information like the ID orthe backward path to the remote IP. Moreover weimplement a new routing algorithm that simplifiespath coding and backward path computation, thispoint is detailed in section 4.2. Thus the remote IP(request or response) is filtered according the Read,Write rights stored in the acceding SNI and thepath instruction extracted from the packet header.

3. Local Address checking. From the payloadof the first transaction packet is extracted the local



base address and the message size. These valuesare compared to bounds stored in the SNI. Theverification is limited to a reduced number of localaddress bits.

4. Statistics. Alerts are transmitted to theSCM when traffic bounds are out of predefined nor-mal behavior bounds. Available credits allocationsare accumulated and compared to upper and lowerbounds over a given observation period.

V. Configuration protocol and SNI configura-tion. All security policies are ineffective if thesystem can be configured by the attacker, so the(re)configuration protocol and order is a key issue.In software-oriented security, this point is guaran-teed by boot configuration stored in an embeddedciphered memory [7]. In the case of NoC on recon-figurable SoC, we distinguish four phases.

INIT: SOC hardware initial safe configuration.At the boot time, the complete hardware initialconfiguration is loaded from an external cipheredmemory. The reset configuration depends on thereconfigurable architecture. In case of a tile-basedarchitecture built around an hard NoC core onlyIPs are configured but if we consider a FPGA, thenboth IP and NoC cores are configured at reset time.In such a case, a dedicated decryption core is avail-able to run this task and a specific strategy can beelaborated to secure this first step as described in[10]. In this paper we consider this stage as alreadyperformed.

SNI: initial security configuration. In the veryfirst configuration two kinds of communications areauthorized, the first one is a BE read operationfrom SCM to a ciphered memory containing SNIconfigurations according to IP access policy andsecondly PBE SCM / SNI communications. Theavailable channels are used by SCM to manage aSW configuration of SNI (an example is given onFig.8). Note that after the SNI step is achieved,a new configuration may be dynamically changedonly by the SCM since reconfiguration control re-source (e.g. ICAP) is only connected to SCM.

RUN: runtime monitoring based on the currenthardware and software configuration. If alerts aredetected, different strategies can be implementedand lead to SNI software reconfigurations or tohardware reconfiguration.

DPR: dynamic and partial reconfiguration.Based on monitoring data (adaptation to traffic),Attack detection, or Upgrades requirements theSCM can decide at run-time partial hardware re-

Figure 1: Reconfiguration protocol

configuration. These reconfigurations are availableas bitstreams initially available or downloaded froma secured network connection. It has a consequenceon the configuration of the SNI connected to theSCM which is slightly different to IP ones. Actu-ally, it needs only one virtual channel, which can beconnected to the BE VCs during reconfiguration inorder to access to configuration memories whereasit is only connected to priority VCs at runtime.Thus they are no possible connections with otherIPs. This point is described in section 5.1. On-line reconfiguration management based on networkdownload a is not a trivial issue from a securityperspective, a dedicated protocol still remains tobe specified. According to FIPS 140-2 level 3 rec-ommendations, the ultimate solution would consistin a physical separation between secure and unse-cure network ports and so to a SCM with dedicatednetwork connection capabilities. Such an imple-mentation would be safe but costly, another onecan be based on a pooling procedure that enablesthe SCM to get ciphered tags authenticating newhardware upgrades from a ciphered memory. Thislast solution requires four conditions: i) a new BERead access from SCM to a ciphered memory, ii)a new BE Write access to network processor FIFOto launch secured bitstream downloads, iii) a safenetwork link (e.g. SSL) and iv) a certification pro-cedure [1] to authenticate upgrade requirements.

