106 research outputs found
Encryption AXI Transaction Core for Enhanced FPGA Security
The current hot topic in cyber-security is not constrained to software layers. As attacks on electronic circuits have become more usual and dangerous, hardening digital System-on-Chips has become crucial. This article presents a novel electronic core to encrypt and decrypt data between two digital modules through an Advanced eXtensible Interface (AXI) connection. The core is compatible with AXI and is based on a Trivium stream cipher. Its implementation has been tested on a Zynq platform. The core prevents unauthorized data extraction by encrypting data on the fly. In addition, it takes up a small area—242 LUTs—and, as the core’s AXI to AXI path is fully combinational, it does not interfere with the system’s overall performance, with a maximum AXI clock frequency of 175 MHz.This work has been supported within the fund for research groups of the Basque university system IT1440-22 by the Department of Education and within the PILAR ZE-2020/00022 and COMMUTE ZE-2021/00931 projects by the Hazitek program, both of the Basque Government, the latter also by the Ministerio de Ciencia e Innovación of Spain through the Centro para el Desarrollo Tecnológico Industrial (CDTI) within the project IDI-20201264 and IDI-20220543 and through the Fondo Europeo de Desarrollo Regional 2014–2020 (FEDER funds)
A High Performance Advanced Encryption Standard (AES) Encrypted On-Chip Bus Architecture for Internet-of-Things (IoT) System-on-Chips (SoC)
With industry expectations of billions of Internet-connected things, commonly referred to as the IoT, we see a growing demand for high-performance on-chip bus architectures with the following attributes: small scale, low energy, high security, and highly configurable structures for integration, verification, and performance estimation.
Our research thus mainly focuses on addressing these key problems and finding the balance among all these requirements that often work against each other. First of all, we proposed a low-cost and low-power System-on-Chips (SoCs) architecture (IBUS) that can frame data transfers differently. The IBUS protocol provides two novel transfer modes – the block and state modes, and is also backward compatible with the conventional linear mode. In order to evaluate the bus performance automatically and accurately, we also proposed an evaluation methodology based on the standard circuit design flow. Experimental results show that the IBUS based design uses the least hardware resource and reduces energy consumption to a half of an AMBA Advanced High-Performance Bus (AHB) and Advanced eXensible Interface (AXI). Additionally, the valid bandwidth of the IBUS based design is 2.3 and 1.6 times, respectively, compared with the AHB and AXI based implementations.
As IoT advances, privacy and security issues become top tier concerns in addition to the high performance requirement of embedded chips. To leverage limited resources for tiny size chips and overhead cost for complex security mechanisms, we further proposed an advanced IBUS architecture to provide a structural support for the block-based AES algorithm. Our results show that the IBUS based AES-encrypted design costs less in terms of hardware resource and dynamic energy (60.2%), and achieves higher throughput (x1.6) compared with AXI.
Effectively dealing with the automation in design and verification for mixed-signal integrated circuits is a critical problem, particularly when the bus architecture is new. Therefore, we further proposed a configurable and synthesizable IBUS design methodology. The flexible structure, together with bus wrappers, direct memory access (DMA), AES engine, memory controller, several mixed-signal verification intellectual properties (VIPs), and bus performance models (BPMs), forms the basic for integrated circuit design, allowing engineers to integrate application-specific modules and other peripherals to create complex SoCs
A Survey on Security Threats and Countermeasures in IEEE Test Standards
International audienceEditor's note: Test infrastructure has been shown to be a portal for hackers. This article reviews the threats and countermeasures for IEEE test infrastructure standards
An IoT Endpoint System-on-Chip for Secure and Energy-Efficient Near-Sensor Analytics
Near-sensor data analytics is a promising direction for IoT endpoints, as it
minimizes energy spent on communication and reduces network load - but it also
poses security concerns, as valuable data is stored or sent over the network at
various stages of the analytics pipeline. Using encryption to protect sensitive
data at the boundary of the on-chip analytics engine is a way to address data
security issues. To cope with the combined workload of analytics and encryption
in a tight power envelope, we propose Fulmine, a System-on-Chip based on a
tightly-coupled multi-core cluster augmented with specialized blocks for
compute-intensive data processing and encryption functions, supporting software
programmability for regular computing tasks. The Fulmine SoC, fabricated in
65nm technology, consumes less than 20mW on average at 0.8V achieving an
efficiency of up to 70pJ/B in encryption, 50pJ/px in convolution, or up to
25MIPS/mW in software. As a strong argument for real-life flexible application
of our platform, we show experimental results for three secure analytics use
cases: secure autonomous aerial surveillance with a state-of-the-art deep CNN
consuming 3.16pJ per equivalent RISC op; local CNN-based face detection with
secured remote recognition in 5.74pJ/op; and seizure detection with encrypted
data collection from EEG within 12.7pJ/op.Comment: 15 pages, 12 figures, accepted for publication to the IEEE
Transactions on Circuits and Systems - I: Regular Paper
Heterogeneous processor pipeline for a product cipher application
Processing data received as a stream is a task commonly performed by modern
embedded devices, in a wide range of applications such as multimedia
(encoding/decoding/ playing media), networking (switching and routing), digital
security, scientific data processing, etc. Such processing normally tends to be
calculation intensive and therefore requiring significant processing power.
