Jérémie Crenne
Abstract
System security is an increasingly important design criterion for many embedded systems. These systems are often portable and more easily attacked than traditional desktop and server computing systems. Key requirements for system security include defenses against physical attacks and lightweight support in terms of area and power consumption. Our new approach to embedded system security focuses on the protection of application loading and secure application execution. During secure application loading, an encrypted application is transferred from on-board flash memory to external double data rate synchronous dynamic random access memory (DDR-SDRAM) via a microprocessor. Following application loading, the core-based security technique provides both confidentiality and authentication for data stored in a microprocessor's system memory. The benefits of our low overhead memory protection approaches are demonstrated using four applications implemented in a field-programmable gate array (FPGA) in an embedded system prototyping platform. Each application requires a collection of tasks with varying memory security requirements. The configurable security core implemented on-chip inside the FPGA with the microprocessor allows for different memory security policies for different application tasks. An average memory saving of 63% is achieved for the four applications versus a uniform security approach. The lightweight circuitry included to support application loading from flash memory adds about 10% FPGA area overhead to the processor-based system and main memory security hardware.
- Altera Corporation 2008. FPGA Design Security Solution Using a Secure Memory Device Reference Design. Altera Corporation.Google Scholar
- Alves, T. and Felton, D. 2004. TrustZone: Integrated Hardware and Software Security. ARM White Paper.Google Scholar
- Anderson, R. 2001. Security Engineering. John Wiley & Sons, Inc., New York, NY.Google Scholar
- Arbaugh, W., Farber, D., and Smith, J. 1997. A secure and reliable bootstrap architecture. In Proceedings of the IEEE Symposium on Security and Privacy. 65--71. Google ScholarDigital Library
- Badrignans, B., Elbaz, R., and Torres, L. 2008. Secure FPGA configuration architecture preventing system downgrade. In Proceedings of the International Conference on Field-Programmable Logic and Applications. 317--322.Google Scholar
- Dietrich, K. and Winter, J. 2008. Secure boot revisited. In Proceedings of the International Conference for Young Computer Scientists. 2360--2365. Google ScholarDigital Library
- Dougherty, E. R. and Lotufo, R. A. 2003. Hands-on Morphological Image Processing. SPIE Press, New York, NY.Google Scholar
- Drimer, S., Güneysu, T., and Paar, C. 2010. DSPs, BRAMs, and a pinch of logic: Extended recipes for AES on FPGAs. ACM Trans. Reconfigurable Technol. Syst. 3, 1, 1--27. Google ScholarDigital Library
- Elbaz, R., Torres, L., Sassatelli, G., Guillemin, P., Bardouillet, M., and Martinez, A. 2006. A parallelized way to provide data encryption and integrity checking on a processor-memory bus. In Proceedings of the IEEE/ACM International Design Automation Conference. 506--509. Google ScholarDigital Library
- Gassend, B., Suh, G. E., Clarke, D., van Dijk, M., and Devadas, S. 2003. Caches and Merkle trees for efficient memory integrity verification. In Proceedings of the International Symposium on High Performance Computer Architecture. 295--306. Google ScholarDigital Library
- Heath, C. and Klimov, A. 2006. A foundation for secure mobile DRM embedded security. Wireless Design Magazine, 32--34.Google Scholar
- LaBrosse, J. 2002. MicroC/OS-II: The Real-Time Kernel. CMP Books, San Francisco, CA. Google ScholarDigital Library
- Lee, K. and Orailoglu, A. 2008. Application specific non-volatile primary memory for embedded systems. In Proceedings of the International Conference on Hardware/Software Codesign and System Synthesis. 31--36. Google ScholarDigital Library
- Lie, D., Thekkath, C., and Horowitz, M. 2003. Implementing an untrusted operating system on trusted hardware. In Proceedings of the ACM Symposium on Operating Systems Principles. 178--192. Google ScholarDigital Library
- McGrew, D. and Viega, J. 2004. The Galois/Counter Mode of Operation (GCM). Submission to NIST Modes of Operation Process.Google Scholar
- National Institute of Standards and Technology 2007. Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and (GMAC). National Institute of Standards and Technology. Special publication 800-38D.Google Scholar
- Pasotti, M., Sandre, G. D., Iezzi, D., Lena, D., Muzzi, G., Poles, M., and Rolandi, P. L. 2003. An application specific embeddable flash memory system for non-volatile storage of code, data and bit-streams for embedded FPGA configurations. In Proceedings of the Symposium on VLSI Circuits. 213--216.Google Scholar
- Suh, G. E., Clarke, D., Gassend, B., van Dijk, M., and Devadas, S. 2003. Efficient memory integrity verification and encryption for secure processors. In Proceedings of the IEEE/ACM International Symposium on Microarchitecture. 339--350. Google ScholarDigital Library
- Suh, G. E., O'Donnell, C. W., Sachdev, I., and Devadas, S. 2005. Design and implementation of the AEGIS single-chip secure processor using physical random functions. In Proceedings of the International Symposium on Computer Architecture. 25--36. Google ScholarDigital Library
- Vaslin, R., Gogniat, G., Diguet, J.-P., Tessier, R., Unnikrishnan, D., and Gaj, K. 2008. Memory security management for reconfigurable embedded systems. In Proceedings of the IEEE Conference on Field Programmable Technology. 153--160.Google Scholar
- Xilinx Corporation 2005. Lock Your Designs with the Virtex-4 Security Solution. Xilinx Corporation.Google Scholar
- Xilinx Corporation 2009. Microblaze Processor Reference Guide. Xilinx Corporation.Google Scholar
- Xilinx Corporation - DS160 2010. Spartan-6 Family Overview. Xilinx Corporation - DS160.Google Scholar
- Xilinx Corporation - UG526 2010. SP605 Hardware User Guide. Xilinx Corporation - UG526.Google Scholar
- Yan, C., Rogers, B., Englender, D., Solihin, Y., and Prvulovic, M. 2006. Improving cost, performance, and security of memory encryption and authentication. In Proceedings of the International Symposium on Computer Architecture. 179--190. Google ScholarDigital Library
Index Terms
- Configurable memory security in embedded systems
Recommendations
High-Throughput Re-configurable content-addressable memory on FPGAs
ITCC '19: Proceedings of the 2019 International Conference on Information Technology and Computer CommunicationsContent-addressable memory (CAM) is a searching memory which provides the address of the search key in a single clock cycle. High speed lookup operation of CAM makes it extremely attractive in security, in-memory computing, distributed systems and ...
Rapid Implementation of Embedded Systems using Xilinx Zynq Platform
SEEDA-CECNSM '16: Proceedings of the SouthEast European Design Automation, Computer Engineering, Computer Networks and Social Media ConferenceIn any digital system design, it is crucial to achieve the lowest time-to-market possible. Indeed, that need has pushed large FPGA manufacturers to produce SoCs which will implement reprogrammable logic along with CPU and DSP cores. Especially, during ...
Real-time embedded systems powered by FPGA dynamic partial self-reconfiguration: a case study oriented to biometric recognition applications
This work aims to pave the way for an efficient open system architecture applied to embedded electronic applications to manage the processing of computationally complex algorithms at real-time and low-cost. The target is to define a standard ...
Comments