research-article

Source Authentication Techniques for Network-on-Chip Router Configuration Packets

Author:
Arnab Kumar Biswas

Indian Institute of Science, Bangalore, India

Indian Institute of Science, Bangalore, India
View Profile

ACM Journal on Emerging Technologies in Computing Systems Volume 13 Issue 2Article No.: 28pp 1–31https://doi.org/10.1145/2996194

Published:16 November 2016Publication History

ACM Journal on Emerging Technologies in Computing Systems

Abstract

It is known that maliciously configured Network-on-Chip routers can enable an attacker to launch different attacks inside a Multiprocessor System-on-Chip. A source authentication mechanism for router configuration packets can prevent such vulnerability. This ensures that a router is configured by the configuration packets sent only by a trusted configuration source. Conventional method like Secure Hash Algorithm-3 (SHA-3) can provide required source authentication in a router but with a router area overhead of 1355.25% compared to a normal router area. We propose eight source authentication mechanisms that can achieve similar level of security as SHA-3 for a router configuration perspective without causing significant area and power increase. Moreover, the processing time of our proposed techniques is 1/100th of SHA-3 implementation. Most of our proposed techniques use different timing channel watermarking methods to transfer source authentication data to the receiver router. We also propose the Individual packet-based stream authentication technique and combinations of this technique with timing channel watermarking techniques. It is shown that, among all of our proposed techniques, maximum router area increment required is 28.32% compared to a normal router.

