1 / 29

Networks on Chips Security “Aspect Framework and Analysis”

Networks on Chips Security “Aspect Framework and Analysis”. Flow of presentation:. Kind of attacks on embedded systems. Most relevant security threats faced by NOC. Solutions/ways suggested so far to deal with these threats. Proposed work that can be done. Kind of Attacks.

menefer
Download Presentation

Networks on Chips Security “Aspect Framework and Analysis”

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Networks on ChipsSecurity“Aspect Framework and Analysis”

  2. Flow of presentation: • Kind of attacks on embedded systems. • Most relevant security threats faced by NOC. • Solutions/ways suggested so far to deal with these threats. • Proposed work that can be done.

  3. Kind of Attacks Classified basically in three major forms • Software Attacks- Viruses , Trojan etc basically aiming at the pit falls in the code. • Physical Attacks- Intrusion in embedded systems. Microprobing techniques. • Side Channel Attacks- Based on physical implementation of the system. Waves, sound or heat produced during time of execution used to detect flow path of data.

  4. Attacks Specific to NOC • Denial of Service • Draining or Sleep Deprivation • Extraction of Information • Hijacking • Reverse Engineering

  5. 1. Denial of service • Incorrect Path: Introducing in the network a packet with erroneous path. • Deadlock: Adding a packet with paths that intentionally disrespect deadlock free rules. • Livelock: Packet that can revolve in the network for infinite amount of time, wasting bandwidth, latency and power.

  6. 2. Draining or Sleep Deprivation • Frequently performing power hungry activities to generate heat in specific paths to either burn the system or detect the flow of path using heat detection and reverse engineering. • This kind of attack in mild form can result in faster battery drain.

  7. 3. Extraction of Information • Mainly buffer overflow techniques are used to extract information. • Header of the data contain access rights. • Buffer Overflow will result in the lose of access rights.

  8. 4. Hijacking • Altering the execution or in some case configuration of the system in order to make system work other than normal duties. • Can be done if malicious IP cores or input/output ports get read/write access to different parts of the system.

  9. 5. Reverse Engineering • Detect the working of system and thus the architecture. • Used by people involved in piracy. • Special technologies are devised and used. • Done by analysis of physical parameters like waves sound or heat produced during execution. • Micro Probing.

  10. Suggested Frameworks • Not many frameworks for the security has been discussed in this field. • The work till now is only an overview, discussion. • We will be discussing two different papers written by Jean-Phillippe Diguet and colleagues (CNRS France).

  11. Whole System can be divided in two parts – Secured and Unsecured ASIC (Secured) FPGA (Unsecured)

  12. On the basis of this three kind of implementations are possible. a. b. c. ASIC FPGA ASIC FPGA

  13. ASIC • Enjoys chip intrinsic protection • Only thing to protect is chip interfaces • FPGA • Reconfiguration opens new problem • Bit stream encryption can be used fully or partially. Cryptographic keys are distributed in the system and Security wrappers can be used. • ASIC and FPGA • NOC functionality after FPGA reconfigured • Control access between ASIC and FPGA.

  14. Basic Concept of security • The whole idea is based on the fact that all the attacks are done either by input/output ports or some malicious IP core • Malicious IP cores are supposed to be the FPGA part of the system which can be reconfigured and hence hacked easily.

  15. Reference: From NoC security analysis to design solutions

  16. CCM • Central Configuration Module • This is the block which is responsible for providing memory authorizations to NI’s. • It also takes care of any kind of attack, if detected by the NI’s. • NI’s if get packets with abnormality reports to CCM, if reported sender frequently produce erroneous packets its disconnected by CCM.

  17. CASE 1. • All the NI’s and some or all IP cores are in secure zone. Reference: From NoC security analysis to design solutions

  18. Details of NI in this case: Reference: From NoC security analysis to design solutions

  19. CASE 2. • Some NI’s outside of the secure areas. • Whole NOC not safe. • Boundary has to be safe guarded. Reference: From NoC security analysis to design solutions

  20. Self Complimented Path Coding • The shown factors do not consider the fact that receiver should be aware of the sender. Since the sender id can be fake the only way to detect the original sender we have to incorporate the path through which these packets route.

  21. Cont. • Proposed solution is to include the route in the packet in self complimented way in terms of routers.

  22. Cont. Reference: From NoC security analysis to design solutions

  23. Reverse Engineering Attack • Path taken by data from one IP block to other can be reconfigured by programming CCM accordingly. This provides sufficient safety barriers against such kind of attacks.

  24. Encrypted Bit stream • All the IP cores vulnerable to attack are protected by encrypted keys. • CCM is especially suggested to be implemented on ASIC and protected by strong encryption.

  25. Denial of Service • To take care of such kind of attack two kinds of channels are proposed to carry data. • Best Effort : All the communications in unsecured area and between secured and unsecured area is done on this channel • Priority Best Effort : Communication in secure area and between CCM and NI’s takes place at this channel. Guaranteed throughput is also thus achieved in some cases.

  26. To Conclude: Reference: From NoC security analysis to design solutions

  27. In the recently published paper by the same author emphasis on the design of NI is done. • In future the implementation of the prescribed work can be carried out.

  28. REFERENCES [1] J. P. Diguet, S. Evain, R. Vaslin, G. Gogniat, and E. Juin. NoC-centric security of reconfigurable soc. In Proceedings of the First International Symposium on Networks-on-Chip(NOCS’07), May 7-9 2007. [2] S. Evainand J. Diguet. From NoC security analysis to design solutions. In IEEE Workshop on Signal Processing Systems Design and Implementation, pages 166-171 , 2005. [3] L.Fiorin, C. Silvano and M.Sami. Security Aspect in NoC: Overview and Proposal for Secure implementations. 10th Euromicro Conference on Digital System Design architectures, Methods and Tools. (DSD 2007)

  29. THANK YOU Anurag Jain B. Tech 2005

More Related