Posts Tagged Embedded Systems
The three previous feedback implementations, feedback mode (FB), feedback mode with fault detection (FB_FD), and feedback mode with fault tolerance (FB_FT), have been considered for the definition of the whole AES security primitive. We have defined three reconfigurable modules which are the datapath, the SPC, and the SSC. An area constraint has been associated to each module as shown in Fig. 1. In this experiment, we have considered a single primitive but there is no limitation regarding that point.
The communication between the modules have been performed through three bus macro which are predefined Xilinx hard IPs. One bus macro is used to provide the fault signal between the datapath and the SSC. The two others are used between the datapath and the SPC and correspond to control signals (e.g., start, reset, done). The reconfiguration is performed by the SPC through the ICAP interface which allows for the dynamic and partial self-reconfiguration of the FPGA. Fig. 1 shows the three possible configurations. The area
overhead for the fault tolerant implementation is high compared to the two other solutions. The SPC and SSC modules are very small and remain constant for the three configurations. Their complexity is small compared to the datapath so that they represent a negligible area overhead. For this study, we have considered very simple performance and security policies which are basically based on a threshold crossing or on an attack or a fault detection. For real embedded systems, these policies might use more advanced techniques. However, the overhead costs should remain small compared to the datapath.
Fig. 1. Layout of the three configurations of the AES reconfigurable security primitive. Three modules are defined which are the datapath, the SPC, and the SSC.
Concerning the performance of such a solution, the reconfiguration time is directly related to the size of the bitstream. The full bitstream which is used at power-up represents 1415 kB and the three partial bitstreams for the FB, FB_FD, FB_FT configurations are respectively equal to 356, 356, and 463 kB. In our case, the clock of the ICAP interface is 50 MHz which leads to an average reconfiguration time around 8 ms. Each time a reconfiguration is performed there is also an overhead cost in terms of power. However, this overhead is negligible for the FPGA power core and represents an increase of around 6% for the FPGA power supply.
In the past, embedded systems tended to perform one or a few fixed functions.
The trend is for embedded systems to perform multiple functions and
also to provide the ability to download new software to implement new or
updated applications in the field, rather than only in the more controlled environment
of the factory. While this certainly increases the flexibility and
useful lifetime of an embedded system, it poses new challenges in terms
of the increased likelihood of attacks by malicious parties. An embedded
system should ideally provide required security functions, implement them
efficiently and also defend against attacks by malicious parties. We discuss
these below, especially in the context of the additional challenges faced
by resource-constrained embedded systems in an environment of ubiquitous
networking and pervasive computing.
Figure 1 illustrates the architectural design space for secure embedded
processing systems. Different macro-architecture models are listed in the
first row, and described further below. These include embedded general purpose
processor (EP) vs. application-specific instruction set processor
(ASIP) vs. EP with custom hardware accelerators connected to the processor
bus, etc.). The second row details instruction-set architecture and
micro-architecture choices for tuning the base processor where appropriate.
The third row articulates security processing features that must be chosen
or designed. For example, choosing the functionality to be implemented
by custom instructions, hardware accelerators or general-purpose instruction
primitives. The fourth row involves selection of attack-resistant features
in the embedded processor and embedded system design. These protect
against both software attacks and physical attacks.
This may include an enhanced memory management unit to manage a secure
memory space, process isolation architecture, additional redundant circuitry
for thwarting power analysis attacks, and fault detection circuitry.
Figure 1: Architectural design space for secure information processing
additional redundant circuitry, application-specific instruction set processor, attack-resistant features, Attacks, embedded general purpose processor, EMBEDDED PROCESSING, Embedded Systems, pervasive computing, ubiquitous networking
The power consumption of any hardware circuit (cryptographic ASICs or processors running
cryptographic software) is a function of the switching activity at the wires inside it.
Since the switching activity (and hence, power consumption) is data dependent, it is not
surprising that the key used in a cryptographic algorithm can be inferred from the power
consumption statistics gathered over a wide range of input data. These attacks are called
power analysis attacks and have been shown to be very effective in breaking embedded
systems such as smartcards. Power analysis attacks are categorized into two main classes:
Simple Power Analysis (SPA) attacks and Differential Power Analysis (DPA) attacks.
SPA attacks rely on the observation that in some systems, the power profile of
cryptographic computations can be directly used to reveal cryptographic information. For
example, Figure 1 shows the power consumption profile for an ASIC implementing the DES
algorithm. From the profile, one can easily identify the 16 rounds of the DES algorithm.
While SPA attacks have been useful in determining higher granularity information such as
the cryptographic algorithm used, the cryptographic operations being performed, etc.,
they require reasonably high resolution to reveal the cryptographic key directly. In
practice, SPA attacks have been found be useful in augmenting or simplifying brute-force
attacks. For example, it has been shown in that the brute-force search space for a SW DES
implementation on an 8-bit processor with 7 Bytes of key data can be reduced to 2^40 keys
from 2^56 keys with the help of SPA.
Figure 1: The power consumption profile of a custom hardware implementation
of the DES algorithm
DPA attacks employ statistical analysis to infer the cryptographic key from power
consumption data. These attacks use the notion of differential traces (difference between
traces) to overcome the disadvantages of measurement error and noise associated with SPA
techniques. DPA has been shown to be highly robust and effective in extracting keys from
several embedded systems, not limited to smartcards. Recent approaches such as enhance the
effectiveness of DPA attacks by providing techniques that improve the signal to noise
ratio. While the initial DPA attacks targeted DES implementations, DPA has also been used
to break public-key cryptosystems.