4 Architecture models

4.1 SNI

Standard NI Basic design of standard NI isquite simple, since it is based on a single channelwith end to end flow controls based on credits ex-changes between IPs (see Fig.2-a)). The design isbased on a restriction, which is that transactionsinterleaving is not allowed at emission. Namely theAPI developed in C for Xilinx microblaze doesn’tpermit to initiate a transaction before the end



packet of the previous transaction is loaded into theFIFO. At reception, packets from different trans-actions can be interleaved since message sizes areloaded at transaction initialization in SNI regis-ters. These design decisions result in two majorchanges compared to our previous work where dif-ferent FIFOs were associated to the different chan-nels. First, there are only one Input FIFO andone Output FIFO, it means that credits and FIFOstatus are checked during the NI access protocol.Namely, a new transaction is initiated only if theinput FIFO is empty and if credits are available.Moreover the read/write address is transformedinto the associated path in packet header and localaddress stored in the first packet. At reception, asimple address generator unit (AGU) produces thelocal address by summing basis address and offset.

SNI, IP configuration SNI architecture is con-figured for IP as depicted in Fig.2-b). Comparedto standard configuration, we add a second highpriority Best Effort channel (PBE) for monitoringdata. Security is based on a complete separation ofchannels, there are no connexion between IP andBPE FIFOs, which are reserved exclusively to SNIcommunications.

It results firstly in the implementation of a de-coder and arbiter for channel selection. Secondlycounters are added for statistics updates. Thirdly,a couple of registers for offset bounds checking areimplemented for the survey a each inter-IP com-munication. Finally, the NI controller is enhancedwith security controls for offset checking, path iden-tification and alert message generation based onstatistics. On the one hand as security control canbe performed in parallel with data-flows there is noimpact on processing delay, on the other hand thecost increased is mainly dominated by the introduc-tion of a second virtual channel that also stronglyimpacts the router costs.

SNI, SCM configuration SNI configuration forSCM/NOC interface is specific since the SCM isthe only IP allowed to communicate with SNIs asthe only trusted IP. These communications can beperformed sequentially, so only one couple of in-put/output FIFO is necessary as described in Fig.2-c). The SCM can access to SNI local registers inorder to modify VC ID inserted in packet headersand switch between PBE and BE channels. TheSCM uses BE VC to access to configuration mem-

Figure 2: SNI configurations

ories in order to get SNI configuration for all IPs,the SCM uses the PBE VC to configure IP SNIs.At run time, SCM SNI is configured with PBE VCto prevent any intrusion from remote IP and totransmit security alerts to the SCM. Finally we ob-serve that offset and access configuration registersare useless and can be removed. In section 5.1 wedetail access along with the different phases of con-figuration protocols.

SCM At reset time, SNIs are configured in such away that no IPs communication are allowed exceptfor the SCM that can access to its own programand data memories, and to configuration memo-ries. SCM is a processor dedicated to security con-trol, it is in charge of two main tasks. The firstone is devoted to SNI configurations, the second



one is active at run time and consists in listeningalert messages from SNIs, the reaction to attacksis decided by software designers. It can consist inclosing affected SNIs and transmit an alert througha secured network communication. Another role ofcounter-measure management can be assigned tothe SCM, against side-channels attacks.

4.2 Optimized path coding for iden-

tification and reconfiguration

Concept We propose a simple and low cost solu-tion to allow a receiving SNI to identify the send-ing SNI of received packet. This one is based on asmart use of routing instructions in packet header.Classical X-Y and street-sign routing coding tech-niques don’t preserve routing information, so wepropose a routing technique [8] that we call self-complemented path coding (SCP). The choice ofthe output port in a router is given by the turnnumber in counter-clockwise from the consideredinput port (Fig. 4). This feature induces some keyimprovements detailed hereafter. The instruction isrelative to both input and output ports considered.It allows preserving routing instruction informationin packet header to identify the sender from thedestination. Moreover this information constitutesnot only a single key but also the backward pathcompliant with reconfigurable architectures wheremaster IP location can be modified. It is a reli-able identification key because a sender can’t usethe routing instructions of another one to usurp itsidentity because its topological position is differentand requires an other path and so other routinginstructions.

