Side-Channel Protected MPSoC through Secure Real-Time Networks-on-Chip by Soares Indrusiak, Leandro et al.
This is a repository copy of Side-Channel Protected MPSoC through Secure Real-Time 
Networks-on-Chip.
White Rose Research Online URL for this paper:
http://eprints.whiterose.ac.uk/145894/
Version: Accepted Version
Article:
Soares Indrusiak, Leandro orcid.org/0000-0002-9938-2920, Harbin, James Robert 
orcid.org/0000-0002-6479-8600, Reinbrecht, Cezar et al. (1 more author) (2019) 
Side-Channel Protected MPSoC through Secure Real-Time Networks-on-Chip. 
Microprocessors and Microsystems. pp. 34-46. ISSN 0141-9331 
https://doi.org/10.1016/j.micpro.2019.04.004
eprints@whiterose.ac.uk
https://eprints.whiterose.ac.uk/
Reuse 
This article is distributed under the terms of the Creative Commons Attribution-NonCommercial-NoDerivs 
(CC BY-NC-ND) licence. This licence only allows you to download this work and share it with others as long 
as you credit the authors, but you can’t change the article in any way or use it commercially. More 
information and the full terms of the licence here: https://creativecommons.org/licenses/ 
Takedown 
If you consider content in White Rose Research Online to be in breach of UK law, please notify us by 
emailing eprints@whiterose.ac.uk including the URL of the record and the reason for the withdrawal request. 
Side-Channel Protected MPSoC through Secure
Real-Time Networks-on-Chip
Leandro Soares Indrusiaka,∗, James Harbina, Cezar Reinbrechtb, Johanna
Sepu´lvedac
aDepartment of Computer Science, University of York, UK
bInstitute of Informatics - Federal University of Rio Grande do Sul, Brazil
cInstitute for Security in Information Technology,Technical University Munich, Germany
Abstract
The integration of Multi-Processors System-on-Chip (MPSoCs) into the In-
ternet -of -Things (IoT) context brings new opportunities, but also represent
risks. Tight real-time constraints and security requirements should be con-
sidered simultaneously when designing MPSoCs. Network-on-Chip (NoCs)
are specially critical when meeting these two conflicting characteristics. For
instance the NoC design has a huge influence in the security of the system. A
vital threat to system security are so-called side-channel attacks based on the
NoC communication observations. To this end, we propose a NoC security
mechanism suitable for hard real-time systems, in which schedulability is a
vital design requirement. We present three contributions. First, we show
the impact of the NoC routing in the security of the system. Second, we
propose a packet route randomisation mechanism to increase NoC resilience
against side-channel attacks. Third, using an evolutionary optimisation ap-
proach, we effectively apply route randomisation while controlling its impact
on hard real-time performance guarantees. Extensive experimental evidence
based on analytical and simulation models supports our findings.
Keywords: Side Channel, MPSoC, NoC, Routing
∗I am corresponding author
Email address: leandro.indrusiak@york.ac.uk (Leandro Soares Indrusiak)
Preprint submitted to Microprocessors and Microsystems: Embedded Hardware Design (MICPRO)
1. Introduction1
The comprehensive use of Internet-of-Things (IoT) will be the driver of2
digitization in all domains, e.g. industry automation, automotive, avionics,3
and healthcare. Increasingly complex and powerful Multi-processor Systems-4
on-Chips (MSoCs) connected through a 5G network, form the basis of the5
IoT. The semiconductor industry has been challenged to meet the tight and6
demanding requirements of such applications. These requirements include7
low power, tight latencies and high throughput. When developing systems8
for these hyper-connected environments, real-time constraints and security9
are necessary considerations.10
Network-on-Chips (NoCs) are the heart of the MPSoC. NoCs are shared11
by different communication flows characterized by a wide set of require-12
ments, which include performance, reliability or security. Their key role13
in the MPSoCoperation turns the NoC design into a critical task. Over14
the past decades, a significant amount of work has addressed the trade-offs15
between performance and other secondary objectives such as energy [1], fault-16
tolerance [2], and chip area [3]. Less work has addressed such trade-offs in17
NoCs with hard real-time constraints, with some inroads towards improving18
energy [4] and area efficiency (by optimising buffering in virtual channels19
[5]) while meeting deadlines of all packets even in the worst-case scenario.20
While hard real-time applications impose strict latency requirements on the21
NoC, the impact on security has been not addressed before. Hard real-time22
mechanisms may impact the MPSoC security.23
MPSoCs operating in the context of IoT usually integrate cryptographic24
hardware cores for confidentiality and authentication security services. How-25
ever, these components are prone to implementation attacks. During the26
operation of a cryptographic core, the secret key may passively be revealed27
through so-called side-channels. Classical side-channels include the measure-28
ment of the execution time, power-consumption and electromagnetic (EM)29
radiation of the cryptographic IP core [6]. The interconnection of MPSoCs30
operating in the Internet-of-Things permits possible timing side-channel at-31
tacks that emerge from sharing resources on the MPSoC.32
Cache hierarchies and NoC are a common target in timing side-channel33
attacks. In general, NoC communication can be exploited to optimize cache34
attacks, as demonstrated in [7] and [8]. By detecting the communication35
patterns of the sensitive traffic (e.g., volume and communication rate) an36
attacker is able to trigger cache attacks in the most vulnerable point of the37
2
encryption process. Thus the NoC communication collision of malicious and38
sensitive traffic can potentially compromise the security of the complete em-39
bedded system. Many mechanisms have been proposed to improve NoC secu-40
rity and many more will certainly be developed in the coming years. However,41
most of such mechanisms impose performance overheads, and therefore can42
potentially jeopardise the ability of the NoC to provide real-time guarantees.43
In this paper, security is used as a driver to optimise hard real-time NoC44
design. The hard real-time NoCs constraints must be always guaranteed.45
Our approach is based on the randomisation of packet routes. By randomly46
changing the route of every packet injected into the NoC, we can introduce47
random effects to all side-channels of interest, such as packet timing, energy48
dissipation, temperature and electromagnetic emissions. In this paper, we49
concentrate on a threat model based on packet timing.50
This paper extends our earlier conference paper work upon security through51
routing randomisation in NoCs [9]. In summary, the contributions of our to-52
tal work upon this idea are:53
• Provide a realistic motivation for our work by specifying case studies;54
a side-channel attack on AES encryption and how it may arise in an55
IoT context due to the interaction between secure and malicious down-56
loaded code communicating over a shared NoC. A novel case study57
involving an autonomous vehicle is added in this paper, over that pre-58
sented in [9].59
• Present an experiment performed on a NoC hardware platform in order60
to motivate route randomisation as a viable approach for improving61
security - the current publication adds this upon the earlier work in [9]62
• Define a schedulability analysis for determining the worst-case end-to-63
end latency in the case of randomised routing64
• Present a GA optimisation process which uses task mapping to main-65
tain schedulability assessed by this analysis, while permitting improv-66
ing security by allowing flows to use randomised routing67
• Assess via simulation the impact of randomised routing strategies upon68
empirically measured latency in a real application case study69
The rest of the paper is organized as follows. Section 2 presents the70
description of the MPSoC and the security requirements. It includes the NoC71
3
timing attack and the threat model. Section 3 presents the most relevant NoC72
security mechanisms and the types of security mechanisms to prevent the73
MPSoC attacks. Performance overheads and resource usage are discussed,74
highlighting the need for the contributions of this paper. Section 4 we identify75
techniques that support NoC designers in improving NoC resilience against76
side-channel attacks while still maintaining full system schedulability. The77
paper is closed with extensive experimental work based on schedulability78
analysis and simulation in Section 5, and with a summary of our findings.79
2. Multi-Processor System-on-Chip and security requirements80
MPSoCs are prone to attacks. In this section the MPSoC architecture81
and operation are described. These concepts will be used to understand the82
threat model for the NoC-based communication side-channel vulnerability.83
2.1. MPSoC / NoC Architectural Description84
While the contribution of this paper can be applied to a large variety of85
NoC architectures, we believe it is easier to explain it with the help of a con-86
crete architecture. We assume a NoC architecture with a 2D-mesh topology87
and wormhole switching protocol, because such features are commonly used88
