FPGA Implementation of 30gbps Security Module for GPON Systems
Security issues in FPGA based systems.
Click here to load reader
-
Upload
rajeev-verma -
Category
Engineering
-
view
226 -
download
2
description
Transcript of Security issues in FPGA based systems.
Managing Securities in FPGA-Based Embedded Systems
Presenters:Rajeev Verma
Pratheep Joe Siluvai Iruthayaraj
Why FPGA?● Better performance.
○ Large number of bit level operations can be performed.○ shifting, permutations are achieved ny just wiring.○ extreme level of parallelism ○ low overheads
● Rapid time to market● Flexible● Truth tables or Lookup tables are used for hw acceleration.● Applications
○ Face recognition systems, wireless networks, cryptographic applications, supercomputers and many security applications.
Reconfigurable systems
● Cryptographic algorithms are generally implemented on FPGA
● Encryption devices require strong isolation to segregate plaintext(red) from ciphertext(black).
● Unencrypted data should be unavailable for black network.
System Design!
● Shared resources in system○ Shared DRAM, shared bus and
shared AES encryption core.
● Domain-1○ MicroBlaze0, RS-232, Distinct
memory portion● Domain-2
○ MicroBlaze1, an Ethernet interface, another distinct partition of memory
Applications need separation of data
● Aviation field.○ Uses Commercial off-the-shelf (COTS) FPGA components.○ Sensitive and non-sensitive data is processed in same device. ○ This isolation of the sensitive and non-sensitive data is achieved in
modern FPGAs ● Intelligent video surveillance
○ FPGA provides deep computation pipelining and isolation.○ Rely on 3 cores
■ Video interface for decoding■ Encryption mechanism for processing the video■ Network interface for sending data.
FPGA System Flow
● Cores can be generated by hand or by software like Xilinx Embedded Development Kit (EDK).
● Bitstream is the final code that goes to the core.
Reconfigurable Security Problems
● Design-tool subversion● Composition● Trusted Foundries● Bitstream protection
Design-tool subversion
● Malicious design could destroy FPGA because of short circuit.● Trusted tools should be used to develop trusted cores.● Xilinx provide signed cores.
Composition problem
● As final design, we can trust the design as much as the least-trusted design path.● Systems can be composed on
○ Device level■ one or more IP cores resides on single chip
○ Board level■ one or more chips on a single board
○ Network level■ Multiple boards are connected through network
● Now, it is possible to copy the hardware from existing products.● Protected IP could be a solution. ● a separate chip for each core can be used which can provide security advantage
Security issues with COTS
● COTS : Commercial off-the-shelf
● Manufacturer should not insert unintended functionalities into FPGA.
● All cores should be flawless so that attacker can’t exploit.
● Security flaws should not exist in running software or the compiler.
● Embedded device depends on other parts of larger nw should not be malicious.
Trusted-Foundry Problem and Bitstream Protection
● Trusted-Foundry Problem○ ASIC is having problem of IP theft.○ FPGA provide important security benefit over ASIC in this issue.
● Bitstream Protection○ Securely Bitstream uploading is essential to avoid the IP-theft○ These theft impacts the “Bottom Line”○ Some FPGA’s can remotely updated in the field.
■ Requires secure channel and authentication.
Reconfigurable security solutions
● Life-cycle management○ Configuration management stores software with version numbers.○ Any new version is thoroughly tested before assignment of new version.○ Control on development environment and tools can support accountability.○ Alternative is to build a custom set of trusted tools for security critical HW. ○ A critical function of life-cycle protection ensure that o/p is not malicious.
● Secure Architecture ○ FPGA provides self-protected security mechanism at a low cost.○ Examples
■ Memory Protection■ Spatial Isolation■ Tags■ Secure Communication
Secure Architecture
● Memory Protection○ Reference monitor is well known method for legal sharing of memory.○ Reference monitor possesses
■ Self-protecting■ Enforcement mechanisms cannot be bypassed.■ Correct and complete.
● Spatial Isolation○ Control on layout function provide spatial isolation in
FPGA.
Secure Architecture cont..
● Tags○ Ability to track information and its transformation as it flows through
the system.○ Tag is metadata that can be attached to each piece of system data.○ Tag can be used in FPGA at different granularity.
● Secure Communication○ Cores need to share data so can’t be isolated.○ Currently FPGA system use
■ Shared Memory■ Direct connection■ Shared Bus
Future Work
● Multicore Systems○ Chip multiprocessors running multiple threads○ SoCs with multiple single-purpose cores on single ASIC.○ New techniques are needed to mediate secure, efficient communication of
multi core system.
● Integration of security primitives.○ If computing units are shared among security domains then temporal scheme
might be required.○ Spatial schemes, temporal scheme or tags should be designed which can meet
security requirement and minimize overhead.
Future Work
● Reconfigurable Updates○ Latest FPGA are capable of changing configuration on runtime.○ These dynamic systems need more communication between core.○ Cores state can be changed from executing to updated.○ These are complicated systems and require new primitives for security.
● Channels and information leakage○ Core are isolated still need communication through covert channel which can
be insecure.○ Another attack can be side channel attack. E.g Power-analysis attack.
Conclusion
● A Successful approach must combine life-cycle management and a coherent security architecture.
● Designing any trustworthy complex system is challenging.
● Hardware security is getting more and more important.
Questions??
Thanks!