Architecture Packet header is made of aninstruction field constituted of instructions forcrossed routers on the path of this packet to travelfrom the source to the destination. Moreover afterproceeding instructions, routers compute backwardinstructions and shift instructions as indicated onFig. 5. Note that a small field indicates the numberof remaining instructions to proceed. This one isdecreased by each crossed router. It allows routerto detect a live-lock path (an infinite loop impris-oning packet in the network conducing to a denialof service). A zero count must occur only at des-tination SNI. Thus, if before router processing itis detected, it is abnormal and conducts the routerto delete the entire packet. Destination SNI needs

Figure 3: The separate use of virtual channels

Figure 4: Relative street-sign

only to invert instruction order to determine thebackward path. So it can compare it with its ownpath table, and check corresponding access rights.

Bit level optimization To reduce instructionfield width, or to maximize the number of instruc-tions to dispose of longer paths we propose to re-duce individual instruction width to the minimumand so to use heterogeneous bit widths for instruc-tion coding. Routers have different arities. Thus,the instruction coding width may be different foreach one. However, the problem is the reorderingof instructions at destination SNI. The destinationdoesn’t know the width of each of them, so, it can’tdo the reordering (Fig. 6). We propose a suited

Figure 5: Instruction complement and shifting



Figure 6: Inversion technique

Figure 7: NoC topology

process on instructions to perform this reordering.This process is done at two levels. Back instruc-tion bit order is inverted by router after comput-ing. This is done by each crossed router. Finally,the destination SNI inverts the entire instructionfield to obtain the backward instruction field. Thisprocess is detailed in Fig. 6

5 Case study

5.1 SetTop Box SoC example

We consider a reconfigurable SOC for SetTop Boxapplications, described in Fig.8-10, with one SCM,6 and then 7 master IPs (general purpose or spe-cialized processors including one crypto-processor),and 13 slave memories for data (clear or ciphered),programs and configuration (ciphered security con-

figuration and bitstreams). In this example scala-bility is completely exploited with 22 SNIs enablingseparate access controls. The resulting 2D meshnetwork is composed of 4x3 routers having vari-ous numbers of ports as indicated in Fig. 7 whereSNIs are not present for clarity sake. Tab.1 showshow the instruction width may be different for thoserouters. In such a chip, a strict security policy isnecessary to control access to sensitive data such asprivate keys and crypto-processor programs.

location #routers #ports instrc bitwidthCorner 4 4 2Border 6 5 2Center 2 6 3

Table 1: Instruction bit width for routers with dif-ferent numbers of ports

5.1.1 Configuration protocol

Step 1 Fig.8 shows the system status after reset.The configuration results from a ciphered bitstreamstored in an external memory, the initial bitsreamcontains IP contexts including NOC IP. The initialconfiguration only authorizes one BE communica-tion, a read from SCM to ROM memory containingSNI configurations. PBE communications are alsoinstantiated between SCM and SNIs for NoC con-figuration according to security policy.

Step 2 Fig.8 figures out PBE VC connecting theSCM with SNIs. The SCM uses these channelsto configure SNIs, the resulting scheme is given inFig.9. Plain red arrows indicate BE communica-tions related to sensitive data. In our example thesensitive accesses are related to the crypto proces-sor and to its instruction memory and data mem-ory from which ciphering key can be extracted, tociphered data memories and their communicationswith network processor, GPP processor and DMA.Dotted red arrows corresponding to SCM/SNI PBEcommunications controlled by SCM are not indi-cated for clarity sake but are identical to thosespecified in Fig.8. Note that the SCM has only twopossible Read BE communications, the first one inBoot ROM occurs at reset time and the second onein ciphered Data Memory 2 is conditioned by a tagauthentication as explained in step 4. It means thatno read or write operations are possible from anyIP to SCM and that no SNI accesses are feasibleout of SCM PBE capabilities.



Step 3 At run time, alerts are transmitted to theSCM through the PBE VC as indicated in Fig.9.If no abnormal behavior is detected, these chan-nels remain unused or if no explicit read access formonitoring are programed in SCM. It means, thatPBE impact on BE traffic is null out of any troubledetection.

