Secure Network-on-Chip Against Black Hole and Tampering Attacks

The Network-on-Chip (NoC) has become the communication heart of Multiprocessors-System-on-Chip (MPSoC). Therefore, it has been subject to a plethora of security threats to degrade the system performance or steal sensitive information. Due to the globalization of the modern semiconductor industry, many different parties take part in the hardware design of the system. As a result, the NoC could be infected with a malicious circuit, known as a Hardware Trojan (HT), to leave a back door for security breach purposes. HTs are smartly designed to be too small to be uncovered by offline circuit-level testing, so the system requires an online monitoring to detect and prevent the HT in runtime. This dissertation focuses on HTs inside the router of a NoC designed by a third party. It explores two HT-based threat models for the MPSoC, where the NoC experiences packet-loss and packet-tampering once the HT in the infected router is activated and is in the attacking state. Extensive experiments for each proposed architecture were conducted using a cycle-accurate simulator to demonstrate its effectiveness on the performance of the NoC-based system. The first threat model is the Black Hole Router (BHR) attack, where it silently discards the packets that are passing through without further announcement. The effect of the BHR is presented and analyzed to show the potency of the attack on a NoC-based system. A countermeasure protocol is proposed to detect the BHR at runtime and counteract the deliberate packet-dropping attack with a 26.9% area overhead, an average 21.31% performance overhead and a 22% energy consumption overhead. The protocol is extended to provide an efficient and power-gated scheme to enhance the NoC throughput and reduce the energy consumption by using end-to-end (e2e) approach. The power-gated e2e technique locates the BHR and avoids it with a 1% performance overhead and a 2% energy consumption overhead. The second threat model is a packet-integrity attack, where the HT tampers with the packet to apply a denial-of-service attack, steal sensitive information, gain unauthorized access, or misroute the packet to an unintended node. An authentic and secure NoC platform is proposed to detect and countermeasure the packet-tampering attack to maintain data-integrity and authenticity while keeping its secrecy with a 24.21% area overhead. The proposed NoC architecture is not only able to detect the attack, but also locates the infected router and isolates it from the network

Optimization of Advanced Encryption Standard (AES) Using Vivado High Level Synthesis (HLS)

Advanced Encryption Standard (AES) represents a fundamental building module of many network security protocols to ensure data confidentiality in various applications ranging from data servers to low-power hardware embedded systems. In order to optimize such hardware implementations, High-Level Synthesis (HLS) provides exibility in designing and rapid optimization of dedicated hardware to meet the design constraints. In this paper, we present the implementation of AES encryption processor on FPGA using Xilinx Vivado HLS. The AES architecture was analyzed and designed by loop unrolling, and inner-round and outer-round pipelining techniques to achieve a maximum throughput of the AES algorithm up to 1290 Mbps (Mega bit per second) with very significant low resources of 3.24% slices of the FPGA, achieving 3 Mbps per slice area

Teaching the Hardware Implementation of Cybesecurity Encryption Algorithms on FPGA Using Hands-On Projects

Cybersecurity is an important concept in today’s age of information and is of major interest to keep information secure, helping to protect sensitive information in the presence of untrusted third-parties. This has presented the need for an implemented hardware variant of secure algorithms with small footprint to help add protection while reducing processing time/overhead on a standard processor. In this work we present two hands-on projects that are designed specifically to teach these two concepts using project-based learning techniques in an innovative cooperative learning environment. The learning environment served to combine both student-peer learning and jigsaw strategies. The technical contents of the first project teach students the process and methodologies of designing and testing the hardware implementation of a block cipher encryption, the Advanced Encryption Standard, on a field-programmable gate array. The second project builds on the first by introducing the hardware implementation of hash message authentication codes through the Whirlpool hash function in three different operating modes. The objective of this work is to present an innovative teaching environment for these hands-on encryption algorithm-based projects using cooperative learning rather than a traditional mode of lecturing with given homework assignments. This environment encouraged students to think thoroughly, out-of-the-box, gain problem-solving skills, and improve their communication of technical concepts to peers through the delivery of student-led lectures. The assessment of student learning is accomplished by a mixture of presentations with peer evaluations, instructor evaluations, and thorough grading of project reports. End-of-course evaluations were positive regarding the learning environment and technical skills gained by students. For this work one assigned hands-on project for students working in groups resulted in unique per-group implementations, where in the second project, this led to different project perspectives and additions beyond a standard assigned project, enhanced by student-peer teaching. Students effectively learned and comprehended many different implementations of a widely used encryption and authentication algorithm via our modified teaching techniques

Analysis of Black Hole Router Attack in Network-on-Chip

Network-on-Chip (NoC) is the communication platform of the data among the processing cores in Multiprocessors System-on-Chip (MPSoC). NoC has become a target to security attacks and by outsourcing design, it can be infected with a malicious Hardware Trojan (HT) to degrades the system performance or leaves a back door for sensitive information leaking. In this paper, we proposed a HT model that applies a denial of service attack by deliberately discarding the data packets that are passing through the infected node creating a black hole in the NoC. It is known as Black Hole Router (BHR) attack. We studied the effect of the BHR attack on the NoC. The power and area overhead of the BHR are analyzed. We studied the effect of the locations of BHRs and their distribution in the network as well. The malicious nodes has very small area and power overhead, 1.98% and 0.74% respectively, with a very strong violent attack

