Abstract
It is known that maliciously configured Network-on-Chip routers can enable an attacker to launch different attacks inside a Multiprocessor System-on-Chip. A source authentication mechanism for router configuration packets can prevent such vulnerability. This ensures that a router is configured by the configuration packets sent only by a trusted configuration source. Conventional method like Secure Hash Algorithm-3 (SHA-3) can provide required source authentication in a router but with a router area overhead of 1355.25% compared to a normal router area. We propose eight source authentication mechanisms that can achieve similar level of security as SHA-3 for a router configuration perspective without causing significant area and power increase. Moreover, the processing time of our proposed techniques is 1/100th of SHA-3 implementation. Most of our proposed techniques use different timing channel watermarking methods to transfer source authentication data to the receiver router. We also propose the Individual packet-based stream authentication technique and combinations of this technique with timing channel watermarking techniques. It is shown that, among all of our proposed techniques, maximum router area increment required is 28.32% compared to a normal router.
- K. Ahsan and D. Kundur. 2002. Practical data hiding in TCP/IP. In Proceedings of the Workshop on Multimedia Security at ACM Multimedia’02. Juan Les Pins, France.Google Scholar
- R. Archibald and D. Ghosal. 2012. A covert timing channel based on fountain codes. In Proceedings of the 2012 IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom). 970--977. Google ScholarDigital Library
- Rennie Archibald and Dipak Ghosal. 2014. A comparative analysis of detection metrics for covert timing channels. Comput. Security 45 (2014), 284--292. Google ScholarDigital Library
- Vincent Berk, Annarita Giani, and George Cybenko. 2005. Detection of Covert Channel Encoding in Network Packet Delays. Technical Report TR536. Department of Computer Science, Dartmouth College.Google Scholar
- Guido Bertoni, Joan Daemen, Michael Peeters, and Gilles Van Assche. 2011. The KECCAK Reference. Technical Report. Version 3.0.Google Scholar
- Arnab Kumar Biswas, S. K. Nandy, and Ranjani Narayan. 2015a. Network-on-chip router attacks and their prevention in MP-SoCs with multiple trusted execution environments. In Proceedings of the 2015 IEEE International Conference on Electronics, Computing and Communication Technologies (IEEE CONECCT). 1--6.Google ScholarCross Ref
- Arnab Kumar Biswas, S. K. Nandy, and Ranjani Narayan. 2015b. Router attack toward NoC-enabled MPSoC and monitoring countermeasures against such threat. Circ., Syst. Sign. Process. 34, 10 (2015), 3241--3290. Google ScholarDigital Library
- Bluespec. 2015. Homepage. Retrieved from http://www.bluespec.com.Google Scholar
- Serdar Cabuk. 2006. Network Covert Channels: Design, Analysis, Detection, and Elimination. Ph.D. Dissertation. Purdue University. Google ScholarDigital Library
- Serdar Cabuk, Carla E. Brodley, and Clay Shields. 2004. IP covert timing channels: Design and detection. In Proceedings of the 11th ACM Conference on Computer and Communications Security (CCS’04). Washington DC, 178--187. Google ScholarDigital Library
- Christian Cachin. 2004. An information-theoretic model for steganography. Inform. Comput. 192, 1 (2004), 41--56. Google ScholarDigital Library
- R. C. Chakinala, A. Kumarasubramanian, R. Manokaran, G. Noubir, C.Pandu Rangan, and R. Sundaram. 2007. Steganographic communication in ordered channels. In Information Hiding. LNCS, Vol. 4437. 42--57. Google ScholarDigital Library
- Pierre Dusart and Sinaly Traoré. 2013. Lightweight authentication protocol for low-cost RFID tags. In WISTP 2013. 129--144.Google ScholarCross Ref
