research-article

Reconfigurable hardware for high-security/high-performance embedded systems: the SAFES perspective

Authors:

Wayne Burleson,

Jean-Philippe Diguet,

Lilian Bossuet,

Romain VaslinAuthors Info & Claims

IEEE Transactions on Very Large Scale Integration (VLSI) Systems, Volume 16, Issue 2

Pages 144 - 154

https://doi.org/10.1109/TVLSI.2007.912030

Published: 01 February 2008 Publication History

Abstract

Embedded systems present significant security challenges due to their limited resources and power constraints. This paper focuses on the issues of building secure embedded systems on reconfigurable hardware and proposes a security architecture for embedded systems (SAFES). SAFES leverages the capabilities of reconfigurable hardware to provide efficient and flexible architectural support for security standards and defenses against a range of hardware attacks. The SAFES architecture is based on three main ideas: 1) reconfigurable security primitives; 2) reconfigurable hardware monitors; and 3) a hierarchy of security controllers at the primitive, system and executive level. Results are presented for reconfigurable AES and RC6 security primitives and highlight the value of such an architecture. This paper also emphasizes that re-configurable hardware is not just a technology for hardware accelerators dedicated to security primitives as has been focused on by most studies but a real solution to provide high-security and high-performance for a system.

References

[1]

S. Ravi, A. Raghunathan, P. Kocher, and S. Hattangady, "Security in embedded systems: Design challenges," ACM Trans. Embed. Comput. Syst., vol. 3, no. 3, pp. 461-491, Aug. 2004.

Digital Library

[2]

S. Ravi, A. Raghunathan, and S. Chakradhar, "Tamper resistance mechanisms for secure embedded systems," in Proc. IEEE Int. Conf. VLSI Design, 2004, pp. 605-611.

Digital Library

[3]

D. Dagon, T. Martin, and T. Staner, "Mobile phones as computing devices: The viruses are coming!," IEEE Pervasive Computing, vol. 3, no. 4, pp. 11-15, Oct./Dec. 2004.

Digital Library

[4]

T. Martin, M. Hsiao, D. Ha, and J. Krishnaswami, "Denial-of-service attacks on battery-powered mobile computers," in Proc. 2nd IEEE Pervasive Comput. Conf., 2004, pp. 309-318.

Digital Library

[5]

S. Guilley and R. Pacalet, "SoC securiy: A war against side-channels," Annals Telecommun., Syst. sur puce electron, pour les telcommun., vol. 59, no. 7-8, pp. 998-1009, Jul./Aug. 2004.

[6]

F.-X. Standaert, L. Van Oldeneel tot Oldenzeel, D. Samyde, and J.-J. Quisquater, "Power analysis of FPGAs: How practical is the attack?," in Proc. Int. Conf. Field-Program. Logic Appl. (FPL), LNCS 2778, 2003, pp. 701-711.

[7]

R. Anderson and M. Kuhn, "Tamper resistance--A cautionary note," in Proc. 2nd USENIX Workshop Electron. Commerce, 1996, pp. 1-11.

Digital Library

[8]

T. Wollinger and C. Paar, W. Rosenstiel and P. Lysaght, Eds., "Security aspects of FPGAs in cryptographic applications," in New Algorithms, Architectures, and Applications for Reconfigurable Computing . Norwell, MA: Kluwer, 2004.

[9]

D. Lie, C. A. Thekkath, and M. Horowitz, "Implementing an untrusted operating system on trusted hardware," in Proc. 19th ACM Symp. Operat. Syst. Principles, 2003, pp. 178-192.

Digital Library

[10]

E. Suh, J. Lee, S. Devadas, and D. Zhang, "Secure program execution via dynamic information flow tracking," MIT, Boston, Memo-467, 2003.

[11]

X. Zhuang, T. Zhang, and S. Pande, "HIDE: An infrastructure for efficiently protecting information leakage on the address bus," in Proc. 11th Int. Conf. Arch. Support for Program. Lang. Oper. Syst. (ASPLOS XI), 2004, pp. 72-84.

Digital Library

[12]

A. Hodjat and I. Verbauwhede, "High-throughput programmable cryptocoprocessor," IEEE Micro, vol. 24, no. 3, pp. 34-45, May/Jun. 2004.

Digital Library

[13]

D. Oliva, R. Buchty, and N. Heintze, "AES and the cryptonite crypt processor," in Proc. CASES, 2003, pp. 198-209.

Digital Library

[14]

P. Schaumont and I. Verbauwhede, "Domain-specific codesign for embedded security," IEEE Computer, vol. 36, no. 4, pp. 68-74, Apr. 2003.

Digital Library

[15]

A. J. Elbirt, W. Yip, B. Chetwynd, and C. Paar, "An FPGA-based performance evaluation of the AES block cipher candidate algorithm finalists," IEEE Trans. Very Large Scale Integr. (VLSI) Syst., vol. 9, no. 4, pp. 545-557, Aug. 2001

Digital Library

[16]

A. Dandalis and V. K. Prasanna, "An adaptive cryptography engine for internet protocol security architectures," ACM Trans. Des. Autom. Electron. Syst. (TODAES), vol. 9, no. 3, pp. 333-353, Jul. 2004.