in embedded systems for their simplicity and moderate resource overheads.89
• In a 2D-mesh topology, every core is connected to a NoC switch via a90
network interface (NI), which is responsible for packetising and depack-91
etising data, and controlling the injection of packets into the network.92
The regularity of such a topology is attractive because it simplifies93
packet routing, and facilitates chip floorplanning, placement and rout-94
ing.95
• The use of wormhole switching protocols allows packets to be gradually96
sent over the NoC in smaller units called flits. Once a flit is received97
by a switch, it can be forwarded to the next switch down the packet98
route as long as that switch has sufficient buffering to hold it. This99
means that at any given time a packet could have its flits temporarily100
stored by multiple switches, so each of them are not required to hold101
a complete packet, thus reducing the overall buffering requirements of102
the NoC.103
4
• There is a downside to this choice of topology and switching protocol,104
which is the difficulty in predicting packet latencies. Since a packet105
can be simultaneously occupying multiple NoC buffers and links, there106
is a significant amount of competition for resources throughout the107
NoC at all times. The wide variety of interference patterns makes it108
hard to predict how long it takes for a packet to reach its destination.109
Different resource arbitration policies can make such predictions more110
or less difficult, especially in the case of hard real-time NoCs when an111
upper-bound worst-case latency is needed.112
• Previous work has considered NoC arbitration based on packet prior-113
ity [10], time multiplexing [11] and round robin [12], and has devised114
analytical models that can be used to find latency upper-bounds for115
packet flows transmitted over such NoCs [13]. Any of those approaches116
could be used in this paper, and we chose a priority-arbitrated NoC117
because of its ability to provide upper-bound latency guarantees that118
are customisable to different levels of packet urgency while allowing for119
high NoC link utilisation [14].120
• The general architecture of the network on chip described in previous121
bullet points explains the data communications. However, when con-122
sidering security implications it is important to describe the enclosing123
context of the MPSoC in which the NoC exists. MPSoCs are tile-based124
structures which are flexible enough to meet a variety of application re-125
quirements. Each tile is either composed of a single IP core or a cluster126
of IP cores. Data is exchanged over a NoC between tiles. In order to127
increase the performance, current MPSoCs employ two main strategies:128
i) memory hierarchies, where several levels of cache (e.g. L1 to L3) and129
a set of DRAMs are integrated; and ii) resource sharing, where different130
applications are split and mapped onto the MPSoC resources.131
2.2. Threat Model and Timing Side Channel Attacks132
In this paper, we assume that the NoC and its interfaces to the cores133
are secure. We also assume that secure tasks execute in secure cores (i.e.134
cores that do not allow the execution of unsecured tasks). For this threat135
model, we assume that the NoC communicates sensitive information between136
two secure tasks, which we refer as the sensitive communication. We then137
assume an adversary that has knowledge about the NoC architecture, about138
5
the mapping of secure tasks to (secure) NoC cores, and is able to gain control139
of at most two non-secure NoC cores.140
A successful attack happens when the adversary, which has taken control141
of two non-secured processors, is able to obtain information about the sensi-142
tive traffic. In such attack, the adversary injects packets to the NoC in order143
to collide with the sensitive traffic. These two types of traffic (malicious and144
sensitive) collide inside the router, that is, they compete for the same output145
port resource. As a consequence of the malicious traffic, delays in the com-146
munication are caused and thus the malicious packets transmission is also147
delayed. At an endpoint at the other non-secured core, the adversary is able148
to measure the latency of their malicious traffic and infer how many collisions149
with the sensitive traffic occured. The resulting collisions leak information150
regarding sensitive communication flows. Note that the router is not nec-151
essarily malicious and that no any information embedded into the sensitive152
packet is required to perform the attack. The latency interference imposed153
by the sensitive communication over the malicious low priority traffic can154
provide the attacker with valuable information about the timing, frequency155
and volume of the secure communication.156
This threat model is not new, and its variations have also been used in157
best-effort NoC-based systems by [15], [16], [7]. The timing nature of the158
threat is also the same used in hard real-time uniprocessor systems by [17].159
2.3. Security of MPSoCs Case Studies160
In order to motivate the work and provide a concrete example of the161
security consequences of a timing attack, we now present two illustrative162
interrelated case studies. In both of them, timing attacks focused upon NoC163
communication can lead to negative consequences for a trusted application,164
even if the endpoint cores are fully secured against intrustion. The first165
focuses upon an AES encryption scenario, and the second focuses upon an166
autonomous vehicle. Note that these case studies are illustrative and apply167
to an example system; while expected to be representative of real security168
concerns in a system, they are not strictly based upon a particular hardware169
implementation or the simulation case study evaluated later in the paper.170
2.3.1. AES NoC Timing Attack Case Study171
MPSoCs operating in the context of IoT usually integrate security fea-172
tures such as cryptographic hardware cores for providing security services173
6
(confidentiality, authentication and integrity). The symmetric key encryp-174
tion algorithm Advanced Encryption Standard (AES) is widely used to im-175
plement security functions in several MPSoCs. AES encrypts 128 bits of176
data with key lengths of 128 bits using 10 rounds. AES operates iteratively177
data organized as a 4x4 state matrix. Each round is composed of four round178
operations: AddRoundKey (XORing the state with the current round key),179
SubByte (byte substitution), ShiftRow (byte transposition) and MixColumn180
(matrix multiplication). In order to speedup the execution of AES, trans-181
formation tables (T-tables) are used. T-table AES reduces the SubByte,182
ShiftRow and MixColumn operations to four lookup tables whose entries183
are simply XOR’ed [7]. The AES functionality is integrated in the MPSoC184
through a security co-processor, an IP core with a private L1 cache. In such185
scenario T-tables are stored along the different cache hierarchies of the MP-186
SoC. The vulnerability exploited by attackers is that T-tables are accessed187
depending on the secret key. Such attacks are know as cache attacks. A188
deeper description of the access-based cache attacks for MPSoCs is given in189
[7] and [6]. The weakest point of the AES operation is at the end of the190
first round. The NoC timing attack detects the end of the first round of191
the AES, thus allowing an attacker to trigger in the cache attack in the best192
moment, when noise generated from other cache accesses performed during193
the encryption are avoided.194
Fig. 1 presents the NoC-based MPSoC architecture. It integrates 16 IP195
cores (IP0 to IP15) which exchange communication through a mesh-based196
NoC. The integration of MPSoCs into an IoT context may permit remote197
applications downloaded from the Internet to be stored into external mem-198
ories and mapped into the MPSoCs. These applications are vulnerable to199
attacks and can be tampered with by an attacker. When mapped into the200
system resources, attackers are able to control packet injection into the NoC.201
In Fig. 1, the attacker has infected the IP1 and controls the traffic injection.202
IP3 represents the AES cryptoprocessor, where the T-Tables are stored in203
the shared cache IP0.204
The goal of the NoC timing attack is to identify the end of the first AES205
round. The attacks is performed in 7 steps, as shown in Fig. 1. In step206
(1) and (2), the attacker triggers first an AES encryption, then continues207
to frequently inject packets into the NoC. The throughput of the infected208
core is monitored by the attacker. Step (3) shows the execution of the AES209
encryption by the IP13. During the AES encryption, the value stored in the210
T-tables should be retrieved, thus a read request to IP0 is performed in step211
7
R8 R9 R10 R11 
R12 R13 R15 
ARM 
IP 9 IP 10 IP 11 
IP 13 IP 14 IP 15 
IP 8 
IP 12 
AES 
R0 
Shared 
Cache 
ARM 
R1 R2 R3 
R4 R5 R6 R7 
IP 0 
IP 1 IP 2 IP 3 
IP 5 IP 6 IP 7 IP 4 
Main  
Memory 
3 
1 
2 
4 
5 
6 
7 
Figure 1: Description of the NoC timing attack to NoC-based MPSoCs
(4). As a result, a big packet is retrieved in step (5). The communication212
collision in R1 between the infected traffic and the sensitive traffic causes a213
degradation in the throughput of the attacker. This is illustrated in Figure214
2 which illustrates the timing behaviour at the router R1, for an attacker215