ASICs, cryptographic algorithm, cryptography, DES algorithm, Differential Power Analysis, DPA, Embedded Systems, Power Analysis Attacks, public key, secure, Secure Embedded Systems, Simple Power Analysis, SPA
At the top level, attacks are classified into three main categories based on their functional objectives.
- Privacy attacks: The objective of these attacks is to gain knowledge of sensitive information stored,
communicated, or manipulated within an embedded system.
- Integrity attacks: These attacks attempt to change data or code associated with an embedded system.
- Availability attacks: These attacks disrupt the normal functioning of the system by mis-appropriating
system resources so that they are unavailable for normal operation.
A second level of classification of attacks on embedded systems is based on the agents or means used to
launch the attacks. These agents are typically grouped into three main categories as shown in Figure 1:
Figure 1: Taxonomy of attacks on embedded systems
- Software attacks : which refer to attacks launched through software agents such as viruses,
trojan horses, worms, etc.
- Physical or Invasive attacks : which refer to attacks that require physical intrusion into the system
at some level (chip, board, or system level).
- Side-channel attacks : which refer to attacks that are based on observing properties of the system
while it performs cryptographic operations, e.g., execution time, power consumption, or behavior in the
presence of faults.
The agents used to launch attacks may either be passive in the sense that they do not interfere in any
manner with system execution (e.g., merely probe or observe certain properties), or may actively
interfere with the target system’s operation. Integrity and availability attacks require interference
with the system in some manner, and hence can be launched only through active agents.
It bears mentioning that, although we have classified attacks into various categories for the sake of
understanding. In practice, attackers often use a combination of various techniques to achieve their
objectives. For example, physical attacks may be used as a pre-cursor to side-channel attacks
(removing a chip’s packaging before observing the values on global wires within the chip). Our
classification is also by no means exhaustive, nor is it intended to be — the ingenuity of attackers
who invariably come up with new schemes to break security is arguably the greatest challenge to
agents, Attacks, Availability attacks, cryptographic, data, Embedded Systems, execution time, Integrity attacks, Invasive attacks, passive, Physical attacks, power consumption, Privacy attacks, Secure Embedded Systems, Side-channel attacks, Software Attacks, Viruses
Embedded systems, which will be ubiquitously used to capture, store, manipulate, and access data of a
sensitive nature, pose several unique and interesting security challenges. Security has been the
subject of intensive research in the areas of cryptography, computing, and networking. However,
security is often mis-construed by embedded system designers as the addition of features, such as
specific cryptographic algorithms and security protocols, to the system. In reality, it is an entirely
new metric that designers should consider throughout the design process, along with other metrics
such as cost, performance, and power.security in one form or another is a requirement for an increasing
number of embedded systems, ranging from low-end systems such as PDAs, wireless handsets, networked
sensors, and smart cards, to high-end systems such as routers, gateways, firewalls, storage servers,
and web servers. Technological advances that have spurred the development of these electronic systems
have also ushered in seemingly parallel trends in the sophistication of security attacks. It has been
observed that the cost of insecurity in electronic systems can be very high. For example, it was
estimated that the “I Love You” virus caused nearly one billion dollars in lost revenues worldwide.
With an increasing proliferation of such attacks, it is not surprising that a large number of users in
the mobile commerce world (nearly 52% of cell phone users and 47% of PDA users, according to a survey
by Forrester Research) feel that security is the single largest concern preventing the successful
deployment of next-generation mobile services. With the evolution of the Internet, information and
communications security has gained significant attention. For example, various security protocols
and standards such as IPSec, SSL, WEP, and WTLS, are used for secure communications. While security
protocols and the cryptographic algorithms they contain address security considerations from a
functional perspective, many embedded systems are constrained by the environments they operate in, and
by the resources they possess. For such systems, there are several factors that are moving security
considerations from a functioncentric perspective into a system architecture (hardware/software) design issue.
- An ever increasing range of attack techniques for breaking security such as software, physical and
side-channel attacks require that the embedded system be secure even when it can be logically or physically
accessed by malicious entities. Resistance to such attacks can be ensured only if built into the system
architecture and implementation.
- The processing capabilities of many embedded systems are easily overwhelmed by the computational demands of
security processing, leading to undesirable tradeoffs between security and cost, or security and performance.
- Battery-driven systems and small form-factor devices such as PDAs, cell phones and networked sensors often
operate under stringent resource constraints (limited battery, storage and computation capacities). These
constraints only worsen when the device is subject to the demands of security.
- Embedded system architectures need to be flexible enough to support the rapid evolution of security mechanisms
- New security objectives, such as denial of service and digital content protection, require a higher degree of
co-operation between security experts and embedded system architects.
Architectures, Battery Life, cryptography, DES, Design, Design Methodologies, Digital Rights Management, Embedded Systems, IPSec, Performance, Public key cryptosystems, Security, Security Processing, Security Protocols, Software Attacks, SSL, Tamper Resistance, Trusted Computing, Viruses, WEP, WTLS
- blog.editeon.com/strategies-for… fb.me/Y3YPHsiF 18 hours ago
- What are the Chicago manual of style & Turabian? shar.es/xXF0j via @sharethis 5 days ago
- What are the Chicago manual of style & Turabian? shar.es/xXQl6 via @sharethis 5 days ago
- blog.editeon.com/genre-knowledg… fb.me/Js2cIXtN 2 weeks ago
- Writing an Empirical Paper in APA Style blog.editeon.com/writing-an-emp… 1 month ago