- A. El-Atawy and E. Al-Shaer. 2009. Building covert channels over the packet reordering phenomenon. In IEEE INFOCOM 2009. 2186--2194. Google ScholarCross Ref
- A. El-Atawy, Q. Duan, and E. Al-Shaer. 2015. A novel class of robust covert channels using out-of-order packets. IEEE Trans. Depend. Sec. Comput. PP, 99 (2015), 1--1.Google Scholar
- R. J. Fong, S. J. Harper, and P. M. Athanas. 2003. A versatile framework for FPGA field updates: An application of partial self-reconfiguration. In Proceedings of the 14th IEEE International Workshop on Rapid Systems Prototyping, 2003. 117--123. Google ScholarDigital Library
- Rosario Gennaro and Pankaj Rohatgi. 1997. How to sign digital streams. In Advances in Cryptology (CRYPTO’97). LNCS, Vol. 1294. 180--197. Google ScholarDigital Library
- Alberto Ghiribaldi, Daniele Ludovici, Francisco Triviño, Alessandro Strano, José Flich, José LUIS Sánchez, Francisco Alfaro, Michele Favalli, and Davide Bertozzi. 2013. A complete self-testing and self-configuring NoC infrastructure for cost-effective MPSoCs. ACM Trans. Embed. Comput. Syst. 12, 4, Article 106 (July 2013), 29 pages. Google ScholarDigital Library
- Ilija Hadzic, Sanjay Udani, and JonathanM. Smith. 1999. FPGA viruses. In Field Programmable Logic and Applications. LNCS, Vol. 1673. 291--300. Google ScholarDigital Library
- Mohamed Hefeeda and Kianoosh Mokhtarian. 2010. Authentication schemes for multimedia streams: Quantitative analysis and comparison. ACM Trans. Multimedia Comput. Commun. Appl. 6, 1, Article 6 (Feb. 2010). Google ScholarDigital Library
- A. Houmansadr, N. Kiyavash, and N. Borisov. 2009. Multi-flow attack resistant watermarks for network flows. In Proceedings of the IEEE International Conference on Acoustics, Speech and Signal Processing. 1497--1500. Google ScholarDigital Library
- Kekai Hu, Tilman Wolf, Thiago Teixeira, and Russell Tessier. 2014. System-level security for network processors with hardware monitors. In Proceedings of the 51st Annual Design Automation Conference (DAC’14). 1--6. Google ScholarDigital Library
- Tom Kean. 2001. Secure configuration of field programmable gate arrays. In Field-Programmable Logic and Applications. LNCS, Vol. 2147. 142--151. Google ScholarDigital Library
- Negar Kiyavash, Amir Houmansadr, and Nikita Borisov. 2008. Multi-flow attacks against network flow watermarking schemes. In Proceedings of the 17th USENIX Security Symposium. Google ScholarDigital Library
- S. Kullback and R. A. Leibler. 1951. On information and sufficiency. Ann. Math. Statist. 22, 1 (03 1951), 79--86.Google Scholar
- Byeong Kil Lee and L. K. John. 2003. NpBench: A benchmark suite for control plane and data plane applications for network processors. In Proceedings of the 21st International Conference on Computer Design, 2003. 226--233. Google ScholarDigital Library
- Hongwei Li, Rongxing Lu, Liang Zhou, Bo Yang, and Xuemin Shen. 2014. An efficient merkle-tree-based authentication scheme for smart grid. IEEE Syst. J. 8, 2 (June 2014), 655--663. Google ScholarCross Ref
- Ralph Charles Merkle. 1979. Secrecy, Authentication, and Public Key Systems. Ph.D. Dissertation. Stanford University.Google Scholar
- National Institute of Standards and Technology. 2015. FIPS PUB 202: SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions. NIST, Gaithersburg, MD.Google Scholar
- Michael K. Papamichael and James C. Hoe. 2012. CONNECT: Re-examining conventional wisdom for designing nocs in the context of FPGAs. In Proceedings of the ACM/SIGDA International Symposium on Field Programmable Gate Arrays (FPGA’12). 37--46. Google ScholarDigital Library