Routing Aware and Runtime Detection for Infected Network-on-Chip Routers

Network-on-Chip (NoC) architecture is the communication heart of the processing cores in Multiprocessors Systemon-Chip (MPSoC), where messages are routed from a source to a destination through intermediate nodes. Therefore, NoC has become a target to security attacks. By experiencing outsourcing design, NoC can be infected with a malicious Hardware Trojans (HTs) which potentially degrade the system performance or leave a backdoor for secret key leaking. In this paper, we propose a HT model that applies a denial of service attack by misrouting the packets, which causes deadlock and consequently degrading the NoC performance. We present a secure routing algorithm that provides a runtime HT detection and avoiding scheme. Results show that our proposed model has negligible overhead in area and power, 0.4% and 0.6%, respectively

Runtime Packet-Dropping Detection of Faulty Nodes in Network-on-Chip

Due to the impact of ongoing deep sub-micron technology, billions of transistors are crammed in an integrated circuit to combine multiple systems on a single chip. Network-on-Chip (NoC) has become the communication infrastructure among these systems\u27 components. On the other hand, scaling down the feature size has increased the probability of faults which could be experienced in runtime. Therefore, online fault detection is considered in the system design. This paper presents an efficient method to detect and avoid faulty nodes that silently discard packets from the network. This method deals with control faults of the NoC routers, where the packets are received but are not saved in the buffers. In this work, a high level fault model is proposed. Also, a detection technique and fault tolerant method is presented. The proposed scheme is analyzed and evaluated. The results show 3.91%, 9.97%, and 8.82% overhead in area, power, and performance, respectively, while guaranteeing packet delivery to the destination

Efficient Mitigation Technique for Black Hole Router Attack in Network-on-Chip

The Multiprocessor System-on-Chip (MPSoC) has widely engaged in embedded systems. The MPSoC is mainly composed of multi-cores connected through an on-chip interconnection, Known as Network-on-Chip (NoC), which offers an efficient and scalable interconnection platform. The MPSoC presents a large degree of parallelism, where several applications are executing on multiple processors sharing the same NoC platform. So, it has made the NoC a focal point for potential security attacks. In the modern semiconductor industry, many different parties take part in the system design. As a result, the NoC could be infected with a malicious circuit, known as Hardware Trojan (HT), to apply a Denial-of-Service (DoS) attack. In this article, an HT threat model that applies a DoS attack by deliberately discarding the packets from the NoC is presented. The infected router that drops the packets is also known as Black Hole Router (BHR). A secure interconnection network against the BHR attack is presented. The proposed technique can detect, locate the BHR in runtime, and isolate it from the network routing by detouring the packets around the infected router. The designed model has been extended to reduce energy consumption during the BHR detection process. The experimental results demonstrate that the proposed energy-efficient runtime BHR detection has 1% and 2% throughput and energy consumption overheads, respectively

A Reconfigurable HexCell-Based Systolic Array Architecture for Evolvable Hardware on FPGA

Evolvable hardware is a system that modifies its architecture and behavior to adapt with changes of the environment. It is formed by reconfigurable processing elements driven by an evolutionary algorithm. In this paper, we study a reconfigurable HexCell-based systolic array architecture for evolvable systems on FPGA. HexCell is a processing element with a tile-able hexagonal-shaped cell for reconfigurable systolic arrays on FPGAs. The cell has three input ports feed into an internal functional-unit connected to three output ports. The functional-unit is configured using dynamic partial reconfiguration (DPR), and the output ports, in contrast, are configured using virtual reconfiguration circuit (VRC). Our proposed architecture combines the merits of both DPR and VRC to achieve fast reconfiguration and accelerated evolution. A HexCell-based 4 × 4 array was implemented on FPGA and utilized 32.5% look-up tables, 31.3% registers, and 1.4% block RAMs of Artix-7 (XC7Z020) while same-size conventional array consumed 8.7%, 5.1%, and 20.7% of the same FPGA, respectively. As a case study, we used an adaptive image filter as a test application. Results showed that the fitness of the best filters generated by our proposed architecture were generally fitter than those generated by the conventional state-of-the-art systolic array on the selected application. Also, performing 900,000 evaluations on HexCell array was 2.6 × faster than the conventional one

Real-Time Bitstream Decompression Scheme for FPGAs Reconfiguration

The state-of-the-art FPGAs require massive configuration files seeking on-chip large memory storage. Partial reconfigurable applications demand even more data storage for several additional partial bitstreams. To alleviate the memory storage requirements, bitstream compression techniques are needed. Efficient compression algorithms usually involve high complex hardware decompression circuits. This might increase the FPGA\u27s (re)configuration time. In run-time reconfigurable applications, the required time of the decompression engine must be minimized. In this paper, we present a design and implementation of a newly developed bitstream decompression algorithm. The decompression circuit was implemented using Xilinx Vivado EDA design suite on a Zynq-based FPGA. While consuming only 118 CLB slices, 0.89% of the fabric, the decompression speed can reach the theoretical maximum reconfiguration frequency of 400 MB/s on 100 MHz clock as verified by hardware implementation. Furthermore, the effect of the FIFO buffer size and DMA configuration parameters on the decompression speed were studied