Digital Library

[17]

E. Chi, A. M. Salem, R. I. Bahar, and R. Weiss, "Combining software and hardware monitoring for improved power and performance tuning," in Proc. 7th Ann. Workshop Interaction Between Compilers Comput. Arch. (INTERACT-7), 2003, pp. 57-64.

Digital Library

[18]

J. S. Seng, E. S. Tune, and D. M. Tullsen, "Reducing power with dynamic critical path information," in Proc. 34th Int. Symp. Microarch., 2001, pp. 114-123.

Digital Library

[19]

D. Nash, T. Martin, D. Ha, and M. Hsiao, "Towards an intrusion detection system for battery exhaustion attacks on mobile computing devices," in Proc. 2nd Int. Workshop Pervasive Comput. Commun. Security , 2005, pp. 141-145.

Digital Library

[20]

G. Gogniat, W. Burleson, and L. Bossuet, "Configurable computing for high-security/high-performance ambient systems," Lecture Notes Comput. Sci., vol. 3553, pp. 72-81, Jul. 2005.

Digital Library

[21]

L. Bossuet, G. Gogniat, and W. Burleson, "Dynamically configurable security for SRAM FPGA bitstreams," in Proc. 11th Reconfigurable Arch. Workshop (RAW), 2004, pp. 146-153.

[22]

J. Daemen and V. Rijmen, The Design of Rijndael AES-The Advanced Encryption Standard. New York: Springer-Verlag, 2002.

Digital Library

[23]

R. L. Rivest, M. J. B. Robshaw, R. Sidney, and Y. L. Yin, "The RC6 block cipher, Version 1.1" Aug. 20, 1998 {Online}. Available: ftp://ftp, rsasecurity.com/pub/rsalabs/rc6/rc6v11.pdf

[24]

S. Kent and R. Atkinson, "RFC2401: Security architecture for the internet protocol," Nov. 1998.

Digital Library

[25]

J.-L. Beuchat, "FPGA implementations of the RC6 block cipher," in Proc. 13th Int. Conf. Field Program. Logic Appl. (FPL), 2003, pp. 101-110.

[26]

K. Wu, R. Karri, G. Kuznetsov, and M. Goessel, "Parity based concurrent error detection for the advanced encryption standard," in Proc. Int. Test Conf. (ITC), 2004, pp. 1242-1248.

Digital Library

[27]

C. Carmichael, "Triple module redundancy design techniques for virtex FPGAs," Xilinx, San Jose, CA, Appl. Note 197 (XAPP197), Nov. 2001.

[28]

Xilinx, San Jose, CA, "Two flows for partial reconfiguration: Module based or difference based," Appl. Note XAPP290, Sept. 2004.

[29]

M. Ullmann, B. Grimm, M. Huebner, and J. Becker, "An FPGA run-time system for dynamical on-demand reconfiguration," in Proc. 11th Reconfigurable Arch. Workshop (RAW), 2004, pp. 135-142.

[30]

J. Becker, M. Huebner, and M. Ullmann, "Power estimation and power measurement of Xilinx virtex FPGAs: Trade-offs and limitations," in Proc. IEEE Symp. Intregr. Circuits Syst. Des., 2003, pp. 283-288.

Digital Library

Cited By

Rahman MTarek SAzar KTehranipoor MFarahmandi F(2024)The Road Not Taken: eFPGA Accelerators Utilized for SoC Security AuditingIEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems10.1109/TCAD.2024.338735043:10(3068-3082)Online publication date: 1-Oct-2024
https://dl.acm.org/doi/10.1109/TCAD.2024.3387350
Li YLei LWang YJing JZhou Q(2022)TrustSAMP: Securing Streaming Music Against Multivector Attacks on ARM PlatformIEEE Transactions on Information Forensics and Security10.1109/TIFS.2022.317027417(1709-1724)Online publication date: 1-Jan-2022
https://dl.acm.org/doi/10.1109/TIFS.2022.3170274
Kim YKim EChen LMitchell CGiannetsos TSgandurra D(2019)hTPMProceedings of the 1st ACM Workshop on Workshop on Cyber-Security Arms Race10.1145/3338511.3357348(3-10)Online publication date: 15-Nov-2019
https://dl.acm.org/doi/10.1145/3338511.3357348
Show More Cited By

Index Terms

Reconfigurable hardware for high-security/high-performance embedded systems: the SAFES perspective

Recommendations

Self-Reconfigurable Embedded Systems on Low-Cost FPGAs

Hardware acceleration significantly increases the performance of embedded systems built on programmable logic. Allowing a FPGA-based MicroBlaze processor to self-select the coprocessors it uses can help reduce area requirements and increase a system's ...
Hardware coprocessors for high-performance symmetric cryptography

This work presents two hardware coprocessors for high-performance symmetric cryptographic algorithms. Two algorithms have been implemented, that is, Advanced Encryption Standard Algorithm and International Data Encryption Algorithm, using two different ...
A methodology to implement block ciphers in reconfigurable hardware and its application to fast and compact AES RIJNDAEL
FPGA '03: Proceedings of the 2003 ACM/SIGDA eleventh international symposium on Field programmable gate arrays

Reprogrammable devices such as Field Programmable Gate Arrays (FPGA's) are highly attractive options for hardware implementations of encryption algorithms and this report investigates a methodology to efficiently implement block ciphers in CLB-based ...