Step 4 In case of online reconfigurations forfirmware updates or bug fixing, a secure connectioncan be established by the network processor underthe control of the SCM. Different possibilities maybe implemented. In this example we base our im-plementation on the four conditions described in3.2-V., thus the SCM BE communications are lim-ited to a Read access to a ciphered memory and awrite access to the network processor. Thus, basedon a pooling, processed with a period that dependson the application characteristics (e.g. every dayfor a set-top box), the SCM switches to BE traf-fic mode and reads an upgrade flag from (ciphered)Data Memory 2. After an authentication proce-dure, if the flag reveals that an upgrade is avail-able then the SCM writes a command to the inputbuffer of the network processor to launch a safenew configuration download. Otherwise, the SCMreturns to the run state. When a new configura-tion is available (after upgrade, for adaptation orfor security reasons), the SCM can load new con-texts and partially reconfigure the SOC through theICAP controller. Fig.10 gives the resulting partialreconfiguration with new DSP and Turbo decoderIPs.

5.1.2 Preliminary results

We have estimated the cost of security while consid-ering a NOC with standard NIs and a second oneimplementing SNIs. Results have been obtainedwith our NOC CAD tool (µSpider), the VHDL hi-erarchy of files is produced according to designerparameters. The selected configuration is the fol-lowing, Data width is 32 bits, each link betweenconnected routers is composed of two unidirectionalopposite links, Buffer size is 8 words in input queueof routers for the message virtual channel, and only4 words for secure virtual channels. This last onerequires minor buffer size because packets are shortand contentions between packet on secure VC areshort and rare. The security controller used is stillelementary, but we have added required resources

Figure 8: NoC configuration, monitoring links

in order to estimate quite accurately the final cost.Synthesis has been performed with Xilinx/ISE tool.Tab. 2 shows a comparison between a NoC withand without secure features, results include (S)NI,links and routers. As also observed in processor-based work, security has a price, we note that thecost increase is around 45%. This is mainly due tothe additional VC for secure transmissions.

NoC FPGA slices

NI based 4x3 2DMesh 23818

SNI based 4x3 2DMesh 34568

Table 2: Security overhead

This main overhead is due to routers since arouter with two VCs is nearly two times the cost ofrouter with a single VC. The cost observed in NIfor additional FIFO and registers is not really sig-nificant. It means that minimizing routers cost isan important point, that we address with our SCProuting technique. Our method doesn’t increasethe architecture cost since it is close to the classi-cal street sign and consists only of the replacementof the forward instruction by the reverse instructionand bit inversions by crossing wires. Moreover, it



Figure 9: NoC Run-time configuration

enables to reduce routing instruction field to theminimum. To travel across the network in diago-nal with a shortest path, 6 routing instructions areneeded. If equal size would be chosen, the width ofthe instruction field would be 6x3, so 18 bits. Withour reduction coding, this width is 6x2, 12 bits, orin worst case 4x2bits + 2x3bits = 14 bits. This cod-ing reduction allows reducing instruction field costin packet headers, or permits longer paths. Routerswith many ports require more bits for instructioncoding, and so reduce path length but offer alsomore output port choices and so opportunities tofind a path. Finally note that our VC implemen-tation doesn’t introduce any delay overhead sinceVC (de)coding is performed in parallel with otherheader bit processing.

5.2 NEC case study

To illustrate our solution we have mapped to aNoC the DRM architecture for portable playbackof multimedia content application given in [9] witha bus-based security implementation. In this ex-ample two processors CPU A and CPU B (cryptoprocessor) are required. Processors A and B havedifferent rights regarding accesses to the memory

Figure 10: Dynamic IP and NoC reconfiguration

mapping. The resulting mapping is described inFig.11 where N/RW/W/R respectively mean notaccessible, read-write, write only and read only. Weobserve that the previous NoC can be reused forthis example. SNIs have been connected to Flash,ROM and peripherals, which have homogeneous ac-cess rules. This is not the case for the SDRAMwhich is divided in five areas having distinct accessrules. Different solutions may be chosen regardingSDRAM SNIs. Based on our solution, we have useddifferent SNIs for each area which enables a clear se-curity policy for each memory access. An oppositesolution would consist in using a single SNI consid-ering that SDRAM accesses can not be performedsimultaneously as it is with the initial architecture.The first solution means an increase of NoC costmainly in terms of routers compared to a solutionusing a single SNI implementation. However, italso provides a very simple solution if the NoC isalready available, in such a case SNI security rulesare extremely basic. The availability of small dis-tributed scratch pad memories can also justify thiskind of implementation. The second choice fits if aNoC architecture can be decided, however the SNIsecurity must distinguish five areas. Actually thebest solution depends on performance constraints



Figure 11: Configuration for NEC DRM [9]

and parallel access opportunities allowed by appli-cations.

