4,708 research outputs found
Design and implementation of robust embedded processor for cryptographic applications
Practical implementations of cryptographic algorithms are vulnerable to side-channel analysis and fault attacks. Thus, some masking and fault detection algorithms must be incorporated into these implementations. These additions further increase the complexity of the cryptographic devices which already need to perform computationally-intensive operations. Therefore, the general-purpose processors are usually supported by coprocessors/hardware accelerators to protect as well as to accelerate cryptographic applications. Using a configurable processor is just another solution. This work designs and implements robust execution units as an extension to a configurable processor, which detect the data faults (adversarial or otherwise) while performing the arithmetic operations. Assuming a capable adversary who can injects faults to the cryptographic computation with high precision, a nonlinear error detection code with high error detection capability is used. The designed units are tightly integrated to the datapath of the configurable processor using its tool chain. For different configurations, we report the increase in the space and time complexities of the configurable processor. Also, we present performance evaluations of the software implementations using the robust execution units. Implementation results show that it is feasible to implement robust arithmetic units with relatively low overhead in an embedded processor
Transparent code authentication at the processor level
The authors present a lightweight authentication mechanism that verifies the authenticity of code and thereby addresses the virus and malicious code problems at the hardware level eliminating the need for trusted extensions in the operating system. The technique proposed tightly integrates the authentication mechanism into the processor core. The authentication latency is hidden behind the memory access latency, thereby allowing seamless on-the-fly authentication of instructions. In addition, the proposed authentication method supports seamless encryption of code (and static data). Consequently, while providing the software users with assurance for authenticity of programs executing on their hardware, the proposed technique also protects the software manufacturers’ intellectual property through encryption. The performance analysis shows that, under mild assumptions, the presented technique introduces negligible overhead for even moderate cache sizes
On Making Emerging Trusted Execution Environments Accessible to Developers
New types of Trusted Execution Environment (TEE) architectures like TrustLite
and Intel Software Guard Extensions (SGX) are emerging. They bring new features
that can lead to innovative security and privacy solutions. But each new TEE
environment comes with its own set of interfaces and programming paradigms,
thus raising the barrier for entry for developers who want to make use of these
TEEs. In this paper, we motivate the need for realizing standard TEE interfaces
on such emerging TEE architectures and show that this exercise is not
straightforward. We report on our on-going work in mapping GlobalPlatform
standard interfaces to TrustLite and SGX.Comment: Author's version of article to appear in 8th Internation Conference
of Trust & Trustworthy Computing, TRUST 2015, Heraklion, Crete, Greece,
August 24-26, 201
FPGA based remote code integrity verification of programs in distributed embedded systems
The explosive growth of networked embedded systems has made ubiquitous and pervasive computing a reality. However, there are still a number of new challenges to its widespread adoption that include scalability, availability, and, especially, security of software. Among the different challenges in software security, the problem of remote-code integrity verification is still waiting for efficient solutions. This paper proposes the use of reconfigurable computing to build a consistent architecture for generation of attestations (proofs) of code integrity for an executing program as well as to deliver them to the designated verification entity. Remote dynamic update of reconfigurable devices is also exploited to increase the complexity of mounting attacks in a real-word environment. The proposed solution perfectly fits embedded devices that are nowadays commonly equipped with reconfigurable hardware components that are exploited to solve different computational problems
An IoT Endpoint System-on-Chip for Secure and Energy-Efficient Near-Sensor Analytics
Near-sensor data analytics is a promising direction for IoT endpoints, as it
minimizes energy spent on communication and reduces network load - but it also
poses security concerns, as valuable data is stored or sent over the network at
various stages of the analytics pipeline. Using encryption to protect sensitive
data at the boundary of the on-chip analytics engine is a way to address data
security issues. To cope with the combined workload of analytics and encryption
in a tight power envelope, we propose Fulmine, a System-on-Chip based on a
tightly-coupled multi-core cluster augmented with specialized blocks for
compute-intensive data processing and encryption functions, supporting software
programmability for regular computing tasks. The Fulmine SoC, fabricated in
65nm technology, consumes less than 20mW on average at 0.8V achieving an
efficiency of up to 70pJ/B in encryption, 50pJ/px in convolution, or up to
25MIPS/mW in software. As a strong argument for real-life flexible application
of our platform, we show experimental results for three secure analytics use
cases: secure autonomous aerial surveillance with a state-of-the-art deep CNN
consuming 3.16pJ per equivalent RISC op; local CNN-based face detection with
secured remote recognition in 5.74pJ/op; and seizure detection with encrypted
data collection from EEG within 12.7pJ/op.Comment: 15 pages, 12 figures, accepted for publication to the IEEE
Transactions on Circuits and Systems - I: Regular Paper
AES-CBC Software Execution Optimization
With the proliferation of high-speed wireless networking, the necessity for
efficient, robust and secure encryption modes is ever increasing. But,
cryptography is primarily a computationally intensive process. This paper
investigates the performance and efficiency of IEEE 802.11i approved Advanced
Encryption Standard (AES)-Rijndael ciphering/deciphering software in Cipher
Block Chaining (CBC) mode. Simulations are used to analyse the speed, resource
consumption and robustness of AES-CBC to investigate its viability for image
encryption usage on common low power devices. The detailed results presented in
this paper provide a basis for performance estimation of AES cryptosystems
implemented on wireless devices. The use of optimized AES-CBC software
implementation gives a superior encryption speed performance by 12 - 30%, but
at the cost of twice more memory for code size.Comment: 8 pages, IEEE 200
- …