injecting a packet coincident with IP0 responding. The attacker can measure216
the time taken between injecting its malicious packets and its completion.217
Since it knows its basic latency; the time taken to deliver this packet without218
load, it can determine the excess latency by subtraction. This provides an219
estimate of the response size.220
This triggers a cache attack, where the attacker perform a read request to221
the shared memory in IP0 in step (6). As is [7] and [6], by reading the shared222
cache in step (7), the attacker can identify the memory sets accessed due the223
8
AES encryption. As a result a key candidate is obtained. This process is224
performed multiple times until the key is found.225
Time (flit units)
Read to IP0
(step 4)
Response from 
IP0
(step 5)
Malicious 
packet
injected
Malicious 
packet
delivered
Excess
latency
Figure 2: Timing diagram demonstrating the attacker measuring the latency
2.3.2. Autonomous Vehicle Case Study226
A similar attack case study may apply in the case of an autonomous227
vehicle. The integration of heterogeneous software and MPSoCs for an au-228
tonomous vehicle could incorporate components derived independantly by229
different manufacturers. As mechanical systems and engine control units230
(ECUs) become more complex and integrated, the timing of messages for231
tasks such as engine control and emissions control becomes more critical [18].232
Simple attacks on timing in an AV system could include using malicious cores233
to inject additional traffic that delays sensor readings from reaching external234
buses such as CAN at the expected times [18]. If the MPSoCs in the AV235
uses AES encryption, then this would be vulnerable to the attack described236
in the previous section 2.3.1.237
However, it is possible to imagine a more subtle attack. Take for exam-238
ple the requirement in autonomous vehicles for computer vision algorithms239
to analyse camera data and identify particular targets. It is possible that240
manufacturers of these systems would not wish to reveal their algorithm op-241
eration, either from competitors, or to not reveal what targets their system242
is scanning for. In the case of a potential detection of an object requiring243
additional processing, the secured tasks may need to transmit more data244
amongsts themselves, or send requests for additional data from sensors. The245
9
potential motivation of an attacker would be to detect these communica-246
tions occuring, and thus infer information about the AV system’s goal or247
techniques of operation.248
If the computer vision tasks were located upon secured cores, then the249
attacker would not be able to access these tasks directly. However, by inject-250
ing low priority traffic into the onboard NoC and observing the delays these251
low priority communications experience, the attacker would be able to infer252
increased communication lengths or frequencies by the secured tasks, leading253
to potential leakage of the AV system purpose or operation.254
3. Related Work255
Multiprocessor embedded systems are target of attacks by means of ma-256
licious hardware or software [19]. Hardware-based attacks depend on design-257
time access to the system, which is then modified in a way that can be258
exploited during operation (e.g. by adding hardware able to leak informa-259
tion by changing chip temperature [20]). Software-based attacks are the most260
common cause of security incidents in such types of systems [21], and are car-261
ried out by malicious software installed at design time or after deployment.262
NoC-based systems have been shown to be vulnerable to a variety of263
attacks, both hardware and software-based. Active NoC attacks, such as264
code injection [22], malware [23] and control hijacking [24], or passive NoC265
attacks, such as side-channel exploitation, can be used to read sensitive com-266
munications, modify the system behaviour or prevent correct NoC operation.267
NoCs are especially vulnerable to side-channel attacks that exploit traffic in-268
terference as timing channels [15] [25]. The shared nature of NoCs can be269
exploited by an attacker to obtain sensitive information. By forcing traffic270
collision with sensitive packet flows, an attacker can observe the throughput271
variations and infer sensitive data, as shown in [15] [25] [26].272
Security-enhancing mechanisms have been added to NoC platforms to273
provide authentication [27], access control [23], integrity [28], and confiden-274
tiality services [29]. By monitoring and controlling the data exchange inside275
the chip, NoCs can detect and avoid attacks.276
Firewall-based and crypto-based techniques integrated at the network in-277
terface are the most commonly used approaches against active NoC attacks278
over the past decade [23] [30]. Firewalls implement authentication, access279
control and integrity services by means of traffic matching with a security280
10
table. Authorized transactions are allowed and injected to the NoC, other-281
wise they are denied and thus dropped. Crypto-based NoCs implement the282
confidentiality service by creating a shared secret among the sensitive cores283
and perform the encoded data exchange. While achieving desirable secu-284
rity enhancements, such approaches have an unpredictable impact upon the285
performance of the NoC and thus the overall system.286
PhaseNoC [31] focuses upon traffic isolation, which provides separation287
of traffic in adjacent domains and therefore potential reductions in the attack288
surface for timing attacks. However, such TDM (time-division multiplexing)289
static techniques reduce performance in the case of dynamic traffic arrival,290
so the authors provide a scheme which can opportunistically steal bandwidth291
between traffic classes. This scheme does permit potential timing attacks via292
leakage between the traffic classes.293
Firewalls and crypto-based NoCs are the state-of-the-art in NoC security,294
but they are not able to protect the system against passive NoC attacks.295
Randomised arbitration [25], virtual channel allocation [16] and routing [26]296
have been investigated and evaluated as countermeasures against timing at-297
tacks. By randomising the characteristics of sensitive packet flows, it is298
possible to break the correlation between the traffic characteristics (e.g. vol-299
ume and access patterns) and the sensitive data thus avoiding information300
leakage. Among those mechanisms, random routing has achieved the best301
levels of security enhancement with the lowest energy and area overhead [26].302
By spreading sensitive traffic over the NoC, the spatial distribution makes303
it harder for compromised cores or external attackers to gather sufficient304
side-channel information to infer correlations with sensitive data.305
Similarly to firewalls and crypto-based approaches, the focus of randomi-306
sation approaches is to increase security and none of the works in the state-307
of-the-art consider the performance requirements of the applications. In this308
paper, we argue that NoCs supporting real-time applications require a care-309
ful balance of a trade-off between security and performance. In most cases,310
we envisage that the level of security will be constrained by the NoC’s ability311
to support attack countermeasures while at the same time ensuring perfor-312
mance guarantees to the application. By providing a test to evaluate whether313
performance guarantees can hold under a specific side-channel attack coun-314
termeasure (namely route randomisation) we aim for a better balance of315
performance guarantees, resource usage and security trade-offs.316
11
3.1. System Model317
To increase NoC resilience against side-channel attacks while providing318
hard real-time guarantees to the application tasks running on it, we must319
make assumptions about the application behaviour such as upper-bounds320
on resource usage by every application task and packet. In this paper, we321
follow the well-known and widely used sporadic task model, which makes322
assumptions about the worst-case execution time (WCET) of all tasks and323
their shortest inter-arrival interval (i.e. their period). Since we are concerned324
about NoC communications, we follow an extension of the sporadic task325
model that considers that tasks inject packets to the NoC only after their326
execution completes, and that the maximum packet size is known [14].327
Thus, a hard real-time application Γ comprises n real-time tasks such as328
Γ ={τ1, τ2, . . . , τn}. Each task τi is a 6-tuple τi = (Ci, Ti, Di, Ji, Pi, {φi})329
indicating respectively its worst case computation time, period, deadline,330
release jitter and priority. The sixth element of the tuple is an extension to331
the sporadic task model proposed by [14], and represents the communication332
packets sent by τi at the end of its execution. Each packet φi is defined as a333
3-tuple φi = (τd,Zi,Ki) representing its destination task, size and maximum334
release jitter. In this paper, we assume for simplicity that a single packet335
is released at the end of each execution of each task, but the contributions336
presented here can be generalised for any number of released packets.337
Such applications are executed over a NoC platform like the one described338
in subsection 2.1 above. We model such a platform as a set of cores Π339
