4 research outputs found
Assessing the Performance of OpenTitan as Cryptographic Accelerator in Secure Open-Hardware System-on-Chips
RISC-V open-source systems are emerging in deployment scenarios where safety
and security are critical. OpenTitan is an open-source silicon root-of-trust
designed to be deployed in a wide range of systems, from high-end to deeply
embedded secure environments. Despite the availability of various cryptographic
hardware accelerators that make OpenTitan suitable for offloading cryptographic
workloads from the main processor, there has been no accurate and quantitative
establishment of the benefits derived from using OpenTitan as a secure
accelerator. This paper addresses this gap by thoroughly analysing strengths
and inefficiencies when offloading cryptographic workloads to OpenTitan. The
focus is on three key IPs - HMAC, AES, and OpenTitan Big Number accelerator
(OTBN) - which can accelerate four security workloads: Secure Hash Functions,
Message Authentication Codes, Symmetric cryptography, and Asymmetric
cryptography. For every workload, we develop a bare-metal driver for the
OpenTitan accelerator and analyze its efficiency when computation is offloaded
from a RISC-V application core within a System-on-Chip designed for secure
Cyber-Physical Systems applications. Finally, we assess it against a software
implementation on the application core. The characterization was conducted on a
cycle-accurate RTL simulator of the System-on-Chip (SoC). Our study
demonstrates that OpenTitan significantly outperforms software implementations,
with speedups ranging from 4.3x to 12.5x. However, there is potential for even
greater gains as the current OpenTitan utilizes a fraction of the accelerator
bandwidths, which ranges from 16% to 61%, depending on the memory being
accessed and the accelerator used. Our results open the way to the optimization
of OpenTitan-based secure platforms, providing design guidelines to unlock the
full potential of its accelerators in secure applications.Comment: 8 pages, 2 figures, accepted at CF'24 conference, pre camera-ready
versio
ControlPULP: A RISC-V On-Chip Parallel Power Controller for Many-Core HPC Processors with FPGA-Based Hardware-In-The-Loop Power and Thermal Emulation
High-Performance Computing (HPC) processors are nowadays integrated
Cyber-Physical Systems demanding complex and high-bandwidth closed-loop power
and thermal control strategies. To efficiently satisfy real-time multi-input
multi-output (MIMO) optimal power requirements, high-end processors integrate
an on-die power controller system (PCS).
While traditional PCSs are based on a simple microcontroller (MCU)-class
core, more scalable and flexible PCS architectures are required to support
advanced MIMO control algorithms for managing the ever-increasing number of
cores, power states, and process, voltage, and temperature variability.
This paper presents ControlPULP, an open-source, HW/SW RISC-V parallel PCS
platform consisting of a single-core MCU with fast interrupt handling coupled
with a scalable multi-core programmable cluster accelerator and a specialized
DMA engine for the parallel acceleration of real-time power management
policies. ControlPULP relies on FreeRTOS to schedule a reactive power control
firmware (PCF) application layer.
We demonstrate ControlPULP in a power management use-case targeting a
next-generation 72-core HPC processor. We first show that the multi-core
cluster accelerates the PCF, achieving 4.9x speedup compared to single-core
execution, enabling more advanced power management algorithms within the
control hyper-period at a shallow area overhead, about 0.1% the area of a
modern HPC CPU die. We then assess the PCS and PCF by designing an FPGA-based,
closed-loop emulation framework that leverages the heterogeneous SoCs paradigm,
achieving DVFS tracking with a mean deviation within 3% the plant's thermal
design power (TDP) against a software-equivalent model-in-the-loop approach.
Finally, we show that the proposed PCF compares favorably with an
industry-grade control algorithm under computational-intensive workloads.Comment: 33 pages, 11 figure
TitanCFI: Toward Enforcing Control-Flow Integrity in the Root-of-Trust
Modern RISC-V platforms control and monitor security-critical systems such as
industrial controllers and autonomous vehicles. While these platforms feature a
Root-of-Trust (RoT) to store authentication secrets and enable secure boot
technologies, they often lack Control-Flow Integrity (CFI) enforcement and are
vulnerable to cyber-attacks which divert the control flow of an application to
trigger malicious behaviours. Recent techniques to enforce CFI in RISC-V
systems include ISA modifications or custom hardware IPs, all requiring ad-hoc
binary toolchains or design of CFI primitives in hardware. This paper proposes
TitanCFI, a novel approach to enforce CFI in the RoT. TitanCFI modifies the
commit stage of the protected core to stream control flow instructions to the
RoT and it integrates the CFI enforcement policy in the RoT firmware. Our
approach enables maximum reuse of the hardware resource present in the
System-on-Chip (SoC), and it avoids the design of custom IPs and the
modification of the compilation toolchain, while exploiting the RoT
tamper-proof storage and cryptographic accelerators to secure CFI metadata. We
implemented the proposed architecture on a modern RISC-V SoC along with a
return address protection policy in the RoT, and benchmarked area and runtime
overhead. Experimental results show that TitanCFI achieves overhead comparable
to SoA hardware CFI solutions for most benchmarks, with lower area overhead,
resulting in 1% of additional area occupation.Comment: 6 pages, 1 figure, accepted at DATE'24 conference, pre camera-ready
versio
Cyber Security aboard Micro Aerial Vehicles: An OpenTitan-based Visual Communication Use Case
Autonomous Micro Aerial Vehicles (MAVs), with a form factor of 10cm in
diameter, are an emerging technology thanks to the broad applicability enabled
by their onboard intelligence. However, these platforms are strongly limited in
the onboard power envelope for processing, i.e., less than a few hundred mW,
which confines the onboard processors to the class of simple microcontroller
units (MCUs). These MCUs lack advanced security features opening the way to a
wide range of cyber security vulnerabilities, from the communication between
agents of the same fleet to the onboard execution of malicious code. This work
presents an open source System on Chip (SoC) design that integrates a 64 bit
Linux capable host processor accelerated by an 8 core 32 bit parallel
programmable accelerator. The heterogeneous system architecture is coupled with
a security enclave based on an open source OpenTitan root of trust. To
demonstrate our design, we propose a use case where OpenTitan detects a
security breach on the SoC aboard the MAV and drives its exclusive GPIOs to
start a LED blinking routine. This procedure embodies an unconventional visual
communication between two palm sized MAVs: the receiver MAV classifies the LED
state of the sender (on or off) with an onboard convolutional neural network
running on the parallel accelerator. Then, it reconstructs a high-level message
in 1.3s, 2.3 times faster than current commercial solutions