References

K. Ahsan and D. Kundur. 2002. Practical data hiding in TCP/IP. In Proceedings of the Workshop on Multimedia Security at ACM Multimedia’02. Juan Les Pins, France.Google Scholar
R. Archibald and D. Ghosal. 2012. A covert timing channel based on fountain codes. In Proceedings of the 2012 IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom). 970--977. Google ScholarDigital Library
Rennie Archibald and Dipak Ghosal. 2014. A comparative analysis of detection metrics for covert timing channels. Comput. Security 45 (2014), 284--292. Google ScholarDigital Library
Vincent Berk, Annarita Giani, and George Cybenko. 2005. Detection of Covert Channel Encoding in Network Packet Delays. Technical Report TR536. Department of Computer Science, Dartmouth College.Google Scholar
Guido Bertoni, Joan Daemen, Michael Peeters, and Gilles Van Assche. 2011. The KECCAK Reference. Technical Report. Version 3.0.Google Scholar
Arnab Kumar Biswas, S. K. Nandy, and Ranjani Narayan. 2015a. Network-on-chip router attacks and their prevention in MP-SoCs with multiple trusted execution environments. In Proceedings of the 2015 IEEE International Conference on Electronics, Computing and Communication Technologies (IEEE CONECCT). 1--6.Google ScholarCross Ref
Arnab Kumar Biswas, S. K. Nandy, and Ranjani Narayan. 2015b. Router attack toward NoC-enabled MPSoC and monitoring countermeasures against such threat. Circ., Syst. Sign. Process. 34, 10 (2015), 3241--3290. Google ScholarDigital Library
Bluespec. 2015. Homepage. Retrieved from http://www.bluespec.com.Google Scholar
Serdar Cabuk. 2006. Network Covert Channels: Design, Analysis, Detection, and Elimination. Ph.D. Dissertation. Purdue University. Google ScholarDigital Library
Serdar Cabuk, Carla E. Brodley, and Clay Shields. 2004. IP covert timing channels: Design and detection. In Proceedings of the 11th ACM Conference on Computer and Communications Security (CCS’04). Washington DC, 178--187. Google ScholarDigital Library
Christian Cachin. 2004. An information-theoretic model for steganography. Inform. Comput. 192, 1 (2004), 41--56. Google ScholarDigital Library
R. C. Chakinala, A. Kumarasubramanian, R. Manokaran, G. Noubir, C.Pandu Rangan, and R. Sundaram. 2007. Steganographic communication in ordered channels. In Information Hiding. LNCS, Vol. 4437. 42--57. Google ScholarDigital Library
Pierre Dusart and Sinaly Traoré. 2013. Lightweight authentication protocol for low-cost RFID tags. In WISTP 2013. 129--144.Google ScholarCross Ref
A. El-Atawy and E. Al-Shaer. 2009. Building covert channels over the packet reordering phenomenon. In IEEE INFOCOM 2009. 2186--2194. Google ScholarCross Ref
A. El-Atawy, Q. Duan, and E. Al-Shaer. 2015. A novel class of robust covert channels using out-of-order packets. IEEE Trans. Depend. Sec. Comput. PP, 99 (2015), 1--1.Google Scholar
R. J. Fong, S. J. Harper, and P. M. Athanas. 2003. A versatile framework for FPGA field updates: An application of partial self-reconfiguration. In Proceedings of the 14th IEEE International Workshop on Rapid Systems Prototyping, 2003. 117--123. Google ScholarDigital Library
Rosario Gennaro and Pankaj Rohatgi. 1997. How to sign digital streams. In Advances in Cryptology (CRYPTO’97). LNCS, Vol. 1294. 180--197. Google ScholarDigital Library
Alberto Ghiribaldi, Daniele Ludovici, Francisco Triviño, Alessandro Strano, José Flich, José LUIS Sánchez, Francisco Alfaro, Michele Favalli, and Davide Bertozzi. 2013. A complete self-testing and self-configuring NoC infrastructure for cost-effective MPSoCs. ACM Trans. Embed. Comput. Syst. 12, 4, Article 106 (July 2013), 29 pages. Google ScholarDigital Library
Ilija Hadzic, Sanjay Udani, and JonathanM. Smith. 1999. FPGA viruses. In Field Programmable Logic and Applications. LNCS, Vol. 1673. 291--300. Google ScholarDigital Library
Mohamed Hefeeda and Kianoosh Mokhtarian. 2010. Authentication schemes for multimedia streams: Quantitative analysis and comparison. ACM Trans. Multimedia Comput. Commun. Appl. 6, 1, Article 6 (Feb. 2010). Google ScholarDigital Library
A. Houmansadr, N. Kiyavash, and N. Borisov. 2009. Multi-flow attack resistant watermarks for network flows. In Proceedings of the IEEE International Conference on Acoustics, Speech and Signal Processing. 1497--1500. Google ScholarDigital Library
Kekai Hu, Tilman Wolf, Thiago Teixeira, and Russell Tessier. 2014. System-level security for network processors with hardware monitors. In Proceedings of the 51st Annual Design Automation Conference (DAC’14). 1--6. Google ScholarDigital Library
Tom Kean. 2001. Secure configuration of field programmable gate arrays. In Field-Programmable Logic and Applications. LNCS, Vol. 2147. 142--151. Google ScholarDigital Library
Negar Kiyavash, Amir Houmansadr, and Nikita Borisov. 2008. Multi-flow attacks against network flow watermarking schemes. In Proceedings of the 17th USENIX Security Symposium. Google ScholarDigital Library
S. Kullback and R. A. Leibler. 1951. On information and sufficiency. Ann. Math. Statist. 22, 1 (03 1951), 79--86.Google Scholar
Byeong Kil Lee and L. K. John. 2003. NpBench: A benchmark suite for control plane and data plane applications for network processors. In Proceedings of the 21st International Conference on Computer Design, 2003. 226--233. Google ScholarDigital Library
Hongwei Li, Rongxing Lu, Liang Zhou, Bo Yang, and Xuemin Shen. 2014. An efficient merkle-tree-based authentication scheme for smart grid. IEEE Syst. J. 8, 2 (June 2014), 655--663. Google ScholarCross Ref
Ralph Charles Merkle. 1979. Secrecy, Authentication, and Public Key Systems. Ph.D. Dissertation. Stanford University.Google Scholar
National Institute of Standards and Technology. 2015. FIPS PUB 202: SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions. NIST, Gaithersburg, MD.Google Scholar
Michael K. Papamichael and James C. Hoe. 2012. CONNECT: Re-examining conventional wisdom for designing nocs in the context of FPGAs. In Proceedings of the ACM/SIGDA International Symposium on Field Programmable Gate Arrays (FPGA’12). 37--46. Google ScholarDigital Library
Young June Pyun, Younghee Park, Douglas S. Reeves, Xinyuan Wang, and Peng Ning. 2012. Interval-based flow watermarking for tracing interactive traffic. Comput. Netw. 56, 5 (2012), 1646--1665. Google ScholarDigital Library
Young June Pyun, Young Hee Park, Xinyuan Wang, D. S. Reeves, and Peng Ning. 2007. Tracing traffic through intermediate hosts that repacketize flows. In Proceedings of the 26th IEEE International Conference on Computer Communications (INFOCOM 2007). 634--642. Google ScholarDigital Library
Vincenzo Rana, David Atienza, Marco Domenico Santambrogio, Donatella Sciuto, and Giovanni De Micheli. 2010. A reconfigurable network-on-chip architecture for optimal multi-processor SoC communication. In VLSI-SoC 2008. Springer, Berlin, 232--250. Google ScholarCross Ref
Gert Schley, Ibrahim Ahmed, Muhammad Afzal, and Martin Radetzki. 2016. Reconfigurable fault tolerant routing for networks-on-chip with logical hierarchy. Computers 8 Electrical Engineering 51 (April 2016), 195--206. Google ScholarDigital Library
William Stallings. 2014. Cryptography and Network Security: Principles and Practice, 6th Edition. Pearson Education, Inc., Upper Saddle River, NJ. Google ScholarDigital Library
Yanan Sun, Xiaohong Guan, Ting Liu, and Yu Qu. 2012. An identity authentication mechanism based on timing covert channel. In Proceedings of the 2012 IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom). 832--836. Google ScholarDigital Library
Yun Tian, Gongliang Chen, and Jianhua Li. 2012. A new ultralightweight RFID authentication protocol with permutation. IEEE Commun. Lett. 16, 5 (May 2012), 702--705. Google ScholarCross Ref
Jo Vliegen, Nele Mentens, and Ingrid Verbauwhede. 2014. Secure, remote, dynamic reconfiguration of FPGAs. ACM Trans. Reconfigurable Technol. Syst. 7, 4, Article 35 (Dec. 2014), 19 pages. Google ScholarDigital Library
T. Wolf, H. Chandrikakutty, K. Hu, D. Unnikrishnan, and R. Tessier. 2014. Securing network processors with high-performance hardware monitors. IEEE Trans. Depend. Secure Comput. PP, 99 (2014), 1--1.Google Scholar
Haijiang Xie and Jizhong Zhao. 2015. A lightweight identity authentication method by exploiting network covert channel. Peer-to-Peer Netw. Appl. 8, 6 (2015), 1038--1047. Google ScholarCross Ref
Lihong Yao, Xiaochao Zi, Li Pan, and Jianhua Li. 2009. A study of on/off timing channel based on packet delay distribution. Comput. Security 28, 8 (2009), 785--794. Google ScholarDigital Library
Liancheng Zhang, Zhenxing Wang, Jing Xu, and Qian Wang. 2011. Multi-flow attack resistant interval-based watermarks for tracing multiple network flows. In Computing and Intelligent Systems. Communications in Computer and Information Science, Vol. 233. Springer, Berlin, 166--173. Google ScholarCross Ref