6 Conclusion

In this paper we have presented a solution to takebenefit of NoC properties for improving security ofreconfigurable SOC in a simple and efficient way.Our approach is based on a security manager andsecure NIs implementing communications with ded-icated virtual channels that separate applicationand security/monitoring/control data-flows. Wehave defined a four-step hierarchical access con-trol policy that encompasses attacks correspond-ing to abnormal communication behaviors. Thecost overhead using FPGA slices is 45%, but itmust be nuanced since FGPA technology intro-duces slice waste and doesn’t favor required opti-mizations. Otherwise the overhead it is mainly dueto the introduction of virtual channels but someimprovements can be performed. A first directionis a selection of a limited number of routers used

for PBE traffics, which require low bandwidth com-pared to applications. Another issue could be theoptimization of FIFO length and security messagebitwidth. NoC security based on SNI has a doubleadvantage compared to bus-based solution, first se-curity checking are performed in parallel thanks todistributed and local implementations. Secondly,path identification and local offset enable to limitthe verification to minimum amount of address bits.

Future work will address monitoring algorithmimplemented in the SCM, namely it means astudy of different strategies for counter-attacks andcounter-measures. Finally, data protection can alsobe implemented in the SNI especially for peripheralconfigurations.

References[1] A.J.Menezes, P. C. Oorschot, and S. A.Vanstone. Hand-

book of Applied Cryptography. CRC Press, 2001.

[2] ARM. Trustzone. www.arm.com.

[3] ARTERIS. A comparison of network-on-chip and buses.whitepaper, Arteris.com, 2006.

[4] C.Ciordas, K.Goossens, A. Radulescu, and T.Basten. Nocmonitoring: Impact on the design flow. In IEEE Int.Symp.on Circuits and Systems (ISCAS), 2006.

[5] D.Lie. XOM project. www-vlsi.stanford.edu, 2003.

[6] C. H. Gebotys and R. J. Gebotys. A framework for se-curity on noc technologies. In ISVLSI ’03: Proceed-ings of the IEEE Computer Society Annual Symposiumon VLSI (ISVLSI’03), page 113, Washington, DC, USA,2003. IEEE Computer Society.

[7] G.E.Suh, C. O’Donnell, I.Sachdev, and S.Devadas. Designand implementation of the aegis single-chip secure proces-sor usingphysical random functions. In 32nd Annual Int’lSymposium on Computer Architecture, 2005.

[8] J-Ph.Diguet and S.Evain. Patent FR 05/53280, oct 2005.

[9] J.Coburn, S.Ravi, A.Raghunathan, and S.Chakradhar.Seca: security-enhanced communication architecture. InCASES ’05: Proceedings of the 2005 Int. Conference onCompilers, architectures and synthesis for embedded sys-tems, pages 78–89, New York, NY, USA, 2005. ACM Press.

[10] L.Bossuet, G.Gogniat, and W.Burleson. Dynamically con-figurable security for sram fpga bitstreams. In 18th Int.Parallel and Distributed Processing Symp.(IPDPS), 2004.

[11] R.Elbaz, L.Torres, G.Sassatelli, P.Guillemin,M.Bardouillet, and A.Martinez. A parallelized wayto provide data encryption and integrity checking on aprocessor-memory bus. In DAC’06, pages 506–509, 2006.

[12] S.Evain and J-Ph.Diguet. From NoC security analysis todesign solutions. In Ieee Work. on Signal Processing Sys-tems (SIPS), Athens, Greece, Oct. 2005.



noc-centric security of reconﬁgurable soc - lab …gogniat/papers/diguetnoc2007.pdfnoc-centric...

Documents