Therefore, hardware acceleration methods to increase the performance of such
applications constitute an important area of study. In this paper, we present
an evaluation of one such method to process streaming data, namely
multi-processor pipeline architecture. The hardware is based on a
Multiple-Processor System on Chip (MPSoC), using a data encryption algorithm as
a case study. The algorithm is partitioned on a coarse grained level and mapped
on to an MPSoC with five processor cores in a pipeline, using specifically
configured Xtensa LX3 cores. The system is then selectively optimized by
strengthening and pruning the resources of each processor core. The optimized
system is evaluated and compared against an optimal single-processor System on
Chip (SoC) for the same application. The multiple-processor pipeline system for
data encryption algorithms used was observed to provide significant speed ups,
up to 4.45 times that of the single-processor system, which is close to the
ideal speed up from a five-stage pipeline
A Survey of Recent Developments in Testability, Safety and Security of RISC-V Processors
With the continued success of the open RISC-V architecture, practical deployment of RISC-V processors necessitates an in-depth consideration of their testability, safety and security aspects. This survey provides an overview of recent developments in this quickly-evolving field. We start with discussing the application of state-of-the-art functional and system-level test solutions to RISC-V processors. Then, we discuss the use of RISC-V processors for safety-related applications; to this end, we outline the essential techniques necessary to obtain safety both in the functional and in the timing domain and review recent processor designs with safety features. Finally, we survey the different aspects of security with respect to RISC-V implementations and discuss the relationship between cryptographic protocols and primitives on the one hand and the RISC-V processor architecture and hardware implementation on the other. We also comment on the role of a RISC-V processor for system security and its resilience against side-channel attacks
Enhanced TACIT Encryption and Decryption Algorithm for Secured Data Routing in 3-D Network-on-Chip based Interconnection of SoC for IoT Application
This paper presents an enhanced TACIT (E-TACIT) encryption and decryption routing technique. It protects from illegal extraction of secret data in three-dimensional (3−D) routers of Network-on-Chip (NoC) by generating HASH function-based key. The E-TACIT technique solves keys and blocks size limitation of existing anticipated methods, as it has been designed for ‘n’ bit key and ‘n’ block size. Therefore, it secures data while routing process in 3−D NoC based interconnected System-on-chips (SoCs) for Internet-of-Thing (IoT) application. The NoC based interconnection provides high scalability and requires low energy consumption for data processing than conventional bus-based SoCs. The E-TACIT has been examined for Moving Picture Experts Group (MPEG-4). The technique synthesized using Vivado 2016.2 and implemented on ZYNQ XC7Z020-CLG484 FPGA for 1024 bits and verified using a network simulator. Here, we have also incorporated pipelining, re-trimming, and clock gating techniques in the design and used Dual-Port RAM during verification, which helps in achieving low latency and high throughput and occupy less silicon in comparison to Data Encryption Standard (DES) and Advanced Encryption Standard (AES) techniques
- …