- Young June Pyun, Younghee Park, Douglas S. Reeves, Xinyuan Wang, and Peng Ning. 2012. Interval-based flow watermarking for tracing interactive traffic. Comput. Netw. 56, 5 (2012), 1646--1665. Google ScholarDigital Library
- Young June Pyun, Young Hee Park, Xinyuan Wang, D. S. Reeves, and Peng Ning. 2007. Tracing traffic through intermediate hosts that repacketize flows. In Proceedings of the 26th IEEE International Conference on Computer Communications (INFOCOM 2007). 634--642. Google ScholarDigital Library
- Vincenzo Rana, David Atienza, Marco Domenico Santambrogio, Donatella Sciuto, and Giovanni De Micheli. 2010. A reconfigurable network-on-chip architecture for optimal multi-processor SoC communication. In VLSI-SoC 2008. Springer, Berlin, 232--250. Google ScholarCross Ref
- Gert Schley, Ibrahim Ahmed, Muhammad Afzal, and Martin Radetzki. 2016. Reconfigurable fault tolerant routing for networks-on-chip with logical hierarchy. Computers 8 Electrical Engineering 51 (April 2016), 195--206. Google ScholarDigital Library
- William Stallings. 2014. Cryptography and Network Security: Principles and Practice, 6th Edition. Pearson Education, Inc., Upper Saddle River, NJ. Google ScholarDigital Library
- Yanan Sun, Xiaohong Guan, Ting Liu, and Yu Qu. 2012. An identity authentication mechanism based on timing covert channel. In Proceedings of the 2012 IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom). 832--836. Google ScholarDigital Library
- Yun Tian, Gongliang Chen, and Jianhua Li. 2012. A new ultralightweight RFID authentication protocol with permutation. IEEE Commun. Lett. 16, 5 (May 2012), 702--705. Google ScholarCross Ref
- Jo Vliegen, Nele Mentens, and Ingrid Verbauwhede. 2014. Secure, remote, dynamic reconfiguration of FPGAs. ACM Trans. Reconfigurable Technol. Syst. 7, 4, Article 35 (Dec. 2014), 19 pages. Google ScholarDigital Library
- T. Wolf, H. Chandrikakutty, K. Hu, D. Unnikrishnan, and R. Tessier. 2014. Securing network processors with high-performance hardware monitors. IEEE Trans. Depend. Secure Comput. PP, 99 (2014), 1--1.Google Scholar
- Haijiang Xie and Jizhong Zhao. 2015. A lightweight identity authentication method by exploiting network covert channel. Peer-to-Peer Netw. Appl. 8, 6 (2015), 1038--1047. Google ScholarCross Ref
- Lihong Yao, Xiaochao Zi, Li Pan, and Jianhua Li. 2009. A study of on/off timing channel based on packet delay distribution. Comput. Security 28, 8 (2009), 785--794. Google ScholarDigital Library
- Liancheng Zhang, Zhenxing Wang, Jing Xu, and Qian Wang. 2011. Multi-flow attack resistant interval-based watermarks for tracing multiple network flows. In Computing and Intelligent Systems. Communications in Computer and Information Science, Vol. 233. Springer, Berlin, 166--173. Google ScholarCross Ref
Index Terms
- Source Authentication Techniques for Network-on-Chip Router Configuration Packets
Recommendations
Efficient mitigation technique for Black Hole router attack in Network-on-Chip
AbstractThe Multiprocessor System-on-Chip (MPSoC) has widely engaged in embedded systems. The MPSoC is mainly composed of multi-cores connected through an on-chip interconnection, Known as Network-on-Chip (NoC), which offers an efficient and ...
Flexible router architecture for network-on-chip
The growing complexity of systems-on-chip (SoCs) pushes researchers to propose replacing the bus architecture by Networks-on-Chip (NoCs). The key advantages of NoCs are efficient exploitation of performance and scalability. Nowadays NoCs are a well ...
Scalable Hybrid Wireless Network-on-Chip Architectures for Multicore Systems
Multicore platforms are emerging trends in the design of System-on-Chips (SoCs). Interconnect fabrics for these multicore SoCs play a crucial role in achieving the target performance. The Network-on-Chip (NoC) paradigm has been proposed as a promising ...
Comments