TitanSSL: Towards Accelerating OpenSSL in a Full RISC-V Architecture Using OpenTitan Root-of-Trust
Authors: 
Alberto Musa, Franco Volante, Emanuele Parisi, Luca Barbierato, Edoardo Patti, Andrea Bartolini, Andrea Acquaviva, Francesco BarchiAuthors Info & Claims
Alberto Musa, Franco Volante, Emanuele Parisi, Luca Barbierato, Edoardo Patti, Andrea Bartolini, Andrea Acquaviva, Francesco BarchiAuthors Info & ClaimsPages 169 - 183
Abstract
RISC-V open-hardware designs are emerging in cyber-physical systems and security-critical embedded platforms. Among them, OpenTitan emerged as an open-source silicon Root-of-Trust, which provides secure-boot and execution-integrity functionalities, exploiting its internal hardware accelerators. In this paper, we explore a novel exploitation of OpenTitan as a secure cryptographic accelerator. To this purpose, we designed TitanSSL, a secure software stack that offloads cryptographic tasks to OpenTitan, and we study the trade-offs between offloading overhead through the stack and the obtained computation speed-up. TitanSSL includes an OpenSSL backend, a Linux driver for communications, and an OpenTitan firmware. We executed TitanSSL on a cycle-accurate simulator of a RISC-V CVA6 application processor integrated with OpenTitan on the same System-on-Chip. We compared our implementation with a pure software version across different cryptographic payloads. Finally, we provide guidelines for the use of OpenTitan as a coprocessor in secure cyber-physical systems designs based on open-hardware architectures.
References
[1]
Andrade, G., Lee, D., Kohlbrenner, D., Asanovic, K., Song, D.: Software-Based Off-Chip Memory Protection for RISC-V Trusted Execution Environments. UC Berkeley (2020)
[2]
Bach-Nutman, M.: Understanding the top 10 owasp vulnerabilities. arXiv preprint arXiv:2012.09960 (2020)
[3]
Cheang, K., Rasmussen, C., Lee, D., Kohlbrenner, D.W., Asanović, K., Seshia, S.A.: Verifying risc-v physical memory protection (2022)
[4]
Ciani, M., et al.: Cyber security aboard micro aerial vehicles: an opentitan-based visual communication use case. In: 2023 IEEE International Symposium on Circuits and Systems (ISCAS), pp. 1–5 (2023).
[5]
lowRISC CIC. Opentitan official documentation (2019). https://opentitan.org/book/doc/introduction.html
[6]
Costan, V., Devadas, S.: Intel sgx explained. Cryptology ePrint Archive, Paper 2016/086 (2016). https://eprint.iacr.org/2016/086
[7]
Davide Schiavone, P., et al.: Slow and steady wins the race? a comparison of ultra-low-power RISC-V cores for internet-of-things applications. In: 2017 27th International Symposium on Power and Timing Modeling, Optimization and Simulation (PATMOS), pp. 1–8 (2017).
[8]
Enumeration, C.W.: 2022 CWE top 25 most dangerous software weaknesses (2022). https://cwe.mitre.org/top25/archive/2022/2022_cwe_top25.html
[9]
Fadiheh, M.R., Stoffel, D., Barrett, C., Mitra, S., Kunz, W.: Processor hardware security vulnerabilities and their detection by unique program execution checking. In: 2019 Design, Automation and Test in Europe Conference and Exhibition, 2019, pp. 994–999 (2019).
[10]
Foundation, O.S.: Source code for the openssl software (1998). https://github.com/openssl/openssl
[11]
Gautschi, M., et al.: Near-threshold RISC-V core with DSP extensions for scalable IOT endpoint devices. IEEE Trans. Very Large Scale Integr. Syst. 25(10), 2700–2713 (2017).
[12]
Group, G.P.: Global platform client API documentation (2023). https://optee.readthedocs.io/en/stable/architecture/globalplatform_api.html#tee-client-api
[13]
Group, G.P.: Global platform official website (2023). https://globalplatform.org/
[14]
Joannou, A., et al.: Efficient tagged memory. In: 2017 IEEE International Conference on Computer Design (ICCD), pp. 641–648 (2017).
