This document discusses managing securities in FPGA-based embedded systems. It begins by outlining benefits of FPGAs like better performance and flexibility. It then discusses using FPGAs for cryptographic applications and the need for isolating plaintext from ciphertext. The document presents a system design with separate memory partitions and cores for different domains. It provides examples of FPGA usage for aviation and surveillance systems. It also covers security issues like design-tool subversion, composition problems, and protecting bitstreams. Potential solutions discussed include life-cycle management, secure architectures using memory protection and tags, and future work in multi-core systems and dynamic reconfiguration.
1. Managing Securities in FPGA-
Based Embedded Systems
Presenters:
Rajeev Verma
Pratheep Joe Siluvai Iruthayaraj
2. Why FPGA?
● Better performance.
○ Large number of bit level operations can be performed.
○ shifting, permutations are achieved ny just wiring.
○ extreme level of parallelism
○ low overheads
● Rapid time to market
● Flexible
● Truth tables or Lookup tables are used for hw acceleration.
● Applications
○ Face recognition systems, wireless networks, cryptographic
applications, supercomputers and many security applications.
3. Reconfigurable systems
● Cryptographic algorithms are generally implemented on
FPGA
● Encryption devices require strong isolation to segregate
plaintext(red) from ciphertext(black).
● Unencrypted data should be unavailable for black
network.
4. System Design!
● Shared resources in system
○ Shared DRAM, shared bus and
shared AES encryption core.
● Domain-1
○ MicroBlaze0, RS-232, Distinct
memory portion
● Domain-2
○ MicroBlaze1, an Ethernet interface,
another distinct partition of memory
5. Applications need separation of data
● Aviation field.
○ Uses Commercial off-the-shelf (COTS) FPGA components.
○ Sensitive and non-sensitive data is processed in same device.
○ This isolation of the sensitive and non-sensitive data is achieved in
modern FPGAs
● Intelligent video surveillance
○ FPGA provides deep computation pipelining and isolation.
○ Rely on 3 cores
■ Video interface for decoding
■ Encryption mechanism for processing the video
■ Network interface for sending data.
6. FPGA System Flow
● Cores can be generated by
hand or by software like
Xilinx Embedded
Development Kit (EDK).
● Bitstream is the final code
that goes to the core.
8. Design-tool subversion
● Malicious design could destroy FPGA because of short circuit.
● Trusted tools should be used to develop trusted cores.
● Xilinx provide signed cores.
9. Composition problem
● As final design, we can trust the design as much as the least-trusted design path.
● Systems can be composed on
○ Device level
■ one or more IP cores resides on single chip
○ Board level
■ one or more chips on a single board
○ Network level
■ Multiple boards are connected through network
● Now, it is possible to copy the hardware from existing products.
● Protected IP could be a solution.
● a separate chip for each core can be used which can provide security advantage
10. Security issues with COTS
● COTS : Commercial off-the-shelf
● Manufacturer should not insert unintended functionalities into FPGA.
● All cores should be flawless so that attacker can’t exploit.
● Security flaws should not exist in running software or the compiler.
● Embedded device depends on other parts of larger nw should not be malicious.
11. Trusted-Foundry Problem and Bitstream
Protection
● Trusted-Foundry Problem
○ ASIC is having problem of IP theft.
○ FPGA provide important security benefit over ASIC in this issue.
● Bitstream Protection
○ Securely Bitstream uploading is essential to avoid the IP-theft
○ These theft impacts the “Bottom Line”
○ Some FPGA’s can remotely updated in the field.
■ Requires secure channel and authentication.
12. Reconfigurable security solutions
● Life-cycle management
○ Configuration management stores software with version numbers.
○ Any new version is thoroughly tested before assignment of new version.
○ Control on development environment and tools can support accountability.
○ Alternative is to build a custom set of trusted tools for security critical HW.
○ A critical function of life-cycle protection ensure that o/p is not malicious.
● Secure Architecture
○ FPGA provides self-protected security mechanism at a low cost.
○ Examples
■ Memory Protection
■ Spatial Isolation
■ Tags
■ Secure Communication
13. Secure Architecture
● Memory Protection
○ Reference monitor is well known method for legal sharing of memory.
○ Reference monitor possesses
■ Self-protecting
■ Enforcement mechanisms cannot be bypassed.
■ Correct and complete.
● Spatial Isolation
○ Control on layout function provide spatial isolation in
FPGA.
14. Secure Architecture cont..
● Tags
○ Ability to track information and its transformation as it flows through
the system.
○ Tag is metadata that can be attached to each piece of system data.
○ Tag can be used in FPGA at different granularity.
● Secure Communication
○ Cores need to share data so can’t be isolated.
○ Currently FPGA system use
■ Shared Memory
■ Direct connection
■ Shared Bus
15. Future Work
● Multicore Systems
○ Chip multiprocessors running multiple threads
○ SoCs with multiple single-purpose cores on single ASIC.
○ New techniques are needed to mediate secure, efficient communication of
multi core system.
● Integration of security primitives.
○ If computing units are shared among security domains then temporal scheme
might be required.
○ Spatial schemes, temporal scheme or tags should be designed which can meet
security requirement and minimize overhead.
16. Future Work
● Reconfigurable Updates
○ Latest FPGA are capable of changing configuration on runtime.
○ These dynamic systems need more communication between core.
○ Cores state can be changed from executing to updated.
○ These are complicated systems and require new primitives for security.
● Channels and information leakage
○ Core are isolated still need communication through covert channel which can
be insecure.
○ Another attack can be side channel attack. E.g Power-analysis attack.
17. Conclusion
● A Successful approach must combine life-cycle management and a
coherent security architecture.
● Designing any trustworthy complex system is challenging.
● Hardware security is getting more and more important.