Index Terms

Source Authentication Techniques for Network-on-Chip Router Configuration Packets
1. Networks
  1. Network types
    1. Network on chip
2. Security and privacy
  1. Security in hardware
    1. Hardware security implementation
  2. Security services
    1. Authentication

Recommendations

Efficient mitigation technique for Black Hole router attack in Network-on-Chip
Abstract
The Multiprocessor System-on-Chip (MPSoC) has widely engaged in embedded systems. The MPSoC is mainly composed of multi-cores connected through an on-chip interconnection, Known as Network-on-Chip (NoC), which offers an efficient and ...
Read More
Flexible router architecture for network-on-chip

The growing complexity of systems-on-chip (SoCs) pushes researchers to propose replacing the bus architecture by Networks-on-Chip (NoCs). The key advantages of NoCs are efficient exploitation of performance and scalability. Nowadays NoCs are a well ...
Read More
Scalable Hybrid Wireless Network-on-Chip Architectures for Multicore Systems

Multicore platforms are emerging trends in the design of System-on-Chips (SoCs). Interconnect fabrics for these multicore SoCs play a crucial role in achieving the target performance. The Network-on-Chip (NoC) paradigm has been proposed as a promising ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

Published in
ACM Journal on Emerging Technologies in Computing Systems Volume 13, Issue 2
Special Issue on Nanoelectronic Circuit and System Design Methods for the Mobile Computing Era and Regular Papers
April 2017
377 pages
ISSN:1550-4832
EISSN:1550-4840
DOI:10.1145/3014160
Editor:
Yuan Xie
University of California, Santa Barbara, USA
Issue’s Table of Contents
Copyright © 2016 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States

Journal Family
ACM Journals for the Design of Smart and Connected Systems
Publication History
- Published: 16 November 2016
- Accepted: 1 September 2016
- Revised: 1 June 2016
- Received: 1 March 2016
Published in jetc Volume 13, Issue 2

Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
Network-on-Chip
NoC configuration
Source authentication
Timing channel watermarking
Qualifiers
- research-article
- Research
- Refereed
Conference
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 6
  Total Citations
  View Citations
- 276
  Total Downloads
- Downloads (Last 12 months)5
- Downloads (Last 6 weeks)0
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Source Authentication Techniques for Network-on-Chip Router Configuration Packets

ACM Journal on Emerging Technologies in Computing Systems

Abstract

References

Cited By

Index Terms

Recommendations

Efficient mitigation technique for Black Hole router attack in Network-on-Chip

Flexible router architecture for network-on-chip

Scalable Hybrid Wireless Network-on-Chip Architectures for Multicore Systems

Comments

Login options

Full Access

Published in

Sponsors

In-Cooperation

Publisher

Journal Family

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Conference

Funding Sources

Other Metrics

Article Metrics

Other Metrics

Cited By

PDF Format

eReader

Digital Edition

Caption

Source Authentication Techniques for Network-on-Chip Router Configuration Packets

ACM Journal on Emerging Technologies in Computing Systems

Abstract

References

Cited By

Index Terms

Recommendations

Efficient mitigation technique for Black Hole router attack in Network-on-Chip

Flexible router architecture for network-on-chip

Scalable Hybrid Wireless Network-on-Chip Architectures for Multicore Systems

Comments

Login options

Full Access

Published in

Sponsors

In-Cooperation

Publisher

Journal Family

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Conference

Funding Sources

Article Metrics

Other Metrics

PDF Format

eReader

Digital Edition

Share this Publication link

Share on Social Media