={pia, pib, . . . , piz}, a set of switches Ξ ={ξ1, ξ2, . . . , ξm}, and a set of unidirec-340
tional links Λ ={λa1, λ1a, λ12, λ21, . . . , λzm, λmz}. We also model the mapping341
of tasks to cores with the function map(τi) = pia.342
The routing of packets over the NoC can be modelled by the function343
route(pia, pib) = {λa1, λ12, . . . , λmb}, denoting the subset of Λ used to transfer344
packets from core pia to core pib. We can then extend the function map to also345
model the mapping of a packet to its route: map(φi) = route(map(τi),map(τd)).346
With the knowledge of the NoC architectural characteristics such as the347
latency to cross a link or to route a packet header, and with the knowledge348
of the length of a packet’s route (i.e. its hop count, or |route(pia, pib)| as349
expressed in [14]), it is possible to calculate the no-load latency Li of every350
packet φi: the time it takes to completely cross the NoC from its source to351
destination without any interference or contention from other packets. For352
the NoC described in subsection 2.1, and for most commercial and academic353
12
NoCs, the no-load latency of a packet can be deterministically obtained, and354
will not change if its route and the NoC operation frequency do not change.355
4. NoC Routing Randomisation356
4.1. Overview Of Route Randomisation357
By using a route randomisation approach, it is possible to prevent the358
adversary from obtaining accurate information about the sensitive commu-359
nication. Because not every packet of the secure communication will interfere360
on the malicious flows injected by the attacker, the information about tim-361
ing, frequency and volume they can obtain will be less accurate, which as a362
consequence increases the resilience of the NoC against the threat. There are363
many ways to introduce route randomisation in NoCs, and we will discuss364
our design decisions in subsection 4.3.365
Figure 1 and Fig. 3 show examples of the described threat model in366
Section 2.2. Fig. 3 shows an adversary controlling cores F and G, and using367
a malicious packet flow (shown as a purple dashed line) to infer data about368
a sensitive communication between secure cores C and E (shown as a red369
dotted line, representing the case of a NoC with deterministic XY routing).370
In the case of a NoC with randomised routing, all routes between C and E371
will be used (red dashed and dotted lines), preventing the adversary from372
inspecting the complete sensitive communication.373
4.2. Motivation Experiment374
Different NoC parameters impact the security of the system. Routing375
may have a huge impact on the success of the attack. In order to show this376
statement, we performed an experiment on a FPGA-based prototype of an377
MPSoC as shown in [8]. It is composed of 16 NIOS II IP cores, each with378
a 32 kB private L1 cache. The shared L2 cache is of 256 kB size and it is379
inclusive of L1. All of them have a cache line size of 16 bytes. The MPSoC380
structure is similar to Fig. 1. However the position of the AES, shared caches381
and attackers are modified. In the experiment the infected IP could be placed382
in six location of the MPSoC: i) linked to the east port of the router 1 (R1383
E); ii) linked to the north port of the router 1 (R1 N); iii) linked to the east384
port of the router 4 (R4 E); iv) linked to the north port of the router 4 (R4385
N); v) linked to the north port of the router 6 (R6 N); and vi) linked to the386
east port of the router 9 (R9 E).387
13
A 
D 
B 
C 
E 
F G 
Figure 3: Threat model, and examples of route randomisation with pseudo-adaptive XY
(from A to B) and west-first (from C to D and C to E) algorithms
The sensitive path is defined by the communication channel between the388
IP 0 and IP 10. Three different dimension ordered routing strategies were389
used to commute packets in the NoC: i) XY, which limits all turns to y-390
dimension until the x-dimension is reached; ii) XY-YX, which alternates391
randomly the XY and YX routing algorithms; and iii) West First (WF),392
which restricts turns to the west. The detection rate of the sensitive pack-393
ets for each configuration was evaluated. The observation points were the394
output ports shared with the sensitive traffic. Results are shown in Fig. 4).395
For the deterministic XY, the attackers that intersected the sensitive path396
were able to detect all the packets. However, when XY and YX were used397
randomly, the effectiveness of the attacker varies according to the amount of398
traffic that collides with the attacker traffic. Since only two paths were pos-399
sible, an attacker was not able to detect all sensitive traffic. The best results400
were achieve for attacks on the east port of the router 9 (R9 E) and the north401
port of the router 4 (R4 N). However, such results are highly dependent on402
the routing algorithm. In the last scenario, the West-first algorithm has six403
route possibilities. Hence, the efficiency of the attack was very low, since404
the messages became spread in the NoC through different routes. This moti-405
vates work on improving the security of the MPSoC via route randomisation.406
However, in viable real-time systems, security must be considered alongside407
14
end-to-end latency constraints.408
Figure 4: The detection rate of sensitive packets under different attacker IP locations and
routing strategies
4.3. Design Choices and Constraints409
There are many design choices related to packet routing in different NoC410
architectures [32]. As expected, those choices also define whether and how411
route randomisation can be achieved. For example, some NoC architectures412
use deterministic routing [33], meaning that there is only one possible route413
between a source and a destination, effectively preventing the approach pro-414
posed here. Among NoCs supporting dynamic or adaptive routing, which are415
the ones we target, there is a key design choice affecting the randomisation416
approach: source or distributed routing.417
In source-routed NoCs, the routing decision is done by the source core418
or its respective NI. This is usually implemented as multiple packet header419
flits that contain the next-hop information for each of the switches along the420
packet’s route. Once a switch routes one of the packet headers by assigning421
its output port, it discards that header flit and forwards the rest of the422
packet through that port. The next switch will route the subsequent header423
flit, discard it, forward the rest of the packet, and this is repeated all the way424
towards the packet destination. By following this approach, it is possible to425
program the source core or its NI to perform full route randomisation before426
every packet release.427
In NoCs with distributed routing, the next-hop decision is made by each428
switch individually. Typically, they have far less resources than the cores (and429
15
often than the NIs), so the routing decisions are based on simple rules related430
to the relative position of the destination core with regards to the switch431
holding the packet header (e.g. pseudo-adaptive XY [34], turn model [35]).432
In those cases, it is only possible to randomly choose from a predefined433
subset of all possible routes. For instance, pseudo-adaptive XY switches can434
only randomly choose between two routes between a source and a destination435
(e.g. routes between cores A and B in Figure 3). Switches implementing turn436
model routing may have a larger number of alternative routes to randomly437
choose from in most cases, but must behave deterministically for some specific438
cases. Figure 3 shows two routes created by a west-first turn model: packets439
between core C and D have only one possible route, as the destination is440
located on the west of the source, while packets from core C to E can take a441
variety of possible routes.442
In both source and distributed routing, the NoC component making ran-443
dom decisions must have access to a source of random data, such as a pseudo-444
random number generator (PRNG, generated by a deterministic algorithm)445
or a true random number generator (TRNG, often generated out of low level446
noise signals). Such sources can have significant hardware overhead, thus447
favouring source routing because of the low area constraints for NoC switches.448
For the route randomisation approaches reviewed above, however, overheads449
should be minimal in either case as they only require random sources with450
one-bit output.451
Additional issues when randomising packet routes include the potential452
increase of the packet route, the possibility of deadlocks, and the potential453
increase of packet latency (and therefore the potential violation of real-time454
constraints). Let us now address each of them.455
All the routing approaches reviewed above are minimal: the route they456
choose has the smallest possible hop count between source and destination.457
This is because of their obvious advantages in terms of latency, network458
contention and energy dissipation. However, from the point of view of side-459
channel attack resilience, it may be interesting to exploit non-minimal ran-460
domised routing in order to decorrelate the side channels with the functional461
properties of the packet communication (e.g. short packet transmission be-462
tween neighbouring cores would not necessarily have the shortest latency and463