Comments

Information & Contributors

Information

Published In

cover image IEEE Transactions on Very Large Scale Integration (VLSI) Systems

IEEE Transactions on Very Large Scale Integration (VLSI) Systems Volume 16, Issue 2

February 2008

104 pages

ISSN:1063-8210

Issue’s Table of Contents

Copyright © 2008.

Publisher

IEEE Educational Activities Department

United States

Publication History

Published: 01 February 2008

Author Tags

Qualifiers

Research-article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

20
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 13 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Rahman MTarek SAzar KTehranipoor MFarahmandi F(2024)The Road Not Taken: eFPGA Accelerators Utilized for SoC Security AuditingIEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems10.1109/TCAD.2024.338735043:10(3068-3082)Online publication date: 1-Oct-2024
https://dl.acm.org/doi/10.1109/TCAD.2024.3387350
Li YLei LWang YJing JZhou Q(2022)TrustSAMP: Securing Streaming Music Against Multivector Attacks on ARM PlatformIEEE Transactions on Information Forensics and Security10.1109/TIFS.2022.317027417(1709-1724)Online publication date: 1-Jan-2022
https://dl.acm.org/doi/10.1109/TIFS.2022.3170274
Kim YKim EChen LMitchell CGiannetsos TSgandurra D(2019)hTPMProceedings of the 1st ACM Workshop on Workshop on Cyber-Security Arms Race10.1145/3338511.3357348(3-10)Online publication date: 15-Nov-2019
https://dl.acm.org/doi/10.1145/3338511.3357348
Coughlin ACusack GWampler JKeller EWustrow EBazargan KNeuendorffer S(2019)Breaking the Trust Dependence on Third Party Processes for Reconfigurable Secure HardwareProceedings of the 2019 ACM/SIGDA International Symposium on Field-Programmable Gate Arrays10.1145/3289602.3293895(282-291)Online publication date: 20-Feb-2019
https://dl.acm.org/doi/10.1145/3289602.3293895
Chu DWang YLei LLi YJing JSun K(2019)OCRAM-Assisted Sensitive Data Protection on ARM-Based PlatformComputer Security – ESORICS 201910.1007/978-3-030-29962-0_20(412-438)Online publication date: 23-Sep-2019
https://dl.acm.org/doi/10.1007/978-3-030-29962-0_20
Guan LLiu PXing XGe XZhang SYu MJaeger TChoudhury TKo SCampbell AGanesan D(2017)TrustShadow: Secure Execution of Unmodified Applications with ARM TrustZoneProceedings of the 15th Annual International Conference on Mobile Systems, Applications, and Services10.1145/3081333.3081349(488-501)Online publication date: 16-Jun-2017
https://dl.acm.org/doi/10.1145/3081333.3081349
Raj HSaroiu SWolman AAigner RCox JEngland PFenner CKinshumann KLoeser JMattoon DNystrom MRobinson DSpiger RThom SWooten D(2016)fTPMProceedings of the 25th USENIX Conference on Security Symposium10.5555/3241094.3241160(841-856)Online publication date: 10-Aug-2016
https://dl.acm.org/doi/10.5555/3241094.3241160
Yuce BGhalaty NDeshpande CPatrick CNazhandali LSchaumont P(2016)FAMEProceedings of the Hardware and Architectural Support for Security and Privacy 201610.1145/2948618.2948626(1-8)Online publication date: 18-Jun-2016
https://dl.acm.org/doi/10.1145/2948618.2948626
Temkin KSummerville DTrien JProwell SGoodall JBridges R(2016)An Algorithmic Method for the Implantation of Detection-Resistant Covert Hardware TrojansProceedings of the 11th Annual Cyber and Information Security Research Conference10.1145/2897795.2897811(1-8)Online publication date: 5-Apr-2016
https://dl.acm.org/doi/10.1145/2897795.2897811
Wang BLiu LDeng CZhu MYin SWei S(2016)Against Double Fault Attacks: Injection Effort Model, Space and Time Randomization Based Countermeasures for Reconfigurable Array ArchitectureIEEE Transactions on Information Forensics and Security10.1109/TIFS.2016.251813011:6(1151-1164)Online publication date: 15-Mar-2016
https://dl.acm.org/doi/10.1109/TIFS.2016.2518130
Show More Cited By

View Options

View options

Media

Figures

Other

Tables

View Issue’s Table of Contents