[15]
Johnson, S., Rizzo, D., Ranganathan, P., McCune, J., Ho, R.: Titan: enabling a transparent silicon root of trust for cloud. In: Hot Chips: A Symposium on High Performance Chips, vol. 194 (2018)
[16]
Lee, D., Kohlbrenner, D., Shinde, S., Asanović, K., Song, D.: Keystone: an open framework for architecting trusted execution environments. In: Proceedings of the Fifteenth European Conference on Computer Systems (EuroSys 2020). Association for Computing Machinery, New York (2020).
[17]
Lee, D., Kohlbrenner, D., Shinde, S., Song, D., Asanović, K.: Keystone: an open framework for architecting tees (2019)
[18]
Lu, T.: A survey on RISC-V security: hardware and architecture (2021)
[19]
Nasahl, P., Mangard, S.: Scramble-cfi: mitigating fault-induced control-flow attacks on opentitan (2023)
[20]
NXP. Edgelock secure enclave (2019). https://www.nxp.com/products/nxp-product-information/nxp-product-programs/edgelock-secure-enclave:EDGELOCK-SECURE-ENCLAVE
[21]
Parno, B., McCune, J.M., Perrig, A.: Roots of Trust, pp. 35–40. Springer, New York (2011).
[22]
Pinto, S., Santos, N.: Demystifying arm trustzone: a comprehensive survey. ACM Comput. Surv. 51(6) (2020).
[23]
Potter B Microsoft SDL threat modelling tool Netw. Secur. 2009 2009 1 15-18
[24]
Schrammel, D., et al.: Donky: domain keys–efficient in-process isolation for RISC-V and x86. In: Proceedings of the 29th USENIX Conference on Security Symposium, pp. 1677–1694 (2020)
[25]
Weiser, S., Werner, M., Brasser, F., Malenko, M., Mangard, S., Sadeghi, A.R.: Timber-v: tag-isolated memory bringing fine-grained enclaves to risc-v
[26]
Zaruba, F., Benini, L.: The cost of application-class processing: energy and performance analysis of a Linux-ready 1.7-GHZ 64-bit RISC-V core in 22-nm FDSOI technology. IEEE Trans. Very Large Scale Integrat. Syst. 27(11), 2629–2640 (2019).
Index Terms
- TitanSSL: Towards Accelerating OpenSSL in a Full RISC-V Architecture Using OpenTitan Root-of-Trust
Index terms have been assigned to the content through auto-classification.
Recommendations
Secure Heterogeneous Architecture based on RISC-V and root-of-trust
CompSysTech '23: Proceedings of the 24th International Conference on Computer Systems and TechnologiesThis paper describes the architecture and development of a secure heterogeneous RISC-V system with protection dedicated core that provides hardware mechanisms for establishing root-of-trust, monitoring and controlling the execution of the rest of the ...
A complexity-effective architecture for accelerating full-system multiprocessor simulations using FPGAs
FPGA '08: Proceedings of the 16th international ACM/SIGDA symposium on Field programmable gate arraysFunctional full-system simulators are powerful and versatile research tools for accelerating architectural exploration and advanced software development. Their main shortcoming is limited throughput when simulating systems with hundreds of processors or ...
A unified processor architecture for RISC & VLIW DSP
GLSVLSI '05: Proceedings of the 15th ACM Great Lakes symposium on VLSIThis paper presents a unified processor core with two operation modes. The processor core works as a compiler-friendly MIPS-like core in the RISC mode, and it is a 4-way VLIW in its DSP mode, which has distributed and ping-pong register organization ...
Comments
Information & Contributors
Information
Published In
Sep 2024
324 pages
ISBN:978-3-031-68605-4
DOI:10.1007/978-3-031-68606-1
© The Author(s), under exclusive license to Springer Nature Switzerland AG 2024.
Publisher
Springer-Verlag
Berlin, Heidelberg
Publication History
Published: 17 September 2024
Author Tags
Qualifiers
- Article
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 0Total Downloads
- Downloads (Last 12 months)0
- Downloads (Last 6 weeks)0
Reflects downloads up to 15 Feb 2025