lowest energy dissipation if they are forced to take a long route across the464
chip).465
Deadlock-free packet communication is a critical characteristic for NoCs.466
This can be achieved at the link arbitration layer, e.g. with priority-preemptive467
16
virtual channels [14], or at the network layer by restricting the possible turns468
of the routing algorithm (either in source or in distributed routing). In NoCs469
that ensure deadlock-freeness at the network layer, special care must be taken470
by the route randomisation approach to avoid introducing turns that can lead471
to deadlocks.472
Finally, route randomisation is likely to change the latencies of packets,473
both because for every release their routes may have different hop counts474
(leading to different no-load latencies) and because different routes may trig-475
ger different contention scenarios (leading to different blocking times). In476
our approach, such variability is actually desirable because it is a key as-477
pect to increasing the NoC’s resilience against side channel attacks. In the478
case of hard real-time systems, however, it is critical that such variability is479
bounded and that the worst-case latencies of all packets are always less than480
their deadlines. In the next subsection, we propose an extension to existing481
schedulability analysis to evaluate if that is the case for a given application482
mapped to a given NoC architecture. The proposed approach is simple, yet483
general enough to analyse randomised routing approaches following any of484
the design choices reviewed above: source or distributed, minimal or non-485
minimal, and with deadline-freeness ensured at the link or network layer.486
4.4. Schedulability Analysis487
Schedulability analysis for a set of sporadic packets transferred over a488
priority-preemptive wormhole switching NoC was presented in [36]. A set of489
packets is deemed schedulable if the worst-case latency of each packet is less490
than their deadline. By coupling that analysis with classical response time491
analysis for uniprocessor fixed-priority scheduling, an end-to-end schedula-492
bility analysis for that type of NoC was proposed in [14], considering the493
worst-case response times of tasks and the worst-case latency of the packets494
they generate. Both the original analysis from [36] and the end-to-end ex-495
tension from [14] assume static routing, so a different formulation is needed496
before it can be used for the purpose of this paper. First, we review those497
formulations, but using the notation described in subsection 3.1.498
According to [36], the worst-case latency Si of a packet φi can be obtained499
from Equation 1. This equation is defined recursively and iterated until a500
stable fixed point is discovered.501
Si = Li +
∑
φj∈interf(i)
⌈
Si +Kj +K
I
j
Tj
⌉
Lj, (1)
17
The set interf(i) is the set of higher priority packets φj whose route shares502
at least one link with the route of φi and therefore can interfere with it.503
Precisely, interf(i) = {φj ∈ φ : map(φi) ∩ map(φj) 6= ∅}. The two terms504
Kj and K
I
j denote respectively the maximum release jitter of the interfering505
packet φj and its maximum indirect interference jitter. As shown in [14],506
Kj is equal to the worst case response time Rj of task τj which produces φj,507
assuming that φj will be released immediately after the end of τj’s execution.508
Rj can be calculated using uniprocessor response time analysis, considering509
the type of task scheduling by the operating system at each core (e.g. priority-510
preemptive). And as shown in [36], the indirect interference jitter KIj can be511
bound by Sj − Lj.512
It can be seen in Equation 1 that the route of a packet affects its worst-case513
latency because it defines the set of packets that can add to the interference514
term of the equation (i.e. sum operator). Route randomisation would change515
the set interf(i) at each packet release, since different routes would produce516
different interference patterns. An intuitive way to find the worst-case latency517
of a packet with a randomised route would be to calculate the worst-case518
latency of each of its possible routes with Equation 1, and pick the highest519
value. However, that approach works only if there is a single packet with520
randomised route, and all others following deterministic routes.521
A general analysis where all packets could potentially have randomised522
routes is more complex: all possible routes of a packet would have to be tested523
with all possible routes of all other packets before the worst case could be524
found. Furthermore, if one cannot make probabilistic assumptions on the525
randomisation approach, pathological cases must also be taken into account526
(e.g. the same route could be chosen again and again for a single packet over527
a long period of time, even though that is very unlikely).528
In this paper we assume that, in the worst case, if there is a way for a529
high-priority packet to interfere with a low priority packet, it would interfere530
with it in every possible release. This means that even though there may531
be routes when packets do not interfere with each other, we assume that in532
the worst case the random choice of route would always pick the ones where533
there is interference. This is perfectly reasonable when packets have similar534
periods, but it gets more and more pessimistic as we reduce the periods of535
higher priority packets. In that case, high priority packets would have a536
larger number of releases within a single release of a low priority packet, thus537
interfering more often with it, even though the larger number of releases538
would make less likely that an interfering route would be chosen every time.539
18
To calculate worst-case latencies for the general problem where all pack-540
ets could have randomised routes, we define the set interfr(i) as the set541
of higher priority packets φj who could, with any of their possible routes,542
interfere with any of the possible routes of the packet of interest φi. To543
precisely define that set, we must first define a new function router(pia, pib)544
= {λa1, λ12, λ13, λ14, . . . , λmb}, denoting the subset of Λ that contains all the545
links that could be part of any of the routes that could be randomly chosen546
to transfer packets from core pia to core pib, and a new function mapr(φi)547
= router(map(τi),map(τd)). Then, interfr(i) = {φj ∈ φ : mapr(φi) ∩548
mapr(φj) 6= ∅}.549
By applying Equation 1 with the summation over the set interfr(i) in-550
stead of the original interf(i), we can then find an upper bound to the packet551
latencies over a NoC with randomised routing.552
4.5. Optimising the Performance-Security Trade-off553
The schedulability analysis proposed in the previous subsection can only554
be used to test whether a particular randomised NoC configuration can meet555
the hard real-time constraints of an application. It offers no alternatives556
in case of negative results, i.e. when performance constraints are not met.557
In this subsection we show how the schedulability test can be exploited as558
a fitness function in a design space exploration process. Similarly to [4]559
and [14], we follow an evolutionary approach to navigate over a key part560
of the design space: task-core mapping. By changing that mapping, it is561
possible to achieve fine-grained improvements on schedulability of tasks over562
cores and packet flows over NoC infrastructure (e.g. tasks that are barely563
unschedulable can become schedulable by a simple remapping of one of the564
higher priority tasks that interfere with their computation or communication,565
thus changing the set interf in Equation 1). The same can happen in the566
case of route randomisation, since changes on mapping can determine which567
randomised routes interfere with each other and in turn affect schedulability568
through changes in the interfr set.569
Figure 5 shows the evolutionary pipeline proposed here, which starts with570
an arbitrary population of task mappings using a given route randomisation571
approach and a given level of security. It then uses evolutionary operators572
such as mutation and crossover to improve the mapping population with re-573
gards to the percentage of schedulable tasks and packets calculated using the574
proposed modification of Equation 1. For every generation of the population,575
those with the larger number of schedulable tasks and packets are selected576
19
to the next generation, where they will be again mutated, crossed-over, eval-577
uated and selected to the subsequent generation. The pipeline stops after578
a fully schedulable mapping is found, or a predefined maximum number of579
generations is reached.580
Unlike many constructive task mapping approaches, the evolutionary581
pipeline proposed here does not necessarily try to map communicating tasks582
to the same or neighbouring cores. Its fitness function can be tuned, for583
instance, to keep communicating tasks as far apart as possible while keeping584
their communication packets schedulable over a variety of randomly-chosen585
routes.586
8 3 4  ? 6 
3 5 1  ? 3 
1 3 4  ? 6 
7 2 4  ? 3 
2 3 4  ? 6 
5 3 4  ? 6 
6 4 1  ? 2 
2 3 4  ? 5 
1 9 4  ? 2 
6 4 1  ? 2 
1 9 4  ? 2 
parent population selection crossover 
1 4 1  ? 2 
6 9 4  ? 2 
mutation 
6 9 4  ? 5 
2 5 4  ? 6 
3 3 4  ? 8 
1 3 1  ? 2 
7 5 1  ? 3 
offspring population 
5 3 4  ? 6 6 4 4  ? 6 
1 3 4  ? 6 
6 9 4  ? 5 
 ? ? ? ?Ŷ task id 
core id 
evaluation using schedulability analysis 
ranking based on percentage of schedulable 
tasks and packets top ranked 
- NoC parameters 
- application parameters 
- route randomisation 
- security level 
Figure 5: Evolutionary pipeline to optimise performance-security trade-off
In this paper, we consider two types of route randomisation which can be587
implemented either as source or distributed routing, namely random XY/YX588
and random west-first. Random XY/YX is a randomised version of pseudo-589
adaptive XY routing used in [34], so the route of the packet to its destination590
is randomly chosen between the XY or the YX route prior to the injection591
of the packet header into the network. In random west-first, we randomise592
one of the turn model routing approaches [35] so that whenever a packet is593
20
allowed more than one route it randomly chooses one of them (i.e. uniform594
probability among all alternatives).595
We then allow for multiple levels of security by changing how many packet596
flows are allowed to have their routes randomised. A baseline with no ran-597
domisation should have the best results regarding schedulability, given that598
packets suffer less interference and therefore are more likely to be schedula-599
ble. Then, increased levels of security can be achieved by randomised larger600
percentages of packet flows, up to a fully randomised configuration where601
all packets follow randomised routes on every release. In the next section,602
we show experimentally that the proposed schedulability test and evolution-603
ary optimisation pipeline can produce NoC configurations able to hold hard604
real-time guarantees with maximised security potential.605
5. Experimental Work606
We evaluate the proposed approach in two distinct experimental setups.607
The first uses the proposed schedulability test and evolutionary pipeline to608
balance the trade-off between performance guarantees and security over a609
large set of synthetically generated applications. The second uses a cycle-610
accurate NoC simulator to show the effects of route randomisation upon611
latency with a realistic application.612
5.1. Schedulability-driven optimisation of route randomisation613
This section presents the workflow for analytic schedulability evaluation,614
and evolution with an evolutionary pipeline based on a genetic algorithm615
(GA). It follows the pipeline presented in Figure 5. To evaluate the challenge616
of optimising different applications with different levels of load, we synthet-617
ically generate thousands of applications, each of them composed of tasks618
that communicate with each other with different numbers of packet flows.619
We then apply the evolutionary pipeline to each one of those applications,620
aiming to optimise the mappings of tasks in such a way that the whole set621
of tasks and flows is schedulable at different levels of security. We then plot622
the percentage of schedulable applications we could achieve for each level of623
security and each level of load. For the sake of reproducibility, we provide624
below more details on the whole process.625
For a single experiment upon a given NoC and set of parameters (e.g.626
topology, operating frequency, switch and link latencies), a range of packet627
flow counts are identified, each of which represents a level of communication628
21
within the application, and therefore a utilisation load upon the NoC. For629
each flow count chosen for experimental evaluation, a set of tasksets and630
packet flowsets are generated, each containing the chosen number of flows.631
The number of tasks is kept roughly constant, and all of them are either632
source or destination of at least one packet flow. Therefore, flowsets with633
higher flow counts represent increasing packet contention between the same634
endpoints. Flows are assigned to particular source and destination tasks635
with uniform random probability. This implies that the average number of636
flows transmitted is even across all tasks, although as a result of the random637
assignment there may be unique hotspots.638
Following this, an experiment is initialised by defining a population of639
initial mappings, and a setting for the target level of security case setting.640
The levels of security settings are defined as either unsecured, or 25%, 50%,641
75% and 100% secured flows. The secured flows are those that will use642
randomised routing, providing increased potential protection against side-643
channel attacks. In case of a partial provision of security e.g. 50%, security is644
assigned to the flows in their order of priority, with the highest priority flows645
being randomised. The rationale is to enforce overall random interference646
patterns, since higher priority packets are the ones causing interference.647
A population of chromosomes (each representing of a mapping of tasks to648
cores upon the NoC, as shown in the upper-left corner of Figure 5) is specified649
for each level of load (i.e. synthetically generated taskset and flowset with a650
specific flow count). A genetic algorithm is then used to evolve these chro-651
mosomes, performing mutation, crossover and evaluation of the population652
according to a fitness function based on the modified Equation 1. This is653
done separately for each level of security, each of them generating a different654
interfr(i) set representing the randomised routes of different packet flows.655
By applying the modified Equation 1 for every packet flow of the appli-656
cation, it is possible to check whether each of them is schedulable, i.e. their657
end-to-end latency is less than the respective deadline. The overall fitness658
of an application is then assumed to be the number of schedulable packet659
flows. Following the fitness function evaluation, the population is culled to660
retain only the chromosomes that are at the top of the fitness ranking. If661
the fitness function indicates that the top-ranked chromosome represents a662
mapping where all flows are schedulable, then the GA terminates early. Oth-663
erwise, following the completion of the chromosome improvement process at664
a fixed number of generations, the best chromosome (output mapping) and665
schedulability obtained (both aggregate flows and flowsets) is output for dis-666
22
NoC/Packet flowset parameters Value
Maximum packet flow no-load latency 100 ms
Maximum period 500 ms
Priority assignment Deadline monotonic
Route randomisation Random XY/YX
Standard NoC topology 4x4
Enlarged NoC topology 8x8
Flowsets per data point 100
GA parameters
Population size 100
Mutation individual task moving probability 0.3
Maximum generations 50
Table 1: Evaluation parameters
play.667
To show the impact of the level of security on performance guarantees668
and resource usage, we have produced several experimental series:669
No security (NS) Deterministic routing, fitness function incorporates schedu-670
lability calculated using Equation 1 with the original interf(i) set.671
Percentage security (PS(%)) A given percentage of the packet flows use672
randomised routing, fitness function evaluated using Equation 1 with673
the proposed interfr(i) set reflecting that percentage.674
Application of security a posteriori (SAP) Evolution is performed us-675
ing a fitness function that tests the schedulability without any security676
mechanisms (only deterministic routing), aiming to find a schedulable677
mapping without security considerations. Following the completion678
of this evolutionary process, the evolved best application mapping has679
100% of its packet routes randomised, and is then evaluated with Equa-680
tion 1 with the proposed interfr(i) set. This experiment therefore aims681
to show that the optimisation of the mapping should take into account682
route randomisation, and that poor results can be expected from apply-683
ing randomisation to a mapping that was optimised for deterministic684
routing.685
23
5.1.1. Results686
Figure 6a shows the aggregate schedulability of flows after improvement687
with the GA, as a mean proportion across all flowsets generated for that688
data point. It is clear that the ordering of the results series in the illustrated689
plot follows the proportion of security provided, with an increasing number690
of flows in the flowsets (and therefore an increasing load upon the NoC) pro-691
viding a slight reduction in schedulability of the evolved cases. This is as692
anticipated, in that the worst-case schedulability analysis would be affected693
by the increased interference present from the optional random routes. How-694
ever, since each GA run is an independent evolutionary process, the ordering695
of the series does not always follow the anticipated order. In the SAP se-696
ries (security a posteriori), evolution is performed using a fitness function697
that tested schedulability under the no security case (XY routing). How-698
ever, following the completion of the GA the evolved mapping schedulability699
was evaluated with all flows using randomised routing. As anticipated, the700
schedulability of SAP is considerably worse than the NS or PS series, since701
the evolution was performed using a routing strategy that assumes lower in-702
terference than the final evaluation case. Figure 6b shows the schedulability703
of flowsets. A flowset is only considered schedulable if every flow within it704
is schedulable. The results follow the same general trend as in Figure 6a,705
although they reach zero earlier since flowset schedulability requires every706
component flow to be schedulable.707
5 10 15 20 25 30 35 40 45 50
0.2
0.3
0.4
0.5
0.6
0.7
0.8
0.9
1
Flow count
Pr
op
or
tio
n 
of
 s
ch
ed
ul
ab
le
 fl
ow
s
Flow schedulability after improvement using a GA
under various models − 100 flowsets per data point
 
 
No security − (NS)
25% random − PS(25)
50% random − PS(50)
75% random − PS(75)
100% random − PS(100)
Security a posteriori − SAP
(a) Flow schedulability
5 10 15 20 25 30 35 40 45 50
0
0.1
0.2
0.3
0.4
0.5
0.6
0.7
0.8
0.9
1
Flow count
Pr
op
or
tio
n 
of
 s
ch
ed
ul
ab
le
 fl
ow
se
ts
Flowset schedulability after improvement using a GA
under various routing strategies − 100 flowsets per data point
 
 
No security − (NS)
25% random − PS(25)
50% random − PS(50)
75% random − PS(75)
100% random − PS(100)
Security a posteriori − SAP
(b) Flowset schedulability
Figure 6: Schedulability under various security models in the 4x4 case
24
20 40 60 80 100 120 140
0
0.1
0.2
0.3
0.4
0.5
0.6
0.7
0.8
0.9
1
Flow count
Pr
op
or
tio
n 
of
 s
ch
ed
ul
ab
le
 fl
ow
s
Flow schedulability after improvement using a GA
under various models − 100 flowsets per data point
 
 
No security − (NS)
25% random − PS(25)
50% random − PS(50)
75% random − PS(75)
100% random − PS(100)
Security a posteriori − SAP
(a) Flow schedulability
20 40 60 80 100 120 140
0
0.1
0.2
0.3
0.4
0.5
0.6
0.7
0.8
0.9
1
Flow count
Pr
op
or
tio
n 
of
 s
ch
ed
ul
ab
le
 fl
ow
se
ts
Flowset schedulability after improvement using a GA
under various routing strategies − 100 flowsets per data point
 
 
No security − (NS)
25% random − PS(25)
50% random − PS(50)
75% random − PS(75)
100% random − PS(100)
Security a posteriori − SAP
(b) Flowset schedulability
Figure 7: Schedulability under various security models in the 8x8 case
For the 8x8 example evaluation case, the results are presented in Figures708
7a and 7b. The results show a greater separation between the NS and PS709
series after NoC evolution, due to the increased NoC size and number of flows710
allowing a greater complexity of interference graphs when randomised routing711
is enabled. The SAP case also has significantly lower schedulability, since its712
evolved mapping was obtained without routing randomisation and imposing713
randomisation later affects schedulability. In the schedulability of flowsets714
in Figure 7b, it is clear there is a wider difference in schedulability between715
the PS(100) secured case and NS (no security) particularly in flowsets with716
70 to 85 flows. This illustrates that as the interference graph becomes more717
complex it is harder for the GA to find schedulable mappings.718
5.2. Cycle-accurate simulation of route randomisation719
One of the key concerns in altering network routing is the impact that720
it will have upon latency for packet transmission, particularly in latency-721
sensitive real time applications. This section considers via simulation the722
impact of randomising of the routing protocol on the latency of a previously723
published real-time application case, the autonomous vehicle application [14].724
The simulation framework used for this section is a cycle-accurate NoC725
model with support for priority preemption and virtual channels. This sim-726
ulator has been extensively validated in our previous work, frequently being727
used as a baseline for results in latency and power analysis [37] [38].728
25
5.2.1. Application Structure729
The application used in this application is an autonomous vehicle (AV)730
application [14]. This application consists of 38 communicating flows be-731
tween a set of tasks that represent video processing, system monitoring and732
control for a robotic vehicle. As is the convention throughout this paper, pri-733
orities are defined such that lower priority index values represent the highest734
priority transmissions. The priorities, data transmission rates, frequencies735
and deadlines of these application transmissions are as defined in [14], al-736
though a different mapping has been used in order to show the impact of737
routing protocols on a randomly selected mapping without artificial tuning738
to favour a particular routing protocol. The application has been mapped739
onto a 4x3 NoC, and the video resolution of the AV application video streams740
is 640x480. Since the application mapping is static and a single priority level741
is used per packet, a packet always travels between a fixed source-destination742
pair during the simulation.743
5.2.2. Routing Alternatives744
In this simulation evaluation, two routing alternatives incorporating ran-745
domisation are used, in addition to the baseline comparison of XY routing.746
The first routing alternative uses the XY/YX approach. In this approach,747
traffic producers determine uniformly randomly on injection whether a data748
packet will use XY or YX routing, and following this decision a flag is set749
in the data packet to control the routing behaviour. As a result, the chosen750
routing algorithm (either XY or YX) is used throughout packet transmission.751
In addition, an alternative routing structure known as random west first752
(RWF) routing is also implemented, which allows randomised routing de-753
cisions to be taken by individual arbiters during data transmission. RWF754
requires the packet always be forwarded towards the west when the desti-755
nation node is west of the current arbiter. However, any other destination756
port can be chosen uniformly randomly (east, north or south) as long as the757
direction taken is towards the destination. Therefore, the RWF approach758
permits a more diverse range of transmission paths than the XY/YX se-759
lection approach, providing more potential protection against side channel760
attacks.761
5.2.3. Evaluation Results762
The results are presented in Figures 8 and 9, illustrating the max-min-763
mean latencies and normalised latencies for the randomised routing cases764
26
(XY/YX and RWF) versus the baseline. Normalised latency is calculated765
by dividing the end-to-end latency of the packets by the packet size, which766
provides a metric of latency per flit. This metric is therefore more sensitive767
to delays in the transmission of short packets.768
The latency results presented in Figure 8 illustrate that routing randomi-769
sation typically increases the communication latencies for the majority of770
packets compared to fixed XY routing. This is particularly evident in the771
case of the packets with priority 8 under RWF routing, which experience772
an increased latency due to contention with other higher priority flows on773
some of the randomly chosen routes. In the XY/YX routing case, increased774
latency is also observed for the packets with priorities 21 and 26 in some775
cases. Interestingly, for some of the packet transmissions with priority 10776
and 13, the use of randomised routing is also to reduce latency in the best777
case, either by routing a higher priority packet so that it no longer causes778
interference, or routing the current packet around the interferer.779
Considering the normalised latency results in Figure 9, it is clear that780
the relative impact of route randomisation is most significant upon packets781
with priorities 13, 15, 18 and 26. These transmissions represent some of the782
shortest packets in the system, which are therefore more greatly impacted on783
a relative basis by contention with other packets. As depicted in the previous784
figure, some priority 13 packets encounter a large reduction in latency during785
some transmissions as a result of avoiding interference.786
6. Conclusions and Future Work787
This paper has addressed the trade-off between security and hard real-788
time performance guarantees in Networks-on-Chip. It has proposed route789
randomisation as a way to increase NoC resilience against side-channel at-790
tacks, and has discussed a number of design alternatives for the randomi-791
sation approach. It then has proposed a schedulability test for applications792
running over a secure priority-preemptive NoCs using route randomisation.793
Finally, the paper identifies an optimisation pipeline which can be guided794
by the proposed schedulability test towards configurations that can achieve795
full schedulability while maximising the provided level of security. Extensive796
experimental work using 4x4 and 8x8 NoCs with random XY/YX routing797
running thousands of synthetically generated applications show the perfor-798
mance guarantees that can be achieved by the proposed approach at four799
different levels of security, compared against two baselines (no security, and800
27
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38
0
1
2
3
4
5
6
x 10−4
Flow priority index
La
ten
cy 
pe
r fl
it 
(wit
h m
in−
ma
x er
ror 
bar
s) (
s)
Latencies per flit for AV application 
 with RWF, XY/YX and XY routing
 
 
XY routing
RWF routing
Random XY−YX
Figure 8: Communication latency results for the randomised routing case on the AV
application
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38
0
0.5
1
1.5
2
2.5
x 10−7
Normalised latencies per flit for AV
 application with RWF, XY/YX and XY routing
Flow priority index
N
or
m
al
is
ed
 la
te
nc
y 
pe
r f
lit 
(w
ith
 m
in−
ma
x e
rro
r b
ars
) (
s)
 
 
XY routing
RWF routing
Random XY−YX
Figure 9: Communication latency results (normalised) for the randomised routing case on
the AV application
full security applied a posteriori). Additional experiments with a realistic801
application running over 4x3 NoCs with random XY/YX and random west-802
first routing were performed with a cycle-accurate simulator, aiming to show803
28
the impact of route randomisation on latency variability, which in turn shows804
the increased resilience against side-channel attacks.805
Since this is the first paper addressing the trade-off between security and806
hard real-time performance in NoCs, it had to make several assumptions to807
be able to attack the problem. Lifting some of those assumptions will cer-808
tainly open new avenues of research, such as using different NoC arbitration809
mechanisms (e.g. TDM) or different route randomisation techniques (e.g. if810
randomised routes of subsequent releases of packets are never the same, a less811
pessimistic schedulability test can be used). Addressing those cases will re-812
quire new schedulability tests, but could still reuse the proposed optimisation813
pipeline.814
Acknowledgements815
The research described in this paper is funded, in part, by the EPSRC816
grant, MCC (EP/K011626/1). No new primary data were created during817
this study. This work was partly funded by the German Federal Ministry of818
Education and Research (BMBF), grant number 01IS160253 (ARAMiS II).819
References820
[1] C. Silvano, M. Lajolo, G. Palermo, Low Power Networks-on-Chip,821
Springer Science & Business Media, 2010.822
[2] M. Radetzki, C. Feng, X. Zhao, A. Jantsch, Methods for Fault Tolerance823
in Networks-on-chip, ACM Comput. Surv. 46 (2013) 8:1–8:38.824
[3] S. Pestana, E. Rijpkema, A. Radulescu, K. Goossens, O. Gangwal,825
Cost-performance trade-offs in networks on chip: a simulation-based826
approach, in: Design, Automation and Test in Europe Conference and827
Exhibition, 2004. Proceedings, pp. 764–769.828
[4] M. N. S. M. Sayuti, L. S. Indrusiak, Real-time low-power task mapping829
in networks-on-chip, in: VLSI (ISVLSI), 2013 IEEE Computer Society830
Annual Symposium on, pp. 14–19.831
[5] B. Nikolic, H. I. Ali, S. M. Petters, L. M. Pinho, Are Virtual Channels832
the Bottleneck of Priority-aware Wormhole-switched NoC-based Many-833
cores?, in: Proceedings of the 21st International Conference on Real-834
Time Networks and Systems, RTNS ’13, ACM, New York, NY, USA,835
2013, pp. 13–22.836
29
[6] J. Sepulveda, M. Gross, A. Zankl, G. Sigl, Exploiting bus communi-837
cation to improve cache attacks on systems-on-chips, in: 2017 IEEE838
Computer Society Annual Symposium on VLSI (ISVLSI), pp. 284–289.839
[7] C. e. a. Reinbrecht, Gossip noc - avoiding timing side-channel attacks840
through traffic management, in: ISVLSI 16, Pittsburgh, USA, pp. 601–841
606.842
[8] C. Reinbrecht, B. Forlin, A. Zankl, J. Seplveda, Earthquake - a noc-843
based optimized differential cache-collision attack for mpsocs, in: 2018844
Design, Automation Test in Europe Conference Exhibition (DATE), pp.845
648–653.846
[9] L. S. Indrusiak, J. Harbin, M. J. Sepulveda, Side-channel attack847
resilience through route randomisation in secure real-time networks-848
on-chip, in: 2017 12th International Symposium on Reconfigurable849
Communication-centric Systems-on-Chip (ReCoSoC), pp. 1–8.850
[10] Z. Shi, A. Burns, L. S. Indrusiak, Schedulability Analysis for Real Time851
On-Chip Communication with Wormhole Switching, International Jour-852
nal of Embedded and Real-Time Communication Systems 1 (2010) 1 –853
22.854
[11] M. Schoeberl, A Time-Triggered Network-on-Chip, in: Field Pro-855
grammable Logic and Applications, 2007. FPL 2007. International Con-856
ference on, pp. 377–382.857
[12] D. Dasari, B. Nikolic, V. Nelis, S. M. Petters, NoC Contention Analysis858
Using a Branch-and-prune Algorithm, ACM Trans. Embed. Comput.859
Syst. 13 (2014) 113:1–113:26.860
[13] A. E. Kiasari, A. Jantsch, Z. Lu, Mathematical Formalisms for Perfor-861
mance Evaluation of Networks-on-chip, ACM Comput. Surv. 45 (2013)862
38:1–38:41.863
[14] L. S. Indrusiak, End-to-end schedulability tests for multiprocessor em-864
bedded systems based on networks-on-chip with priority-preemptive ar-865
bitration, Journal of Systems Architecture 60 (2014) 553–561.866
30
[15] W. Yao, G. Suh, Efficient timing channel protection for on-chip net-867
works, in: Networks on Chip (NoCS), 2012 Sixth IEEE/ACM Interna-868
tional Symposium on, pp. 142–151.869
[16] J. Sepulveda, M. Soeken, D. Florez, J.-P. Diguet, G. Gogniat, Dynamic870
noc buffer allocation for mpsoc timing side channel attack protection, in:871
Circuits and Systems (LASCAS), 2016 IEEE Seventh Latin American872
Symposium on, IEEE, pp. 1–4.873
[17] M. Yoon, S. Mohan, C. Chen, L. Sha, Taskshuffler: A schedule ran-874
domization protocol for obfuscation against timing inference attacks in875
real-time systems, in: 22nd IEEE Real-Time and Embedded Technology876
and Applications Symposium (RTAS 2016), IEEE, pp. 1–12.877
[18] A. Lima, F. Rocha, M. Vlp, P. Esteves-Verissimo, Towards safe and878
secure autonomous and cooperative vehicle ecosystems, in: Proceedings879
of the Second ACM Workshop on Cyber-Physical Systems Security and880
PrivaCy, ACM, pp. 59–70.881
[19] J.-P. Diguet, S. Evain, R. Vaslin, G. Gogniat, E. Juin, Noc-centric882
security of reconfigurable soc, in: Networks-on-Chip, 2007. NOCS 2007.883
First International Symposium on, pp. 223–232.884
[20] T. Iakymchuk, M. Nikodem, K. Kepa, Temperature-based covert chan-885
nel in FPGA systems, in: 2011 6th International Workshop on Re-886
configurable Communication-centric Systems-on-Chip (ReCoSoC), pp.887
1–7.888
[21] D. Papp, Z. Ma, L. Buttyan, Embedded systems security: Threats,889
vulnerabilities, and attack taxonomy, in: Privacy, Security and Trust890
(PST), 2015 13th Annual Conference on, IEEE, pp. 145–152.891
[22] D. M. Ancajas, K. Chakraborty, S. Roy, Fort-nocs: Mitigating the892
threat of a compromised noc, in: Proceedings of the 51st Annual Design893
Automation Conference, DAC ’14, ACM, New York, NY, USA, 2014,894
pp. 158:1–158:6.895
[23] L. Fiorin, G. Palermo, S. Lukovic, V. Catalano, C. Silvano, Secure896
memory accesses on networks-on-chip, Computers, IEEE Transactions897
on 57 (2008) 1216–1229.898
31
[24] S. Lukovic, N. Christianos, Enhancing network-on-chip components to899
support security of processing elements, in: Proceedings of the 5th900
Workshop on Embedded Systems Security, WESS ’10, ACM, New York,901
NY, USA, 2010, pp. 12:1–12:9.902
[25] J. Sepulveda, J.-P. Diguet, M. Strum, G. Gogniat, Noc-based protection903
for soc time-driven attacks, Embedded Systems Letters, IEEE 7 (2015)904
7–10.905
[26] H. Wassel, G. Ying, J. Oberg, T. Huffmire, R. Kastner, F. Chong,906
T. Sherwood, Networks on chip with provable security properties, Micro,907
IEEE 34 (2014) 57–68.908
[27] J. Sepulveda, R. Pires, G. Gogniat, W. J. Chau, M. Strum, Qoss hier-909
archical noc-based architecture for mpsoc dynamic protection, Interna-910
tional Journal of Reconfigurable Computing 2012 (2012) 3.911
[28] J. Sepulveda, G. Gogniat, D. Florez, J.-P. Diguet, C. Zeferino, M. Strum,912
Elastic security zones for noc-based 3d-mpsocs, in: Electronics, Circuits913
and Systems (ICECS), 2014 21st IEEE International Conference on,914
IEEE, pp. 506–509.915
[29] J. Sepulveda, D. Florez, G. Gogniat, Reconfigurable security architec-916
ture for disrupted protection zones in noc-based mpsocs, in: Reconfig-917
urable Communication-centric Systems-on-Chip (ReCoSoC), 2015 10th918
International Symposium on, IEEE, pp. 1–8.919
[30] P. Cotret, G. Gogniat, J. Sepulveda, Protection of heterogeneous archi-920
tectures on fpgas: An approach based on hardware firewalls, Micropro-921
cessors and Microsystems (2016) 1–31.922
[31] A. Psarras, J. Lee, I. Seitanidis, C. Nicopoulos, G. Dimitrakopoulos,923
Phasenoc: Versatile network traffic isolation through tdm-scheduled vir-924
tual channels, IEEE Transactions on Computer-Aided Design of Inte-925
grated Circuits and Systems 35 (2016) 844–857.926
[32] S. Pasricha, N. Dutt, On-chip communication architectures: system on927
chip interconnect, Morgan Kaufmann, 2010.928
32
[33] F. Moraes, N. Calazans, A. Mello, L. Moeller, L. Ost, HERMES: an929
infrastructure for low area overhead packet-switching networks on chip,930
Integration, the VLSI Journal 38 (2004) 69–93.931
[34] M. Dehyadgari, M. Nickray, A. Afzali-Kusha, Z. Navabi, Evaluation of932
pseudo adaptive XY routing using an object oriented model for NOC,933
in: The 17th International Conference on Microelectronics, 2005. ICM934
2005, pp. 5 pp.–.935
[35] C. J. Glass, L. M. Ni, The Turn Model for Adaptive Routing, in:936
Proceedings of the 19th Annual International Symposium on Computer937
Architecture, ISCA ’92, ACM, New York, NY, USA, 1992, pp. 278–287.938
[36] Z. Shi, A. Burns, Real-Time Communication Analysis for On-Chip Net-939
works with Wormhole Switching, in: ACM/IEEE Int Symposium on940
Networks-on-Chip (NOCS), pp. 161–170.941
[37] L. S. Indrusiak, J. Harbin, O. M. Santos, Fast Simulation of Networks-942
on-Chip with Priority-Preemptive Arbitration, ACM Trans. Des. Au-943
tom. Electron. Syst. 20 (2015) 56:1–56:22.944
[38] J. Harbin, L. S. Indrusiak, Comparative performance evaluation of la-945
tency and link dynamic power consumption modelling algorithms in946
wormhole switching networks on chip, Journal of Systems Architecture947
63 (2016) 33–47.948
33
